From ade4256933687941f52d9354a39d2c24b7845582 Mon Sep 17 00:00:00 2001
From: greg-lindsay <greg.lindsay@microsoft.com>
Date: Thu, 26 Aug 2021 09:39:08 -0700
Subject: [PATCH 01/84] BitLocker 2 go deprecation announce

---
 windows/deployment/planning/windows-10-deprecated-features.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/windows/deployment/planning/windows-10-deprecated-features.md b/windows/deployment/planning/windows-10-deprecated-features.md
index 72bcfc72c9..9f5ea44089 100644
--- a/windows/deployment/planning/windows-10-deprecated-features.md
+++ b/windows/deployment/planning/windows-10-deprecated-features.md
@@ -8,7 +8,7 @@ ms.sitesec: library
 audience: itpro
 author: greg-lindsay
 ms.author: greglin
-manager: laurawi
+manager: dougeby
 ms.topic: article
 ---
 # Windows 10 features we’re no longer developing
@@ -26,6 +26,7 @@ The features described below are no longer being actively developed, and might b
 
 |Feature    |  Details and mitigation  | Announced in version |
 | ----------- | --------------------- | ---- |
+| BitLocker 2 Go Reader | Reading of BitLocker-protected removable drives from Windows XP or Windows Vista in later operating systems is deprecated and might be removed in a future release of Windows 10/11. The ADMX policy **Allow access to BitLocker-protected removable data drives from earlier versions of Windows**, the command line parameter [manage-bde -DiscoveryVolumeType](/windows-server/administration/windows-commands/manage-bde-on) (-dv), the catalog file **c:\windows\BitLockerDiscoveryVolumeContents**, and the BitLocker 2 Go Reader app **bitlockertogo.exe** might not be available in future releases of Windows client.  | 21H1 |
 | Internet Explorer (IE) 11 | The IE11 desktop application will end support for certain operating systems starting June 15, 2022. For more information, see [Internet Explorer 11](/lifecycle/products/internet-explorer-11). | 21H1 |
 | Personalization roaming | Roaming of Personalization settings (including wallpaper, slideshow, accent colors, and lock screen images) is no longer being developed and might be removed in a future release. | 21H1 |
 | Windows Management Instrumentation Command line (WMIC) tool. | The WMIC tool is deprecated in Windows 10, version 21H1 and the 21H1 semi-annual channel release of Windows Server. This tool is superseded by [Windows PowerShell for WMI](/powershell/scripting/learn/ps101/07-working-with-wmi). Note: This deprecation only applies to the [command-line management tool](/windows/win32/wmisdk/wmic). WMI itself is not affected. | 21H1 |

From 1359094c7792cd2b25bb730cc7b19f2ad56d671b Mon Sep 17 00:00:00 2001
From: greg-lindsay <greg.lindsay@microsoft.com>
Date: Thu, 26 Aug 2021 09:58:55 -0700
Subject: [PATCH 02/84] update

---
 windows/deployment/planning/windows-10-deprecated-features.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deployment/planning/windows-10-deprecated-features.md b/windows/deployment/planning/windows-10-deprecated-features.md
index 9f5ea44089..74bfc3ac68 100644
--- a/windows/deployment/planning/windows-10-deprecated-features.md
+++ b/windows/deployment/planning/windows-10-deprecated-features.md
@@ -26,7 +26,7 @@ The features described below are no longer being actively developed, and might b
 
 |Feature    |  Details and mitigation  | Announced in version |
 | ----------- | --------------------- | ---- |
-| BitLocker 2 Go Reader | Reading of BitLocker-protected removable drives from Windows XP or Windows Vista in later operating systems is deprecated and might be removed in a future release of Windows 10/11. The ADMX policy **Allow access to BitLocker-protected removable data drives from earlier versions of Windows**, the command line parameter [manage-bde -DiscoveryVolumeType](/windows-server/administration/windows-commands/manage-bde-on) (-dv), the catalog file **c:\windows\BitLockerDiscoveryVolumeContents**, and the BitLocker 2 Go Reader app **bitlockertogo.exe** might not be available in future releases of Windows client.  | 21H1 |
+| BitLocker To Go Reader | Reading of BitLocker-protected removable drives ([BitLocker To Go](/windows/security/information-protection/bitlocker/bitlocker-to-go-faq)) from Windows XP or Windows Vista in later operating systems is deprecated and might be removed in a future release of Windows 10/11.<br>The following might not be available in a future release of Windows client:<br>- ADMX policy: **Allow access to BitLocker-protected removable data drives from earlier versions of Windows**<br>- Command line parameter: [manage-bde -DiscoveryVolumeType](/windows-server/administration/windows-commands/manage-bde-on) (-dv)<br>- Catalog file: **c:\windows\BitLockerDiscoveryVolumeContents**<br>- BitLocker 2 Go Reader app: **bitlockertogo.exe** and associated files  | 21H1 |
 | Internet Explorer (IE) 11 | The IE11 desktop application will end support for certain operating systems starting June 15, 2022. For more information, see [Internet Explorer 11](/lifecycle/products/internet-explorer-11). | 21H1 |
 | Personalization roaming | Roaming of Personalization settings (including wallpaper, slideshow, accent colors, and lock screen images) is no longer being developed and might be removed in a future release. | 21H1 |
 | Windows Management Instrumentation Command line (WMIC) tool. | The WMIC tool is deprecated in Windows 10, version 21H1 and the 21H1 semi-annual channel release of Windows Server. This tool is superseded by [Windows PowerShell for WMI](/powershell/scripting/learn/ps101/07-working-with-wmi). Note: This deprecation only applies to the [command-line management tool](/windows/win32/wmisdk/wmic). WMI itself is not affected. | 21H1 |

From 0c2508c342452c369488065f68431d2c9c40722b Mon Sep 17 00:00:00 2001
From: greg-lindsay <greg.lindsay@microsoft.com>
Date: Thu, 26 Aug 2021 12:20:12 -0700
Subject: [PATCH 03/84] update

---
 windows/deployment/planning/windows-10-deprecated-features.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deployment/planning/windows-10-deprecated-features.md b/windows/deployment/planning/windows-10-deprecated-features.md
index 74bfc3ac68..c23e505800 100644
--- a/windows/deployment/planning/windows-10-deprecated-features.md
+++ b/windows/deployment/planning/windows-10-deprecated-features.md
@@ -26,7 +26,7 @@ The features described below are no longer being actively developed, and might b
 
 |Feature    |  Details and mitigation  | Announced in version |
 | ----------- | --------------------- | ---- |
-| BitLocker To Go Reader | Reading of BitLocker-protected removable drives ([BitLocker To Go](/windows/security/information-protection/bitlocker/bitlocker-to-go-faq)) from Windows XP or Windows Vista in later operating systems is deprecated and might be removed in a future release of Windows 10/11.<br>The following might not be available in a future release of Windows client:<br>- ADMX policy: **Allow access to BitLocker-protected removable data drives from earlier versions of Windows**<br>- Command line parameter: [manage-bde -DiscoveryVolumeType](/windows-server/administration/windows-commands/manage-bde-on) (-dv)<br>- Catalog file: **c:\windows\BitLockerDiscoveryVolumeContents**<br>- BitLocker 2 Go Reader app: **bitlockertogo.exe** and associated files  | 21H1 |
+| BitLocker To Go Reader | Reading of BitLocker-protected removable drives ([BitLocker To Go](/windows/security/information-protection/bitlocker/bitlocker-to-go-faq)) from Windows XP or Windows Vista in later operating systems is deprecated and might be removed in a future release of Windows 10/11.<br>The following items might not be available in a future release of Windows client:<br>- ADMX policy: **Allow access to BitLocker-protected removable data drives from earlier versions of Windows**<br>- Command line parameter: [manage-bde -DiscoveryVolumeType](/windows-server/administration/windows-commands/manage-bde-on) (-dv)<br>- Catalog file: **c:\windows\BitLockerDiscoveryVolumeContents**<br>- BitLocker 2 Go Reader app: **bitlockertogo.exe** and associated files  | 21H1 |
 | Internet Explorer (IE) 11 | The IE11 desktop application will end support for certain operating systems starting June 15, 2022. For more information, see [Internet Explorer 11](/lifecycle/products/internet-explorer-11). | 21H1 |
 | Personalization roaming | Roaming of Personalization settings (including wallpaper, slideshow, accent colors, and lock screen images) is no longer being developed and might be removed in a future release. | 21H1 |
 | Windows Management Instrumentation Command line (WMIC) tool. | The WMIC tool is deprecated in Windows 10, version 21H1 and the 21H1 semi-annual channel release of Windows Server. This tool is superseded by [Windows PowerShell for WMI](/powershell/scripting/learn/ps101/07-working-with-wmi). Note: This deprecation only applies to the [command-line management tool](/windows/win32/wmisdk/wmic). WMI itself is not affected. | 21H1 |

From f80cbae66310823530cd74481d8b5c0f99e2e31f Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Tue, 7 Sep 2021 14:03:40 -0700
Subject: [PATCH 04/84] Update TOC.yml

---
 windows/security/TOC.yml | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/windows/security/TOC.yml b/windows/security/TOC.yml
index d13521f976..29c0a6f1a6 100644
--- a/windows/security/TOC.yml
+++ b/windows/security/TOC.yml
@@ -194,10 +194,22 @@
           href: identity-protection/vpn/vpn-office-365-optimization.md
      - name: Windows Defender Firewall
        href: threat-protection/windows-firewall/windows-firewall-with-advanced-security.md
-- name: Threat protection
-  items: 
+   - name: Threat protection
+     items: 
     - name: Microsoft Defender Antivirus
       href: /microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows.md
+    - name: Attack surface reduction
+      href:
+    - name: Tamper protection
+      href:
+    - name: Network protection
+      href:
+    - name: Controlled folder access
+      href: 
+    - name: Exploit protection
+      href: 
+    - name: Microsoft Defender for Endpoint
+      href: 
 - name: Application protection
   items:
 - name: User protection

From 119222a9e3020880a781ecea97b359c5a48a6c45 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Tue, 7 Sep 2021 16:21:39 -0700
Subject: [PATCH 05/84] Update TOC.yml

---
 windows/security/TOC.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/windows/security/TOC.yml b/windows/security/TOC.yml
index 29c0a6f1a6..ac2bff22dc 100644
--- a/windows/security/TOC.yml
+++ b/windows/security/TOC.yml
@@ -32,8 +32,9 @@
     - name: Kernel DMA Protection
       href: information-protection/kernel-dma-protection-for-thunderbolt.md
 - name: Operating system security
-  href: operating-system.md
   items: 
+   - name: Overview
+     href: operating-system.md
    - name: System security   
      items:
      - name: Secure the Windows 10 boot process

From ae3045451972d9fe90e2f132de4a24c1b72070ed Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Tue, 7 Sep 2021 16:32:59 -0700
Subject: [PATCH 06/84] Create trusted-boot.md

---
 windows/security/os-security/trusted-boot.md | 33 ++++++++++++++++++++
 1 file changed, 33 insertions(+)
 create mode 100644 windows/security/os-security/trusted-boot.md

diff --git a/windows/security/os-security/trusted-boot.md b/windows/security/os-security/trusted-boot.md
new file mode 100644
index 0000000000..2ab20d1e02
--- /dev/null
+++ b/windows/security/os-security/trusted-boot.md
@@ -0,0 +1,33 @@
+---
+title: Trusted Boot
+description: Trusted Boot prevents corrupted components from loading during the boot-up process in Windows 11
+search.appverid: MET150 
+author: denisebmsft
+ms.author: deniseb
+manager: dansimp 
+audience: ITPro
+ms.topic: conceptual
+ms.date: 09/07/2021
+ms.prod: w11
+ms.localizationpriority: medium
+ms.collection: 
+ms.custom: 
+ms.reviewer: jsuther
+f1.keywords: NOCSH  
+---
+
+# Trusted Boot
+
+This article describes Trusted Boot, a security measure built into Windows 11 to prevent malware and corrupted components from loading when a Windows 11 device is starting.
+
+## Secure Boot
+
+The first step in protecting the operating system is to ensure that it boots securely after the initial hardware and firmware boot sequences have safely finished their early boot sequences. Secure Boot makes a safe and trusted path from the Unified Extensible Firmware Interface (UEFI) through the Windows kernel's Trusted Boot sequence. Malware attacks on the Windows boot sequence are blocked by the signature-enforcement handshakes throughout the boot sequence between the UEFI, bootloader, kernel, and application environments.
+
+As the PC begins the boot process, it will first verify that the firmware is digitally signed, reducing the risk of firmware rootkits. Secure Boot then checks all code that runs before the operating system and checks the OS bootloader’s digital signature to ensure that it is trusted by the Secure Boot policy and hasn’t been tampered with. 
+
+## Trusted Boot
+
+Trusted Boot takes over where Secure Boot leaves off. The Windows bootloader verifies the digital signature of the Windows kernel before loading it. The Windows kernel, in turn, verifies every other component of the Windows startup process, including boot drivers, startup files, and your antimalware product’s early-launch antimalware (ELAM) driver. If any of these files were tampered, the bootloader detects the problem and refuses to load the corrupted component. Tampering or malware attacks on the Windows boot sequence are blocked by the signature-enforcement handshakes between the UEFI, bootloader, kernel, and application environments.
+
+Often, Windows can automatically repair the corrupted component, restoring the integrity of Windows and allowing the Windows 11 device to start normally.
\ No newline at end of file

From a2fbdfe3bb73182057ee1d80d9c0db15e8449f2b Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Tue, 7 Sep 2021 16:35:05 -0700
Subject: [PATCH 07/84] Update trusted-boot.md

---
 windows/security/os-security/trusted-boot.md | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/windows/security/os-security/trusted-boot.md b/windows/security/os-security/trusted-boot.md
index 2ab20d1e02..5770dab09b 100644
--- a/windows/security/os-security/trusted-boot.md
+++ b/windows/security/os-security/trusted-boot.md
@@ -18,7 +18,7 @@ f1.keywords: NOCSH
 
 # Trusted Boot
 
-This article describes Trusted Boot, a security measure built into Windows 11 to prevent malware and corrupted components from loading when a Windows 11 device is starting.
+This article describes Trusted Boot, a security measure built into Windows 11 to prevent malware and corrupted components from loading when a Windows 11 device is starting. Trusted Boot picks up where Secure Boot leaves off, helping to ensure your Windows 11 system boots up safely and securely.
 
 ## Secure Boot
 
@@ -30,4 +30,8 @@ As the PC begins the boot process, it will first verify that the firmware is dig
 
 Trusted Boot takes over where Secure Boot leaves off. The Windows bootloader verifies the digital signature of the Windows kernel before loading it. The Windows kernel, in turn, verifies every other component of the Windows startup process, including boot drivers, startup files, and your antimalware product’s early-launch antimalware (ELAM) driver. If any of these files were tampered, the bootloader detects the problem and refuses to load the corrupted component. Tampering or malware attacks on the Windows boot sequence are blocked by the signature-enforcement handshakes between the UEFI, bootloader, kernel, and application environments.
 
-Often, Windows can automatically repair the corrupted component, restoring the integrity of Windows and allowing the Windows 11 device to start normally.
\ No newline at end of file
+Often, Windows can automatically repair the corrupted component, restoring the integrity of Windows and allowing the Windows 11 device to start normally.
+
+## See also
+
+[Secure the Windows boot process](../information-protection/secure-the-windows-10-boot-process.md)
\ No newline at end of file

From c8967bccca8fe623d7fa09ba332686ca3a66752e Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Tue, 7 Sep 2021 16:35:53 -0700
Subject: [PATCH 08/84] Update TOC.yml

---
 windows/security/TOC.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/windows/security/TOC.yml b/windows/security/TOC.yml
index ac2bff22dc..eaabe3d79f 100644
--- a/windows/security/TOC.yml
+++ b/windows/security/TOC.yml
@@ -37,6 +37,8 @@
      href: operating-system.md
    - name: System security   
      items:
+     - name: Trusted Boot
+       href: os-security/trusted-boot.md
      - name: Secure the Windows 10 boot process
        href: information-protection/secure-the-windows-10-boot-process.md
    - name: Encryption and data protection

From 2bbebaac8a662c43d1c27119078b73c189a6a44e Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Tue, 7 Sep 2021 16:43:46 -0700
Subject: [PATCH 09/84] Create cryptography-certificate-mgmt.md

---
 .../cryptography-certificate-mgmt.md          | 43 +++++++++++++++++++
 1 file changed, 43 insertions(+)
 create mode 100644 windows/security/os-security/cryptography-certificate-mgmt.md

diff --git a/windows/security/os-security/cryptography-certificate-mgmt.md b/windows/security/os-security/cryptography-certificate-mgmt.md
new file mode 100644
index 0000000000..712d4806dc
--- /dev/null
+++ b/windows/security/os-security/cryptography-certificate-mgmt.md
@@ -0,0 +1,43 @@
+---
+title: Cryptography and Certificate Management
+description: Get an overview of cryptography and certificate management in Windows 11
+search.appverid: MET150  
+author: denisebmsft
+ms.author: deniseb
+manager: dansimp 
+audience: ITPro
+ms.topic: conceptual
+ms.date: 09/07/2021
+ms.prod: w11
+ms.localizationpriority: medium
+ms.collection: 
+ms.custom: 
+ms.reviewer: skhadeer, raverma
+f1.keywords: NOCSH 
+---
+
+# Cryptography and Certificate Management
+
+This article describes cryptography and certificate management in Windows 11.
+
+## Cryptography
+
+Cryptography uses code to convert data so that only a specific recipient can read it by using a key. Cryptography enforces privacy to prevent anyone except the intended recipient from reading data, integrity to ensure data is free of tampering, and authentication that verifies identity to ensure that communication is secure. The cryptography stack in Windows extends from the chip to the cloud enabling Windows, applications, and services protect system and user secrets. 
+
+All cryptography on Windows 11 is Federal Information Processing Standards (FIPS) 140 certified. FIPS 140 certification ensures that US government approved algorithms are being used (RSA for signing, ECDH with NIST curves for key agreement, AES for symmetric encryption, and SHA2 for hashing), tests module integrity to prove that no tampering has occurred and proves the randomness for entropy sources.
+
+Windows cryptographic modules provide low-level primitives such as:
+
+- Random number generators (RNG)
+- Symmetric and asymmetric encryption (support for  AES 128/256 and RSA 512 to 16384, in 64-bit increments and ECDSA over NIST-standard prime curves P-256, P-384, P-521)
+- Hashing (support for SHA-256, SHA-384, and SHA-512)
+- Signing and verification (padding support for OAEP, PSS, PKCS1)
+- Key agreement and key derivation (support for ECDH over NIST-standard prime curves P-256, P-384, P-521 and HKDF)
+
+These are natively exposed on Windows through the Crypto API (CAPI) and the Cryptography Next Generation API (CNG) which is powered by Microsoft's open-source cryptographic library SymCrypt. Application developers can leverage these APIs to perform low-level cryptographic operations (BCrypt), key storage operations (NCrypt), protect static data (DPAPI), and securely share secrets (DPAPI-NG). 
+
+## Certificate management
+
+Windows offers several APIs to operate and manage certificates. Certificates are crucial to public key infrastructure (PKI) as they provide the means for safeguarding and authenticating information. Certificates are electronic documents used to claim ownership of a public key. Public keys are used to prove server and client identity, validate code integrity, and used in secure emails. Windows offers users the ability to auto-enroll and renew certificates in Active Directory with Group Policy to reduce the risk of potential outages due to certificate expiration or misconfiguration. Windows validates certificates through an automatic update mechanism that downloads certificate trust lists (CTL) daily. Trusted root certificates are used by applications as a reference for trustworthy PKI hierarchies and digital certificates. The list of trusted and untrusted certificates are stored in the CTL and can be updated by administrators. In the case of certificate revocation, a certificate is added as an untrusted certificate in the CTL causing it to be revoked globally across user devices immediately. 
+
+Windows also offers enterprise certificate pinning to help reduce man-in-the-middle attacks by enabling users to protect their internal domain names from chaining to unwanted certificates. A web application's server authentication certificate chain is checked to ensure it matches a restricted set of certificates. Any web application triggering a name mismatch will start event logging and prevent user access from Edge or Internet Explorer. 

From 0183e07657c000345c700d8565d55993d6759891 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Tue, 7 Sep 2021 16:45:10 -0700
Subject: [PATCH 10/84] Update cryptography-certificate-mgmt.md

---
 windows/security/os-security/cryptography-certificate-mgmt.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/os-security/cryptography-certificate-mgmt.md b/windows/security/os-security/cryptography-certificate-mgmt.md
index 712d4806dc..282fac4632 100644
--- a/windows/security/os-security/cryptography-certificate-mgmt.md
+++ b/windows/security/os-security/cryptography-certificate-mgmt.md
@@ -32,9 +32,9 @@ Windows cryptographic modules provide low-level primitives such as:
 - Symmetric and asymmetric encryption (support for  AES 128/256 and RSA 512 to 16384, in 64-bit increments and ECDSA over NIST-standard prime curves P-256, P-384, P-521)
 - Hashing (support for SHA-256, SHA-384, and SHA-512)
 - Signing and verification (padding support for OAEP, PSS, PKCS1)
-- Key agreement and key derivation (support for ECDH over NIST-standard prime curves P-256, P-384, P-521 and HKDF)
+- Key agreement and key derivation (support for ECDH over NIST-standard prime curves P-256, P-384, P-521, and HKDF)
 
-These are natively exposed on Windows through the Crypto API (CAPI) and the Cryptography Next Generation API (CNG) which is powered by Microsoft's open-source cryptographic library SymCrypt. Application developers can leverage these APIs to perform low-level cryptographic operations (BCrypt), key storage operations (NCrypt), protect static data (DPAPI), and securely share secrets (DPAPI-NG). 
+These modules are natively exposed on Windows through the Crypto API (CAPI) and the Cryptography Next Generation API (CNG) which is powered by Microsoft's open-source cryptographic library SymCrypt. Application developers can use these APIs to perform low-level cryptographic operations (BCrypt), key storage operations (NCrypt), protect static data (DPAPI), and securely share secrets (DPAPI-NG). 
 
 ## Certificate management
 

From 54483578098ba7e62c5519863d304d5e4d347300 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Tue, 7 Sep 2021 16:46:46 -0700
Subject: [PATCH 11/84] Update TOC.yml

---
 windows/security/TOC.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/TOC.yml b/windows/security/TOC.yml
index eaabe3d79f..b7e9b9d4b0 100644
--- a/windows/security/TOC.yml
+++ b/windows/security/TOC.yml
@@ -200,7 +200,7 @@
    - name: Threat protection
      items: 
     - name: Microsoft Defender Antivirus
-      href: /microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows.md
+      href: microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows.md
     - name: Attack surface reduction
       href:
     - name: Tamper protection

From 0dd024ba903616a80cb1451b13d9c16199a91bdf Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Tue, 7 Sep 2021 16:48:15 -0700
Subject: [PATCH 12/84] Update TOC.yml

---
 windows/security/TOC.yml | 22 ++++++++--------------
 1 file changed, 8 insertions(+), 14 deletions(-)

diff --git a/windows/security/TOC.yml b/windows/security/TOC.yml
index b7e9b9d4b0..2e167de1fd 100644
--- a/windows/security/TOC.yml
+++ b/windows/security/TOC.yml
@@ -199,20 +199,14 @@
        href: threat-protection/windows-firewall/windows-firewall-with-advanced-security.md
    - name: Threat protection
      items: 
-    - name: Microsoft Defender Antivirus
-      href: microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows.md
-    - name: Attack surface reduction
-      href:
-    - name: Tamper protection
-      href:
-    - name: Network protection
-      href:
-    - name: Controlled folder access
-      href: 
-    - name: Exploit protection
-      href: 
-    - name: Microsoft Defender for Endpoint
-      href: 
+     - name: Microsoft Defender Antivirus
+       href: microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows.md
+     - name: Attack surface reduction
+     - name: Tamper protection
+     - name: Network protection
+     - name: Controlled folder access
+     - name: Exploit protection
+     - name: Microsoft Defender for Endpoint
 - name: Application protection
   items:
 - name: User protection

From 05f28657b0c54c27281c27e804323c4af0052b09 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Tue, 7 Sep 2021 16:55:45 -0700
Subject: [PATCH 13/84] Update operating-system.md

---
 windows/security/operating-system.md | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/windows/security/operating-system.md b/windows/security/operating-system.md
index 107e6ed663..584a85b7bd 100644
--- a/windows/security/operating-system.md
+++ b/windows/security/operating-system.md
@@ -13,14 +13,19 @@ author: denisebmsft
 
 # Windows operating system security
 
+This article provides an overview of security measures built into Windows 11.
+
+## Operating system security
+
 Security and privacy depend on an operating system that guards your system and information from the moment it starts up, providing fundamental chip-to-cloud protection. Windows 11 is the most secure Windows yet with extensive security measures designed to help keep you safe. These measures include built-in advanced encryption and data protection, robust network and system security, and intelligent safeguards against ever-evolving threats. 
 
-The following table summarizes the operating system security features and capabilities in Windows 11:<br/><br/>
+Use the links in the following table to learn more about the operating system security features and capabilities in Windows 11:<br/><br/>
 
 | Security Measures | Features & Capabilities |
 |:---|:---|
-| System security | Trusted Boot (includes Secure Boot and Measured Boot) <br/>Cryptography and certificate management <br/>Windows Security app |
+| System security | [Trusted Boot](os-security/trusted-boot.md) (includes Secure Boot and Measured Boot) <br/>[Cryptography and certificate management](os-security/cryptography-certificate-mgmt.md) <br/>Windows Security app |
 | Encryption and data protection | BitLocker<br/>Encryption |
 | Network security | Virtual Private Networks (VPNs)<br/>Windows Defender Firewall<br/>Bluetooth<br/>DSN security<br/>Windows Wi-Fi<br/>Transport Layer Security (TLS) |
 | Protection from viruses and threats | Microsoft Defender Antivirus<br/>Attack surface reduction<br/>Tamper protection<br/>Network protection<br/>Controlled folder access<br/>Exploit protection<br/>Additional protection with Microsoft Defender for Endpoint |
 
+

From 56fdc9752e95139409d66077f640a71a22ee1286 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Tue, 7 Sep 2021 16:59:28 -0700
Subject: [PATCH 14/84] Update TOC.yml

---
 windows/security/TOC.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/windows/security/TOC.yml b/windows/security/TOC.yml
index 2e167de1fd..eb58b0f6cd 100644
--- a/windows/security/TOC.yml
+++ b/windows/security/TOC.yml
@@ -200,7 +200,6 @@
    - name: Threat protection
      items: 
      - name: Microsoft Defender Antivirus
-       href: microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows.md
      - name: Attack surface reduction
      - name: Tamper protection
      - name: Network protection

From e741bf1cb5bb53dacc48639b2bb656e17b21773c Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Tue, 7 Sep 2021 17:05:35 -0700
Subject: [PATCH 15/84] Update trusted-boot.md

---
 windows/security/os-security/trusted-boot.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/os-security/trusted-boot.md b/windows/security/os-security/trusted-boot.md
index 5770dab09b..4a2e241a83 100644
--- a/windows/security/os-security/trusted-boot.md
+++ b/windows/security/os-security/trusted-boot.md
@@ -16,9 +16,9 @@ ms.reviewer: jsuther
 f1.keywords: NOCSH  
 ---
 
-# Trusted Boot
+# Secure Boot and Trusted Boot
 
-This article describes Trusted Boot, a security measure built into Windows 11 to prevent malware and corrupted components from loading when a Windows 11 device is starting. Trusted Boot picks up where Secure Boot leaves off, helping to ensure your Windows 11 system boots up safely and securely.
+This article describes Secure Boot and Trusted Boot, security measures built into Windows 11 to prevent malware and corrupted components from loading when a Windows 11 device is starting. Secure Boot starts with initial boot-up protection, and then Trusted Boot picks up where Secure Boot leaves off. Together, Secure Boot and Trusted Boot help to ensure your Windows 11 system boots up safely and securely.
 
 ## Secure Boot
 

From 5b674360a60e630512905866afdf6f162b2bc760 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Tue, 7 Sep 2021 17:14:58 -0700
Subject: [PATCH 16/84] Windows security app

---
 .../images/windows-security-app-w11.png       | Bin 0 -> 54380 bytes
 .../os-security/windows-security-app.md       |  37 ++++++++++++++++++
 2 files changed, 37 insertions(+)
 create mode 100644 windows/security/images/windows-security-app-w11.png
 create mode 100644 windows/security/os-security/windows-security-app.md

diff --git a/windows/security/images/windows-security-app-w11.png b/windows/security/images/windows-security-app-w11.png
new file mode 100644
index 0000000000000000000000000000000000000000..e062b0d292ab01d85235ee266d0c143dc5760b1e
GIT binary patch
literal 54380
zcmZU5c|25o*uGYhDA_8Jk|ZI7Y!i_dd-gR#$i8oxB7{&0A$#`h*|%hwWKS9zOo$=t
z*v2qse)o9Z_w)PX{iDw_&YW}Rd+zVOT-SBq=Ly$TS2;$1nx2M+=GfgkO4>9u`y*&*
z_L1lg!x24PbPxRJh|3*AcN!XI59+^t<2KwraFEvHu9`CK^btB5Mq%$lzu~<@$_5?^
zo*uT&ZZ!GD-FM&+g9jW^vUY#uX6NEz=j=pt@(9lbI8IMJe#_a#*Uj#+tq08~rfz9C
z%D8vb&Dw%`>NyWPM{Anv1g0bK%@OK151eg0ye-_UX-r)x)YFgd-Q3Rok%I-C>PA!j
z<#P-irlTI#w{UZ^b9zkk<;+YN9Hag3dQZ1U)-)TG;Q9YO?Uu8nqqUO<&1QFeGaNfi
zJx#~X!@-&+Z|TP+8k%!7ca;=$d_F9U*}XEIdx|40k1RC}HC8Vb#eJI8=1n%PHY!@G
z`uWyjM6pZMp*24Co95diK?;0FL}EwA4~j*+Zg`1Ouz9B7@Fj4fg?FFqY2&x7cL&{!
z<46BFZJaMi-Z2t<TUp|5-j~Gw^G2Pn;F7WzE0IF;qOHKcPYyR~KW@I8h9e>(aK2oM
zbUZJPD>|eH{=9S!KG5-0UD`F{;#F3m9)6jkq4jRZk7OF0iSzYIW#=?doEp48?$7gL
zn7kxO_cAv)lYd?wwY-5-8gYouq-2l3-uf8&LdF!WM@DUa97n)SEbHsXaKx$aG#F*)
z)CVjVYdU01pJ-|=G#WN4ocQ87hGO&JBAl73TXJl^q@V?>876Y^@)!IIzB)DBn?`7y
zaH&`uU67w62TRIZJkrIxj;Kre$b9JXlA@*F{fgXDW`A%%y!<R~Iaq$#bu<<e(kgT8
z?tHRbCsSA>58m}qM+)aFF6ATsm#|FKE5tM=OP5;xeiE#vMBJC>H}p>VqqF%VRwE-a
zOC-;2x0c6S56pR#I{IS{CoKAzS?;_}JHgYYq8v03YkjFHEh6(ceaOq(S++@DU5_Vi
z(0_foBIfJHZQ^br_$89njEa8s=;Y5=%MIJmB0q3_PO6T>5&6v?Um}Y*=`*v09Oq^w
zRtGeutSsZzefyTK$NHv*Ib!k(?wx;g?sU}QKI~R*LX+Y30rQ3*PSti2$x7!>OyYfx
z!-cRnZM_q|T=CXgC1^YG(+VM4TJIiC^mgbDl-}iTAD@`9skkeC`eJfVrrqzUIyUMC
z(v`KJe?u2)p(zk&E0N3*dg9<MU0rmK#(I8fV9hC~Q01<27tSy%(aStk%O9USay(oK
zp6z{3xFcr1se0tAwdWN5W8~~eiQv+^Ykt&QzFf@lzK8XicwFDZcG+2wYg}}_0l%-h
z!j++(Fkj`EW%t`LSywtbxS)WEMR7N>ZV<n`Zj$);GWAlG9`pHuMXz8UQ&V(!yQQ(H
z_Pi8h^i;Z?k&A3s`HC!)DSG+Fh1z0&jK$-cu*Ov9T+Cwm=g&$Rn(0IK83h9QIuVJ9
zrv&2Y4;(naLLXwR{@JWVOiZkGc$lNiV4=yZV#wZgY4nDUuC=9Qkd>%!UtgtTa%bn=
zi1zb|s<#EQsm|_WWnX#v{{8y~@yfi+E#hh>XzPa$pEWf#(T)?_A1Cp3b#?Jad@VMu
zFBOcON0-E^@?B<&H1=RU6ExXzZ!)DIB1Ju{8XK6*ZXWQ)8~c<U?dgkeXTRaQ${V8i
z+(ZcV`}gS$zZ4T873mb4z`)ds$9?5hRULo+oU1fC)>Y2WLaz|gFRtccigM-rJ}pWE
z7ui&FCObEEc6T$NVz@7{MQRo4!S*sRF-_G8J$Uc{JfM6;Fhi3+&&f;r?7t1^MXzLc
zT(6cu90w=o-&$PitwC`(iuW;@v80C`(m2vpZYzGeMMtJ@O@!gm{kjI9RF#Smr9pAH
z&4BGYr|SFJ+8IOkZ|-GtN%My)@=W5T3JVKW)zl{HgpzXJ+~HlSkFr>{Ek~Luu&yg;
z^qXIH$4@GQMM81DRuzVVU5Z*PIk~xssi`?eMWPZCw}lcOd3nXRw=2u`P5sP&@IL3%
z=r^VF3ZjWtaCofV`$3W34gXC+f5OuAS{g;Rt~iUIe%dY3tG)-GIaec%Y9~1DWDF`_
zN8sb2osEqRKU?GrMIIruhCBH>=M%bMWk-)5?e6Py-`)0<?YofH=RVbOOrDI7!Rm)-
zQ(adk!P@YrePw!e`jnJX)<AmmA3eIT){olx=>wkCn6dJn`{HVF*&{=?$GsnTxMJKF
zhOaS)x3PWj?VAtSC^X+qq9lwf*<mE&t>38fNvi#-D}I#3hus+`e4BP_n{q8SZ|;45
zfVR{zd1S;;PhY<ixAv*H*zMoX%go^igM)(w1qBa2FCDOTnfr0EU`T*n$b{~z)%iE+
zIs#=44XW~Kk6m0|dq_uFaE#Wt1~bWTJv$@m^bjMFtsPDz`Z99K-jPn3AraT!by>q+
zf=xQg1veKlsHiiNB5JV#@)`nhmUedGk?g{6JFPg*oM{z#b+xgU>d(VX;%Z0r_Nkmd
zVOhp8;j)!c_|(O{AjR77MXSZv2@&vC`%3zo=idy!y?(OND9WfPw4eaK0&B3)k8KRY
z_v*Q~c$tsf_K<v1v#ZIftgAcH=r2jLv$+V4CBOCO0DZ{*A^SMk&@zL+e_Db~8vWw*
z3Y7)fAeD$FGGu7d>FQo%2%bX4WX(%+2dwO)W#oKlZ5<LGe&olT_$BoZ=_W$7`y|*R
zEie+`eg=ZKrBnEld$a}OR%BzWL{Gi=rOMa(<qJ(~YwN;TeFB(cduK<BB_u$;Z+%_-
zl1A!ZN#vSj^|~Z=n-v|LLoHsb=W>tWTPH+{^djTpSbr~it>l)JIN#5yGmKZRHR-5w
zWIQXaR6l0p>UxbX$GDPhDr3??C}D~axJ=+Ud$!%v6cR$c_j1mNgQ%?Rs~o#F%WKhG
za^F{0MAp{Ue$IQE`ORH~Mci<oVSp7wq@PgM0ykJE5FQi`%`Pva#MM%fWM9~zFq|)(
zucxOc6-bf_V?1jK9uG@m<dnKujhXIF6#Kj8o9a7riba_xQMLSW9~VRG7ZHYN&KrtS
zoHkBQjDzA}I<V9#krY3wN_{{&Wvx58gDo=`$tKhwGB?M@>zv#*LlXl6$6nVq$E@ic
zQf{wWd|2`r?di%%i}nm&+&N53dnByYc-1nHn+I`s=j0t{{mHT6AQUpt`N>(Nq2wp$
zdiUH%{;8<xu7n#%vMenV7j-Ag>5Zs1HMXy)eTm_5))9z%Xc}h0(XvuOLFE?wn_+GD
zpUc`hClOjz-?OjA`b?r47j~y|Tze@cx`>}XD=X`-+l}q*?W*=<K5BNq)aBL3PI$YK
z`g>`RnvQp*sOd;iR&B}P2c~9Qd2jz@<s^#uxAzTrnyL;mRC$fiM`Rwn)yAy2SKq2i
zWEkZzRcF`t`3<Mf3JZa4l+HgdC}=@b4a3ux<=rfIewl;iEb53vMIfAlplDrvcY+!Q
z$Gy?@E#JpRCHS{BHWThS>uQchIN|obnH-4yNnIcvkHp12gaKakFC#cJlYh2O=+^hW
zb2Q$c8<YEX{v@)#!M^fd#mKu-e(DwY7b~*MEmtDQP0t`jLcm)Z#;+^0P%rTblI>>;
z47^yTR|xg^E??~W#zuyn(Q!6Ybew$n-c4nOpVBHTYk`|<=eLnavQWOPMDJE(+Fd{V
zaZSp}nD<-p+1v86icxRPpPngB)m@{boY~q()COHRX$Qrho3G#RwyA)mtD|eme(rxT
zfD2Xu%%`J!aW9?WeLgfb$;<Y&x_(Fx;$RF5MjfTz^JU88!E~S83`>-&rf!^K#<Svi
z$Staaywqg6R9CdU<R!TG+xUT6j8`Dj=lAVvvXB(uYbnOKdxz8pXXoczs}{qgE&f}g
zoUDuHXU8*YgWqs#9HIN3IbyUG{xgK4tfuBVv9*81LBcldLgRl>C6$4RmF2nTgr;KV
z-qyuVRmoJ0_8nghcA#9^+YBy5b7}RpddGO2mAlP<zj66U#Gc_SA5f7Jd~D0%<==Cn
zmuh!4_kQhoa@|G#@Bgg#p7E0Y^1qq-Y5DyBbCO?PilI~W$w&tCJ!>okBp+_CKP0ED
zCBkq(cdX&uoG(|E<CGL*Do*ZK(JqVfn{+=W5<%T-i0Vvji=*DkT3Rfes0_Wr38~(z
zSb{8*uI`Z#MWrk)9o?sb3LhmuZytVt_T=t*vi<zYmEeLGX4C}*yjzmtw@<oVjj^`3
zk1#6oy5HXKY0A+0(8}tCX}wp5-RUYv=efJie`%|ZvJ1IDEfegrbZ~g}bZ7HK)NSs&
z!`dt%evQ4Iv6oJ9a6EKyU}zP2R&>gbP;yu6-PL3DWPi`ewj-*8e^(};vRyv%k!q}(
z_5->srs(!^!Md@f9EAbb4=P-Y{(X?5giPz&o|H7gYTEa(MxtscEMiP_eN1N5uYSUP
zOZob$S4^2;B()r6sl-rAd9BH9Ef&$l?yD$GmWxs`<A190!(`u)Dz#b@z7+M7^dU}1
zBG06G*NgbpyCaty2>>(zsKl!0I@hWc&yR1`de;dj%Pni^c~bWeKMQ`n9(+?e<u-c5
zI0#6DZPIP=)5pkU{>u?xfBay^k~gcvZ)XJ%yUaU87@({Uh+p+FsWr(NoO|7A7397a
zHh}*1%f&Q7M}Sr5oPS9dx23)=tFo4DHAXyHO<ZltJ#B}R7?4_7dELx^@j4(G^R2J!
zQ1}7rGH~ydOxHQNn2`y9_@ZtHL+lB}eXVlr{cxjIBXISkJU(2*1z><;hNg=!t8z<~
zBNXl&yB}z@3NLf5<9oq`E&z$5i6-8QkfdS&lflvzGmeiqc#XY#4lt@n?*eo9>wDS1
z4z=9NR?HpbfxqtX_IsX1dtQ#aS5thSFZM{UX+b>IrFvJt6sD>THaIG4p*K)<ud|2j
zwF-xZn~{iGlV}KFujTP5oNrBW*W~1R=O!W_00TVU)y!w&kXtP$AU?p6ZmWOqnxLmo
zrfnSr)Cg$`FabE0dTwj>{REEFrxnqjGdNu0hYxM8oQ&M^s<K=vXwSgy!L-%w`I6W^
z9N<`}^KUzOr>3SjLR(f>MF9pw*19Gt$~;;)H)p4wDoaJ7P#I?`(sl(?ad>Ye!Mg$9
zaRwe7>fxy~XAU?WZh#*QIm%w+GO-^(Tx%H9+K>CfW6W$<yDZ(@-hwaDpj@Fw<~BE{
zT~LWW&KNf5Rd1Wr0k|0ag$rODpbs<OY1Z2+Du#xJ6Wbf}pN*~py1dQLGAWiuWVmqQ
z0+<1Sj}M%mhn{DlKP11AukohSs>WlE8SumxS57K4Ix5_-@-2skn)@dQv?RT7OS>Z2
zPxK!P1d8VmPdHQ{0ERnN*E`j0Xq`TNdh!wX4hLeZg=uRW-P{Yn!bMC6q9F=FSwrON
z2wW2vZ;L^a9+5YlDe(YIWtJOSC7bZaJWMYobOB|#@pM}pxr;{jz?0Jem1@}h{X|tm
zLrhW<l}4URTOC^tOnCl$A8b!Dmc$464Z;ZU7=R;86&3qpw|`aV=@rs6Z2U5AAaBo$
zC-?kmP#gT)7Jd?38#ccu?u!0aS2O8;-I$Z+n^A{1>iIg8@GUSyb8~L0M_?&rLNEbE
zafckxMBXT=C@)v!i=Bv)9RI^aSz!V=&c_u)i}RcQ&PugrhUP<n)y~Kr%%@METmYw%
zdzy)or1f0HML@sscN0F!xwO3e>)*e;NIW~T1uD<(?yf;RD?@uTJe^eZE!dDswAoaT
zB=+Or+^Fk&bE>Vm8>2>+o1i2X*dXcLrap)_XAaA}*x|1&zAu{icSzqHZofv}SzfCw
zc^YNDQ)xbh2E$QNhkmii#PV)qGYW7P@EQ}a{&FCp{@uNcss2kh<ab8;m>I(c#G|Um
z{UYyW2U#1oY*b+!Aqkt6Ji<tXF>%j~JWk904^RWR+QLs!Z(%F`9fcsf0t)92+~R?-
z`42a~x$|ORVBk-~t&HPo<n`QZYA4a25E_3+Yuy9zk>-E16U;KT^H;!iuSrSOESb%?
z-Duis7oMyWx^m^pha2vpYq-8O<K_)xh4<oWvEJjpVSrK-n$|Bu{LFbIA$BSdM`vQT
z(LS^NJYI{xl?#V5O@ydhGcz+Y>s1ekGH_ZyFhtIOQ<I-%Yak}DZKzN`F)a;fUm%5m
zL~sa6G6bW|k!LYg#6>LG5x9RvMFnXk3_;EAkW&#q(hgB;ibK&3V?^}SLyp4`w$<I!
z^VxPrA_+^b->gIfCXSjv>`Rqv*xkgK)VS<Z8-#FyDo;&tKYy}7%4=y+U}Iy0{E6L)
z!loMt9!3F9oUK#mXW8$hH%qGZu5yIL!j<}T(-6FM!%r@cbdmW8d<<6#@{sP?+L8jM
zZPFYFffQLhud1qgJhJ^)<v?Oe%Jll&AV;V|zK-IcI1sW#)wg$eA?h!2GEUVwX=ZqG
zhQW;wPgGzQ->T=L$6_Eu!y~H1a2*S+i{VD}wgl6LE1j2$KDpj%Vr)EBR6U-FS^Qxu
z{w!HR;&c=hDN{+&`8N--O-~!vdS$x1yEO}k0KFdzDxo9+Odqc5$$yX=<Qq|I!f1-j
z8(*Rp!!0^l7v*bj?u@$f4^%liU;_WHvFwTz*qyE`cHdgDfUMZvyjx9)AI#MdyLJr-
zjn(paBjlsag^^b9%H?K?JP?kLdWA)W9z^tCN{I!BPN6O^-a+v_cEw@PoK!tzKj2gi
zfR6@hFqH=MrpTcB0yo8|NogQUB^dP|&?f$>Zc@(B{6oa0<qp`2+_(`wUk7<qb+EyD
zwsy!Kva0jSFJos{>bf|kzAP*(Tzx)jer$Ya!>H&sV8C%GdhOlas{I1E;j%{xto_Zo
zWLMIYbqx1NRpZ=bqOJHniDYZS(ilsmvixRQ%$q*k-28m(4Jw3cV_dsw%?12lZ7rIc
z6etz&)18G?8PE)VB8;1vJ_N8`mWj}ygT#%1EfGk#s_N>@;Yu7_TtJC33k0aKwmRJv
zu!F%evU!3pgK`jRu>#iuU+UhNM^jT;Nz=AKhUQDJ`m+ZwAq{?ut1+~uV;0?j|3V1B
zt!BQxxj;>IRQI8ZCC{HfKPOdRe81Aj+Q}&zN`r`~=-2w?rmo+=jWp+s&CF)Nr9jn5
zx3tAbK$!qub^G@1JAAS4?qwS<c?u<DK}7-Bv;xT`7QlghI(GaUA}l22PzMTi>g?I+
zRwjg%r|0$e?!yie!Ma%Ty?Ib|9=<0pR%7`Rx-63TfU$5&d%U!%2)Ez>UY69uS7zWa
zM(;rlvjv9V`pw%zB}61X?CtK=t>23hp%$ZF!~NX!V+(zY5Hq~YBR@ip_1MG`u*ftj
zWCAHlJw+O}m@YI9hr>}NAn;2F#OIKc-23DJMNBM=RDd!da{YQpCO@Zq00&e9$b>+r
z;bMR<ar$Ne8v5-k!Cp2XLpfESdGV>N>>5~*TI|XUUI8}*7EjIp5t%EAeF34CWi`df
zN8+cgJw4;Hvo8YmG%zu-0vtfK@g3f;iDHl80D~Emlb#e%WJ#ydhpw(~YHM!*xKWAb
zoB&^Hk%KG?;k~dR$S!R5am+~!fzT+@qpqd}Sj7Iq0s#<7EPQ<v;WD83!p$VnR2;Pm
z`mOUrVg<npzyp=-g3JbT2o*Pc|4t7NzkqE{o0zcZO+)m}4dx~$CqDv6pvrfPYNMe&
zL^!ZgpX(ug7GP9eG40~2M2|<jwQr!52j`{P4YX4=;HDPM`PRTMJAF(b-we)OJ$5Y6
zxfS%TGSC5$NCZ$<h5{D=L=eIcgc7JY88QUm8X8D+Qs9;mnJ$o$L&L%V*mfldSCp21
znVsc_%Erqap5Eyr#R*jsl%2SH7vCov<m*sj40tgv4M_!&<gFOW`vbI$EB^{h-rmc0
zvio8R+LiYbCk-TD_z@6OlX9-f$@Nq|K@V3xVFyXeR6ptiq{Dwhg+SB5VF7%C{^ZFs
zR^<qL^FA?=hlPH?zH*C9XztT*T4n9%=&-Fc0^P%?hz-}5mOJ85?u>0pPqV7V9P`t#
zPYSg*)F~YL<5xH&K>Zp7P6)a2Mt{hbP{<EXctFIziivUlEp9?B$1w>71(5PVO6;@}
zHRvw1`#ocUzk4Kte4YtYHQ@Pl3@^E3wruZ+<R5W<y_i;FZ8+cb%m3;bZ!dfd4%-TB
z1LNG>Lk+`a3VGT6@3%L`L2r@c<PR-T#xw#EP=)y;%9s2|=+A;jb#;R+#-e!Ee`MeP
zR8(|LR#p|9Mg_5b0z{;efaxm?$Bq@ruu~d#m1W7kTaiwr+Wa$pC4{C;iIq*9h|_dc
zC^bj>ND<Dkq`l0}3#7vf|D+f>OO0&FZ7J8xA5&?>3=++o2mdXNPZ8^XNJY0ohL`gE
z$C9=)ihKY5ea+OGU)ZL9A11AE*x#%X_f(i?0n!xd?<E9)ckO(Z=AHWH`x%-w({&Q{
z-i<s16hG(J<38r5=wo`131+c6%;17AQ|7|yB1(PTSNw_Ni;CSg=GX;}#+dnIKA>CC
z=@}E8nyXoHUe(J))S0tqF9Q1X*CY@KB^cHjCtNB13E{`<T_-dzq>Ps-Q&kFOlIt)1
zp^s8m4Ex0Sd5p*}V4sRR5!uec&HXqaAYhE}@hg?@%8vQ5ix7Ul-${KRG3ixqDqzn{
zM-7OwME{=4<-}qt+kG+o?w~R?8PS#fe<rM;*)V9Y$EwNt+WIQ>oZ}jyQ6tV`-k<pW
z5R@#t;{ys0ChnSXxe6N}m;a8#&f}~95xr%`vl`;f0)zXC%JHX{alQn1q#t+n5ZXn!
z1dI7YbsQfSCoET3vTobU91&etLwl)(d-<<&#OtcU(qwkMM94yCx!dirQQUb<b-%qI
ziOoex1oAs?N(aXNEBcGY^z=@cZ3qQphyVCzMU~+Bu@8_c=l;Z>wc%>BsYk7ochyO#
zO|szFqHm+j+Gzgeo!}Zw-&;x&GaEd!tU$GM%+&Loo88aEx)`0+lS#jnUf%MJDn5|v
zzoszZA~n3(C-Umy{c6+@a)3!I?p}ynttzxf()wuY;~o6$s);v+<L>cC0QwzSZ$+02
zimPP}*gj0+qe^7g&O{vschnJ3mf{>wI!dbjkEa25jcj+?sfofY5>3!Rz91x_v;d!n
zZbJ0b>#pfva_FkXKhiQOjBuO59nX4nojLHM7PFxYP1`~DX7oR^MzdUy&HHe8*_i2R
zYwi4>XO~ai%pJ_o&IgurmzO!O;QPOS0(c+UVfF@ZbgCIhMt~j;A3ppNHAQfrn_oA}
zb;Llhg3J=z>9D;8au1x}Zs}^eh4rC|f0GJhl`)x_H^){Doa#P1GO6JU1?dNDS-Q%p
zQ2@7t^2Kkv<bc`iOQYBx$jamg@*q!IxdkNx5)_!E(F|4P2oN<X2f7Gax^V`Ap_%+G
z<laV{q@*Nt0X}N-YYMUf2m~Yo3KDZTRj&qd5{l5A2XuZs>P-RY{Fmc_g1v0Fd=(uH
z8QiWK^FHUUEEj4`7V1buCP=W)lUqQfhVn3AD=xJRIvrJjzYhB5nrz*e5M*f3m8&rq
z<L;dRT^~IU<veqMztf6YR~On^vvtupUj-V_``_nu0_6pn)vI2u8k0TZ@V3V$_@)PF
zBdUXKo~BTwLA3?}Tsj3r0jQL)NZ2*mzN|5)LHMiP5>O~~H*|I3sX-40TFlRK9-t=f
z@AB0#r|SG6dpI4``{;s#S5Z;07FSdDu5!8%MX*-Z04x?ngDOYRbv0Q+OoYPb>jZ^`
zp&rH*6ewtZNJ^p)6oN-Ap4ToMdZ~22WoMouD|q!PNZHX-A|fJRK-CMi5RsQx7l;Fl
z$f68=6|H=optNjI>VG&$0Oj_mAM^CLF^*S;ha0j#<o{s@Bl}f&e*iBt&*><@T7c34
z3xH8?-MR%UH7e3uF`*>92A8iN>+m$am(3h+eF&jX-kHGGFZQD!P_+bibo%T*9@b3h
zS^Ao#9(xmhmandy>S^*l?UC%k_oz=A9lgJqE;1&9dzB<$lc9Mowo_9mq1J2hG{gpw
z0w}-GH}gqF0Sv#JI|#xiJYT=~F;J8H;lzBsLfCC!kbZtix3gNleWL^J26YTS>fUF;
zaag~^EPKGV)EO%e^{}7-8kL4dMgZTb0#d$?CD2aGvX=z~U`PnMAjb`OIM^A>vO9uo
zk3jQAxl)0qSqYSH(0-s2g2%xggYd69_|ZTR8XTZ1fsr%jr2&ZYy}2VIBNJ)C0jL4w
z%M^9ksyn>Qzy}_3bkv<gW3hc=eX_w89RD!{Xt03~QweakwuO(+`~M&kbjqwK<Xsw|
z>=mCsw=Ip;yK;sBa)I>&!TD@dbngAB&=Wes`g(e$j%NnN0o@zKw?mOH6}%!PiTKON
z!0^YH3$Ro=ESsMNTm_I34e-7YoG;+Jep_)s)JJEQJ?l-O=)>0z68Av_w6J&%Fbm*E
zWMm}xKR8ld@dJUlpq(iM8i{y~_%ZpvvjBis<~*dK2M68*d8tMCV&KZBA$tYZ!8KW^
z?NyG0a~?tFY@nHdnxbIs2iOddAs7yzBrFB+V!wD4=oUcc_vB-U5`fZw9s`~#tE>C|
z_3QqmoI}fxL0Qw}7rA!r1SykRXGTkCe<v!VJwdjBz8#hIQbA;+KVg+hPN@G1o3{(0
z1U^f5Tjk%n^$nypDsaDX<1VBUqoN;+Ug0Pz3%{DTN~7S}UF8U^yP%9GNFQfgTRN00
z&{2gATW}&xekD*bK<NVCgZ>uPkeEeFLp>3z<U73Zydd~|{i>+B2pSu(4N$z`hXC_|
zVA^i^#z(dnq(bP+f}#eD$Ik9DU0#lz8#Dl+<QEiJ8nQv_Na5Ugy|*w>87kd?R3gj8
zv|p=!jIsC<3q5oXpFVwRRWXwO)|%rmq)~-$|K{f}#N7j52J8nk3+|8WO#w<oC9l(~
zSMniD+-kw27{GDK<Und864a2{fvnFMM{q7ks-U2ORY84++*G7@;9PPKa|{YV8kI^h
zhEZE+u-DMZt;Rqcz@~#hcRsntGKnui*!=dOIF;IDYl95r+1duY1Uihs+Jo(q6qKcy
z!=aV|0fK%^I=!rv)E%HcgL5L{;xCHlsboS*>Klk@Z~_%=+gE-E=ndwAOrK*1y<*Th
z;R#zP8ho)pKElKv_iBPm<qj%X>+25vk%O90s9!QE#aQpPm<iw#f#?G)-)Z$0wx}9o
z%C4G_kPvJ?-Sl*)CV(iKAY=-ib7;Z0ffNvGaYq-%1lkVNmULRD;xbMhPMvp~_<E=}
zRjv!@4(iPX6=;$*kXE~Zkp_~cxGSov*cgW71juD-gKcZF&<!loyOMWr+U*ATF{tUY
zb-lB*wj$Wxw881V3U|)1JxY5qp(}%*9wG*w|J>+$Z;L8lEZk5!g%JpbhjhwAgE}CB
zKC<fI=wH(c3g$y&fagGeoTKVG!-e-*34ORzU~8_JK@f7`s+pq85sIRTADf#I90dzr
z^?<I=m4Zl*L?T6W=JoHd5oHSsV9UxJ&vcc8FaC9_O;=o4KCxKmbiAr!#9_q<n&Le+
zr%s)MwlOH+)E54GQMFib8;}ejYeTAprOa$x6%;HjEj@0cB9VM7RA-lme1{k6F#vqX
zXb_!1R6*blCUl7~0G*!mINd5z>L|kzM7WiSaF$5u0`jKG0)3aDKffF#42_MAtNT$R
z3?8PrV@|ZUh5_Ag`L3}$5g!~Rtx=!z_wg81u)quq7JyOd{()dKG^A_u_;GM)5){x0
zD^v6}H8BpoU!G@8sog2iZc3k^g`k{(M^8*l{7JZojG%dD!9f*(<>k2;p5MO%4Ho>l
zrTWag7mDwv1t8^vQC<Fg*(caF*%5UH_8=OB8$uI74$@7~4Z|3Fy5E%7>$igD>!`|5
z49d{J;EU^rhf;pf1oe^S5_E&o0^b}&!Cpf*ACfH~<8URQKP|_{`}>c>pp8>?aDk~5
zXO4lOsEEi-sN7sJS$3x(D4|UZ-E&AWu!-<NJO3bSHV`urKrt{85Zg(uJ}~D2<plbr
zyvz%~D<h#>%FAp4dYFRk%7M8rUv7$gkOtxnF-6mBQ$bxwALLkQ;?h3PH!GpFxWYnz
zO<MY%_~}D*p`DHx&<LOj1FmC<E;faV2<02rt>E&D%9R_Pw)D`Rkfno_#ekKAatv+#
zR~8%!{jb_BSt8rd@jgikg<skjVv;5Xa1Dw>eE|##o$k|7psc_O0dN%z*&qM8`%oVA
z_HK-f*MdRm9bS-Zb)^xna<%jSjKfUJA?T;VM2?FTCxiJibi-j!A#4EK&9gZZEkwCu
zV!Ng}I5<E8hd758Jv8yD3$ZqYRxAM0y0kgS-lCvN1F(d2tC;cS&!2~-{d{SC)XX+_
z7MvKaC@sBNYhq(-OSN*=z&Th0L4nE%juQ~;pZIHvBd4T5AA#6$ZonS~7K#H|*E%5J
zgMlDhK;F((4KCJZO9|+lPf4{LHxp#b0+El}_mJCKA>f`6d8XMDDw|dl?`4DV2uL84
zU!ff(-jgo<3yal|Ph%=@#QOw{6`-N(0iy-cQwQB=z%?L;D}mfcR|zVmt}11`-LmXl
z4Nc3}BM{;W%B$djkp4kOFl+X<h*@1Ds1ANUC%dI9ig-zM7nJKes^_@#TuF-s+7ttx
zDIU^l^<#Ws&V9VGod*kpb#-AZYX3o=>XH&+x&dfZ($$eSwpxVV+<{aJNC>Dsh)4tC
z$NJWwz1iYFnHG!qP%tkI9%^3+<s7_Ohbb&HGzdlPBV6$Tj$-g<vZP9nC4?$5h1551
z0Zci_iUP^`TppM-oq1k(0iVkNjQ9i;1E@?X>X!`ExFg$PstC}HNg6U5N(Z<R721)0
z-p*2x;$#f8ThUKuVqi$0mo769%=5sx-GIK;aneO<d(%ggNnE8&AJnt|bQ!=IKrxY@
zc3F0rmdDx7r{WHAm&+qKh}h<Y!<_{M<3GIG5IOU8^NJaWh6eomMuicktK^9BjEszj
zvp?8D$30|#Y+vp8vS=P$JP+ChWU1pTB!4XC{5K}vz;BC<l8vbKG>pG`<Khd__b1D>
zV{>LZxatvtU(6ULMhw`PZqqoMY;sBku(fozVSlH<{sTcf!#fq_BiD3wk1d%lyYDuI
zoGGz;L_tB_|1syWVz%CtOU6pB#w_Yr_%AmX&(HVP5;pvT9hM0@+uOfVVyR8Tb4v*R
zI-xp?;~Kp0laef<lM2AQ>=DWUbmB2@Y_?t@p!i^A;h5hkRp}$cKE4&H0c11@<rL6s
zqn5mja`qzitTWne$BYbf_qlR{dW+sT$KYV{qJPIPFb|-hiT8&nT<Nt12U!Zn6la63
zP7He*<8R*Q>|KH1kaW7@TY_p#SPWmnaZdE2=k;Itn^U|HvDNMf!XWaK&M_*5rS~@P
zo_szZv>1eY{@944t|cRw7DP2rZb74hF)o!saY&NGfC9j;TOxW<ElkLQg2Qo*QApsf
zAmsEfdhH7exkz5q)omA7gUtl2l*~16W?n*I`b0UmyemD**}LQ+4V3C$_K!M|d2aU#
zba1kQ#gtsrpxo>(1-e_=+1U@Jo=y>VbsJ-nk!mv6Nek<1>|jBU-=At+385I0>^VP4
z%8ax`w0nhj3PKBOenJ+&-=~8c?1{3`O!txcKrMqT<eJ}<W1rQT2#MXeaY|5p1ycZ|
zEaO&K5b<5q?F+Vd7W;VSJ)~Pch$4$Kn~g@&643UQP`V8MPLxbuR}-_<&@R$*HI<w_
zF-ve=#|*bk;UD%I7wH}K@`X^mo%I~j1m~^h46o(yIGc)7-R*0^=?Fq!xgZp(ewKRR
z4e+xj3BU(S5PPj%m@r~JH;cK{`kpFf4^D3?Xw{x#bY$9|qCa^fN>!=d4OxaL;XV#s
z@2W-5LN{)-tTKYPr?*#BMy3l2;+Ru{cD@o+6~GCghyuL?umquaC@SwU;8QbS;PpVv
zSBbKad|-Zbz_x$Z7wQI#AF)4!F*X=(12zwXXz}s!P^>`a2W|=F+17KCNqIXeiI$cY
zCR2b}h$gC*Ug!pT1Y6s<2GmWY#MRF3NZ(pe2oGcx21driI5AKQVeAHQGLW*vPq!h}
z{WtRmuno%5@U;%}L^GiT&`Mj&1pyVpgc(pSz+@v1dYjB_V1ZQa>SGb~e|-8y<Wjjs
zq~1Na%OS8)97gMt%-}2U)cBMoxrYy0HwG391dRr_X%GzF?d}jxhAaJYJSr(7^32*$
zVZ$A$h>KJ=;9MZ)(3Aq8@&*2YeA-nGTRH62!}PJ;@*15B`JXWoI}3>k^48^qt`;Xw
zkcb(6uK`U1NgO&~&|U-53*PtU%?Z#lLEy9iC3;{$%d*U%^Z@N~ab|)(CTGwNWRLf$
zsnijyVfJlMM}hwUt_Pk6bcH%>1!(boN{Th;!_Yg2`8W`%p|MQf-3gYsLe;r^q{o<9
zB!$kEn#MHcDasdE)N;kUyHjwBUzj4`*W26M(;YPciwRhe{|&*WQL)t_-U*lYkSt)w
z0V@K~d+5!Id{PCV=aY?k?jR&N4^yTp)iuJc!$A|KNLmi$nJ+Mu2LndGyvg)tpl=pf
zJ9FP`_EZHxx4i}ifsF@bH9b9@Zd41s(*AzU{&&BZg=+xkiJ$7T5`ED+k?vc8P0fKB
zx1P?df!Vs0M*zZr57V=usRWolB*-El(SJ_@Jhk+BMO*8ge{z<s|HE4HKeUQlDpOl?
zo`GNo_)sbi1`mUq+){C_v;7(8@~kTiBib$d#Y7Ui4z*~bJ)yD%%f;;$EmJ=ftpTbi
z#TGZu-+__eL{;D(!4m|(Mo?8+N+m}Z@};DuBcO2l7#kP>)jC}N30N^qz10<009>$3
zdiCnn!Cex_0MP7*$qSgpG8%+dbD05ySHcJkB|LicsO8@p>?+_9s8>));bNd*!&PU+
zKbjdCf!IL>LyK6_jnwKL9%gEw#;TPGcCE<@8|1?nW%N`(V7s$|e*SB6{1hTp)hn|u
z3<^VB`jI9%Qor&w%^c+Z;4ed%e=rX9a3CBT-$7}j!1Nao+?H`vVDhO!@!+#EeubqF
zNrFN`hi`R}Zy3dgKt*F~TX#yt35V_jcAmHC=<wu`q26)r>uN`PD+qyGC~wY7wq1j^
z;vx*eR2*fz6Nz-dFjl==^LE3ZiP~vhJA<J=0`%ANF`j*^xTpxszSkAyau~#543%|<
z!klXw&u*!`_D_C9*gUv?#)Uv0L%yPXh&q-t!LC-Yt1Q#lx8ZF#H%+UD)Q77pg#K<w
zxQ_d%!<a~Yio<47AjbxGb=h1cWxMgY=Tt9e;KOzAia9xUB;j;((f#F0#|AGd{gyqO
z`ZAr)+gZC|gs{vOC?WBu39}~KcWdx-x`l_caAQxZdws`nwG39~>C>svAD9$^4Fx&n
z3Ys)ry+1WQy~gy;m;X#}X{!0|b;b3+^3<;;@0MO<Z680x$o!TnCiCpgV(sc(BNx~K
zy<q*y%t2M2dAzEivrPVuxx*VYCDq;A>jskpfGUB}P>CbRE#gn8=?7+O2Vst_*}5CT
z3i|flJw1nZw?Q_gCRIj8YWLz{mu$Y!-kjEgEa=q<A~*u}Nj2t!lxq--P>V@ObmSs-
z?I4!i-Q7RP`o87fomBy<%E!kS^z_}{TH1Quu+-60Xxc#bgDxr&M17cM2R(3gp`uS)
zkc|jZ#1+sEKn+vN`JZbt$9H*>*Q#6Bs#Djh$q!f#wTf63N>WYx^6XL*^`!;yX}HPW
z06{^)q%Rk^rF|vjbWj<@)#~S?FYi5|rGH&XdLBQ0jvbY{S3G6{g^SwJfzB|DR@zk>
z1+28tg1QS+s&&OvQoUKy-qatV!_&=q|E~5Ct8#qAaTt0*)TuA(r~tq@n3aWbUYJ;3
zTkR4CCK@&+r66;5@2aw=j`6!(c`=!e82ADCwZy)aUYTX85KEOAq&R0n*v<Yx^HhOb
z`N;na5>hunSqtDaXsR$}L7k!o8NtTUF$!`y^idTHhv?a=sCz~2Z#=JBSv&9$D8H^Q
zn7Cj3s%`RxV^#m{c~jW$`BPu^rY{Aen5hksJ^wh%^8DPn@0u0VKihg;a@)HjGDjW4
zYjlPAc>a4eptIasVegZotl|G1%6pr>H!sN}Q7Obf?j%Ef@dM0bRrg@ie|A#};sPoE
zT|T1x-}c<Vju_wa&fu+aLhfKkAB*pD8kcs>Z!RtYe!o-|0Kw$q0)cqzr@a2MT?j4>
zT4KMCwBzP;p5@)aTjYA=_MJPU@?28<0uhS*ESB*6pl_6dJki#65M~QN%Hl+gd|&%-
zQZQyDM*;72*G!8=M;D}5JoJtK%L?}sgg{|HMV~$JrOJ`mqd~Qs<(WCtShwnKZ?tY-
z@*z2-`Xton*w|QT+P<guwtyi(vlp^YUV&iVURVrwF3I!|FY647gRTb?;4sAmzyT0X
zMg~ybmwU}72(lX5q^wzAuHt#-J#tB%=^^!CNyi|}0{%Tn1KD)H=!C)E5-!y*r`vKI
zPQ_ijaicSgJMg7l61<6l^93|UoiCuy^W7J2RFY2VaOE^?q_&{w$_|X_Yp%=2fO?ZP
z@CQ5&nr2<X&8nbx4A{a5oq>VD9~h6h1`-p%7;!b2=v46}?>YVCi6b-o<M)R&v{)Q4
zph!Vk0o@mH5vXc#I*7wC5wxfD4~VP%{=4T~3z`JEb%!KA7^i^2IUtB&A<$F-Yd}oF
zM27J059&P4)|;iD=c&u%;pzp??OWS>$)xiVf_OJ4C&$3ha39EJK={Ax39*k+j5qr9
zuBvxe)z;Z-FV^r2u$+_*qqmTkKYj7k+g}Kc(@a|~#XX53Lg+%is>L@9g|BjsMKh`R
z<{WRDzeaWWOFjQPXsezJN-!rPkW*I|FUtfW!x`pPA2nYWGa100-(J^)d7#$xw5r2c
z%<*5&{X2(H4@ym9T3&QGtMd{k2gLi1g@vDD=14mzDZqx6Hk~f%{aIrodQFZl|6zT)
zfJ?*inXbNU;@1iB_L@ztwBqBFTvx9<=p{?UABd(k9tvwcAbv<ONl~a+OI7x#Q;nj-
z6Q;_LG)EX!>@jYtP6<nv`{LQ+CMSr>dg8Am!<e977k~>$S^kh8w21$z6r`~nUU8*p
zuxw&MJB-`Re&v#L5uRfDX${-Zk9xd$k)Q86Gf!M;ae6*|XhHft{q(a_-wQe^o52^!
zQ{nVGs}_L-pNPj{mR9ElB9A4fnK<KrwM$dhqS)Bu)yQ*?*I54EvOv}8Nz{I}6iphq
zVe)d6uyz$a_0uG5D85H{`Tp@=e-WFD3&4BvWA3_j(P6m-#%wJ6T;#qceJ$ZuUyVT|
zV!mHET2>^xereo`F(mnNC1-E9XHEHUi~L1V{fZl6SR1#p$SJ=7dt?xDMLRwLWvS$G
z$h6T=VfU<LJCdRu@0?n^iflHYF@K5-N8C%05@oT-M0C5{yTCmpCCV|qb@SlJdz&3&
z+hI}{<?}c1ULE2pYG*4qt*7D=`}vQT^CE(#pcCC^Emhk;L-Bc<i12^Js{9;DzOwr_
zQ`>OV&H+6|@p}?Q@u~ZcAUaSE9BQ{mO=Bsa+X#Kvx6tONCnLk&5}Kbp_i-3+82B4?
zMU9d1HvdPRs(*v`bXnN0NF>Bd^F9)wY$doE>ld?FCf7P@j@s>8F*7w2BO;Kc-8-?K
z-8wJxibdZ3AQnBkERQ_b5?OD_kQ=o@>A6CmM4x3B+zgLtK9c+grJqb%@rym$Wjdbh
zG-bee8$FGnSVbeYzS5kye8uSr3|C%Sjwcqbc{Y*C<jF(M45QkYb*>+}^<e9#!G~dX
zTH<e{(O=3_|0rD81yV1bL0k3r4cR{>y=Y<#qDUlOY-?H$Pb;m?m$`~Jy+$TkMZs_*
zeIHBfLQiPbrd50V$}=1Eqve|~DAQ}ZvIx$x@<&(rNgh@0=)h9N!BrREXO6uuhHab@
zc2euEeYQbQ2aH&`ocoH{8QNd_UY)1-+B*pj)$v`gHio#YTPOG;EX<zrbt;b86iu(R
zs3s$}@$~3l-B)*tbY-O<JYmBUOTXe<=qOXU%km#cWfOFi*@U$K>#Ck+O6hm^`pJc^
z(=l@n?X3dUoaFUO7fnnjxEtQ$V7~`93>>BTZ^{>2jLsy;phD&f?n)HAiMAzezF~<i
zltfODA|L3I!_2?Gp}(&>TwH!6>QS&($99!OzxNn_?ThI1*-H2q{{Mn93!X7+`#Q;X
z=%;qcuDF8Bj+?w}tWBnDaSDa{E^43E)v}_qOcpyEBUw^iqg6pnlTXHtWcZ&6A`QE|
z(>SZT(lNxQuUE&+;!W4J;q$1VeMi!W^qBkpT6^ndmP5sYiKJzOk%iQw6%Dh_F)xL$
zmF1n3?KHL<vK$l5{ued)GV$4u?8vLCQ3!<TbY$O0DWi9~cuds(wpIc51Q`-BjFpk?
zyiaQN#pZ8?5nn^5h1^+Vr-F_3^I0rq{9yggg(|<)P_Y3uw>%sZ#O|A}zx)nqdY21Z
z^SXFt)%I0$<FHj(lbA6=E-ERfiy$;~L`6rw8F82IleVNOq_pp7q}~iS*$vUrhdWV|
z8n!sjaEgrf(4F{~)XC)hc^JVm;hlQ-TKrM`Ke4;yF_|YOCbKRdIpQhg>I@wN>l}ww
zaK}3+Pm_eJM<SBw<3d~QyJljiTn)eQr`l>*YwFOT#(saay)oXid32SjqYCHOU(R_x
z)Xlt5@0c17_s{^Vt#SEOzq;09%?G1dk#TOz1>6N1Tta=oj%9G`ffHo%(Wh3(CMmld
zd;D(KF>RhGVMOxbhoAcXEH}TMN_+bF`Ep7Te*WZLZHqW_u1Gxh_*GY@{8si)EJtpU
zr?5_SRVo4nc+#DBEw9S1Up{g3IkCLGUd*v>vqvDiVQ2F0#?M2_F-1GonF)wVQeL!h
zRdkMkRpx2O!R(<%f_ImzMdhO@{^N06Niw$^r%Hc#_}J;c3s|r@*U<1|`u5P|eU$dX
zzr=bk&z?#1=GqQh={6+ZL3(Qi>3P1hxhtWj{HJxXeTC%XQkgU7IfrV^D)_4%nC%iH
zN>hApR!)^(VxKV&C{ELO)ls#+wcPWWsDd^8_{$al@y<D~Jb%L)($A;AFVl?wVv_S8
z@42VDa@rC@|Aap5=n0d-=}9+s92b(!{%jZ_2cy&~(8^5j^(uPNqMobv{cS;ywdP)J
zOpB`=<8<q~O&~O2?C7^ck*6Z>rZl}!=v+0h8~@<-IwDW$f`D3A>*r~7>*Ae#CbC@0
zyVwmUE@N^dyG9)?V?;z|y2I*~pNmaRrV!CD_b*1@!u+lqd-UtK#Pu$oPgtx=jt_}J
zZ6d)-<&^4N08TN=JJ*=7-Y~f4I9{WPYoDOoS^dFmox4K0QO+s6Wv#CNE_v~Rp!XQv
zv&?510xcw^v^k&Q=*W(q2=UPmO_McTN#}<?E_SbdX+mQUF9$D@Nw~Y?{`eOFab^=P
zA8S3w$w+IwO*GyLQRGp~=&wULT{-}d^!mHem`!c1XY*sTD<ePEV#ptbP9}RlGktov
znNTKQ+~d6!E2(E_JL>EDoj5IoTxn&ki|#@aO+roWjzq{PpZ~;sjfL%uL}hP}Ib-DA
zsM6w<i2&L)F2y#T{4UFOEB+i>M?Hb72~MbsXMb4<1Rb9Y_cW)}!8^D)cJS6GKt6!g
zhv7wBW=5<7lPe4%z(l>4E~_cJ+SGtkb?%kbEt6scl0#F4HA+s7UGd`gH_vyliwd%V
zb(t&JrhZgHYS+q``*ku=66fn**VA#jV$KJOd=zpk>PDbnR%`PX$tiFx@#ocBv6egc
zLd0(m9%k25V+(9D+TGH8r@?UB2d9`)U3`7S;qNfzX^CAO32`Y&@cK#8@8=fVQ<7Lx
zekK26RZEkDlmWwqR4z$emUBs;Bo9}JXQUzN`@?0dB>moON8n~f8c5gh>Jhw`_uqS@
z9}q~G2;CaR$*aH|M^&}{nKz|5EBG=FY~znV&O*P4DUaVWd3?zKC(f=XtW{ZHP}Pey
ziNb&FKN09?j%7<L^U(=?D@|EFs?4kv=S=?ewY#A64W6UEoF_B%9>%S<X>>ZJ%ky4U
zuRfwVjPmbL!pW{>*Gk#2sX7K;dQM@kY{dEH9j~~EyZ|@-SJVQMz$O!5BirF){t_$q
zb~2@t4=bxbHAO-A6V6(r;<&xY#uL*YWN@#X(oY--IymT}r1taP=JzUIlqqcynkz=%
z>?}s6{H>$mud=I8u8x>>%2$0h>-l~mGHYO=|5opDUY_H;H-lym*FAUgU@Y0$h}>QE
z*R4c8EI24~jOP4QVDH?m{j-`S^SVRJ<fX=D^IXjD+0{T|K{vOsy_CrraZViZw@G+_
z?nE;Cg%<}LWye|DT(hpnzo6}P%IdD~Bn<QO4R}PoxYY5;(f`Qstr}LQy1*S~#vqrH
z_xSO!_NS7S^CKT@gjnc#WACykTYvxuZ($V_fRF|{7>tpE@H99F9Se`$&7wn+nIq5s
zcNU=Gth~&^^poWo;%2wd1LMkMf%xQ-1Rv`;-6r|9ore0SsSb}4{2o|eIb)HxQ6awN
zeiNM{<1<ke;l~nc{NX3B&tfBINzuC_p^FDoL=z)!^XP_^e{Z>qa18Gv&HRjPkR_aU
zAMy0?_&s(l+Ec!lDP~thqY4o!7_Kw5+u<0yHTp6JD<3yA&rTm;6BDD}9EA&g8bBO8
zZ5Bo<dvGO5t9^;gIP@J&9E)^ksXU*Zr0686j{JL>1(im-z5J`|#8PH{ieZ!A1i|O&
zoNl~#toX4gMvZqGOk5Wq?wlX8L7YG@j;URxBP1u&vsfGE4A?@0+C@6$&RZ&lX=gWY
zn{c5{OAB^E*9A-!uC!lQce(zitN6?xm5!&R(fh`vjx%;-BD?X*=$F%3_bNKLO}3?*
zx3-0^HG6Vd9b%E0y{_p=b|JD9IbR~~XpojYe2tgCUO6Ejo~RQ=aS`Z=WRKjE74VNy
znT?b_QqRIkuak5b)6RF)F3!p>A}x?;UZF>n(0OuBh9+gB=YGR=%Hd1D)baPzww2|F
zJUNvQMiN->z8%Ic{Uy30nhENu6d!@Egw*ICGY^P!xmnyhl}Q7CE2BzcB?3b>{u%!2
z5_nke*E7%lzNfjxSuHo*H!$M)L&BJ^!dFvQFaIQSpQ!{N*X_b|yL9O<A_f{}lk3}e
zNvY^E-KI9%g$heV<cel}{>=dq1|8k@3738c3CKvvJ-2z872>T~rvLp^E7EJ7cH`+<
zeOi5cV7>MTqU7p3qVwZ&&gHe0tk```SexkwXC4!)ACs@HJ;Ak19d17~n_jrCw4Fb+
z8sNE2cv*9jv~Uv1q{}uRzoeh5_dQ@b`EIY-W&H571PamMMefe1(kOQWuX;(zntMrL
zN`erDCy#zOSfBPtk7$Mut$bKm?N7nxfPdx#+_O1|VRwT0>y@$(1#KE!N5wp|+nk%@
ztjjU&>?-mBBjNk<-UeCBny8xpP20tnh*tWsIWU&)+;o2SH+={jtrkStX)O6MwK%hU
zb{8YXQr0<VQEDuVKeJ4tHTytDDxkldYWPj5G(@pGUi=qT8k>B<lz7!4nunKhZ2lJ8
z3z?Z5ZSK7n%mbUbOVE*-{OjxMA|OCPyID?7u4c>$rruxxxMF0f{(3~tL|$;Sr)&f&
zcU6pnWh*he9Jqix!x7*<VLg7YDQuxM<GVz^fTr-Z5z)?O<b*yk<T2%1T`_)fggvoO
zcr;u8{OG5(WZfpxPVxuC;+1KQOIu8cU!9avluEa|Cu(~K@x6oLe%#4)fngSQ4z;}L
zl^emN^(ph2>gKIvP6wH<GWzPP+pBl~`AwNMD^1+ubnwI{q(%I|{ChaR^ZDWDLWzi|
z^Vo(}=E(fWZ~S=?N0Y4c5{A=;yPTiSn6LGv?Oam2C<zNA+^D$jnP3*~BF0-YcaP<g
z<oIM!96EjA%M9JQxnp^(u9!wr>my`BNgy7vdZ1Aw7|&O?jq?6mb7&$EpYeQB#d_bx
zyD$y%s2W3kApqLV3=9kgo+o9brQwZ>X?P(83<r9d^AmyZU&MBunpPEqbjmstC>TC$
zqxSZ<zCN^9qMG^bk{MsWSus*iE9IzT3s>mLlcd#(<}YHV8s&NhxjNmi1+r`2C*6`<
zD!J^v@7JnY;6xnDgH8d;3hg8*Wm!$3fP0NMam>(?r}5?!tJlJEWb0^xY)D`1pJgth
zF{$SOGQ_CjyIWx5m|yBz{?Wfr>b>!-M<nmP{d0-&FfoeTZYu0H!tx}B@I4^E{9c*i
zOiIz^f(?PbW8`zl-4zW{4lXOfYc0ZZJMOYWc&Q4Rgv&pVnsf?Ryf<&E7rwLA<S}Jm
z;*{*>-lZV)Sh(zsakjANS93WM+Bbtj`?BT{>F0njUXqW(Tx%a++kHCES~EfUs`AA1
zO|5HbM1thl*FFZak+Cs!jzGmS5n>0W&_jA|d0FKxFAQ-E*p5~|KW}oift2OH`?v5k
zVl9dnIsfDgsX~}{Yc!8?Ag%C}r+C(Wwb^5vs}EF~+t|b8BTdW1*iKC(U`e`xYm3<Q
zkx#*&H0|FhO}yAqRTJ~E%lYD+vq}oNz(f8%AQFfoAfK`P(>*<Xe*AS9#dSdg&rTpq
zb%p3MRxjXsqN<5ISfYwxu5d<ygn&_0Xdu#N;Lys5b-=_jLQaq;WA1c)<$0qAS!38v
z>@X#PICvmU`K{Gv_0qI?3h@|u7efhEyb#kjotqJ^y1J{h-|AF3YgDB1by=@dYLfC*
zR}#(_LZTl@*<U|I?-(eF7^WOxSfE_#{%GS{hr2v(fQ&?LZzE<VJ6MLtZtglY@+#C^
za>_?nSa85BXh8w!PSE`N^g|kkXVeClFqPrUxbjX?WtIiYkwAR5Be{3kv2@EMxY>vI
zRUi41f>YaER{O~Vr_`?ohB<r7c9^Gbxzmsq&NO$Iq;9kS{cfk(V&Ogb&rzW%Cit()
zfMQO|vO4R_Ek{x%>VlF}>89yV){Y7K(iFo<L<;3>AbAV%P*%FTnytADi=5_mb6OO?
zBU=8cf5x%J(S2+J0{t4ca3THFX~uT-+!9vZc&SR4AW3QNDQ8vk#ea3Z2;`dis<8Sl
zeWEtK$V;gMTMN~C_V;VtO$ypbx8u?%zu2^z{VHR>tH>uYSan9{U~050wa{{(*w~02
z3uq!Dnj(%6T~#(SA_*aO{`I-oY>0n5JnQuRdf(9UWhcVdTmRzsE7#PS!Q1Bhjz^h|
z-7qK|${VuRW5Wmb@|ktz-y!`iD}3IH*jc_DxD@lY+j(f~s7foRt+%$_*J|O;h6<_u
zM(-1&E(gw3BEQ<ZMrvnuQ#N{?-xkgkFGW0=Wl&N%6%&0fTn6=Ynshsa@K%@nbDSnv
zav;drJmA%VMHMMeJchJwObN}@dn_v7qMzIRy>_FzWhvx#cxg%81xH%^h*Iq<+Qft6
zm4^fU-{bt#CJG;zPpxh<G<&S-4+}184i=DhDw>t6KI}`T6*$Dmw^=SJ;a0+A>XRlM
zy<K`=Gk;EUc-ioF$L+MWYwC|X48}-|6yg}=jzXbpo;8Bf7gFNpHI-6`Yt%Zopyu*<
zqfCY*aByP0Zu;g4GVgKm107E&O9~ebAia>Udtav@iK`OLyLzGC)di%HPMXf34y12&
z_$T?^rg34B<Q;)0op$5_B*kCfyZN+<DUI&cYd->?aVKwy=~u*jeVUbV#$@zUroLzD
z+{T~JV_Q2O8dfixrSQ1-n5Hl4PQet?ObI@XRp!p&JOOd~nzI&x9we0;qkhMgnd`^6
zbzsuQ@ifc)G0uqK$MtD5ArrzYJC&5Ls~v{|199BXG6S7)75gjCr{J{$J^IpY_<wqr
zFq!+LA?k&{#Hb&1vOo1&@UHj<9R*j5Xf63*V&(7u2K#geyIL<HIqUga$Ckwvv!Arp
z#<T|iO9$2wrHPCj5U9<GhFh`4f-}@1Z=<3~7pYI>k}zCVAeEwSMcn+ARByV^UcbLX
ztkuj!C<I;nZmR^h`oU1(+IY@tOyI-!+^3eae|;*gt-otpm~kK?b5fs^p;~<<JIj0$
zg$h(+F>AW-wBCR#kQP>F9qtz2O5<W0Wc`0UeRn+7@Be;jOOa$WP>B;l2$?OF%6f-v
z*?VMfNeD?1LMW0l<7Dq7l~si75JL8z{jOJiKR=K6AKv1e*SYWexv%TG-*!zlyx|fm
zq|o{(#KBdyYh;dcSK`L(z!zK>#4T6fm$D2cGq32F&b_yuOWH1cHuQxUKS>LJJZP~e
z{(4^n%l1AMiCO>UkEcGrxDxX%M%n)SB^8TBI*zreTb?7|BbR!gHv}|_IDM*n>ZTT|
zV6bD3U6O8TWO?rEWhtTNPkOg}T@$aI&-Br&KF;-C;^g{lX<2!X<ZSD&9dBW>+}raa
z*<=8a$EXS<HD%>ThD>S^kJvsfXD$_ttaQxppjmjeYArAAl2Bde<&k-&Gj&pb+nw3F
zN(QD<66-oYoU5Cjs!GUY7YA$H;%7e8yYqZ}|IHe<l-U5<oOg#<H*UJMO_r*iLfFf*
zZ+yGg!WVhl7lu+j+RnahzYSA%?P|U}Iov(8n7YmD;j@09m}hslUHz6gX&)c+>QYuq
z?4f%hGh7X8M|#FxB5p+J7$&|A)^Iqv=TI+sQ+%(&D4X0KHc9(;^{hIgv#qBa3*)7t
zSLg+zP778(t7(0g>>4*v5NCWj|LDRp-<IB70sV7as(=go6`YoC5*$tZ?==VwlS}U3
z$L8e^UW?Y5uo2n5nSvB(tFh@@N9=P!L$3WPM|#ORf7VjfgU?w;7Pg#;VCxjh+fFxr
zXMx%R8*MK7(|rG~I@S>t1*_aQ?F+yB<T6yAO_$V$-i>{B^meOfKhu@o!ID44J+JTU
zrJFv?G$UnS_~}s+Z>}Eep3a)FRP@^_b|qwW=}c~PVq=;f<5oD%a;9>gpu6R<Y@w=7
z54dYk2?5)toyp)|35^dtotDwpTAo0s<%K=V_hPf;s=S*#`Xv&4-L5`5?Cw+aRO$iu
zr@OHg9X1!<t$loc<$Vc@r-nVrv2Q%YdWl2aosFioc=Gbzox_{Y(%`?l)N_x#6D}`N
z-eKK-hgH1&!bL^m$D7YCD#YhM=vxuqtEr)P>EDl>ZMtkPDn<-Yr)QF6Xaf_(-}vTj
z`S&WRR-%a}jD9&DqVWwtenUP&CKL>Rq~8GD58Ee<7JlUZzqfd1#i<}jwJD~~4`6f*
z{xH;gmcqH)-v@+4?i%P7pyh#~6CitEErg`sknmXB?@VsUrl>lwYY_hiHa$rAJev7X
z>nR_afjj`JB48GB^YVtr#*Q7_4cVkRqnQUK8~#4p=H9TSS0a-ULS%?4<ftd5rUn6J
z<u1w6Y_>0?x^jL#xB0w6(_68YlhXe_Wj@);G&mt+6uF$JsOS^u1oTg#^ujr@u(SmD
zLXl2-bKu|A+D`pO<1<OSBd={}rq{7Zk#0*_k9>h<Zp+DT>)LFI)~%U;CB*<)T6CAR
z$kiBa(|E1)rp@Bj$fZA5K)~_Sy_wfxJ#5^$6Yz9Eaad^<zqhh?YCyWD&M2#6%(<l7
z%|m2ipKKE;vZlP*Y*+9_V%e(u3kD`k8Mj8i)N+z{@yhWB3p^zy&s~0r4TIlMwyv=F
zH9j+;7(gjCd0HL3GEJkyX<SstLkcr6*h}j!yJOQdVKH;@mFfQfDIEcIGMcE8s<lwC
zuv4}vALtm*viO!36=3Rtk_HzC*boeEONI}m>M~+NhIY@bqArZJwHG!tI>Z7{QD>wN
zF{3L<?-myqWm$?`60<wT^4zBYAO_c_*T%i)nsvI$`A{|t0f9L=C}Q)&oBE8PtiFdw
zED*wgP4BLb9c~7VP?2sRf~64)m)iW$aA{>X=l)>7xi^KNd4g^ORG!9i0d*qY2VxEc
zBEHKC=zbiDGpyzKI^op=svi1Np=^ra@A#g3o0FqUZUd|s5KsICunvF6jvr+`yk?3;
zW9v0UOL3UM3qsYCH#<ii2G|W8AqIPS_OkSpTfmki(FcKNj@ez>iZO8Y`uaYAgPNO<
zj!DjTd@jzs96Fn|PzvQ5kV=roa_rw%Qs=Aj)Kx`!Ut~=c9z`yBFOEfydewj}w8Xx5
zb>(E=FU;r(=r1+QEL#@^ZiW{ObwD?!F#@0Y877Yj=p(iOC{SgLk^-@_Ds3$J%Qmnk
z|4Q9p=FvIP%;IUvj*bp=0tz$-K~ybo?rFvw5xNloqyRPdrnFQJL;~c9Fu=sGZ|(?J
z^5GN`F-{GP5)G!0TsJbnwygr^0$hNWiQF~|^|QVmW2IJtCd?shGWnW35s{GueHmQX
z=P(&O%}Z1K)Icql!b>KU;90?9fo;MFH-}uJ%B@FkvnlEV$p|LaX3=L`FuwA;YJ8l>
zYxa`YdqO6HAaxcN7JhMvwJm^_lnSdRXE=b|ku}o5fkHpVM&wP$m`OA!11cXn`KU&p
zTanuy8b;mFcG(i&K!E09<t;9jLNS*^?=}s;?KZbLC7^@su9YxUILL|Oncdo%ksR^v
zv|6noOrg3MmB4v_rNpUOVCy?JW{Dv`xJk|>+M_dd$Br1$r)y^>ri`4}#zLKdBPd+9
zBwMV_3moG2F-N$W-Tsw@abu1}4$PT#R98YT{3TD>YvpAKD=UL80(i$^8Cnnmy1TVO
z*b<5f#t{Iim|(KT)E$wb?X~&7UnFJ%AP4URQfmoI?Lza?%uri<yPm!MWBd_TlK)0)
z#8H7v>zNXb)Mlt<Je6>Zz>>o2d=VUbuq$xf32gGdAl__1sv^r)4PD*bzzJ(9?<js*
zD|NunyJ@)Cicb<KW{k2eBzg#W2nz2F8-P9oDdcNgTR@i;2P0JiiE_^MkZco{7an1B
z$)r27*NnEpJwB?<bVltayH4#;@Y1><`TgJufaL#Wwt|_5qXo%=P`1$qqrMMgj*wia
z1ot(lY53<<HA`OidB>tyU^u}G!@m_3)qupjV>87O1-jcYRCIMQQ7I{)ci0ZrGG%BM
z+^I7no3Ve+u7&zwY;0_KGk5(Ol<|P?YqN*|KM>gFP_{i(TfqS<UKuX}a|0R<hYlUG
zx3~Y&+*}2L2COZ94_vhniTNj|{(~UI+?)e2hwvdA0D=GS_1)_JvrU3Pg?waL?`8Q9
zKDJ{_v(P@EXDPPlFwOSK*(UiJLU}|z{R12gs4{?yqXdOci@uSOA3$-0Bmt1%UX$Cr
z%IoWQmz0#?Od-OQ7uXGb@9us{CWiqpo}HCdfyY5?I^XJm0X<MtU<Du|5E2H4Th5>-
z4!$&GV$Nx397vXn#i{z*(qh!bSofN&m-P{g1iah3{;A3D`XP!ukuC$_Hzr+6;Gw4Q
zfc*<A6Js*#jG(B1({|$q15jjd-@fGo@dWJNdlwT4un`V1m_xsQ|9+92>`$1mgoLb@
zmlV8JT4p9tsWPCzsHbORM}SGd=Y&%P(}_?Z2u%3W(((bo9Qcjm*+v4_2{+du^+$X|
zX36~i6DLl9^>=Ijw;Ir%Fac0boXS?T?o_a1CkXSYtCPj)gK$EBUsVtR*bBJuB%VMc
z?tuaGF<uB|BgpKdnPm^E`*lGfgAH}NO-R6rFhPCs6G!}uq@)4n_~4>MC?|}Hf@cJx
z0RY?p-{V6OqC^N?fTj?1eGtsy(|IC;6iC?FUT9wQ;RV>Du3=}>3_0;cEglnVKDufV
zp9X9R9Rb)3&i#OG8|SfzI-{iz!ll3!;gJYMxm8aoLKVPImnQh)X=n-{_<*l8`EDn#
zs!tUnoVfykm8x1=RaSZAzg&p{NS^4~*w7Sp$w3Pbi2kZEM-89WOLYhzY3BMsl><2m
z=_%}`o|99g&o*j+3Ze92=;3ilE#kD}Z$`KI-&tErv5{cT0WNQ9YMOP&-R@0%%>cm_
z0!)t}B+bt|YJ1EnL-Y#JPHZJWDA;7sKj2J|4FKZUFjP4@2h#_Cx1!gEAaYPu{($xa
z9NYXvPeV%!J>l};@WoetlRswH0zK=pHrEQ~5@s3Xl9D<cUL-9zH`|csq-K_00qIar
zkD`*#c`T<j&ASo*{%d^vWl>QKOaKv`33S8E%!$I=D$dSbCJZGp^$_XuW0S!#Buwb~
zYo!foUjq_INM?RJu6W#_N6UtI5-i42y;JFVappXpXD}^5Oz{vlBG*9nj4*5mSWr!^
zf{zL(*91%PGUAl1zJtTQ<fed>l+8ZCy9+|_4Uc@Zh99vI;n~&I6+|qMJOQe7Ug&a)
z0=gY`3P#<V{QQrIB|bF+eZcUv%zl6x5Mn#P%e|HUFlX}1qYU))_~VxIeFKq%Ru&pe
za5L%YCq%`>07eE3>dV)!6>vp3fduXjY$N;%A@7iv$ACBk?Mf&Uz`5_C^qpK;Be;Hu
z4a>`-d-v|ev7doN6o@xqu>+L@gT|7TT5qa?(gQ>ykST#RV+Unb>>&_<uz~sUE<)~y
zIKt530eemEsfc%%)ez)J^`TQ~?J=sc0fz9fVThoYrl*6Aj2r^!Yd^R+xTxWg5m0?L
z;cyT+S^V<1WPCVa5VH#kOoLY&K!vLrAmRzoblbFAnOIn=2W+#jNCf_gkI?`bSr~_W
zV@F4geu#vTmcCqa*n<bVg@lAeAlc}B<~F3WI<15W`v5<Xacfss7Z9ujPi;tYp}@^W
zbbLQqycO&|<`DlgtY@-R-@c?>Sy_REk`c&?@TTC`!AvtUcs3BAFVKjyrK4Zo0@n=~
zMmVJnE$s#~73$pdPyyXcv2j#8v|%W{VhC9QtWbRF{azyJfwl|C<p5x@g24)Z2G@t2
zqoRN6O-@b~@ZB*nG4_s*efFY&StCt_LA7;t4FDd7R|G)}-oV1zdInK)`u$${$u=Os
z;?~wDa)f)_!@9b(4AhJOHiUyfA_rqYB8OO}-{rJz>sDkU*OTRd-^L>Axw*wy2$^fu
zV1*Dn2_J53oV@QXH8r&W<X7PJL9|1S0XH)`IttPc5ix*(RMXUiWAjBUgk)O(6lBei
z-x*?Y{;7HrFwpvXK#-9`B8fIoW2X-Sqz=+agyIXpm4HnWe&p7zulr5na2!F`LyAc#
zb%e<vIfm+vO67g{L&D7P5O_L5fDSSwc)MYH$!s-~ULPydtJ$XmA6!gC3;#<~(|IQ+
zVFWO&nR?sXm0Rb7qIN6}3YQUzWjMol3P(pr<U}~B0+Nys*klkn$e_MrrNOj;H&eg9
z%f_L7>7DORAUTaCXP6La7oGl$_kbX4HdleP2u=!t0qGwcArv>DL5e5DIl_)(gZ_K{
z_*70YG8P0>8;96%Fp?b|k<zA{PN2YR9Zf1DCJr?pK5PwT1As4}X&8+g&|CGo_>gr~
z+<XZ9J^m4u3DEgXZEc_6=%QbK1-}hDa%y^R$sP4aOG^s~Ncg}%W|mZSbdn*`1A;Ri
zCjEE&ni(+iP*p+>iU<vY^sV((7i>RD``P(<5V(myKuTL*FDE1{3@R-Sg+@|5DjX>P
z!5^TG1P>oh&t~$+S!9I3xFg0Pq=S={?^^OtX$-Xp2(3``g&GaYNxTqT9+b_@DGQU5
zh%zus6_hF>fx$z8l!&uK#7~&>qsyurJ<?V5b#=XCV-LYQ4*&jbU~KFUDm2~$Ol~6I
z%F4PG((s{6--r(J8k`7J#qg5|DIobGqJtTMcQ-cXK*Yp)#>43nm{^z&!9>H*6k0O;
zQ5X=ufuGo79)6`t{o;l<*k!Dx)a-ewySj|4%b9;fLFOfIRjf0Dq;Mr(c5G}6=MMNu
zFld2%$2{mFM&SKZ#6keq4zb>HL?pmSkt1buBOX9j0D#Yy)>fD#@f=tHkl0~iAQ8*I
zH61#e3mZmULOPBiB><B!2o;KFSbRW#fzRxpA`UDl{-CR;t864P3Y1qvac&RbraZ@5
zJ%eG!P0LImGC;6^jrKWWmAj;M-6T#gxWZ71!x2!(Yy~bIP5_kkyC_3}cKxRn{PDWH
z#NQHRwc4u|WDHaXFiZ0#)QKBFXGe~U{c~|)!fqjnLJf&b<lkh%!pbVNX28VUydUZA
zB}F=<N>k1U%X&gO#$J|`#Ky%j=jP^aNXw}+nqT#F_uRSQHysZ2t8uUVe-8(%bIi%z
zWiH5`%_V#bGRE4e?M}4#CuP)~`Y*4@qCWWLCqp#|`w~{{<|ZaDF-M0a=)cznTH=<L
zmSB(a=#+xW`y7HdUVl8<Wb~i{b(8NSLYANIo1&ttShk@V*y0rkXTv|B23H@Y>Orn$
zu79Vx|2e!71RVJo(X{x|(-YD({6c{QCH6GMUZjK&Q9$K^&xphcZ6$C|(iD@J6k0|d
z3X6(%Z1q7d3Q3mlZEXZsMK8;wiw+NSzq%jZ7`Ym369EIM8Q}~0nUKMw{IL)UN=bQ@
zVisJQmz#@LJ4_5DN945#b~qSBMNA*m)iSfZ*7?h&3@SpXP8hVEy|IQkDpq+N(Fp=n
zoANrKoM~id*QB1RM4|)XWeXwLwz%erT%rI;6S$-(x=C~i_;|1y5HfPq19)$I`5zV_
z7?Kn{6DW2NVW30wH0SNJ%*+sQy<10fD83=RK|n&J!uF%wAR>x`gW9Pp3u7IZumvzN
z)Xb_;-pJSB;9)){f`J`lMxf_HpIn?dIVq_sdcM7@t7_PupP%2BL%!zFg5pBt0+_L2
zKM`3b{5U|t2%Z)~2k@-p<5mz0iIu}->$LqZ8Z9j?#P-8A{0-tWRNxEi!omL@AI}EA
z6ja`WyPMkE13{4aY696fq(~J;WJMAkXzz${uo<j2NLg9P|M22ad9e_x!2yoCwiSzJ
zZk~GTjUf3G?5d^Ym3F2bG@VA7L5w*(>WqXM`4oaPdR;hK*fB_W^x81WHknvkdzrkX
zwf@;TT3C;^1xl~q9eE*8fQJ_cqZ(B_dzh}3Rehmf)36`{9=rn13iPze{CRB_E$TyV
zi1Em%2nr0W3f&lF0_NuCSPk?89GKPB)lq_}_$jtJfD0{$WW3b@B&alp_b8swcI6Wg
zfNEj_ObLGA(xq+4m<e^5;ESf_=8(%qlLGRE`T3V6<NxWrt7&V$R7nN3EbWCXHte+$
zC1%##HAo)_LVCv-;n)9)3u7OD*oc7n`wR_@hP}PLM`dXL3gg^Ia?*X>=uS=XhuRPg
zO1jK7U6#2i#c_vc+kZF~p>Jr2ED8*d1X4?-<iXv0gD+04thK!DhF1hv3dcZRo*GJC
z*+N8MxXI|Zk5zJ}RzPL)8Ho~NWHO=Xec-@jN$_XLk5R%y%myhezJV>E+Jf*R#I^8G
z*aQ?<EmmfBYcEn#kZGcT#7Dpu-}?D+56TtfWx2UR=Ful;wiB|euvRqV)hqSruT0=E
zO-w$vGd7{Dl$gb4;g#@*y|x8NJCfiW&-?EN>2qqy9f>uLa(a3?3yI}ca@Q{xVQY7S
z2TepDC2Q-<IZu`Y2NJOXuqM3D%EH7YWo51vC%hpZ5P?vE^d8~{zYwr!1AZ*5peN8W
zQNJqTf9^1_Cg3_l!B8Wr1XT=zHmXOgifT|J2M0&glP7N+*>|I17E+CbTY+RS)*`gY
z8x~<6YYAZ!m^JbqbOCX0kjpf-wD|Q*<aIj*T<G)m+R$n8%p_tAMAnvQ4Y=jMmp!Nt
zy|>EK@K(QiH7NY>{(}eE=z}0bYOw2mdwV;MWMX<c3IM$=0fRo@YbUKNEQkbura?*`
zJBHR<WR2m823(?mstI)k6jcyjA?RmnX_-VOH|_tJ^Y-l*<Q513Fcv(epP%2Pvp6gn
z%Yf*53=7uk#m7jfO(N8x|I-~t?Q>uk9oOI66<Ri=;_c0H%ucKzyCjtBV(LEp{+;Hq
zCb{%8tYuDDawj~GWPC`2*ZPdTlM{GuI4O7*E`4)yn+SB`kaMFg*Ef~#(2(A2hFX9S
zu;`gcPE7QHpazal+NmL<i<5+;XJ%%@{xk$0<dY~B5m4!*3#>k?M;H=S2FU+#^Z^%$
z*TlBBI84|UWb9n6U6BK^2mOn`Vu`vCqJs~FLwI!g=cD$;c~U{!8Ab5z{nYl>b~Y!Q
z?uW4;z@`hYzA*h|ZqB=v!h6*5LHF(uJ>3aHgcJg`kitP<bz#|NJaB=x)Ptse1*sz;
zKfhCF@y@A3Cpw=l#4lihe7E(Ci7%k|LI=+m3^{07JTh!k7h8ll4w7!`R^6TPUxKaP
z(pbg)opB&7g{8De?j(;?uJ}~>C!YIt)C`>jguQSxnsIq-kG#jo_57}JHxJUC$;&e<
zYvOCOO)71q{6eA3)YPk;m$vjCy?176<NPyu7D>*ha>-BLxqOVu+2y+ulR#ooy)-tn
zbm65AjpT<lDQl+#Onw#f^Fmd6dv2rOLWrTw=DswA|3EEfJ*4Y-MkwZ3*eCa2Wy-0L
z7I-@seU}=F8Bnk&Z=QpeCerO&H9fr0^Ss7BVY1^D$eH|6t6vi4j3mmhvD@|R%kiSq
zDs_+Y_4Rf0V0^a#m&y})G*(WdYH((0m7`F*&Q`T`+@`Dx@kmTejAcnca$JpdyVK{R
zk&5C_NJMsxk~pkp0AYae%?PszB*cT%5f6ydsHa1m63tO)1*NM%js-f8X+o9=Jgz0E
zABcuU%mqg$Cm3zMX2z&lnlk6URnM~KLkZ}!&bel$rcF2&eHE-Tqc$18$xTOzW>=~h
zp}dY9C@wB;TWM8ytRUKosA-Ax1i3CEBlZs|E|P+9-aDydO|?B_wWscAfWU(b#U!bx
zC#0n0oCRM6dJr(TmIqhtD(@8RsdZO4eQ-DN=K7sRWRG7fkS8PO=bMC|IXN0$sL5k~
zJ3A)_4W#!I3sN-Zr&#C^MSc}pHUGCtLIr>;0$>5?jOs}=d%WkPqGw>h0}f_YGyfBG
z0H^p~vm-93P)+(!yHZ%$`=(GX%7@SHOawxO@1Mc4sMxD;SA`j{yEHcssEnv`AF0Vc
zwE~%E%r8{@kC9_vEJ>g<VN;+9N2=EKU#->EK{8OcK{=1#X*p;;TYS^=t2WvUkA=>p
zs`4CkU(!Vb(LGQ(zJsigT|hn=b&cW%*%?t9+k<reI31-*@F_AC>XrzH>x@v6V5Gul
ztU~+fi(p;5Rsp(*$e-ae;RaBOKQwG>56DG>6+d(=ibVl}Pnk|DX4HGLsB7JW#q3@4
z*G1&e=%YdP2|Y;fm!`xZ>M|Q4a4~ETQaSW;L8M0thdf)Q^)8yFNUcy9gEoi!Nliy5
zZ{#tK09*%_5~;I>ju%*Tqi#g<{8|Yzm~TJtG~{PWC6NnKUChmEQicjJKtLluJ$;v2
zM0!0fPvq$HGApSaWDYwprj$6<P8>HjHU^O&B9=t<-`<{(ld}(19np7ymMe#6ABTc+
zvzc;xPmeqbT1Q8Ew9_!GK-o?hEg}F~Bxq1#_JR=;d?32LL~{qOq~fN+Y(q&<ZIlmo
zKXqULwIIqJOvfOgk(yeQB6Lz%*mz%qa7`aN`Ke4kYAO~;RuRWWGpdpIBS%7<CBo4_
z9X>o<6_Nv@BMKTfLXIl8(UxbZa}bE(a6qvl5@xiAuo0Lfyv@r)cL&xT9K0**zI6Ur
zY0rn}mpBull$x&B2s>5LNQYQvQ**Q7zW;Xnp2N>kE#l*6^UR|`g325I1aXT*mp$_K
zRE#WAWRxywI;kGgMu~_*PUYE?D@n+|j4}5@PZh;-xQw8{6Qdel*`_q+1f-__M8?w2
zrDIi8#7HOC7N<~cV@iW|5{PrCw(%)bTfVoqM=NKOV&xzzpC03Ycf7(p_WQT0VIVqr
z=?ixnhV;$MKBv5f(@LKvmYP`2l78rNe>5UPOZwdNhsw2`+)6r`#1%s*(UFbbY`&>P
zM@&levYs?&$Uj{OiL5g^eX9>T>KhS9=cMD~<MXoTjT#2=VwjmBO>ix-%8~6ri~OsJ
zs_$amgG+cPB~HUS3cLk0>6)6F;9Lj|4kji-<Q3%&f)5gI_w|{0hEb*oKB)V2jG-aQ
zqScBvA=>y{K`fBS(bRlzL_P_v8)y%sETCj_(8}9?5b7<dTn*SsRKh4^FcQEUwESpH
zOB!7u^h{9s<fvn`k9C4F5P8Ie=fnwg+ELk{hrLCMs78_zuaU2!nS!T4mSmo5juKvh
zWZ&Z;zL(iE-lX(%TEWbE$ch@g1-k6WgV4x8Z#kNsYOBwyl)#Kpd<aB@Q>SpB1rj%W
zK9nOs-$vH>a@VLFNVXBNXqJWC4PrUOe$xF5Qc`fb3Gq8VMnFz58p8Qg={hH%dNKsA
z8Z|<?oG^SWDx!nC{gul#l$+&?yQg(;q^qRge-M?_>~JWv^{U9hTz)&$Z`d6{S>(v(
zhae~OVRTMCXQXx^V5$3La+DSi1C9yoJ253i*<BKD2lCLVlF(z!GkfAvqHQ4*qufzz
z!DKvM`wh;Yi($7v5VByzqe%R#CpeKBH?k0hP=>k~sy9T=g3k)sTGN~fO>OOqtqy1l
zHas6KZ0?&1;D~$EuGelML?_(~t0u-RNIs{~S0|*9i1ru~1$YSP&)T8?0yn-`Yb;rb
z284Cl8gZWwAtj4FgbF~_DOZLkyAIcm>mvIgj_KCtE}24+Oknn7_Uj-k^LOBv;bM2C
zjgQJe4P65yq>6M^Df(i_1NRLIncp18a0JQQ$Xwy6ux}k5L9L@8Ny8bNT3cU=FhnY#
z9F~Qtq+?OKdXdqZZb<cca@*<|Vb-(xVUpQDa@E|I5-F`}vMshKwzhPf^r;FdWa=Kh
z(}Cwf0^5A({>4PN21o*2E73N_ae)9AzHxG5kXA&RPXrG0{ZLSc`v!I$EiTla|HOY$
z-%|cW4=MWPp6#2F-Vk&4!`8V!1<V;7kPU`Zqy2;`7maRspBC5SGx_k`2n{N3xj4&!
zPK?f>VTI0Bh*ECfMIG}T^&Cpgm@cDQyFz$qltKtZEz8Hq5`CED;_cB0LO%Xn;bXhV
zx27hao(aOwz<28C#5-j4j#v%d<h%D5N!T!i85UAp?=u_z-Z6$ypqcKONoqN7fDR1m
z9aNUh?G4D4dwQq|35>u5)d^*sl{%v$fwG?~UxHg2x#)v{-{`jyK?~kp5>sQKVbSrD
z<_td)enrjlMBO#Z*Gk#0aZXN7cIY6X9!dJ|(?|hkozSa6zz9bVEAi_YMLMwQks@Q~
z&36ssb70j`l|Y2ty@&eMgt4&g_^wJ!h}As4oRY1y%0t_dXp-95g`rGB&`amxz;VJ1
z05W4}kQ(rt?)nf^bp)#cr7Kh%_(iM$ssXfcV(N^V6N-d-Q6#3_Zn8McgzoR~a8_KH
z(c#}{Vj?8`n}~Fbw1amG*)P=XYCdvWtpG*&S595-n(*!D$5Dx4VbQQzX%7kE%(r~-
zicKa#fut&NxXzT1JmX#2n{U;<;z`Q4+*%%(z$$~@XC<XoYIBN1@2Bkh8KcAyb}j`S
z6Uw@vCU?FkQAh36zZ;R&7_ygi1OyB`rDi7T9KtZWmkGt8C~s!1>`XUij*Ob(_j=jJ
z^R?EQ(QoR@ww-zEHXW;7F+-ngDOyJzQa6R1p2T6o0G&++VF_BVDyg^%&atTLGe4|!
z)O+)dhA5X4PpVDg7-X9=#3lw;YC36}fd}d5qpBP^Wv=~x&b2FAP9UUuReh$=?TJr_
z#)-nG*VvcZTT3q@sT{T^8tkfSQE2iZw_KXfD?`tQXou-nKOklf$QB8$Yb-Y;UtoKL
zoD(5rAn6f}wh=oAhf9C3FlH)vIxf3eC`SW)_iJp7C|e-`CNCe7qdg80c&}Ft&0~(K
zL*2DhoPl~;Gx!9B*4l1$!ZEV&_u1S!PIVm?xuZr~YmNO~Jfa&Yv|7{k`5V$thuM#<
zm0zQOvcNp!LUCgo*-uxsfpsQYSom91Yq3kMk?v3ba8ka<P;uFh+{)fF%F1-oOJDAE
z2=60Bd*90#)kL<A3+p;u^<x+UPsci~F5W_noV#7hLLuE-vB2tRv`4Z)V;4PI&x^!_
z5zSVD&7PMBG&uUjDB{>;j-Zdp6Pe!Ki6e~R143OW+oPHR+$;o*yQKdPhhOQn7e%vD
zr3WG^>GyA8K-MIPcgf*ttmTU;QuRH+Q8+Cgec_q&kh|tH6G!8v3$bdy9mR@@iqI$k
z#0WF4N}!R_Rgl_43Eu_-TjUk#w-vZc_igUgCTdV9x1;BSf^u%bNM-9{IgdePje}Oh
zbVLOG=$|etVWbr;@jX4F*CPzkT9BGtyJj?hnPzkE*;`HC38%HxUn>!@8txs2X?`Ug
zI+$ow!j6SD1BlhR6SyGsi5|JoZ$6tZEqtg-t7!Mhn7Zuz{Cf>UgfQgHQrdo7=8$Uj
zpkvz!j?d`Bjpj~^{+3^g6!9rq>RZLCG*c}yv^=HAzls>|?Yv`?+%>BOUOk<3#h4?Z
z0@T<Tn)AH{Jusd~jC`=JTus1$+3;d?LBI*PYv6CuGudcjX_-^_TC-^5?{?XpD2a?5
z%u<m54r3g99!wAP3@S7UFCWEcw=2J3eA_xyKU7DHGRL~#=H{Z8h{2jp>!o%+DwJRc
z4je$r=zeoV11sT3ut+-7^fFF!LxU<aQ$x(4_JFpr@z6HMMPS%EEs@iqAVNbP9Z|TO
zoR84KL4oJyR@7`H0ENOjqx5VcWRd5dZ_peYN+VHXNDCQVo=9?w9xkB6`yuy$+sFE+
zf8LDm(F{aUkHI4*OK6S2Q32}X@B{fG3U0_}5+asu<m!<|I9vP{h6y-@{~CmQNR)SM
zs$a9@kbkw8l{vaWEDVogZq7wq=OHzjW3+>o?DvBss&5Y<eQaQL><>l-)Es+Wkq%`K
zgn>S06W8v!yLVE4#tjYr=tIIF;eX+-(J_TC9a`!r^N@ESQzxchD046jK${TlEqFfo
zapcc{L%?qnS$shOA#x7`KvQOp6751Ln50@<0Sd{?Jp+rmYh&%%LbbxHSZKMTq}Rqk
zC;_UJlHz%Dtu|*%QC$NAP8LJ$v6Glqq3?(fns%oRVGa{+G*(U}S<q`V49%EC8#&CJ
z6u4(3@eO_(CPLh%hfX>E2T3>98(=^7u)}|Ei9`*6elKu>`OZ^EP~xJm!Y0!PMRa@;
zbnGyBy&U=;*~&&hJpkZ9g^bz|)}<=(2^nCzYaGCSPK_rlw>)MWKJRm3rl(d^{5Inp
z)?GfzqZKMwUmXr%LIhDoQ`1i)Uvx9bJoG_$e-tcO94L==c0O%>UH!YF8_h2Cl_AE6
z9;~S;)TC*swxU_rQg{igz)Hi)NJYDSGchFpJcW#$Uqs|ymlY<uU;j4piCZEu*Es?@
z;+w>;BrFMz4d4WjrNgm79U{#oe3oYXl}0<i@%-0S5hI%8l!<uAOw>u}Pfxj)z?S0N
zr)5%&Gt>-nOG>&pOS{ne5@$x=T-`wz9W5YjFcnLcMr!#|m0R6>i%-R~If1%54xyMj
zvl>$?1Dr@C_85ntp^SbfDoQlVRGvY@5YmnCh1WA%G3-KGjhqLb0&$m>1~sZ)UWfEB
z3m%U2T0MQg5pTP>7#Zd~y;R)%U?R-w@}5|=yB%lkja&pFE_OPjtBqT8LRV_xo&Vlg
zwehDhW3@-(vatyZPqw?`aCAso3C!eNc=it&%IZ!cY=A(oZfCjjKV;@Re_HQ^zdyS(
z`8@5+SIuIQ<Nh80e#<7vflii%K_O7f{ofC$b7OYX)w${fCLk|BJ#N;@QNtg~24Q7j
zM73I_%l{99db@D=%vUPfjc~cBv~hZnYoRtp(*>E@-?rlahpQ65s;ErBI{+9#4h$d~
zGR4160A3R9WtYAH4&-$h>}3u9L)`Xmw7=@D2ebe*hB1hNKFCK@DVP->6nCaUZGFJH
zxPrKZAWU8o+kk#~XMld$gY6etWc!Mx3f~ua33gr{+Kxqj3c_IB+&vU+(u%~*S(x%w
zB6|BsE&3q#qCh5W#nUqmu+g50vg_5Jhi>&d3kJ-ro6rueeLYrR!rH0bs#3DVhtRm+
z&-*XI5PwDBgaAsy^cVRWd^ze-KqnxLR@C(%V>EtM`7clxrqU(5uT#jJ8&{?x>jy>?
z1vtP3NChC$2k!>gfK>gd9LJoimW2`A5@5H^8@guq14aQz2vIgs`r^+R{k+i!#ZZLO
zmq2<!II@y&T>YZr=EM-ch2#%aE?$D}-yh!-SqRyBYn(+^FQ8(rKVpPLf#VL%En>n&
zRzsqKCN#u<zO=OwTFly+J@cE^Nqrxte&x?^JyO4t*uOTU^>pQuKVF7?4|g}qKdz0+
z*)e1_UmF_{ZVsNdy^D~C#5_lR%#kJa->I^RDUl+T<;Ko%nDw^)716@%+!mz|h8LPV
zK}S0N?`U}w2;tN=iz7As$Yhqu|92*TtXyD{zK$pQYH}~<=>PrhBl)L_f&m-;?>O|@
zc2G$FAB4HrR_hrlH(}?$Uu1uzNcVTyXe7T`w$&aX7M_~Fa>JM#*({swaFF4`oelTS
z5HI6=VR$Ru=zjA8cJn1s-$HNQ+dVvA_q}b}^R_pu=7<R$vndM`Nn0ZvVec#rGy9NG
zYO#pck2&8X2cotny_7p2%18A^|3}twwmXh-za6G3_io(%_VmQu;hpa+9TIPKb9^RU
z3BAi*gRQ~|_^GkuomP0}a54XlpYPoR!reF3-ByYJJf%$?e`to*k+aofT~4h(glF8=
zwc!0l#q$x*gbn(mJb4?aoG06=Y<12$)1>`8u$r95znVvOQ3;e)KPSX4+G+2vbdGr+
z)kl@+G{cx{$!4n`Momkntl}Evw=P}{@g1ga8=t#MbGK+DVv{uaz||6MOfqoCj>^iP
zHn$m@)AdE&GuM?%Cfwr3$rJ6zc(b|HA_k<p_x5eBl%?3Tqw)+Rf8>Vq6rav)@AWIU
zk;&H`FBjm`JjWyKd@oES$nrN^u7!El{J_EC-z%rPJY0JsQ=+AQW~k;Gp2$tJd$BAo
zFO@52t-PjEGBL4sqDM!$>H0T^eGV#|m*_cHdw7qzEL+3{QhNH|WxIDUnro)(x|*lR
z&mUn$6rJ6=TYiKO(|WDF<Clsf9l1xLLcW*suKP7@k7Pvu*HgPCJ)!7wqOiKxRhRv`
zvB~RmNzWTcPTF2i-RC2jl+LO2WAU7??RnknL0gJs4E|U|mAMO52qe0+Y^igfmXqpm
z`<=E+&E(b<MxCIOt^2|+oE^ND@UAp~R!Tg)U+RxYML-*We5us?2XY-b5~mNvE<EJo
zr;}E^K(iSYITLPwMKXp8sJb5~Fr_)AWt;1<1NT#0t<F8%w{MHL-SwIQR#u9OJJ=L&
z4#d5d3%ee)Px4R6F>OX(8@G^Hf1&*E2eWQI-dz7a)%}nCgNgY1tcR~>#1^(Z^5*^H
z_VoJ9zWFq}Y~wF7{?+%=UOkol=4?f(7T*2xNlo*T{6q*Jjo@f&1?NkJ>&}DM;;fnL
zZA6t5pWp7`o-SACD05GZl<SIlo3iM&`{gI)eUfDymrJ>4+Bg_Q1T}h(=D933i@A5w
z=9CVs+)p_3&5(7()<!<lXTj2DDlhZJ;?O1;{$o*6E;>7lTz^kYwf*{~d4Q)wfo}6g
znNYOG2wiT3rgVoM+~;-;b&rXl*@vH3*wxG?-(3j!r0SbM5m;_`Vmg7+D(vF}X0ezA
zquQ+!tNEb;`wZ6y!|9|Tm=d<IdFk8uhO;a3*1&iOd3uJ$c!@k2%!~_}8TQg(RlCj?
zy}5Mp@=lhruAs`rrjwpM>WlGKw`P*1?oZ8aGA-@9I$gD`axuM8!=t30GMPQqebhNZ
z%1ub_`4MtKt9LUSU!g+p)rJpI4MK~RE9c)9%<eC5e%GcNeoa<);#$Cv{J?3+>w^o-
zR5P!;JS`$m>R1P=E=oz!Ja01od9_EUPd@I!)DX)(o2D&PvWH?v1Gu86HlM{6%(%0o
zt<ZrBt!zwI313Fsl>qG8XIwtG5wm@+mYYxOPA&5C9y=}aUwOaaO~IY7BA=KYzo&5g
zGu>y(co&gtIv?+<=}4&v^2*b>^eH{)I?%aVT~sej8zWM8q^zJRq>^)*L7qo%@0Rt+
z=k%USMhzOCMjx$yggI@CI`K)|<w$jZOlN18zOk?Nw5WAuuP>#Jn=aGF@Jx^VSpQa$
z4NpFQTdHJvzxbh7Fx_fXe2MVAv%Ef9Q`<N1y&C*KEWqua<0tc!hRk`B?hTB%k38p#
zFW|U6>vup&@$ilC*WZ*^g?1#)4o>A<p@?ta_e}N1BH6g#-O@TVQ=GoSv{Bekv{m?q
z1<AF9fOQi{`#Y>(8XMnD^;bjMoah$U#RzYD8kv{h_)19WO7^>({^311fyoUQl00u+
zRir5=1s;5QeCkredy-(i4Ck*j%@oRmu_q2U8%nwc#k}cXy{e=5m5q;WqvsSmwVX`3
zRYd-uQ$D@tW|w5$oyjo_)q%z0T74}-Ts-7)Ep1D8Ymo*enZYnIck%2NnI@HAGf|5^
zD?azRm7RMnymj)c&Sy5*TT-hGh1#gHT{Px;Md3c{$WrFw&$4Huw1jYo@Qs((qz75F
z>n0nO9!a^q@;z0N$E=gcHmOlWaWI-^X6(6m(ek0y#w|jRL`72{<)z#ywK)IvCLiwW
zbOt~f*XOCGs}L|=CZ-A#!M=qR%s0@!$DDerk8YL9h18Tl(vG(xRKI^`?RC)ZZqR+a
z`M1h&w!i_0Za4mYQN#9!k`)c~zq@zaU1H#*s^aQwu}bXmvhwDWp<wy`^CIn*?so-~
z?8|qII(G*IC<VJKx9qA?{&*qVuY)}+sc!k@$sU^QFHC|0PhZjU3fiB)6|NAb{L}qV
zSml|ljLEs9ru$F%=Iq(oQ8bpXeVyyoC(fhL_)5M)mttL}?Q(*arDMGRXCA%th;u}B
zOVR9#)==SKcE-4oC-N)<v^Y<hw@gk}Qt#cqnYg!lZZ6Ah!3sby;wCS^zEYbD_2wA2
z+_jtI;?xYd`sTS{Pa3&#kHW1sHVU487u`zor~O__7Ec>i`>DKECvMRPWzRpA5$(C0
zCa9DWoX2c^c7rm_!)Ci~nb>CkF7D7wPHu+%)~-A^u78X)JQ#ZWx-g~6E~}usVkRGk
z1#N6HY8m3?C&L*cT&&V2*?kn~&OYWzCrx>8+@>LBaZv4*jX|lq!*1<M#=bUcJa1oC
z3<0?C>lZ6}4kWra>gj0Vq1iNG3-;d0{lVMsywMAO-<tS}Ri{E%Wx($6P&kuntBZsc
z`8}`o+;l}S&sK^d@j&CSQ<8ta(Qd1zbnd(uCmLRPgwlPzg2pmqCRL+>r*-jjx8d)L
zk9tbD&eR+zZm^5mUv(~4GILLec5OCiL1sgR0EeCXjDlaRgyXW#%>I^r;c#?)AKjy<
zEp5LJG?xUV`s#G{8EF)4k@mJdpQIXol4A5o#7yyRilN6`pqac_)k~K7`EoZGZ(aCz
z;p=*N+8fjD4%xN&>47ygu|S3tKjDLbp(AcEL+2H^K0Q9h@7absG4XkFjh!?6bIM7^
zOscNb{QZ1aDPj`o{q&UML}L>vS8JXN^6na1N;>2@-t()k=Yi3pzsGR{>46z)zv0=Z
z0`wf$PnE7FZvHdTZO9k!qK3ai)bh!$p+XV5RLUO7s7liI&Njo!=Rww)CQ3I++5@wC
zzW>P{{w-)@7ZXlxX=CfyT`e^xKaH^SJ*VEcij|K(bGok5)N1_gRI1qO@?ypjEAu>C
zjg<jqcAXK6?onYq;j0LAJb%jV?N#<z^V9WYBn7c<M>h~fG^YJ$SZ^ngkRhYWM%|5J
zfK|Z&nk<m?e@6Noc*4ju+WAiTzPV|^z#|kFH&gxM4CIPeQX34|dwPAe+mKGJN|$yi
zTx;WctJcQ$r(0XLT~jjS{IhDd|LpCCZkDY|>x;vTJqJF|ELv*Q{a88g5+@o~Z5U3o
z+1ujzgU;I!11Fz0YtFp8?^?#oNuQ?E>%+~0=Retr2JB8OFIn5|IUvNlW=X%<r+jbb
z3m4bi`;~0jPhOqPs%Ws7e<Ng4x)}K@O_Xj<lk*Yl?KN6qio^aJlhxSNA{x?<-dLb<
zu+Lz+@gfn*p)jhjPw&xZAg+mcboq_TjL|>kTr9)b9M?X@4L&53KP8&i5}5dOAJ?h|
z7e?wP?ae*#y~}(kAkp;V#h}hIu5ym?*`|4Q#?vGG(@B>!Xrvb>E@dl?a)$f86F9oX
zvzMJ($J1+Pj^F1p=9(-e^f#}PIDgjgAC7r{bX3dP()GJbQlo-WoJhn#O~ZRQ@$v2-
zY(MyHT%Ug~J6LaH@e)P2QNSg~Wk#x~lQI<KHqlJE@Wt-e2Nff|bvni?Ex%STxt?=R
z?>Se%9mXkqJ1Ch!mFkF*&*k%{Bl}A4M2a4Yb$Y*#>(42T`KUUhT#L4ZwUVzUY2P`A
zg!Mw}9aLlnM-N8vHjN43x+T)2&G<y<&2zL{u6^J?|7pv}{YPobYMk?p<I}7=mMOAB
z+q(4oQ$up5S9;Wb{L+l_*n3P}xZt672kFAot);Ujo6piN{+VZgWVraTWMip~7h|3p
zg}~~E-7LP*?`$*V&Tsi+9_O3asNJM?`soAZr6PuilT4e}r;RlVl3O2;C?A_q{%I|x
z^IG#cb|I|Xm^pZIN~8EmlHKz0z!ZME)ae3*TJq3d11|outjds9cHJi7d#zh`lixpU
zxUU|uR1|sr?jgS*m0SjM%J9NFRX4u`Ux*!zc4FI;o{~bZPA|PjE#gM-qwO@jf={lt
zsH$g7nfE-cHlcSZs$|%_ck8En2F&O9yyEY;2R=Srm6x2x-MqZG<RDe)Q?k%6R8le?
zSD#bKO4%v(<IM6+uCkS%6!EUM-v7z=>gT!SwB8+~)p2LNf1c(I<7Q8f8@C^>B_G&u
z_BMz7z+wzTL|da-FE#V_{w9e4uKj9?@TeazysqG|T9}%QjvrxD-$ff=Tv;7b|MRj6
zot0%yUv6>t2D<#5y3dD796jCH8(P;T>Sy$&$H(lZ0}g4oce-knH9x2$O_DV_YhR?U
zE<|2`RzAc`*)&u%`MrMVfB`4}*_c=Uu?`vL-H)Ds=l%~J;h{ClQ<Hrc9yLfEN>sYB
zm~=?eBEs(Q-JOTGQ_!l!#k=|K4f5LM*MIYI1zWbNlFRh_)Pu3#Ylb`iFnF4ea!jgq
zPIP_xrAeQ#VPURqsc9i+vZF`+2f0V<0?m)ey!CIY_eFNCuCE<tlVM%ldUSGv`sGsM
z1W#}7)y|R+-ZwIBwWmIEUQ056Qg>ucw<gA(R)Rht_o46NxhM-|+}l=mi@S2cf95x{
zy^T|5?Dc^Ce{8ucuVvITOi&L?Ji9?ktWho%c${2g-e)Xa$g?QA@z*5dQhJdOoC>JY
zJ}Hx4;*IAfwxo1&gere_2+uiOqb%xrC^p>txmxkGTuSJTpj+R6a_p6soGCfRzE@dt
z<>pS7_Mh)`X%)LKZjh(hEXUz5qP5KORMnHImYpW{8ReIc{n^`8Q<9c4Fa3#ocJw`m
z_41;d^F`6fpbg@M9|9&TNW=l~n(UJP;jTXwOe+#diHm8fSR`^Tzc>9E!V)|=={htJ
z@MuJH?}f9hH-!~Axwv19TDz8ZDg-2tFluwzx=PHnZS`_v4X)&#=Aia#Ycw+C(dv(<
zHePC9XLEAwSWJqMc(N<ioVj?<tB;dEd#OBQ-e+iwJr8nTFA`^8|53rW0U!N(#&P%M
z3VN#tan@8H0{Jh!yz-V&+R<UOQAD(Lo2;0EvT|L<b>+Da8vTQIyVeJN4PW*tug`v^
zU(XYBe=E8xzwU^3s(poj^$}ar)Wks@*Bx}vtZv&f2bvaoY;x}{<((8Ok~&`++OHGx
zhuUanXX~<(1CRHm7Llc(>ICOB+OmaM>Gdgv<r4!ZM*>~z!xq2M>iT>0u3x)*$>Hd&
zX4Zf=$vtxK*{7_l1&Rfg8{=w}4A<9h2KLV!b9~$Joo4;D;<HyaoZ7nV8biiH`T6Nx
zfikz5;{$YhdXM%A+8UHz%U(6&eNms2+-3Qq+Inzcm{xw*5YMp0A*-Whe-w6xSU3tq
zrwQPfmSQHThrUZ`3`RI|jaIrIE3Tib6Qh*Kyl9l|AXgiawO!$%^7_=}Xj|EmXO0oK
z@3CI~HgNEd{UA-2d*EEGQ{&jkk1w@XpIkT^-!|3Z?!4A8BcJ?d-_`SmCnc(;7ERlq
z?$Hu5-Z%McKgT<LMbDv6TRbPkhQxzd3O@M^=PVi&JfEIBZ@Rv?autqny=mJKalT*0
z5&mg*QQONO>^=~m-_#HpFFRTGXY}AiSyfO6`^iGp!I(?gR2R72Es8?Q4;0IVl30&C
zOn(|56Z-n&$5*OU6omq}4EwU~x!V_oL=Jvl9Sf2fA9naMR^S|cCb_13Lh7IqNkzZh
z%k!5D|Mj5>?JIhxuCD%0XXal1F{(M#Y2&B&?f9+M{T%Y~^)n1oYA+qXdYT`(V|I~V
z&p>VK*};tYj-`;iRZ)5Q)$OTY-&IO1Oj#S3*6B?Ap=@)fh_5_f7<yJw`GqolM46(C
zLHb_B`_morJk!GyJkL`mdt=03mA6tG)-wg{-lVgx@Yro-Rxhdf@_ApLvVhyNKYy4!
z5{MGr8g%)1(=#Qr$?~lX8&{StCXmWMyooxoM}YVKzVCGWStre&D_wW)yTGjUz0H#2
zXMXR?M&-(q5=TkTApbIV$@+N7L;W+<d0z$#7oF30JyAO#(xZ|8#CozSS)Z!z#$vkL
z9r5p(gp>2K%5O`rwCr=5*k#-E%*S5FFR114_Ir%4k6&ExXrsxLEBAgK$u!bg_osM?
z0n@L{_~jexeMwUKM<lkg^D(6_rfYY_<bQTH`4X^r)>~eppxoH&&E2%P)QGi4fm=r$
zkLoNd+;y`*dP_MWW%BpsINsGCno<*gY@BXubfkZ;J#ziEDDQ)P&eIp@eKwbsaa;%)
zO4feyrn1~C|5KfDY03LciIWW;qp`I~BL|;wPmzTS3KE+fcQsra(qoifoK)c@yxW@D
z{vx%Xd5+tLr}y)^_^EhDU5ov*+P}HS^Hg1f#jTm3j$%gpOSkKHmG3epQBqJX%G$dH
zTXXr&TvW1PdmO{0?dq2pwrw$CcIZW_%jX<g9f?V0_W$~CzP+Q)`g_>G<L0ge$$&J`
z`B|~W5&wkMd8dfQ5-*K2mZY@dw^P3U?>ak1zsUYk{;W{^nZc7rU+DVK47Kl4L7i3F
z#XWmo9p@~|Zmx-6cYA7G99>~byEMI$Ab5;6@+!Z7a?RrrN)_^Z+p{lKZ)7oUfqO-p
z<-$|pPNl+>Uvo@LvvD+YexIev9vg_N^-FahGBA!DOIS`mr8Y3|npS6Nil2A)fU`|l
zP(vq6i>vqOFU^U|#Lcmi)KbkCEL6@26E`q%(g&gWKbfoiRrXNT)ry;ZH?vfEmgXWq
z52$Egy>t6)aq*=ug9AUO!D#YVOXIe+>E)A(^7M{+cjWTLS9B(G_LEaFUf~j2PDdzR
zUspB{c4g!<Xmct3+VMn$PmBGB;G{pbzst=pF4C6F4jH@euxd_!A4;YCW2h6z5_cRv
zaMNnLBMT4t?o`f7JNJ%73tDXa!6(OOrtJfAba!srxVI|$9gD<)q1Vq3mN^GSHb~J7
zK0nJ5lHrh@So7gg0i}Eh-LIWbeih!nA6Q>hGjP9To|)A^_|5COE1MR_ZQ_jO2Sgsd
zN}#+c5THtx(DFRBU4dvlO*ua*b3Ob?M~cOmO}U>TcWJR?<y_jX;Vs;vsSIanpuzw=
z%r*ACp=^f(6Xs32_3Nq)t$kt)o7ls4B!0aI8I@Fk*FWfGLC|8r)<t=TwGQW~yN|nB
z2Zv&~sMLP9=qleVJNYLY_8jTf_O$D;o_v(U@<r@zn%?Fg6&trbh&Qidtw^^NDk*f?
zM}C|-^ZpUH*2cXdRyJC1Vy>iid|VMKT<n^tUL5?yy+Hll#q~wGm)ohjOV;y~pJF}V
zWzHP5dZ0R~eoS(em%Q5CZK&RLae1vUD?gNJ`;*1lHK@*OxJ;}1B{vMZSiLxt+H||s
z@V#aD!wccpWDZBY7KpS~P*$=EQg>cur>4$uXiOMN9O=BNIls@Ej}c%~uqjx#g98b2
z5we>nbw=p!gNiJk*)ubT2DJEh4{FKONZi`c|E=*><A5Oh*ULr8L0S?ElO_|)cT{?E
zB$Z;Fykomu$J^#^Q>N{VY3sH;I^w<(*eX`|+x=!@(7nntInP5$Lit`_Dl)sq#TqVK
z*y@z|$XhH3#HBqVeV$#(Y?S#`Y<_oatLKsmuUOGov7p+|$!k$r7s9JFeTJ_cQrr+m
zqRGC}*=aQ}xch*Zn?>4=U)mR95A1!e$&;Fra-?S3B?M^SzYtk{p%@5uK>A$dAo_iA
zt|Q06PyjpuW1agKkK%GNW#zWFrhCm>Gnxx?1;z3=;1dHWAIes8^wEUyw3UB0@5S@s
zr^5~!7Ce1_BzkztaZmP^?k4^GJuZnNt8NnGqOE?y4^{^5ve+s6Hf2$s*nRX6^U=l*
zO@7~$cdFTbpIE>23!Ho;n*6+V?37-~Z4TSRJvR^E;2064ExBu^9$V8Ndw(s7KQ==k
zK0Pe;`1adP+_Vl%v-Wq)KZ;pyPO#Ixpvd<3(%4%f2k~fBTQ`NW#WMJn_I<IN*#yul
zNR-4SZ<uvswEPca7aytP$@G^s!WGJ<6{&0D!<u#Y&7eAq--8GB(l$}jxlWqVPTzIu
z+olV74vz91W;ih-NYfmorgAD)JF(kO@zM~5rj4T;*HvwzDa^T{Bi9m&iWry@m%3v%
zB)-1bkFikcO4kHGVC-NpTjc=|k=f1k>wjOGLXmwrC29Gwq(Fe7@SH$8S2Mfazr^D4
z7_chvPH;02rlEjWfEEm?h>B+uZ=u5Z_e<qyWb6+^!Tq0%$QX(}#Blnn$<GK4s|pJt
zGRRVaRSEP~o*w$9z`p+difyhkELedYq=_I#keE#3Rt;K!>45gf@M%Wq!TtM~E<uq+
zaDVVjpxXbv3+nT2k(MN({kt&5)X25y1@<3>xmD?s5s;XmuKvc2a~SLT?K*(A3$9;G
zb@&Zi`1f_=Q4K%cmb1Vs=?d;|%fEFL143wufX4%D(q9y}MNergz!(N<7ZvFwR@1<m
zB)-U$1qt=s5Nbeu47q>MD2Q8Saab`{{)ae&AVY*<*X3`xJdOBLOVZ4J{#|et!?;j3
z&?BpHqtoQ|quHw5Bfi}Kdz#dzPA{}TtZp`&6Zd(eHuk@FOC%S%R3GuT7Nm0EO#s=B
z_^O|)C`#~4Kj8nrKW=3a*6etUTX%p!xS03|lsw4Ebd;8UH6b7&&lR2l9-P;)7I!c?
zB?S#*@aPF*QA6p1YZ6c+Vq#Z;c!7vdd%Nq`1#mV2YsOq1lTEE~{phGD>=|&hzHBlR
z%TAiRL3syD>w@Bo#Kit+=9(fvDdB3s=-Uib?Sk}#%WX_qx#^F_)b&j{gF>O2-r^*F
z5ySk~uaDOn2>?;a80_lRn<@>wC}05pXhm|#Gg^NhV0H(*0xno7Gw_!=@(92mG%ukK
z1E32tGjZ?WZvUP+{cm4gxRjJVIs_{Q?SS!6_0xN;)CblDu90IZ>Z%97ysgwj475Q8
z_mGO4#QnCfm1wH$f-QJ*6u=N1lZd=}J@A!!Ix&#{WN?ILJ1~lwzh<oL9~?aW4y<x`
z7Mvj=i|^%_E8MR$a_d+KuQ9~wpPz6dUmpGP{5)~vi`zsAgG^|~BDp76KSd>#pr3;V
zpf9)|iX%YRX->@*{f9ZS`;b`ASvqOZta#df2=5QZTp1V+3yb^U;|N)GI#>Di;S!oQ
z3wjt*(ti*Xt1+`)mKzK`fP(zA^CT<I8;lS8{2lFnzzwaJT$PofVE`C^V{@~^*-d~a
z0i}XL05Iw!bIUQ)v%DVwuLC4MR?G<q);p{UoZ<B=z(t+~d?3C7FkCye1C%8Xm4><o
z{rKtZ3JwCk0ptfbHzKw_w>L;E9K`#8R+D}shZG3REG&tjBVRcN8v~vOOl$z9;3Ucc
z@RN`TX59_|1hyJ+2WT=vZm2*L_yT~PaeF2!&Gs+t?N>O%_1xWol<}@JI(l$7m|p08
zDk}rd0jgV?3Kt-SmHyPYZvGk=W_g{qJK@Sf=};iiVK0W5_(iQRDk}pijD~jSt?EM{
zyiVc@9a^fbz>5HFwecpo4ec?EssWP(ycfbt&1OKdN8mi+0O7>_<1yi50SIHc3VsA;
z&Wu!B@sV*ri93q9>A`1f60ZV0k)S+YW3SvMIk^$@wNn#)uvYvSS6X9+4v^U2OHKb`
z<OzOKS63a7@Ze(uuGu<z41_0K?c8Mr=;?;k=Fd=>L0cZ(YTdjJXd_U3$xu5>LnHkN
zV0;31i(w7c0D^95Dx)dd_V7I5F%3Kr8-JFZyiHjdA^{wcHL%J+0DIisHH&%xt1}`;
zf%Dij45k&97<|Bc2_Nx<z#D^h3Fu@3DO4_*_)BbcN5@rGnwwzNL!%-k1^iQ6fIETK
ztZhlx0KmF>%n>h<)4B_HK~FhDK8p?4`3l8AIwTSF1>nT~lAHRo@7ElN!W~8+(c=<F
z1Tf6(|52!6tiY&Yc#ploR$%;~?LH+90{7y_OOki63RYHfGxIk%_hH5NY=&BNIdPMV
zwKZ>Em*auIpp*9?%OZF{-2)c#cIwprU_cPCvA`O{{7G%*MC%x?{>PjvZaoM28~#xx
zH5}u6eo4vtOOn%jaCmT_A#`3|e%nzF7!U|Kwda^a#Q^CaaPLOsC3R}=dWZMBPC=pR
zoXA0=nZY`Xj@)2?#rMjKS3s<Ya4oTN`Z?-Y%TD_yS&R0!#2EmLK1p^fZg)>@4oo1y
zY4Sty0HcV7@h;G!B+vyVnEtp^5UNhwa6X6weDdU3d^k}0qaQJB-;B#FjX|OWdaUjV
zE@6FVmebhX{Q%t8@GGW=C(UvKaY%8gv?5(wu4RlBN&D_g?`BZr9~=_PABfOcoRRut
zM|9M2Pvny)PrejxcM)gq{<FS7gilyJ4l^LV#1V+B!NU+ob?pl-AZ7NLRRpdI7XlKp
z4d9g+sI^d)03x9)6qEC&ads9^I2v->eUSMfYXJ?9zw}qomsFu{U|?_;xRqEC&k(Bs
zWrOu^J_{QLcM_y7SUz4v4VPmZH^dRQr^4dEF^2V`*MCGN)X0We%#jLFG2(<qJ_Le*
z<Ax)>k`$Ud3IBp8gpDE1(COb(Y#V*z(w4JlLfIf<V_g5V7xz#D_?2bVC0e>rG67s4
zh%z{yklKMavFOZy1hNgx50nLumHDqGg1EsHHUyC>d=shd8UQs0+zC$~1iBib_Y3+6
zNcwQJpzg!*;TuHgzlbbW+=&}fjr;=c5`@<WReFbU^{&T?BOZ^ChQap2dFhPC+cmRp
zr%*}Vhox$>K%D?D>OAr~8SEqYEC?;Uef)SZ2a$<j!h@@a;06pStl@I#3#RaFZt%QN
zgMf!PM#hHvRoo<Ugnw5z0`dlA4jiS+ujl?q_rPw?Q72?F;Md;R4atFjy4A-Uj7unK
z6pZC|;B}%m5%NdCXaP-)C`WFq1#L2usTjrpz8*kc)KaUHIqORf83I<M^FT8p<pZZ@
zClh1vMbIP(4H0Bn(R)O2*)Y@whV9LQK0-g*smp<3q1%l&Sw4OcR~hZV<HNim)sgg{
zOw3aNiL$u~nliHOx5clp@KF9*{9Y~T_sIZCCQ3VH0Q<);BjG?WyfMS=SE*aq4<d!j
za8e{7kDVS1U9O~MTDWHH0oWc9hIRU2lzoJ<6CT_~1Q2}yKnPMcuCoF<8HpN#cfiF&
z_t``i{C4Sbb0#qLSaP^Xz>&bbfYr2F3_?EZaAeIC>=0<?dsy3=h!eoL;mpGJI$efh
z;nGhcn&3!8U7Lo6)2)$j$D!wP7P2~P%X4WuWpOy-juYK=5NvwL7Jx?q`rO%>5nN?R
zzSKquK)DRxRBU5mgD4d|#Z6?0Ipz#`-L71Oi~dnT@JrzDA6<r~fw!HmjaozjRuX<k
z9AxA6t){0A;IcxfAVDn!V8`8n<9{-M9<|-_tSQ1M(5RP~UG8$kIp3KZZS9|PU78B<
zx&~NbtQ;f}K|%+E%?2wE=oO+D4v1(hp&r-i(5eM$Dj}gl%=}>x6K*{##HEvXb{vYM
zA>wyhM-443uDKEUJw)KZH?6^EMDb^U3S$*l&=IozSj8$mz|y{$2+ltJPy;%<P2c++
z;Koo(E<VdGD1)p6fkwkAtY-0g3ePqJ40yI>hY%(}2=kEl`C(h|MwOc&0|D-~iCX-b
z^Z}eggl!<hZsF0m>38B&bUJoey5kZ1v0jM0^S|4CDtmtr1X-xi0gGKgqp|uwEPxUx
zarK_#m^#em140cD@<>2+bJXGaF+H>@9A*cGk3B2^oGQG~d0a<_SA~B8E_CUOzvO#Z
zL<4xx5F3HN*pu4qn(pNqJ9_^B=WtSi`P1m=zVI8`y~MT8b<w8~WbpnVfdB3+2qS75
zh<;&m+4e@)CwC_<w?e*vR00}~@eTg)(xWZu(Z&rXg4w1`>{tRKO#-n!sOlUWZ7(!2
ze?k}sw=vsd4dD(^B_R(Y!aICz0tuNBl9+o5mm$Gszz@v^D7yT=%Dx1g%Kd9w=adv_
zI5?W<luBhv<}r#wBpJ%sL}q0sLo_JDiIBZR2q9$7+=Rp?vu&G7#%;<NlJ|b<|9$WK
z|IT^O|N5@0tE+5#@8|hFzu#K-y4PCw!ZUP0(K-Wsp03lGi4sLNB}f3kWD^B!m!sVn
zlNzfM)yb$IhD&Y9FsWND|5X8^ByRnYmr*#buW+of+5-jUXjq2WXf_oC%hne;kH(?3
zb}<^K2vGo(JxF?Ow)yBkuP}1yRFc>Rv|_~!%|4uP#B!+dg9HE`6J!RkIqS`viZ4J@
zHlG%VI-(FBLc1s54z<3RfvTy)j+Th+F|W?y2A~5|h4YJoV`jKoTx46WRYZ7Cj7Ab3
z*fXOdj<ezO3$0~nNh~pE9Z*G4Ai!B01`uL8cn>P0G0Dtu(Q~E3%RYPf5=0qrF`#L#
zxA^85XY_t?9sH@Ogre;{+s+iXeY;h50#k{J-R2`|fU(CQ<qoXP2(yfxj*3le2b*Gq
z)bLgqM{7Bb`SvKDMW7MKn`K(fffIy|`OEh9lUtTasjHPvVgCkh6`#cDV+Ys)u7Gl1
zV5uLXpt%&?SWU>3LM#xG<2%5fzSq$2aH8uvkF+UZk^>aIfHq@OQu=2E+16roIF=6@
zVJL$%AGb3;iAlf;8*)Bf@4sF9@ya<NPH3KBdjf>e^6io^cOKXaWwadXD19g75CY1D
zI9cEbI&AZu@1Y$79lx1gOAA)ts_D;kNv#70>@R+jecc|DGr@_KX_B!e20PmsZ>$I?
zpG@CtX5#<qk`QOkw^xd>L^~s4%V8_<jX-5Shp*>awF3R4On8)*AD^-xx=>E^765mm
zp$E1WNCBlH2RT^=bWT@XIEc~Cca-A^`+~YtY!4VHtP&o6&Z9_JC^X?>oNqju)1jaP
z`-KWm25f(n(YI_uPw$oK!Bb*3?Qel+?Y=%rP!oMX_N)r6Li_(Mz<^*>apQTQ$Q954
zP!+%rdvv=?N35F_G^#*~piSVsaAaGtTQ-NXHE{S^9#rh3QT>S~FJxB>mS$<xVz)!6
zMs+Vq?}KwhBooZhZ<KAeE+vJC;(%qKm;j7{>T<M6>FC@&x)Xkw-yXM*WPSMsRK^h!
z1e}~7)<$Eu!TXTyN+W-2sS%xqNa`cthfPdMI;LiT?k})|z_gkAX_%`PiBK)Be$c<h
zWz))!Ar%O!fef~aSwmqbE@eOR<N@WcdwL$vZUxwaBTGn7qD|!H=l9wd;Dd;+lgu*^
zKX?O)A2|0OLvtDgvvP9KBzqBV3$c^^<YyJQ(UcUz!a}?Q1+}OWN61GsI6;61oCNSj
z8yGIwp*M)dQS16c+6~bFn)VUwcN$D@iIAGb0-+`xQxEZ20SOVJqk|IA8m<$V1IGs*
zFYwJrqM#U$ALbq{un1Cs)^gZ_z+ZsKL6{Eb@Uyc3j~YY(g1E=f3sNVGfjr8+mRq0<
z1A=o1!vk-*g9-5V^~dMo7x}7%LBPBkp9AR#$p(n~W<P&^ov*sXYjITHM-2){w)td8
zGon=folSn{EZ4p3wU$sTMiB)rBed$~t8<6hKr1xaw~*%|cQ7&a*`L+XVMk%YHH4n_
z1&{J}X|eTf-+rd?gY{SkStoj&Bf`?PqW3C{ARHA|Xi8@PkmDA=HwwIL4fc5;01*yI
zT+RVdwzxaN5uijnk2+_{Vgt)&@!x06j3H;m!?xBUtOo68006>~h<-jz&4Xmb(WhFY
zO?F4MFm^D2B*Irn|NXXCgV2MlN7((wjjj7kgLiUoSIvxtyC3PcD+m;*zinXkLz6iG
zB4yCdHXO(|d>8xy1}Gp#!m)uY)pZD*c}?8leh%A&Qhz88f*pX@z&3(tQN8(5HYISH
zz;4wsH3L)dL+FU)V9aQxx4%Yc24C2&-tlew{xJW%$D$c!W~R2NzCj%RqwyyWEKhv>
zJ6L~)SLY^V-o!^*%`7}JEb2^mYfIm4w{1>Ml!L^tMBeuYqD3@vq4fp@|2X4|X<EtV
z#uaAzs@bvEcQAb$JSKku;WG$?tgF2hQ$aRAO3-oKrD0_~=my;lT1U_kgKdVk5B~Le
z7CquqLA3UEAu^>sv&B+WTc>%lzu0(uch!Pnuwhjj2wnCaqT7E{pIM98oJR!|6F@HF
zhI2y4ON{s4KaTK|A*UEsYyN!IaAqI~F!CF4x4;m{+k9&PPAbMu=T%wh9tns8w0vco
zzso;P_aoRqEXlxj2dOA!HYMz6O!rhx0Hy}+#g6!sM<sL?`4NQrtlK1BLjAA+_6T17
zjSi=e)tmCq29D|5PO+)%2?crty1*tmePM&rsnm+rdlg$LnuZiakzj?0P`0-sQ2bJ9
zL)aF7y{$Srkhwumj&ik8gWKE-ts`GLp&*)xzzhZm7?DnU{~6F9jdZyaIknQg`oT-8
z=+c;ce;{K6)5<g1W)!EstEiq!^+VWKiKF_yZ&GJtkP-hg?IW3Y)6Y9Qy=bXWOw(<A
z;vk@;_GRWmuGIKFE7{oto0U$92oBBM#@l2CS~U&NrjF?JrwJ5;aZA>Aue?3coM>^q
z<DK#+>DWkzYsn%9KAWCx`M#%GI83$AX0M><iXu7ePyKh3iX!6FiLR}OfKde^>X=Q9
z?+~W7Ep6IuJZhrC;WV34==DPFUyp`E%(bFfqS)nDzvA}=x8bNP{g$Iqb3s!q<>Fhk
zTFIi_4~_wGy_8%r2A9pR^3@(Np#AOC0(p4mw+7mFwb1;9sP3=%j#3neTJ_n_+jP%W
z)Oq#NyM|@OU*Cj^AO%=YaDIlezY-x7P!NbKurI)@z)5;vjyrX!!`L9k*T0XVD@gP~
zjB9=Iyq9aywZ02nL6?N9IyySY_i_U|O(NX6O$JNQuIWx1a$JaWI17Ri00Gyv>F!&l
zvR<vA<jCp*E%QWQ@Rfks_$HWEcs>*qMl{>nSy&7eXWC&jcz}|+{%~4p5hQj6BD$wZ
zY8H_#HNj;ctVjc=`8Yrm=zH-MFLiW(n=@Ea4<{5Hz#OADyi@RZ_oc1D#|9R96k7+@
z=?JH$><51bzXW^&3k<7{Qv>S6S}c`)gGeZa-0q5#p31tPZ7m`kbrpF|mIib`#MggV
z%T35nqCXj0m-)0belA3m)qUWwfo+gYAX5-pfV#pqhj9lZ3olo14tHtJ?jjJOrsjMy
zsgX3GsG|cb2pm*g{LIM{*NvupY*4V<Xy?t<Z=U{)=J*!33d`IOikYaJU)Y&Z_XNlR
z6HEsb{94jJ2Cf-bPb=?VhPa~D7PB~BFf)<>zp&)+i6{0n`ZIgdA3;Fx64YNn!rWLd
zcZaW9X0F2lxCYIViD;?P2h|2L(NG{FQ5&%mdZ?IuUrtVDwZ#8k%f5`0$sa~Y@rsHn
zp+z+}SLcA%d$VjrF1XMvzFjIIx<1VEVRoC8;3AGfmYhuqmIFu&?965{`~s72V(OrM
zL5`aZEc9`nIMG$e5x`*(2?kZm#BU-2Bs5rtvo`USnsb2!(`P<?iVfjELJEXW==_6R
zHfS#6469Y=4k$U`MfejiQh-ldylf)(rxSae1R|h@zKylgE%_G;^pL>wuR-N0%okdz
zJ8k!J1s{@<QUwG@_)J<!0;3R9w~Of)V#vFoAa-uN6P%nq9{#9{<rXq32H{cCba!#G
z*dr<h=Z98SX?QS4DbFsCPID2sf0#hnh%KY-AP@0Ab+6RqQTi8Gk@|W4w8YKt)!DB@
zI0Sl`Fw2Glm5>+%DE!gi{x0iTRc?aTKK1v>RMUz}!f@FceOKs)reFm!_qjC|`{2R>
z4n5@RAeV(0fuMP_C>T!$>I&vPi?6Z1-Upc)4C@B%3?2z_0%`Umx|_22tU^^BF1K0V
z4X?U{vx(>dknf55B)CtoNa#U~)jUprLa>#HbhY;%l$VD)YqIV6InVm2TudcW)7jLV
zS$jwy0H(&(KTWJ_ZD>$LPa)Llz+<2j8DJ1D1s4fY!Cd4$z8B8|z!l6;Azj%E;lvea
zRhNDVv;#17>+x9)Nfe?B3v3R&>3!2kIBC2BMr|v$IW$WM@&%FnSkbr{0$=X$6MhJ(
z#$NQYf&z6(JE=ZkBeW$DKLQ<-dn<=Z5(-l#$O7OvU_!)k2m=ww>d#C<loJ#RlP_d0
zn%ehDZDYl7ACOOJ2Kiw1(rv^LUPIXlgBC6KuR$OcP#$L^ARKuw(H+?Zg0I)!zY#*r
z(a|l%TI#!Aj?W?1fg?jZBL;l~5%U}5nTHU$j@0HH)|2;-AEom^bF3vg=WM5-|IPwK
z4XgE_kC<*LB94Y%ftAHSK&$4abOByt&w@n*%7qL3QC565-?r2LARD=)1S-2=cALDe
zDQrMG0-l$0*wS*7Scxk|EZXPrVKq_6)Di*Jk5Xi~!8CFs8v7B%LXjGo34|1QAn<kQ
zfMWoPF?Q=?KYHpdedYo(9UK9q3(7n1f2gp&a6ys&HWw;+Qc-)LLUu(0HWiTsb~iQ|
zu9Omsjs@T#fKVB(^{|B`jln`EI)YgkKJdv<Ytm2sfGi=PyqA}8sGa3|VX#YxL;&Al
z<#4B96F~^zV_;AazYpL3<W%b><xiP-HIow0%k&GN8u)(vBG4x>Is*Set1GU9^xY5=
zpBw=eaY=}RfQKpBngS8IcY*qUJsXa=2B|8`_A>~1ph6(T3H54AW@T(wMC(i|LB0{(
zFU%8SLvs;?RG_2*%Luh-u$d5jNY+MsbMxD9XnOqUN<_2|13|ec2~755paQs(93`+V
zkPO5V$9c9nZ+^Q6c^BpQQ;oev58f_WRVCd16Z;7fBN1=lD8Q-<mVVv&Q|8phcN-U1
zKPXaUh@l|_*abx~v^-#ABIG5aTs$A_MS%LwRM&Mcnzp@!1}9SImxMEOa-OIdi<&;g
zK1NUrbF0p|^@F>S_zaN$e#q}&>*H2(1AFM@^}SzSm|Y@rc>wO^7tVtxX*bK5kD{#8
zN0Ty^4swRD8b73DGysW_;!rvz;WqiCe+7t)hI_t<M0{U87BdlF)p9731@@1`_5i3p
zga<!OjMB|$#XOFHM<NDq5glEGC0Ha>8pXsChpfY^O>z4oMrTw)0Kca4M6ZRK&@=7w
zCJcbH%*~I}^E<4m;!;we%+c+HJhiA>4oo0JnwqM^jrGrqi)(-`U|D}8Yg^Kj%~mE2
ztxNyW>JN?>1S0l596g~n2+JfVm#)H9-g^}`3$_rSgNPYV6$X!BguBNPm89J|2O*9<
zfgt2h%5Ysq3I!Q&0|WA&5nGWhgi<Cj>lF!f)Z$TN@o}>7T*1nNf5axWIF)U-SPO6g
zvIssKq=7}(2j~jy4{MO2se884%agC{nsAo#&uBf}v{t_-&EYpat<tKZyLAJN&OI7Q
zrw`4-IqeBmA-9znXY6_U2(xcoW%R}U`cY3sj5i_Lo;r0Kiw36VbNa`SodXAfjsmXW
zV-6q19kyZU0tf4+l|F#iB1EqySTxbV66N?<_1Eeb)6p1%YvI{c?_7u&i~JHB7cz9<
zVQ~GRwNA0+*6Fe#>|uWFlwdwvWHhAwsSivcnw`%hd4dfC`xA+*Fw|xjNAuz72qj#!
zq0|kCj)x+_$H`*(QN{1gtBSy_qMkKs`?x+7I3uJ&DmEkIBs~ruLKULAKxTlP76$Gz
zT$ILWiWz(|&N(<|#O$gGaW;E!S@4PgHnh=}(v0NnA&3M^MZs|Z*o&;N0~`ROhIut9
z`>{|~)fjUF0!=^ZDU3E^O4u#LskM(JkMME8djpL0e*uU{YIHNsd2+VEJfBua-bLEt
z1GRl~5gb|lm`O7|P6otEYu<?;>45uzPARWH{0ia%VtEV&@Trj}%*xrl5a;9H2$dlu
zg%gelWdQ2ODk58;WW(Q_IOMr9N5tonaI%Hff`^<<y4aRLTnc|!tR#|m$WW)d?IXv8
z9_JBxlaf5pJ|Y`+Vh`LN>3a%awZ4+&5B1_;Y)W;5`j1!4=Vy`2urH{A)Ixu*wV18>
z?Wm82u7z$MVq|rLLumI4FKiOw0=jCs)@7Fc@rx^51g;M;B&**M`blreTfS0g6Qf>B
zN$ENhds*VL%6e8-<k54h3IHv^k{Zh?J6tu_SU^@t;`at%N?7Z(a(#F?DG`x%5(*oD
zL149E$*~Hg<1UB1tKi4;X`onuMPbbGJyy&u5C;Yu<h%<q!WLa^ums@7kUdce0Zj~R
zZCON!CZ!#?&ZB}2#J?J(k$LnToDig4pv**Ay-UJqDIULjxu@jG=CS*xXRG%)6?HyM
zNpZW$x?O7JVGszQ9L|QLIi5&3CMIG(*2@%TnD9C33Q%g5DS3X7_q_4ydUanzv7GwJ
zxT;GH9A4SfXMJQO&JaTY$-t5WUssVtt&p{m7Zl9c_dq};#MxV{WDYlnyM(_1wS}z(
zblhc-rYm|Q(=CuvTWcA0jie+g7ju%?L0ojo*xNW)pP1KzY&DMDq2uJPH!u%EoJ~?;
zB7rNw$HG$dvs>n6@NonneQCaP<VWvyx{^G}!3fBDw%`DA4mH3gA|Jn+i=;TIAPtNI
zXtS%0<zxG(GsWE6_96L~QA!=0bGrj{c#&PM?u$Fa2c_&BtHjNLr*(9y*Bh33m9+3-
z;=l*U#sfwmpaCpjsqo>RWK7*Lh{8eN8bbL<u_8YSiUa&k951Q{5^VTFs-AH8Ana&w
z6De=^l#A)#&2mdo|7P;gGzPt-HmjoS#&-t_Ljr*1kc%dkal*yf*>b>CjI4K)x2(4L
z2t1=@wqU=(5U-f5g}8svh3vjo+GZ7s(Ny`K^28?;dhQG<>{7&`*!}+YX9rx8GoS?l
zcZJ#$jCKK2tV<W{bd=8!N!LDh6*AyN{JC*{$%{w`)<rif9;FE7G+QG6iO@=ZvYT{L
zT^*G)KD-bdB?RJgWE$vIkByTJ`T0xKO7ut;J8&G~|Bwt=AtJa;+YSxJ-(|ay<pH+>
zql|cjA?;~gRf46XaZvc>Tzw*ac_H&@?(d$db(XjD$&3n(yQm|^jSnmewiu>mmNmH*
zSKUevGkdS=Fy?V_*G;om@8J93aofL^-e(TP-e^?3LCGzg-=5)J7iQ^FdR2X4nO2k?
zE!Mag*c&mrdaK~b-Lv<8dna`1lyq9djl7g5@s`kK@{rY2?c~+6oXM7~W>S<B!fQ5!
zb6$LT?&8H_`Q;mfrF5bEHGgnge_J}v%Y070D`UXet86Mpud}PWW^}B1vD+w`T5J>L
z#70@L$Ua)`u@rZUTj8oinCkA)@o`%AX9XsiCF3hwORmzCA}Fl-jj4-L^WXhiY(|}F
zwq7sxnMuiV1W-%6m-_R#7wPBPS7R<r=~kyvy_Mx%^Bs>RwCm0sT6K}b(s<UThWg3I
zGM|P&F&?1@W4ouHl|b0~p;4Kzxn1!~9YYac*Lv&MH8uD6_uALr>C`b}sZkE2xvo>*
zxv{g%+xw}>a=$}t#NPM7`g)cHmW<|wvX?1)63=^m`*7`u=r-uO=0Z7rXlHh=zIx;d
z<pRTWtE<iQ$>i+4jq)vQ-p)(bCC04_3x!@^Kdug|?n{r*$!HxNoqzP<UhvgCY0jF3
z=XiQhIsqn^^tQcxxspTASyE1}Wp*~N^IKmb;-VzHx;S1fcg&V9`cCDOpXojbp+qd4
zZLO%I+kejjh1MC{QK0gaYMoMVj)2C()3cL<R{B&(Y+|>f_k6X<_md0V%sm1Tl@_`B
z?(>rgP$(Gn?Nf|>jL*iQg*(L@f@7<?N<C9C0;1?osz=Ym=;~XFuQWPIT5A#yyzc7i
zI@Y%rN@sYdPO>&zpmJE<fDRvrjS8XM*Ei*MO&1DVBji{0_4h}=V^Bo$c-gXXgWtL>
ziE4*=Hl31-X+><93IQxg*QnXRtoPYVMm>7;Zc3)a^@}0|UP7QVX~ulA)lw8-*}$=-
zY4f3?gK7yOqid*w0*im>@v>RF?Q|$3{V|)`Mx&iBFw_;<GD<a{qEaJ~inx&3CTN>P
zO|#`%q;Y*IwTM_J(f@hEWO)JOcfwg&SszsQu?3Wmq&Gnzsi*)to{$6?o|w>tXql}g
zWQ?2Vy1g@SIx%jHy8T(2ZuQtBIa%4}FJCe@-MuMO*H}?;8>@`)8zpPd3b+1a91Es4
z*)wH0n`xJ;k2v2ssgSxsn~y_OOw3G;RN^tO1!XJS9;8v<4@_b1`~HaPJRgPB<_7Ep
zd=$hEXJ=<0R9zamc41FwW}nT8-ON+ViQ5{!e=qG6GVKZlf+cvuygY5#ZooVM35@!I
zB&b^EnG?9ca5wj<{y^hm*YhryVNs~Ru{lu9dc)>jptl#R`8;NT(>7**a3d9|`NU{S
z6oBT;Sf{k~@a%B&f$iJ2@p7`Xi_Zd{v#(tRz*sfs32~KVs&#w$d$Y7ETq6QLAPuY@
zQs&x-<Vs4?uv6r}eOzDYG9FFr6evk1G+IEHemE({OAAsvb{b|1uJE=Pp)mR`Ho4qv
z_#u0M(spicD`Hch6YcY?nRbM036}qEzSS$^*|WjvX>F*<LsY-v<HuMmbCJuqb<&!~
zuCc+v<LkL(G!wMy`}-3|wXS-2JcCjj+*en7@7!+4^GxG5mgeicTX1fT%e>N%_kTYn
zgB@k=?%wWYPVT&GHgFBsWF&RMd`_m0qewI%2%e&SG>>25lIqjr%c%pGTL$xJHmHX)
z2!V_`deF@(zu`Gs=90#`%j~MHAFdC?Ey5aEA>~#(s#&H{I!>F^f-`m&5$-d|qCPXa
zX0F-}7v4;FT0+(v%hZ4m0AFJhW1-(2X}KD|+Y){tOcmS_coSsHP-?m`loT^^r}^{e
zC!LQ#8hVmlC{eAp`A)8`Pw{mIRj-R<NM=llTSKW&AZ#<!>C#P|z<?ngL<)xvfq{#K
z`XzZMcp+&m*@FjTPwa_@ztQA<0+~SoH9XN0@8zy&54EgYdE(;YeQwc^`+VP*<!L+u
zyDA{qFNvcxJv(Z^&&T&vlXvjz*S5Sbsk*6oUvr1zQ0ifAA?m=AXeKaGaC<*5*2h5l
zz^1!{Xg|+0BPB=X=j2?Xb?pvSp$S{LxafiMgCr{)nHUc)2tXBN_#jx&ykC#+*znxu
z)05@VXNPX7fkEJp!c(4}9y*O+1ptMb&O$LeU0GSFZ)B7kweiG`M`SW_$Z(XQpSs(V
zchv>wrV{s=_boOu5)#kLFL`$BAv%W^Q<U!dTZ*$aqW6!Z?y-ISv1|dg1tEViX=y9@
z9!87z?{8*^+jX_|Si5_WX{PU$0kZLRVAh9FkCE4cV!x-d^pgo%B+wTyu>5U?$=XO<
zB`z&_if&n#_Usw3m`a$cQie%c9{&g6bK*sp@veRMkGJXCmtUw4Ka6x%)~ZM9!R@ua
z^!}s7pn+K<TI-2(;-*Hw_*`F_k`EqW7-3-8G_G<~L3?>V7$!pmm*<iQmE-nMC5Mm+
z<oCU`YudEe0uyc7zMU{LFb3B3rl*HLBb!$b>89^cx}ydO?%~_U%}twi8*tguTOAps
z*PkgVBa^fH213l7($e(M(BGEui_KUU4Gj$*Pfi~>Ny++8pW<LQ5WJb5Ob6V7f_AqB
z%GZ{^4akd1N+tuUF3puK=f-=Q^;g|vAg#Cqx*E>M0>u{d9>!25!*<m-HqP7iCx#2b
zdM$u*$^r3;)CJavmM2K2q;%R^;nz{C>0jCFzO<0*X@c5~-0`j8LsUV4K>c@bqMx5%
z-eT=@%Hf`Bmgc7HHO51Z`Uvn~EKy~e*E)_Pz$NSc#8oCeJNr<xr6`UO2tVmtTUi*{
z1C>Q(Wz%qf(yt}3%Q3T1|L#%6TZ#(x=GwtrvRO_=CoZ!!&hvnz0?C404n|Mrz46~1
zD}@F4`t=3D1QZwZ)lI>C+IXfT154~-OOY)o#PKqfZ^DVdWWEvBBAAt1ihqobjqTsY
zii56&s;TT(&G)WDfg9T#298$kbm`JjtON-<w4FO@93%H>dC&y5>Z+3!f17=>K8mBp
z{LxvjbIK1O<T$eM7^e~INgEgC2&kGW4lcAq1<w!^23ug+aaE)5LM-CH_6EyaT3gp>
z$VdKZ=l*PLWQ6eD#u*356y$iQEyjttkA~PFYHf2}eCES#o1<T{8iNzBWG1t729%4)
z%V*%2!`AU4^su*YXnAr-wo$!PDtp)2kWpq^OYYjbIvPjNwQJY(p|ZScfkJ;XZ7}C)
zf~N&`BTFerJ=6Mh*~SP5YNZ^RGThU1m}1t*ktH^6XSVMo9|wGE_<$RJQ>&=6WoRfF
z$@OMyG1woFVvkXyP{e{gPo4Gex3aWU1vTQ_c>40P`RNG{N5`hwH5quc>|Ni!74uk_
znkqH;4Md*Zbg3&JE)VE|DD4v!HI1M=q?v_lJgjSl#X@`tFF~oPX$vw+l-|7e;hWK{
z({)D*=+r40EWg3X0!CgrKez(1IF5FB8(mZiT)vn%2w|hVTUUR(dlOz6o8S5%9gDJi
z(;8Xt?}p>uWqKG4#@%Da1GV&aUBeLTlS8nsMH-3CmQ?YLzu6Lr-iQdB%c~ousvMR7
zyj0zRY=I@7Kh;|I<CQbGEn-7OE&?b91qa&<+yPP|HX*S+jF@?--Q1fu*W*R_6#n7G
zguW14(i&>AwyO8?Vz<r5X<(TouU~zxLrQjbZf<lid-Ex-?b~xp+zy2K8<EWlO+Zf;
zWq*Ob2gIsdvB;e&(xRdX2p3QTNi}7`*EGI<?Q63J)LRC)Uzk?v&fz_S53j?FjyPaE
zLR)A|QH#oeRA6v0ZStg9QrY;T`}c1J2&1Eh)sh-#zX(@vfR&i0n=H2nO$!PNS|P~?
zc$%wE;ouhg0|kcENMeK%*4}f9BJR9Ue{YA^OtW5|nrfNTp#o-@GXCqf{^x@O1F53D
zCu8Jv0J#JrKu_yRMTJj)JcRjCr?65dqh&BRgmC|>8Zluc6<D@1nDF?=z{udm%tHqg
zpB;znxeS+HHdUKvQ>IlUg=r2Z4zP@kX{E@)gI`X$Jnlw0s1y)aZ7t!Z;j#dJ5E(x>
zv1gR;3<$PBLP-2U-N4LX{jO_@mhIJ~&=`b7@Fs;SAG23sd)eK7@0S_$Nl8gnUWe4<
zVUrOcF!!x4df98h$#dA9vU3EU5@BRIT|+A4jgw6OGNrqylQDuuaxS%m@X)9Yq_bgu
zO1zfzj~zSa{&gZYD#UxD$7eLHC@;_K%>}8byrmZqVkf}Z+<13tr!5>i0V6w$T;Ks!
zlNwW6>4o0QrO1_&D2d2N;aLDhfvf{!WMg4;0*Jww1KI%+MG59)f0$}}Tic)Gi+KaH
z06E*)0Tof%p@n^`w&R3dd(p6()sW|~)A!_R>19&!3F@=j?yDsn((4+8gUGYHgO`&0
zHBI_uOQ){NEkE>98OjL=8ui$hZyU2WYI)3=@5X{he9(n)kCdQKg326zvb?OQ;k%Ud
z%5NyoM3k45d)}<D!cp8@WXtTc?h}>dakZ>?f3w(mXxroBJ(iEebU7E<RI>*L1$nW(
zq|8LNMo6v^@+PrL^h*E~Zm&vdwwzpAzf?xyO)t=JkO7buU_K}~Rx~WYW>nEU(YAiC
zFTUMYa~qhUqPNd3zwL9>sCJLOd?fa)?T6&4#SrU<holxsB)RtAF~xIs^29@C#v9y5
zmGj2Q1A^I8oORsm85m0JUHo>8Nht1QU>Fqj#or8%nEdhg6?;Y{j{CnbFkIiLg#Sux
zWLv?&&~sFCC4Tao!bS#$b9an#1aCcN!i#%-cQP_ce_6rs;;c*JE$%-)jXB6x$c(-5
zsq}J<@_yvj;X_u^e0#X}Dz^rH8d%BwLh^*{uM7+??-Fkp`dsMLw~H5F_4EJ4$Nl$Z
z?ELY<P&`yqi#6ld;u^*ZdFf7O3d;ZQ1u<wSBwrJ?#albnBdWab{qrX#TWLN~W5#!0
zxp)+J!=SP9FSmL6Ps)D0@+N_H+jPns>5omjh?N=i{XaL2|NLvQeqQCz+qqd&+aIvM
zXTx8w@2_9+V<rFnyQfcSPJ4EHVYSamI97Z8=i3k|GWo^lW#D!eT#l`BQRjE_{A{a%
zLqD$d%Kx}9hP@{@b)La5or^Slcjqrl{Nv*PZtef(g|)^_g~2Ue_$-%zDi@!_FTc}f
zJn#P4D2@vMy+!{0#+pQVvuK-%2Pj!aqkf~^`s>DOJf?78gAX73CgIRxlu7=7y39uk
z_oM2FtDu>tbPC1&YcJvlfAd&A7us0<@y~mrAol<6=fC}o|F}B74SwPL>3RHkH>dG`
zcyfQUtUn(Xu`^Hq^UnOA+vZH^I1FX=oac{I)A950{@Y{!>v8(G@3zK%TaFjRHFwy=
zy#Kl3SYoSLST_A{J9rgEvEuNKE7g94d7wGU{Vx2EOaC92?f?Ip|K~ffUbulh!7wNc
zp11$Hss6QC3PW!y*jxMA#d7d_EP{VyKK^n%p&*!MedK@J&p&J-=gv;CtQX&7{@ElP
z#Q{z54*$nrVn|9?IJkky&|MFu-I_wj`(bH0S4L1=yPOQ+{<Dbs+_LGNunQknr*C7U
z+_?x$ka<QM^&bF909);&Vm^dje(5>ukvYB?@&pAA5a<T`u++=F`~ggj-V!vi5KZ_i
z$DdHba<ROq+j45!(<FKT<OE_`W4rFsW;jZ~11@>5XRR3~2O_F1&YxF6y81LIrflj+
zb0*&R*iY`-Fvh>6BDh5dNHYi`<mZ9B*;yF-7E1vYr^mgQ4N%SEKKc2sOx@}D`oZ#_
zZ%h}F@373}Q9+^?K@0&$5F+BuM3jO73rSCLe?kxCt{u&6wzNRo06|gg39Wzi$_H4I
zooOY(G6gEL2bAYLf4&2uM`|+w4pR^w>976S$Jk`+kXwnw=n?`#Ks2AA7Hn+P0VYs8
z05UlQa=Jj;qQb%r0lkb242Od~XYa&~FM>VV0<=jMw|j7$CnqZ_4uKd*G8=1aWLXh$
z3xyDl>ZRNPUdCTmAdb5A=KRvoN$&<=DNGmv$AlONp9^qjV&U$tzn)v}!T6%H>@Hjv
zV|7>yFRD-hd?<Bw2ck6Sn9L>x^3l#~YAb=HQ3(;!WG&XW_&tI47H@d$?cuB`(pVL!
zd<1+bK+mMiNw5G|F+4YfSNL=DC=T8V=ROWEj0D1K@J#^5_#jXP1PgY6`43_zTrra5
zRb6KGh1&7#vU%rfcy)0{b*B+s+&QN$%QDvbUoJPPN9lCU33)u*4q0ruS5wlV6hRa~
z8VE^mV0wN7R{PxbNIvMHHreL)xpmHoES3s(&vh0>1Axoag$}skTXC87=F<VJwJS9p
z3ZhoS9bNB|mXtgdtBKaUtaVxfpPX1_N%!9z-hqi$PawZ2h~k^}Qx&N~W%yvu*tdH-
zKWF)!_Y}y=Sy>@e%D6BzFMn@N-ZtDK97Euou3W(s^TeY&G2D$_K`;KZmYa3uF9a&&
z*+gt3uv;Z@se_Li<Rl~p-8DgZvi3^VD3lr9@cMS+`XVQzLZ9=x$tC%BmEZS?%RX(c
zrVGzgSQZe?;8`w~1pE@;Iv<nRXFRYT65XqADA2+)I&HnDr}XNr#frS_{=D%?o%@>L
zw3_RSs@}l}nn&a98Ry=Ju}MEq@g+y{xGHA>g+5$9Gjm$Ac=)R0_vpxdK}UCT^RM{U
z^z_rQUH*xw{%2nzp^oDL&Mzux?Aw(BO9pzxMmY!RjHyZ62BWf4+l4*}0b!;}*ZT_c
zUf;CjSH+Ws2Nn8K#wM?JI9{PgJa%pFrhhXQ;(RcG?6Kln#vAxk``GpSWO1$Ci&80r
z$;jC1YL7dPK{8&ofeQ`EqvVAWW0UZ!^`1`ko*m3fo4C>!CEUL#e-PYz<oBU+`i7;{
zZtih1E4%oTmuD#B9~~^OXJ#(k98YO=Y3`QhW>Zf;<V`9waXf3}B1^7+t1;@l*s#n0
z_Zg4U!8!Mh_tF<`_eg~s-^@<!;@0!jnt9{r+azCE&+IavXLRX|-JJSxgiwRv*uv7)
z(ERcJF*Ln(y?PWTd~uV5{5C&F*~s_o8z|j^3!axXM;`f>zEcnWH1p}M)5ca)V@DQ9
z+C|KF?O0h}BqJ;LEY=*Kx8nspwyG~h!BkWE^+MmllJ|^FUWF9#%{#Acbj;{29eK1*
zj(dY(iE_P1<klgQ*I3i~#*!P(k@;@2`A(jl)74iEFKr0Q{2dRj+jMD@#DbE1C-;&g
zA6|K2S7zA1Bih{2;KJa-@N~dNrB+gTt+$DvG0&F(<%M)9qmjZI;}f!TjZ!49WRo^Q
z1ykaa7|-WyDHCDx=`A#JV(U+gNnM(3o337J4%qyfURtBD=0-$GP2HNiQQmX4!8@YM
z4!7zn#s9v`UtBidn;hY^`JUKphJr)|xx&-FXkqugjwfEEu8|}<J<((=!}w&jaiwWj
o!ocy%8%FYI)Cb39#+O$ldqy&T<dMjPm0(a&(m0x~c+U5~05uZ3^8f$<

literal 0
HcmV?d00001

diff --git a/windows/security/os-security/windows-security-app.md b/windows/security/os-security/windows-security-app.md
new file mode 100644
index 0000000000..4a2e241a83
--- /dev/null
+++ b/windows/security/os-security/windows-security-app.md
@@ -0,0 +1,37 @@
+---
+title: Trusted Boot
+description: Trusted Boot prevents corrupted components from loading during the boot-up process in Windows 11
+search.appverid: MET150 
+author: denisebmsft
+ms.author: deniseb
+manager: dansimp 
+audience: ITPro
+ms.topic: conceptual
+ms.date: 09/07/2021
+ms.prod: w11
+ms.localizationpriority: medium
+ms.collection: 
+ms.custom: 
+ms.reviewer: jsuther
+f1.keywords: NOCSH  
+---
+
+# Secure Boot and Trusted Boot
+
+This article describes Secure Boot and Trusted Boot, security measures built into Windows 11 to prevent malware and corrupted components from loading when a Windows 11 device is starting. Secure Boot starts with initial boot-up protection, and then Trusted Boot picks up where Secure Boot leaves off. Together, Secure Boot and Trusted Boot help to ensure your Windows 11 system boots up safely and securely.
+
+## Secure Boot
+
+The first step in protecting the operating system is to ensure that it boots securely after the initial hardware and firmware boot sequences have safely finished their early boot sequences. Secure Boot makes a safe and trusted path from the Unified Extensible Firmware Interface (UEFI) through the Windows kernel's Trusted Boot sequence. Malware attacks on the Windows boot sequence are blocked by the signature-enforcement handshakes throughout the boot sequence between the UEFI, bootloader, kernel, and application environments.
+
+As the PC begins the boot process, it will first verify that the firmware is digitally signed, reducing the risk of firmware rootkits. Secure Boot then checks all code that runs before the operating system and checks the OS bootloader’s digital signature to ensure that it is trusted by the Secure Boot policy and hasn’t been tampered with. 
+
+## Trusted Boot
+
+Trusted Boot takes over where Secure Boot leaves off. The Windows bootloader verifies the digital signature of the Windows kernel before loading it. The Windows kernel, in turn, verifies every other component of the Windows startup process, including boot drivers, startup files, and your antimalware product’s early-launch antimalware (ELAM) driver. If any of these files were tampered, the bootloader detects the problem and refuses to load the corrupted component. Tampering or malware attacks on the Windows boot sequence are blocked by the signature-enforcement handshakes between the UEFI, bootloader, kernel, and application environments.
+
+Often, Windows can automatically repair the corrupted component, restoring the integrity of Windows and allowing the Windows 11 device to start normally.
+
+## See also
+
+[Secure the Windows boot process](../information-protection/secure-the-windows-10-boot-process.md)
\ No newline at end of file

From 4d3bb7809bd6d2b2e65a9c1479f07ecdf7143f12 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Tue, 7 Sep 2021 17:16:07 -0700
Subject: [PATCH 17/84] Update windows-security-app.md

---
 .../os-security/windows-security-app.md       | 25 ++++++-------------
 1 file changed, 7 insertions(+), 18 deletions(-)

diff --git a/windows/security/os-security/windows-security-app.md b/windows/security/os-security/windows-security-app.md
index 4a2e241a83..ed9e40c74b 100644
--- a/windows/security/os-security/windows-security-app.md
+++ b/windows/security/os-security/windows-security-app.md
@@ -1,6 +1,6 @@
 ---
-title: Trusted Boot
-description: Trusted Boot prevents corrupted components from loading during the boot-up process in Windows 11
+title: The Windows Security app in Windows 11
+description: Get an overview of the Windows Security app in Windows 11
 search.appverid: MET150 
 author: denisebmsft
 ms.author: deniseb
@@ -12,26 +12,15 @@ ms.prod: w11
 ms.localizationpriority: medium
 ms.collection: 
 ms.custom: 
-ms.reviewer: jsuther
+ms.reviewer: kaeladawson, bmcneil
 f1.keywords: NOCSH  
 ---
 
-# Secure Boot and Trusted Boot
+# The Windows Security app
 
-This article describes Secure Boot and Trusted Boot, security measures built into Windows 11 to prevent malware and corrupted components from loading when a Windows 11 device is starting. Secure Boot starts with initial boot-up protection, and then Trusted Boot picks up where Secure Boot leaves off. Together, Secure Boot and Trusted Boot help to ensure your Windows 11 system boots up safely and securely.
+This article provides an overview of the Windows Security app in Windows 11.
 
-## Secure Boot
+:::image type="content" source="../images/windows-security-app-w11.png" alt-text="Windows Security app in Windows 11":::
 
-The first step in protecting the operating system is to ensure that it boots securely after the initial hardware and firmware boot sequences have safely finished their early boot sequences. Secure Boot makes a safe and trusted path from the Unified Extensible Firmware Interface (UEFI) through the Windows kernel's Trusted Boot sequence. Malware attacks on the Windows boot sequence are blocked by the signature-enforcement handshakes throughout the boot sequence between the UEFI, bootloader, kernel, and application environments.
+Visibility and awareness of device security and health is key to any action taken. The Windows built-in security app provides an at-a-glance view of the security status and health of your device. These insights help you identify issues and take action to make sure you’re protected. You can quickly see the status of your virus and threat protection, firewall and network security, device security controls, and more. 
 
-As the PC begins the boot process, it will first verify that the firmware is digitally signed, reducing the risk of firmware rootkits. Secure Boot then checks all code that runs before the operating system and checks the OS bootloader’s digital signature to ensure that it is trusted by the Secure Boot policy and hasn’t been tampered with. 
-
-## Trusted Boot
-
-Trusted Boot takes over where Secure Boot leaves off. The Windows bootloader verifies the digital signature of the Windows kernel before loading it. The Windows kernel, in turn, verifies every other component of the Windows startup process, including boot drivers, startup files, and your antimalware product’s early-launch antimalware (ELAM) driver. If any of these files were tampered, the bootloader detects the problem and refuses to load the corrupted component. Tampering or malware attacks on the Windows boot sequence are blocked by the signature-enforcement handshakes between the UEFI, bootloader, kernel, and application environments.
-
-Often, Windows can automatically repair the corrupted component, restoring the integrity of Windows and allowing the Windows 11 device to start normally.
-
-## See also
-
-[Secure the Windows boot process](../information-protection/secure-the-windows-10-boot-process.md)
\ No newline at end of file

From d3f655731dc0b0efd4330198ff02b50f43d18e8f Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Tue, 7 Sep 2021 17:18:25 -0700
Subject: [PATCH 18/84] Update TOC.yml

---
 windows/security/TOC.yml | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/windows/security/TOC.yml b/windows/security/TOC.yml
index eb58b0f6cd..b6657d8439 100644
--- a/windows/security/TOC.yml
+++ b/windows/security/TOC.yml
@@ -39,8 +39,10 @@
      items:
      - name: Trusted Boot
        href: os-security/trusted-boot.md
-     - name: Secure the Windows 10 boot process
-       href: information-protection/secure-the-windows-10-boot-process.md
+     - name: Cryptography and certificate management
+       href: os-security/cryptography-certificate-mgmt.md
+     - name: Windows Security app
+       href: os-security/windows-security-app.md
    - name: Encryption and data protection
      items:
      - name: Encrypted Hard Drive

From eb5a94b43c84b24af498681d00247a197da48df9 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Tue, 7 Sep 2021 17:19:28 -0700
Subject: [PATCH 19/84] Update TOC.yml

---
 windows/security/TOC.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/windows/security/TOC.yml b/windows/security/TOC.yml
index b6657d8439..777720a45b 100644
--- a/windows/security/TOC.yml
+++ b/windows/security/TOC.yml
@@ -45,6 +45,7 @@
        href: os-security/windows-security-app.md
    - name: Encryption and data protection
      items:
+     - name: Overview 
      - name: Encrypted Hard Drive
        href: information-protection/encrypted-hard-drive.md
      - name: Bitlocker 

From 400771de27f8bb1e85e70dfcdb6b5fe16971ef4b Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Tue, 7 Sep 2021 17:21:02 -0700
Subject: [PATCH 20/84] Update TOC.yml

---
 windows/security/TOC.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/TOC.yml b/windows/security/TOC.yml
index 777720a45b..337dc58743 100644
--- a/windows/security/TOC.yml
+++ b/windows/security/TOC.yml
@@ -41,7 +41,7 @@
        href: os-security/trusted-boot.md
      - name: Cryptography and certificate management
        href: os-security/cryptography-certificate-mgmt.md
-     - name: Windows Security app
+     - name: Windows Security app in Windows 11
        href: os-security/windows-security-app.md
    - name: Encryption and data protection
      items:

From c4af22af36fe1d7fee6386989430caddc2667a13 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Tue, 7 Sep 2021 17:31:02 -0700
Subject: [PATCH 21/84] operating system articles

---
 windows/security/operating-system.md          |  4 +--
 .../os-security/encryption-data-protection.md | 29 +++++++++++++++++++
 windows/security/os-security/trusted-boot.md  |  4 ++-
 .../os-security/windows-security-app.md       |  2 +-
 4 files changed, 34 insertions(+), 5 deletions(-)
 create mode 100644 windows/security/os-security/encryption-data-protection.md

diff --git a/windows/security/operating-system.md b/windows/security/operating-system.md
index 584a85b7bd..e16ff2bd56 100644
--- a/windows/security/operating-system.md
+++ b/windows/security/operating-system.md
@@ -13,9 +13,7 @@ author: denisebmsft
 
 # Windows operating system security
 
-This article provides an overview of security measures built into Windows 11.
-
-## Operating system security
+This article provides an overview of operating system security in Windows 11.
 
 Security and privacy depend on an operating system that guards your system and information from the moment it starts up, providing fundamental chip-to-cloud protection. Windows 11 is the most secure Windows yet with extensive security measures designed to help keep you safe. These measures include built-in advanced encryption and data protection, robust network and system security, and intelligent safeguards against ever-evolving threats. 
 
diff --git a/windows/security/os-security/encryption-data-protection.md b/windows/security/os-security/encryption-data-protection.md
new file mode 100644
index 0000000000..ea4eab560f
--- /dev/null
+++ b/windows/security/os-security/encryption-data-protection.md
@@ -0,0 +1,29 @@
+---
+title: Encryption and data protection in Windows 11
+description: Get an overview encryption and data protection in Windows 11
+search.appverid: MET150 
+author: denisebmsft
+ms.author: deniseb
+manager: dansimp 
+audience: ITPro
+ms.topic: conceptual
+ms.date: 09/07/2021
+ms.prod: w11
+ms.localizationpriority: medium
+ms.collection: 
+ms.custom: 
+ms.reviewer: deepakm, rafals
+f1.keywords: NOCSH  
+---
+
+# Encryption and data protection in Windows 11
+
+This article provides a brief overview of encryption and data protection built into Windows 11.
+
+When people travel with their computers and devices, their confidential information travels with them. Wherever confidential data is stored, it must be protected against unauthorized access, whether through physical device theft or from malicious applications. Windows has a long history of providing at-rest data-protection solutions that guard against nefarious attackers, starting with the Encrypting File System (EFS) in the Windows 2000 operating system. 
+
+In Windows 11, encryption and data protection features include:
+
+- [Encrypted Hard Drive](../information-protection/encrypted-hard-drive.md)
+- [BitLocker](../information-protection/bitlocker/bitlocker-overview.md)
+
diff --git a/windows/security/os-security/trusted-boot.md b/windows/security/os-security/trusted-boot.md
index 4a2e241a83..7728813615 100644
--- a/windows/security/os-security/trusted-boot.md
+++ b/windows/security/os-security/trusted-boot.md
@@ -18,7 +18,9 @@ f1.keywords: NOCSH
 
 # Secure Boot and Trusted Boot
 
-This article describes Secure Boot and Trusted Boot, security measures built into Windows 11 to prevent malware and corrupted components from loading when a Windows 11 device is starting. Secure Boot starts with initial boot-up protection, and then Trusted Boot picks up where Secure Boot leaves off. Together, Secure Boot and Trusted Boot help to ensure your Windows 11 system boots up safely and securely.
+*This article describes Secure Boot and Trusted Boot, security measures built into Windows 11.*
+
+Secure Boot and Trusted Boot help prevent malware and corrupted components from loading when a Windows 11 device is starting. Secure Boot starts with initial boot-up protection, and then Trusted Boot picks up where Secure Boot leaves off. Together, Secure Boot and Trusted Boot help to ensure your Windows 11 system boots up safely and securely.
 
 ## Secure Boot
 
diff --git a/windows/security/os-security/windows-security-app.md b/windows/security/os-security/windows-security-app.md
index ed9e40c74b..b02306f0dc 100644
--- a/windows/security/os-security/windows-security-app.md
+++ b/windows/security/os-security/windows-security-app.md
@@ -18,7 +18,7 @@ f1.keywords: NOCSH
 
 # The Windows Security app
 
-This article provides an overview of the Windows Security app in Windows 11.
+*This article provides an overview of the Windows Security app in Windows 11.*
 
 :::image type="content" source="../images/windows-security-app-w11.png" alt-text="Windows Security app in Windows 11":::
 

From 7652f00c5d8b8d162f7d392c112b98042cce3da6 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Tue, 7 Sep 2021 17:35:08 -0700
Subject: [PATCH 22/84] Update encryption-data-protection.md

---
 .../os-security/encryption-data-protection.md | 30 ++++++++++++++++++-
 1 file changed, 29 insertions(+), 1 deletion(-)

diff --git a/windows/security/os-security/encryption-data-protection.md b/windows/security/os-security/encryption-data-protection.md
index ea4eab560f..e0af5c0142 100644
--- a/windows/security/os-security/encryption-data-protection.md
+++ b/windows/security/os-security/encryption-data-protection.md
@@ -18,12 +18,40 @@ f1.keywords: NOCSH
 
 # Encryption and data protection in Windows 11
 
-This article provides a brief overview of encryption and data protection built into Windows 11.
+*This article provides a brief overview of encryption and data protection built into Windows 11.*
 
 When people travel with their computers and devices, their confidential information travels with them. Wherever confidential data is stored, it must be protected against unauthorized access, whether through physical device theft or from malicious applications. Windows has a long history of providing at-rest data-protection solutions that guard against nefarious attackers, starting with the Encrypting File System (EFS) in the Windows 2000 operating system. 
 
 In Windows 11, encryption and data protection features include:
 
+- Encrypted Hard Drive
+- BitLocker
+
+## Encrypted Hard Drive
+
+Encrypted Hard Drive uses the rapid encryption provided by BitLocker Drive Encryption to enhance data security and management.
+By offloading the cryptographic operations to hardware, encrypted hard drives increase BitLocker performance and reduce CPU usage and power consumption. Because encrypted hard drives encrypt data quickly, enterprise devices can expand BitLocker deployment with minimal impact on productivity.
+
+Encrypted hard drives provide:
+
+- Better performance: Encryption hardware, integrated into the drive controller, allows the drive to operate at full data rate with no performance degradation.
+- Strong security based in hardware: Encryption is always "on" and the keys for encryption never leave the hard drive. User authentication is performed by the drive before it will unlock, independently of the operating system.
+- Ease of use: Encryption is transparent to the user, and the user does not need to enable it. Encrypted hard drives are easily erased using on-board encryption key; there is no need to re-encrypt data on the drive.
+- Lower cost of ownership: There is no need for new infrastructure to manage encryption keys, since BitLocker uses your existing infrastructure to store recovery information. Your device operates more efficiently because processor cycles do not need to be used for the encryption process.
+
+Encrypted hard drives are a new class of hard drives that are self-encrypted at a hardware level and allow for full disk hardware encryption. 
+
+## BitLocker
+
+BitLocker Drive Encryption is a data protection feature that integrates with the operating system and addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned computers. 
+
+BitLocker provides encryption for the operating system, fixed data, and removable data drives, using technologies like hardware security test interface (HSTI), Modern Standby, UEFI Secure Boot, and TPM. 
+
+Windows consistently improves data protection by improving existing options and providing new strategies.
+
+
+## See also
+
 - [Encrypted Hard Drive](../information-protection/encrypted-hard-drive.md)
 - [BitLocker](../information-protection/bitlocker/bitlocker-overview.md)
 

From 8e2bd89a94fdae5ee9a8593bcc969c7b4d46487c Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Tue, 7 Sep 2021 17:35:54 -0700
Subject: [PATCH 23/84] Update cryptography-certificate-mgmt.md

---
 windows/security/os-security/cryptography-certificate-mgmt.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/os-security/cryptography-certificate-mgmt.md b/windows/security/os-security/cryptography-certificate-mgmt.md
index 282fac4632..f5d63c9686 100644
--- a/windows/security/os-security/cryptography-certificate-mgmt.md
+++ b/windows/security/os-security/cryptography-certificate-mgmt.md
@@ -18,7 +18,7 @@ f1.keywords: NOCSH
 
 # Cryptography and Certificate Management
 
-This article describes cryptography and certificate management in Windows 11.
+*This article describes cryptography and certificate management in Windows 11.*
 
 ## Cryptography
 

From 1a79447f23963a9932132ddc7a1e028d8eb68b37 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Tue, 7 Sep 2021 17:36:29 -0700
Subject: [PATCH 24/84] Update TOC.yml

---
 windows/security/TOC.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/windows/security/TOC.yml b/windows/security/TOC.yml
index 337dc58743..98852424f3 100644
--- a/windows/security/TOC.yml
+++ b/windows/security/TOC.yml
@@ -46,6 +46,7 @@
    - name: Encryption and data protection
      items:
      - name: Overview 
+       href: encryption-data-protection.md
      - name: Encrypted Hard Drive
        href: information-protection/encrypted-hard-drive.md
      - name: Bitlocker 

From e8c5a8a2212ca57da171d49a516812f17c36853f Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Tue, 7 Sep 2021 18:10:41 -0700
Subject: [PATCH 25/84] Update windows-security-app.md

---
 .../security/os-security/windows-security-app.md   | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/windows/security/os-security/windows-security-app.md b/windows/security/os-security/windows-security-app.md
index b02306f0dc..c9d1cbea97 100644
--- a/windows/security/os-security/windows-security-app.md
+++ b/windows/security/os-security/windows-security-app.md
@@ -24,3 +24,17 @@ f1.keywords: NOCSH
 
 Visibility and awareness of device security and health is key to any action taken. The Windows built-in security app provides an at-a-glance view of the security status and health of your device. These insights help you identify issues and take action to make sure you’re protected. You can quickly see the status of your virus and threat protection, firewall and network security, device security controls, and more. 
 
+The Windows Security app in Windows 11 looks a lot like what you see in Windows 10, with the addition of the new **Protection history** button and increased security features and capabilities.
+
+The following table describes the various sections of the Windows Security app.<br/><br/>
+
+| Section | Description |
+|:---|:---|
+| Virus & threat protection | Description goes here |
+| Account protection | Description goes here |
+| Firewall & network protection | Description goes here |
+| App & browser control | Description goes here |
+| Device security | Description goes here |
+| Device performance & health | Description goes here |
+| Family options | Description goes here |
+| Protection history | Description goes here |
\ No newline at end of file

From 214b98612bcbc32918cbb526307a8d7adbb78936 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Tue, 7 Sep 2021 18:12:18 -0700
Subject: [PATCH 26/84] Update TOC.yml

---
 windows/security/TOC.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/security/TOC.yml b/windows/security/TOC.yml
index 98852424f3..9165264ba7 100644
--- a/windows/security/TOC.yml
+++ b/windows/security/TOC.yml
@@ -43,10 +43,10 @@
        href: os-security/cryptography-certificate-mgmt.md
      - name: Windows Security app in Windows 11
        href: os-security/windows-security-app.md
-   - name: Encryption and data protection
+   - name: Encryption and data protection 
+     href: os-security/encryption-data-protection.md
      items:
-     - name: Overview 
-       href: encryption-data-protection.md
+     
      - name: Encrypted Hard Drive
        href: information-protection/encrypted-hard-drive.md
      - name: Bitlocker 

From f352c6ab3e43cb11e1b190a50e880abc99473bb5 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Tue, 7 Sep 2021 18:15:07 -0700
Subject: [PATCH 27/84] Update TOC.yml

---
 windows/security/TOC.yml | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/windows/security/TOC.yml b/windows/security/TOC.yml
index 9165264ba7..bb79e0aa9b 100644
--- a/windows/security/TOC.yml
+++ b/windows/security/TOC.yml
@@ -210,7 +210,11 @@
      - name: Controlled folder access
      - name: Exploit protection
      - name: Microsoft Defender for Endpoint
-- name: Application protection
+- name: Application security
+  items:
+- name: Secured identity
+  items:
+- name: Cloud services
   items:
 - name: User protection
   items:

From 98ee58a1db3e93067737b8caa451109cd8b86e9f Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Tue, 7 Sep 2021 18:19:13 -0700
Subject: [PATCH 28/84] Update index.yml

---
 windows/security/index.yml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/windows/security/index.yml b/windows/security/index.yml
index e59fa8c210..873666b38f 100644
--- a/windows/security/index.yml
+++ b/windows/security/index.yml
@@ -11,7 +11,7 @@ metadata:
   ms.collection: m365-security-compliance
   author: dansimp #Required; your GitHub user alias, with correct capitalization.
   ms.author: dansimp #Required; microsoft alias of author; optional team alias.
-  ms.date: 09/01/2021
+  ms.date: 09/07/2021
   localization_priority: Priority
     
 # linkListType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | tutorial | video | whats-new
@@ -38,13 +38,13 @@ landingContent:
       - linkListType: overview
         links:
         - text: Overview of operating system security
-          url: /windows/security/information-protection/index.md
+          url: operating-system.md
       - linkListType: concept
         links:
         - text: System security
-          url: /windows/security/information-protection/secure-the-windows-10-boot-process.md
+          url: os-security/trusted-boot.md
         - text: Encryption and data protection
-          url: /windows/security/information-protection/encrypted-hard-drive.md
+          url: os-security/encryption-data-protection.md
         - text: Network security
           url: /windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security.md
 # Cards and links should be based on top customer tasks or top subjects

From 7ad9e9098631945d052681a1e91902c1ce873123 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Tue, 7 Sep 2021 18:22:17 -0700
Subject: [PATCH 29/84] Update index.yml

---
 windows/security/index.yml | 32 ++++++++++++++++++++++----------
 1 file changed, 22 insertions(+), 10 deletions(-)

diff --git a/windows/security/index.yml b/windows/security/index.yml
index 873666b38f..320651ac37 100644
--- a/windows/security/index.yml
+++ b/windows/security/index.yml
@@ -47,25 +47,37 @@ landingContent:
           url: os-security/encryption-data-protection.md
         - text: Network security
           url: /windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security.md
+        - text: Network security
+        - text: Virus & threat protection
 # Cards and links should be based on top customer tasks or top subjects
 # Start card title with a verb
   # Card (optional)
-  - title: Threat protection
-    linkLists:
-      - linkListType: overview
-        links:
-        - text: Security baselines (more to follow)
-          url: /windows/security/threat-protection/windows-security-baselines.md
-# Cards and links should be based on top customer tasks or top subjects
-# Start card title with a verb
-  # Card (optional)
-  - title: Application protection
+  - title: Application security
     linkLists:
       - linkListType: overview
         links:
         - text: article (change link later, add more)
           url: /windows/security/threat-protection/windows-security-baselines.md
 # Cards and links should be based on top customer tasks or top subjects
+# Start card title with a verb
+  # Card (optional)
+  - title: Secured identity
+    linkLists:
+      - linkListType: overview
+        links:
+        - text: article (change link later, add more)
+          url: /windows/security/threat-protection/windows-security-baselines.md
+# Cards and links should be based on top customer tasks or top subjects
+# Start card title with a verb
+  # Card (optional)
+  - title: Cloud services
+    linkLists:
+      - linkListType: overview
+        links:
+        - text: article (change link later, add more)
+          url: /windows/security/threat-protection/windows-security-baselines.md
+
+# Cards and links should be based on top customer tasks or top subjects
 # Start card title with a verb
   # Card (optional)
   - title: User protection

From 856adceb6508bef347176b6849d79dc2c4fcc27f Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Tue, 7 Sep 2021 18:43:57 -0700
Subject: [PATCH 30/84] cards

---
 windows/security/index.yml           | 2 ++
 windows/security/operating-system.md | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/windows/security/index.yml b/windows/security/index.yml
index 320651ac37..6e0ba8210f 100644
--- a/windows/security/index.yml
+++ b/windows/security/index.yml
@@ -48,7 +48,9 @@ landingContent:
         - text: Network security
           url: /windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security.md
         - text: Network security
+          url: operating-system.md
         - text: Virus & threat protection
+          url: operating-system.md
 # Cards and links should be based on top customer tasks or top subjects
 # Start card title with a verb
   # Card (optional)
diff --git a/windows/security/operating-system.md b/windows/security/operating-system.md
index e16ff2bd56..e3bb60f6e1 100644
--- a/windows/security/operating-system.md
+++ b/windows/security/operating-system.md
@@ -21,7 +21,7 @@ Use the links in the following table to learn more about the operating system se
 
 | Security Measures | Features & Capabilities |
 |:---|:---|
-| System security | [Trusted Boot](os-security/trusted-boot.md) (includes Secure Boot and Measured Boot) <br/>[Cryptography and certificate management](os-security/cryptography-certificate-mgmt.md) <br/>Windows Security app |
+| System security | [Trusted Boot](os-security/trusted-boot.md) (includes Secure Boot and Measured Boot) <br/>[Cryptography and certificate management](os-security/cryptography-certificate-mgmt.md) <br/>[Windows Security app](os-security/windows-security-app.md) |
 | Encryption and data protection | BitLocker<br/>Encryption |
 | Network security | Virtual Private Networks (VPNs)<br/>Windows Defender Firewall<br/>Bluetooth<br/>DSN security<br/>Windows Wi-Fi<br/>Transport Layer Security (TLS) |
 | Protection from viruses and threats | Microsoft Defender Antivirus<br/>Attack surface reduction<br/>Tamper protection<br/>Network protection<br/>Controlled folder access<br/>Exploit protection<br/>Additional protection with Microsoft Defender for Endpoint |

From e60dc2dbb8f47576c316021e4bf071a7a499e655 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Wed, 8 Sep 2021 08:29:57 -0700
Subject: [PATCH 31/84] Update operating-system.md

---
 windows/security/operating-system.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/operating-system.md b/windows/security/operating-system.md
index e3bb60f6e1..484406779a 100644
--- a/windows/security/operating-system.md
+++ b/windows/security/operating-system.md
@@ -13,7 +13,7 @@ author: denisebmsft
 
 # Windows operating system security
 
-This article provides an overview of operating system security in Windows 11.
+*This article provides an overview of operating system security in Windows 11.*
 
 Security and privacy depend on an operating system that guards your system and information from the moment it starts up, providing fundamental chip-to-cloud protection. Windows 11 is the most secure Windows yet with extensive security measures designed to help keep you safe. These measures include built-in advanced encryption and data protection, robust network and system security, and intelligent safeguards against ever-evolving threats. 
 

From 37e9d38bf4d64d855e6f664804939fb402bbd24d Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Wed, 8 Sep 2021 09:38:52 -0700
Subject: [PATCH 32/84] Update cloud.md

---
 windows/security/cloud.md | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/windows/security/cloud.md b/windows/security/cloud.md
index cbce8d9341..b3ad85903d 100644
--- a/windows/security/cloud.md
+++ b/windows/security/cloud.md
@@ -13,5 +13,17 @@ author: dansimp
 
 # Windows and cloud security
 
-Today’s workforce has more freedom and mobility than ever before. With the growth of enterprise cloud adoption, increased personal app usage, and increased 3rd party apps, the risk of data exposure is at its highest. Enabling Zero-Trust protection, Windows 11 works with Microsoft cloud services to help organizations strengthen their multi-cloud security infrastructure, protect hybrid cloud workloads and safeguard sensitive information while controlling access and mitigating threats. 
+*This article provides an overview of cloud services built into Windows 11.*
+
+Today’s workforce has more freedom and mobility than ever before. With the growth of enterprise cloud adoption, increased personal app usage, and increased use of third-party apps, the risk of data exposure is at its highest. Enabling Zero-Trust protection, Windows 11 works with Microsoft cloud services to help organizations strengthen their multi-cloud security infrastructure, protect hybrid cloud workloads, and safeguard sensitive information while controlling access and mitigating threats. 
+
+Windows 11 includes the cloud services that are listed in the following table:
+
+| Service type | Description |
+|:---|:---|
+| Access to Azure Active Directory | Microsoft Azure Active Directory (Azure AD) is a complete cloud identity and access management solution for managing identities and directories, enabling access to applications, and protecting identities from security threats.<br/>With Azure AD, you can manage and secure identities for your employees, partners, and customers to access the applications and services they need. <br/>Windows 11 works seamlessly with Azure Active Directory to provide secure access, identity management, and single sign-on to apps and services from anywhere. |
+| Modern device management (MDM) and Microsoft Endpoint Manager | Remote wipe <br/> Work or school account<br/>Config Lock<br/>Remote device attestation<br/>(other stuff coming soon):Device Installation<br/>DMA Guard<br/>Endpoint Detection and Response<br/>Microsoft Defender Security Center<br/>Smartscreen<br/>System Guard<br/>Windows Hello for Business |
+| Microsoft account |  |
+| OneDrive |  |
+| Family safety |  |
 

From be096b1448be32c391c57c9027868278505f4401 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Wed, 8 Sep 2021 10:20:21 -0700
Subject: [PATCH 33/84] Update operating-system.md

---
 windows/security/operating-system.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/operating-system.md b/windows/security/operating-system.md
index 484406779a..d70e3a6e9f 100644
--- a/windows/security/operating-system.md
+++ b/windows/security/operating-system.md
@@ -21,8 +21,8 @@ Use the links in the following table to learn more about the operating system se
 
 | Security Measures | Features & Capabilities |
 |:---|:---|
-| System security | [Trusted Boot](os-security/trusted-boot.md) (includes Secure Boot and Measured Boot) <br/>[Cryptography and certificate management](os-security/cryptography-certificate-mgmt.md) <br/>[Windows Security app](os-security/windows-security-app.md) |
-| Encryption and data protection | BitLocker<br/>Encryption |
+| System security | [Trusted Boot](os-security/trusted-boot.md) (includes Secure Boot and Measured Boot) <br/><br/>[Cryptography and certificate management](os-security/cryptography-certificate-mgmt.md) <br/><br/>[Windows Security app](os-security/windows-security-app.md) |
+| Encryption and data protection | [Encryption](os-security/encryption-data-protection.md)<br/><br/>[BitLocker](information-protection/bitlocker/bitlocker-overview.md) |
 | Network security | Virtual Private Networks (VPNs)<br/>Windows Defender Firewall<br/>Bluetooth<br/>DSN security<br/>Windows Wi-Fi<br/>Transport Layer Security (TLS) |
 | Protection from viruses and threats | Microsoft Defender Antivirus<br/>Attack surface reduction<br/>Tamper protection<br/>Network protection<br/>Controlled folder access<br/>Exploit protection<br/>Additional protection with Microsoft Defender for Endpoint |
 

From 3c93913c6cf390e1b769061fdaa3c72711d3dfb1 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Wed, 8 Sep 2021 10:34:56 -0700
Subject: [PATCH 34/84] Update operating-system.md

---
 windows/security/operating-system.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/operating-system.md b/windows/security/operating-system.md
index d70e3a6e9f..4508d05be3 100644
--- a/windows/security/operating-system.md
+++ b/windows/security/operating-system.md
@@ -23,7 +23,7 @@ Use the links in the following table to learn more about the operating system se
 |:---|:---|
 | System security | [Trusted Boot](os-security/trusted-boot.md) (includes Secure Boot and Measured Boot) <br/><br/>[Cryptography and certificate management](os-security/cryptography-certificate-mgmt.md) <br/><br/>[Windows Security app](os-security/windows-security-app.md) |
 | Encryption and data protection | [Encryption](os-security/encryption-data-protection.md)<br/><br/>[BitLocker](information-protection/bitlocker/bitlocker-overview.md) |
-| Network security | Virtual Private Networks (VPNs)<br/>Windows Defender Firewall<br/>Bluetooth<br/>DSN security<br/>Windows Wi-Fi<br/>Transport Layer Security (TLS) |
+| Network security | Virtual Private Networks (VPNs)<br/><br/>Windows Defender Firewall<br/><br/>Bluetooth<br/><br/>DSN security<br/><br/>Windows Wi-Fi<br/><br/>Transport Layer Security (TLS) |
 | Protection from viruses and threats | Microsoft Defender Antivirus<br/>Attack surface reduction<br/>Tamper protection<br/>Network protection<br/>Controlled folder access<br/>Exploit protection<br/>Additional protection with Microsoft Defender for Endpoint |
 
 

From 8c007085172d52a1ba8a9e066768a6d7023a4ba6 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Wed, 8 Sep 2021 10:40:36 -0700
Subject: [PATCH 35/84] Update operating-system.md

---
 windows/security/operating-system.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/operating-system.md b/windows/security/operating-system.md
index 4508d05be3..8e129805a2 100644
--- a/windows/security/operating-system.md
+++ b/windows/security/operating-system.md
@@ -22,8 +22,8 @@ Use the links in the following table to learn more about the operating system se
 | Security Measures | Features & Capabilities |
 |:---|:---|
 | System security | [Trusted Boot](os-security/trusted-boot.md) (includes Secure Boot and Measured Boot) <br/><br/>[Cryptography and certificate management](os-security/cryptography-certificate-mgmt.md) <br/><br/>[Windows Security app](os-security/windows-security-app.md) |
-| Encryption and data protection | [Encryption](os-security/encryption-data-protection.md)<br/><br/>[BitLocker](information-protection/bitlocker/bitlocker-overview.md) |
+| Encryption and data protection | [Encryption and data protection in Windows 11](os-security/encryption-data-protection.md)<br/><br/>[Encryption](os-security/encryption-data-protection.md)<br/><br/>[BitLocker](information-protection/bitlocker/bitlocker-overview.md) |
 | Network security | Virtual Private Networks (VPNs)<br/><br/>Windows Defender Firewall<br/><br/>Bluetooth<br/><br/>DSN security<br/><br/>Windows Wi-Fi<br/><br/>Transport Layer Security (TLS) |
-| Protection from viruses and threats | Microsoft Defender Antivirus<br/>Attack surface reduction<br/>Tamper protection<br/>Network protection<br/>Controlled folder access<br/>Exploit protection<br/>Additional protection with Microsoft Defender for Endpoint |
+| Protection from viruses and threats | Microsoft Defender Antivirus<br/><br/>Attack surface reduction<br/><br/>Tamper protection<br/><br/>Network protection<br/><br/>Controlled folder access<br/><br/>Exploit protection<br/><br/>Additional protection with Microsoft Defender for Endpoint |
 
 

From ea1c1c8a622485f1d266fa843ebf1da7ad25178d Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Wed, 8 Sep 2021 10:48:25 -0700
Subject: [PATCH 36/84] Update operating-system.md

---
 windows/security/operating-system.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/operating-system.md b/windows/security/operating-system.md
index 8e129805a2..28b535a905 100644
--- a/windows/security/operating-system.md
+++ b/windows/security/operating-system.md
@@ -24,6 +24,6 @@ Use the links in the following table to learn more about the operating system se
 | System security | [Trusted Boot](os-security/trusted-boot.md) (includes Secure Boot and Measured Boot) <br/><br/>[Cryptography and certificate management](os-security/cryptography-certificate-mgmt.md) <br/><br/>[Windows Security app](os-security/windows-security-app.md) |
 | Encryption and data protection | [Encryption and data protection in Windows 11](os-security/encryption-data-protection.md)<br/><br/>[Encryption](os-security/encryption-data-protection.md)<br/><br/>[BitLocker](information-protection/bitlocker/bitlocker-overview.md) |
 | Network security | Virtual Private Networks (VPNs)<br/><br/>Windows Defender Firewall<br/><br/>Bluetooth<br/><br/>DSN security<br/><br/>Windows Wi-Fi<br/><br/>Transport Layer Security (TLS) |
-| Protection from viruses and threats | Microsoft Defender Antivirus<br/><br/>Attack surface reduction<br/><br/>Tamper protection<br/><br/>Network protection<br/><br/>Controlled folder access<br/><br/>Exploit protection<br/><br/>Additional protection with Microsoft Defender for Endpoint |
+| Protection from viruses and threats | [Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows?view=o365-worldwide)<br/><br/>[Attack surface reduction rules](/microsoft-365/security/defender-endpoint/attack-surface-reduction?view=o365-worldwide)<br/><br/>[Tamper protection](/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection?view=o365-worldwide)<br/><br/>[Network protection](/microsoft-365/security/defender-endpoint/network-protection?view=o365-worldwide)<br/><br/>Controlled folder access<br/><br/>[Exploit protection](/microsoft-365/security/defender-endpoint/exploit-protection?view=o365-worldwide)<br/><br/>Integration with [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/?view=o365-worldwide) for additional threat protection |
 
 

From 0c26c82991db73d4f55b56ca783c9702867f53de Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Wed, 8 Sep 2021 10:48:58 -0700
Subject: [PATCH 37/84] Update operating-system.md

---
 windows/security/operating-system.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/operating-system.md b/windows/security/operating-system.md
index 28b535a905..c6f0d3d41b 100644
--- a/windows/security/operating-system.md
+++ b/windows/security/operating-system.md
@@ -24,6 +24,6 @@ Use the links in the following table to learn more about the operating system se
 | System security | [Trusted Boot](os-security/trusted-boot.md) (includes Secure Boot and Measured Boot) <br/><br/>[Cryptography and certificate management](os-security/cryptography-certificate-mgmt.md) <br/><br/>[Windows Security app](os-security/windows-security-app.md) |
 | Encryption and data protection | [Encryption and data protection in Windows 11](os-security/encryption-data-protection.md)<br/><br/>[Encryption](os-security/encryption-data-protection.md)<br/><br/>[BitLocker](information-protection/bitlocker/bitlocker-overview.md) |
 | Network security | Virtual Private Networks (VPNs)<br/><br/>Windows Defender Firewall<br/><br/>Bluetooth<br/><br/>DSN security<br/><br/>Windows Wi-Fi<br/><br/>Transport Layer Security (TLS) |
-| Protection from viruses and threats | [Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows?view=o365-worldwide)<br/><br/>[Attack surface reduction rules](/microsoft-365/security/defender-endpoint/attack-surface-reduction?view=o365-worldwide)<br/><br/>[Tamper protection](/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection?view=o365-worldwide)<br/><br/>[Network protection](/microsoft-365/security/defender-endpoint/network-protection?view=o365-worldwide)<br/><br/>Controlled folder access<br/><br/>[Exploit protection](/microsoft-365/security/defender-endpoint/exploit-protection?view=o365-worldwide)<br/><br/>Integration with [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/?view=o365-worldwide) for additional threat protection |
+| Protection from viruses and threats | [Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows)<br/><br/>[Attack surface reduction rules](/microsoft-365/security/defender-endpoint/attack-surface-reduction)<br/><br/>[Tamper protection](/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection)<br/><br/>[Network protection](/microsoft-365/security/defender-endpoint/network-protection)<br/><br/>Controlled folder access<br/><br/>[Exploit protection](/microsoft-365/security/defender-endpoint/exploit-protection)<br/><br/>Integration with [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint) for additional threat protection |
 
 

From d6d5837699b6fcbeacda7f7378c568060a7d0293 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Wed, 8 Sep 2021 10:52:32 -0700
Subject: [PATCH 38/84] Update operating-system.md

---
 windows/security/operating-system.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/operating-system.md b/windows/security/operating-system.md
index c6f0d3d41b..7db88749a3 100644
--- a/windows/security/operating-system.md
+++ b/windows/security/operating-system.md
@@ -23,7 +23,7 @@ Use the links in the following table to learn more about the operating system se
 |:---|:---|
 | System security | [Trusted Boot](os-security/trusted-boot.md) (includes Secure Boot and Measured Boot) <br/><br/>[Cryptography and certificate management](os-security/cryptography-certificate-mgmt.md) <br/><br/>[Windows Security app](os-security/windows-security-app.md) |
 | Encryption and data protection | [Encryption and data protection in Windows 11](os-security/encryption-data-protection.md)<br/><br/>[Encryption](os-security/encryption-data-protection.md)<br/><br/>[BitLocker](information-protection/bitlocker/bitlocker-overview.md) |
-| Network security | Virtual Private Networks (VPNs)<br/><br/>Windows Defender Firewall<br/><br/>Bluetooth<br/><br/>DSN security<br/><br/>Windows Wi-Fi<br/><br/>Transport Layer Security (TLS) |
+| Network security | [Virtual Private Networks](identity-protection/vpn/vpn-guide.md) (VPNs)<br/><br/>[Windows Defender Firewall with advanced security](threat-protection/windows-firewall/windows-firewall-with-advanced-security.md)<br/><br/>Bluetooth<br/><br/>DSN security<br/><br/>Windows Wi-Fi<br/><br/>Transport Layer Security (TLS) |
 | Protection from viruses and threats | [Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows)<br/><br/>[Attack surface reduction rules](/microsoft-365/security/defender-endpoint/attack-surface-reduction)<br/><br/>[Tamper protection](/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection)<br/><br/>[Network protection](/microsoft-365/security/defender-endpoint/network-protection)<br/><br/>Controlled folder access<br/><br/>[Exploit protection](/microsoft-365/security/defender-endpoint/exploit-protection)<br/><br/>Integration with [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint) for additional threat protection |
 
 

From b03e7ddaddd87b9a2a2e190baace89ab3988fddf Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Wed, 8 Sep 2021 10:58:37 -0700
Subject: [PATCH 39/84] moved a few articles

---
 .../security/{os-security => }/cryptography-certificate-mgmt.md   | 0
 windows/security/{os-security => }/encryption-data-protection.md  | 0
 windows/security/{os-security => }/trusted-boot.md                | 0
 windows/security/{os-security => }/windows-security-app.md        | 0
 4 files changed, 0 insertions(+), 0 deletions(-)
 rename windows/security/{os-security => }/cryptography-certificate-mgmt.md (100%)
 rename windows/security/{os-security => }/encryption-data-protection.md (100%)
 rename windows/security/{os-security => }/trusted-boot.md (100%)
 rename windows/security/{os-security => }/windows-security-app.md (100%)

diff --git a/windows/security/os-security/cryptography-certificate-mgmt.md b/windows/security/cryptography-certificate-mgmt.md
similarity index 100%
rename from windows/security/os-security/cryptography-certificate-mgmt.md
rename to windows/security/cryptography-certificate-mgmt.md
diff --git a/windows/security/os-security/encryption-data-protection.md b/windows/security/encryption-data-protection.md
similarity index 100%
rename from windows/security/os-security/encryption-data-protection.md
rename to windows/security/encryption-data-protection.md
diff --git a/windows/security/os-security/trusted-boot.md b/windows/security/trusted-boot.md
similarity index 100%
rename from windows/security/os-security/trusted-boot.md
rename to windows/security/trusted-boot.md
diff --git a/windows/security/os-security/windows-security-app.md b/windows/security/windows-security-app.md
similarity index 100%
rename from windows/security/os-security/windows-security-app.md
rename to windows/security/windows-security-app.md

From e74a3a6714c853db6539c9b62e13efe43a69646f Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Wed, 8 Sep 2021 11:00:36 -0700
Subject: [PATCH 40/84] fixed links

---
 windows/security/TOC.yml             | 8 ++++----
 windows/security/index.yml           | 4 ++--
 windows/security/operating-system.md | 6 +++---
 3 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/windows/security/TOC.yml b/windows/security/TOC.yml
index bb79e0aa9b..4d66d47a1e 100644
--- a/windows/security/TOC.yml
+++ b/windows/security/TOC.yml
@@ -38,13 +38,13 @@
    - name: System security   
      items:
      - name: Trusted Boot
-       href: os-security/trusted-boot.md
+       href: trusted-boot.md
      - name: Cryptography and certificate management
-       href: os-security/cryptography-certificate-mgmt.md
+       href: cryptography-certificate-mgmt.md
      - name: Windows Security app in Windows 11
-       href: os-security/windows-security-app.md
+       href: windows-security-app.md
    - name: Encryption and data protection 
-     href: os-security/encryption-data-protection.md
+     href: encryption-data-protection.md
      items:
      
      - name: Encrypted Hard Drive
diff --git a/windows/security/index.yml b/windows/security/index.yml
index 6e0ba8210f..6f614b438e 100644
--- a/windows/security/index.yml
+++ b/windows/security/index.yml
@@ -42,9 +42,9 @@ landingContent:
       - linkListType: concept
         links:
         - text: System security
-          url: os-security/trusted-boot.md
+          url: trusted-boot.md
         - text: Encryption and data protection
-          url: os-security/encryption-data-protection.md
+          url: encryption-data-protection.md
         - text: Network security
           url: /windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security.md
         - text: Network security
diff --git a/windows/security/operating-system.md b/windows/security/operating-system.md
index 7db88749a3..7b815fda53 100644
--- a/windows/security/operating-system.md
+++ b/windows/security/operating-system.md
@@ -21,9 +21,9 @@ Use the links in the following table to learn more about the operating system se
 
 | Security Measures | Features & Capabilities |
 |:---|:---|
-| System security | [Trusted Boot](os-security/trusted-boot.md) (includes Secure Boot and Measured Boot) <br/><br/>[Cryptography and certificate management](os-security/cryptography-certificate-mgmt.md) <br/><br/>[Windows Security app](os-security/windows-security-app.md) |
-| Encryption and data protection | [Encryption and data protection in Windows 11](os-security/encryption-data-protection.md)<br/><br/>[Encryption](os-security/encryption-data-protection.md)<br/><br/>[BitLocker](information-protection/bitlocker/bitlocker-overview.md) |
-| Network security | [Virtual Private Networks](identity-protection/vpn/vpn-guide.md) (VPNs)<br/><br/>[Windows Defender Firewall with advanced security](threat-protection/windows-firewall/windows-firewall-with-advanced-security.md)<br/><br/>Bluetooth<br/><br/>DSN security<br/><br/>Windows Wi-Fi<br/><br/>Transport Layer Security (TLS) |
+| System security | [Trusted Boot](trusted-boot.md) (includes Secure Boot and Measured Boot) <br/><br/>[Cryptography and certificate management](cryptography-certificate-mgmt.md) <br/><br/>[Windows Security app](windows-security-app.md) |
+| Encryption and data protection | [Encryption and data protection in Windows 11](encryption-data-protection.md)<br/><br/>[Encryption](encryption-data-protection.md)<br/><br/>[BitLocker](information-protection/bitlocker/bitlocker-overview.md) |
+| Network security | [Virtual Private Networks](identity-protection/vpn/vpn-guide.md) (VPNs)<br/><br/>[Windows Defender Firewall with advanced security](threat-protection/windows-firewall/windows-firewall-with-advanced-security.md)<br/><br/>Bluetooth<br/><br/>Domain Name System (DNS) security<br/><br/>Windows Wi-Fi<br/><br/>Transport Layer Security (TLS) |
 | Protection from viruses and threats | [Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows)<br/><br/>[Attack surface reduction rules](/microsoft-365/security/defender-endpoint/attack-surface-reduction)<br/><br/>[Tamper protection](/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection)<br/><br/>[Network protection](/microsoft-365/security/defender-endpoint/network-protection)<br/><br/>Controlled folder access<br/><br/>[Exploit protection](/microsoft-365/security/defender-endpoint/exploit-protection)<br/><br/>Integration with [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint) for additional threat protection |
 
 

From 958d49a159316362fcd050f164d0bb2ea7cf87e7 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Wed, 8 Sep 2021 11:02:23 -0700
Subject: [PATCH 41/84] Update trusted-boot.md

---
 windows/security/trusted-boot.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/security/trusted-boot.md b/windows/security/trusted-boot.md
index 7728813615..ca4a7577b1 100644
--- a/windows/security/trusted-boot.md
+++ b/windows/security/trusted-boot.md
@@ -7,7 +7,7 @@ ms.author: deniseb
 manager: dansimp 
 audience: ITPro
 ms.topic: conceptual
-ms.date: 09/07/2021
+ms.date: 09/08/2021
 ms.prod: w11
 ms.localizationpriority: medium
 ms.collection: 
@@ -20,7 +20,7 @@ f1.keywords: NOCSH
 
 *This article describes Secure Boot and Trusted Boot, security measures built into Windows 11.*
 
-Secure Boot and Trusted Boot help prevent malware and corrupted components from loading when a Windows 11 device is starting. Secure Boot starts with initial boot-up protection, and then Trusted Boot picks up where Secure Boot leaves off. Together, Secure Boot and Trusted Boot help to ensure your Windows 11 system boots up safely and securely.
+Secure Boot and Trusted Boot help prevent malware and corrupted components from loading when a Windows 11 device is starting. Secure Boot starts with initial boot-up protection, and then Trusted Boot picks up the process. Together, Secure Boot and Trusted Boot help to ensure your Windows 11 system boots up safely and securely.
 
 ## Secure Boot
 
@@ -30,7 +30,7 @@ As the PC begins the boot process, it will first verify that the firmware is dig
 
 ## Trusted Boot
 
-Trusted Boot takes over where Secure Boot leaves off. The Windows bootloader verifies the digital signature of the Windows kernel before loading it. The Windows kernel, in turn, verifies every other component of the Windows startup process, including boot drivers, startup files, and your antimalware product’s early-launch antimalware (ELAM) driver. If any of these files were tampered, the bootloader detects the problem and refuses to load the corrupted component. Tampering or malware attacks on the Windows boot sequence are blocked by the signature-enforcement handshakes between the UEFI, bootloader, kernel, and application environments.
+Trusted Boot picks up the process that started with Secure Boot. The Windows bootloader verifies the digital signature of the Windows kernel before loading it. The Windows kernel, in turn, verifies every other component of the Windows startup process, including boot drivers, startup files, and your antimalware product’s early-launch antimalware (ELAM) driver. If any of these files were tampered, the bootloader detects the problem and refuses to load the corrupted component. Tampering or malware attacks on the Windows boot sequence are blocked by the signature-enforcement handshakes between the UEFI, bootloader, kernel, and application environments.
 
 Often, Windows can automatically repair the corrupted component, restoring the integrity of Windows and allowing the Windows 11 device to start normally.
 

From f4867fcc93433ade866641696b1225959fc87da0 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Wed, 8 Sep 2021 11:04:40 -0700
Subject: [PATCH 42/84] Update encryption-data-protection.md

---
 windows/security/encryption-data-protection.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/security/encryption-data-protection.md b/windows/security/encryption-data-protection.md
index e0af5c0142..1841a48867 100644
--- a/windows/security/encryption-data-protection.md
+++ b/windows/security/encryption-data-protection.md
@@ -7,7 +7,7 @@ ms.author: deniseb
 manager: dansimp 
 audience: ITPro
 ms.topic: conceptual
-ms.date: 09/07/2021
+ms.date: 09/08/2021
 ms.prod: w11
 ms.localizationpriority: medium
 ms.collection: 
@@ -52,6 +52,6 @@ Windows consistently improves data protection by improving existing options and
 
 ## See also
 
-- [Encrypted Hard Drive](../information-protection/encrypted-hard-drive.md)
-- [BitLocker](../information-protection/bitlocker/bitlocker-overview.md)
+- [Encrypted Hard Drive](information-protection/encrypted-hard-drive.md)
+- [BitLocker](information-protection/bitlocker/bitlocker-overview.md)
 

From 758dee50b9bfb9ea794bc1e0d67dc80ac8bef76a Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Wed, 8 Sep 2021 11:04:59 -0700
Subject: [PATCH 43/84] Update trusted-boot.md

---
 windows/security/trusted-boot.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/trusted-boot.md b/windows/security/trusted-boot.md
index ca4a7577b1..35a581f3af 100644
--- a/windows/security/trusted-boot.md
+++ b/windows/security/trusted-boot.md
@@ -36,4 +36,4 @@ Often, Windows can automatically repair the corrupted component, restoring the i
 
 ## See also
 
-[Secure the Windows boot process](../information-protection/secure-the-windows-10-boot-process.md)
\ No newline at end of file
+[Secure the Windows boot process](information-protection/secure-the-windows-10-boot-process.md)
\ No newline at end of file

From 4ea8e32cae85514e11a1bd5385c569d6eec8fca7 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Wed, 8 Sep 2021 11:05:37 -0700
Subject: [PATCH 44/84] Update windows-security-app.md

---
 windows/security/windows-security-app.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/security/windows-security-app.md b/windows/security/windows-security-app.md
index c9d1cbea97..83aff40683 100644
--- a/windows/security/windows-security-app.md
+++ b/windows/security/windows-security-app.md
@@ -7,7 +7,7 @@ ms.author: deniseb
 manager: dansimp 
 audience: ITPro
 ms.topic: conceptual
-ms.date: 09/07/2021
+ms.date: 09/08/2021
 ms.prod: w11
 ms.localizationpriority: medium
 ms.collection: 
@@ -16,11 +16,11 @@ ms.reviewer: kaeladawson, bmcneil
 f1.keywords: NOCSH  
 ---
 
-# The Windows Security app
+# The Windows Security app in Windows 11
 
 *This article provides an overview of the Windows Security app in Windows 11.*
 
-:::image type="content" source="../images/windows-security-app-w11.png" alt-text="Windows Security app in Windows 11":::
+:::image type="content" source="images/windows-security-app-w11.png" alt-text="Windows Security app in Windows 11":::
 
 Visibility and awareness of device security and health is key to any action taken. The Windows built-in security app provides an at-a-glance view of the security status and health of your device. These insights help you identify issues and take action to make sure you’re protected. You can quickly see the status of your virus and threat protection, firewall and network security, device security controls, and more. 
 

From 0b52366967172cd91f198299250382c99e2f26c2 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Wed, 8 Sep 2021 11:06:00 -0700
Subject: [PATCH 45/84] Update hardware.md

---
 windows/security/hardware.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/hardware.md b/windows/security/hardware.md
index 34c5329f7f..cd1daa5805 100644
--- a/windows/security/hardware.md
+++ b/windows/security/hardware.md
@@ -1,6 +1,6 @@
 ---
 title: Windows hardware security
-description: 
+description: Get an overview of hardware security in Windows 11
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp

From 40e02ed7bcdf46463747e10b4e04da844e5f409c Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Wed, 8 Sep 2021 11:06:22 -0700
Subject: [PATCH 46/84] Update identity.md

---
 windows/security/identity.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/identity.md b/windows/security/identity.md
index 61afd163d1..f943325f1d 100644
--- a/windows/security/identity.md
+++ b/windows/security/identity.md
@@ -1,6 +1,6 @@
 ---
 title: Windows identity security
-description: 
+description: Get an overview of identity security in Windows 11
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp

From 0c236a233e37c46b142c3ba8e6ceb4272249eeb9 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Wed, 8 Sep 2021 11:08:48 -0700
Subject: [PATCH 47/84] Update operating-system.md

---
 windows/security/operating-system.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/operating-system.md b/windows/security/operating-system.md
index 7b815fda53..09c512c94c 100644
--- a/windows/security/operating-system.md
+++ b/windows/security/operating-system.md
@@ -24,6 +24,6 @@ Use the links in the following table to learn more about the operating system se
 | System security | [Trusted Boot](trusted-boot.md) (includes Secure Boot and Measured Boot) <br/><br/>[Cryptography and certificate management](cryptography-certificate-mgmt.md) <br/><br/>[Windows Security app](windows-security-app.md) |
 | Encryption and data protection | [Encryption and data protection in Windows 11](encryption-data-protection.md)<br/><br/>[Encryption](encryption-data-protection.md)<br/><br/>[BitLocker](information-protection/bitlocker/bitlocker-overview.md) |
 | Network security | [Virtual Private Networks](identity-protection/vpn/vpn-guide.md) (VPNs)<br/><br/>[Windows Defender Firewall with advanced security](threat-protection/windows-firewall/windows-firewall-with-advanced-security.md)<br/><br/>Bluetooth<br/><br/>Domain Name System (DNS) security<br/><br/>Windows Wi-Fi<br/><br/>Transport Layer Security (TLS) |
-| Protection from viruses and threats | [Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows)<br/><br/>[Attack surface reduction rules](/microsoft-365/security/defender-endpoint/attack-surface-reduction)<br/><br/>[Tamper protection](/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection)<br/><br/>[Network protection](/microsoft-365/security/defender-endpoint/network-protection)<br/><br/>Controlled folder access<br/><br/>[Exploit protection](/microsoft-365/security/defender-endpoint/exploit-protection)<br/><br/>Integration with [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint) for additional threat protection |
+| Protection from viruses and threats | [Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows)<br/><br/>[Attack surface reduction rules](/microsoft-365/security/defender-endpoint/attack-surface-reduction)<br/><br/>[Tamper protection](/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection)<br/><br/>[Network protection](/microsoft-365/security/defender-endpoint/network-protection)<br/><br/>[Controlled folder access](/microsoft-365/security/defender-endpoint/controlled-folders)<br/><br/>[Exploit protection](/microsoft-365/security/defender-endpoint/exploit-protection)<br/><br/>Integration with [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint) for additional threat protection |
 
 

From fd6ed9b974c276dc0a12acf2ba51f23e23cc536f Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Wed, 8 Sep 2021 11:13:17 -0700
Subject: [PATCH 48/84] Update operating-system.md

---
 windows/security/operating-system.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/operating-system.md b/windows/security/operating-system.md
index 09c512c94c..5aa13cb32d 100644
--- a/windows/security/operating-system.md
+++ b/windows/security/operating-system.md
@@ -23,7 +23,7 @@ Use the links in the following table to learn more about the operating system se
 |:---|:---|
 | System security | [Trusted Boot](trusted-boot.md) (includes Secure Boot and Measured Boot) <br/><br/>[Cryptography and certificate management](cryptography-certificate-mgmt.md) <br/><br/>[Windows Security app](windows-security-app.md) |
 | Encryption and data protection | [Encryption and data protection in Windows 11](encryption-data-protection.md)<br/><br/>[Encryption](encryption-data-protection.md)<br/><br/>[BitLocker](information-protection/bitlocker/bitlocker-overview.md) |
-| Network security | [Virtual Private Networks](identity-protection/vpn/vpn-guide.md) (VPNs)<br/><br/>[Windows Defender Firewall with advanced security](threat-protection/windows-firewall/windows-firewall-with-advanced-security.md)<br/><br/>Bluetooth<br/><br/>Domain Name System (DNS) security<br/><br/>Windows Wi-Fi<br/><br/>Transport Layer Security (TLS) |
+| Network security | [Virtual Private Networks](identity-protection/vpn/vpn-guide.md) (VPNs)<br/><br/>[Windows Defender Firewall with advanced security](threat-protection/windows-firewall/windows-firewall-with-advanced-security.md)<br/><br/>Bluetooth (NEEDED)<br/><br/>Domain Name System (DNS) security (NEEDED)<br/><br/>Windows Wi-Fi (NEEDED)<br/><br/>Transport Layer Security (TLS) (NEEDED) |
 | Protection from viruses and threats | [Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows)<br/><br/>[Attack surface reduction rules](/microsoft-365/security/defender-endpoint/attack-surface-reduction)<br/><br/>[Tamper protection](/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection)<br/><br/>[Network protection](/microsoft-365/security/defender-endpoint/network-protection)<br/><br/>[Controlled folder access](/microsoft-365/security/defender-endpoint/controlled-folders)<br/><br/>[Exploit protection](/microsoft-365/security/defender-endpoint/exploit-protection)<br/><br/>Integration with [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint) for additional threat protection |
 
 

From 8eb0bac74a41652574a39041ed5866cd1ac1f191 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Wed, 8 Sep 2021 11:13:55 -0700
Subject: [PATCH 49/84] Update cloud.md

---
 windows/security/cloud.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/cloud.md b/windows/security/cloud.md
index b3ad85903d..3fb7c8e46f 100644
--- a/windows/security/cloud.md
+++ b/windows/security/cloud.md
@@ -1,6 +1,6 @@
 ---
 title: Windows and cloud security
-description: 
+description: Get an overview of cloud services supported in Windows 11
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp

From 7c204a4116ef72cb02ea33dc4a59d431980ae7c2 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Wed, 8 Sep 2021 11:14:28 -0700
Subject: [PATCH 50/84] Update apps.md

---
 windows/security/apps.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/apps.md b/windows/security/apps.md
index 4b15230a76..098f9524ea 100644
--- a/windows/security/apps.md
+++ b/windows/security/apps.md
@@ -1,6 +1,6 @@
 ---
 title: Windows application security
-description: 
+description: Get an overview of application security in Windows 11
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp

From eeb6d8acea2795196c16b40fa5822a554ee4af94 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Wed, 8 Sep 2021 11:26:27 -0700
Subject: [PATCH 51/84] Update TOC.yml

---
 windows/security/TOC.yml | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/windows/security/TOC.yml b/windows/security/TOC.yml
index 4d66d47a1e..b67c377e07 100644
--- a/windows/security/TOC.yml
+++ b/windows/security/TOC.yml
@@ -204,12 +204,19 @@
    - name: Threat protection
      items: 
      - name: Microsoft Defender Antivirus
-     - name: Attack surface reduction
+       href: https://docs.microsoft.com/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows
+     - name: Attack surface reduction rules
+       href: https://docs.microsoft.com/microsoft-365/security/defender-endpoint/attack-surface-reduction
      - name: Tamper protection
+       href: https://docs.microsoft.com/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection
      - name: Network protection
+       href: https://docs.microsoft.com/microsoft-365/security/defender-endpoint/network-protection
      - name: Controlled folder access
+       href: https://docs.microsoft.com/microsoft-365/security/defender-endpoint/controlled-folders
      - name: Exploit protection
+       href: https://docs.microsoft.com/microsoft-365/security/defender-endpoint/exploit-protection
      - name: Microsoft Defender for Endpoint
+       href: https://docs.microsoft.com/microsoft-365/security/defender-endpoint
 - name: Application security
   items:
 - name: Secured identity

From a3ac9aebf1fdba2601525390ace41dcb80ac27e9 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Wed, 8 Sep 2021 11:27:04 -0700
Subject: [PATCH 52/84] Update TOC.yml

---
 windows/security/TOC.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/windows/security/TOC.yml b/windows/security/TOC.yml
index b67c377e07..34265c2950 100644
--- a/windows/security/TOC.yml
+++ b/windows/security/TOC.yml
@@ -222,6 +222,7 @@
 - name: Secured identity
   items:
 - name: Cloud services
+  href: cloud.md
   items:
 - name: User protection
   items:

From 9826ff95917bbda169367be141d560814c832079 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Wed, 8 Sep 2021 11:27:35 -0700
Subject: [PATCH 53/84] Update TOC.yml

---
 windows/security/TOC.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/windows/security/TOC.yml b/windows/security/TOC.yml
index 34265c2950..fde9174fb8 100644
--- a/windows/security/TOC.yml
+++ b/windows/security/TOC.yml
@@ -218,8 +218,10 @@
      - name: Microsoft Defender for Endpoint
        href: https://docs.microsoft.com/microsoft-365/security/defender-endpoint
 - name: Application security
+  href: apps.md
   items:
 - name: Secured identity
+  href: identity.md
   items:
 - name: Cloud services
   href: cloud.md

From 28dea0ab7000b00cd5b615d0899faa149ed330bb Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Wed, 8 Sep 2021 11:32:01 -0700
Subject: [PATCH 54/84] nixed an article

---
 windows/security/operating-system.md     |  2 +-
 windows/security/windows-security-app.md | 40 ------------------------
 2 files changed, 1 insertion(+), 41 deletions(-)
 delete mode 100644 windows/security/windows-security-app.md

diff --git a/windows/security/operating-system.md b/windows/security/operating-system.md
index 5aa13cb32d..c78b9821e0 100644
--- a/windows/security/operating-system.md
+++ b/windows/security/operating-system.md
@@ -21,7 +21,7 @@ Use the links in the following table to learn more about the operating system se
 
 | Security Measures | Features & Capabilities |
 |:---|:---|
-| System security | [Trusted Boot](trusted-boot.md) (includes Secure Boot and Measured Boot) <br/><br/>[Cryptography and certificate management](cryptography-certificate-mgmt.md) <br/><br/>[Windows Security app](windows-security-app.md) |
+| System security | [Trusted Boot](trusted-boot.md) (includes Secure Boot and Measured Boot) <br/><br/>[Cryptography and certificate management](cryptography-certificate-mgmt.md) <br/><br/>[Windows Security app](threat-protection/windows-defender-security-center/windows-defender-security-center.md) |
 | Encryption and data protection | [Encryption and data protection in Windows 11](encryption-data-protection.md)<br/><br/>[Encryption](encryption-data-protection.md)<br/><br/>[BitLocker](information-protection/bitlocker/bitlocker-overview.md) |
 | Network security | [Virtual Private Networks](identity-protection/vpn/vpn-guide.md) (VPNs)<br/><br/>[Windows Defender Firewall with advanced security](threat-protection/windows-firewall/windows-firewall-with-advanced-security.md)<br/><br/>Bluetooth (NEEDED)<br/><br/>Domain Name System (DNS) security (NEEDED)<br/><br/>Windows Wi-Fi (NEEDED)<br/><br/>Transport Layer Security (TLS) (NEEDED) |
 | Protection from viruses and threats | [Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows)<br/><br/>[Attack surface reduction rules](/microsoft-365/security/defender-endpoint/attack-surface-reduction)<br/><br/>[Tamper protection](/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection)<br/><br/>[Network protection](/microsoft-365/security/defender-endpoint/network-protection)<br/><br/>[Controlled folder access](/microsoft-365/security/defender-endpoint/controlled-folders)<br/><br/>[Exploit protection](/microsoft-365/security/defender-endpoint/exploit-protection)<br/><br/>Integration with [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint) for additional threat protection |
diff --git a/windows/security/windows-security-app.md b/windows/security/windows-security-app.md
deleted file mode 100644
index 83aff40683..0000000000
--- a/windows/security/windows-security-app.md
+++ /dev/null
@@ -1,40 +0,0 @@
----
-title: The Windows Security app in Windows 11
-description: Get an overview of the Windows Security app in Windows 11
-search.appverid: MET150 
-author: denisebmsft
-ms.author: deniseb
-manager: dansimp 
-audience: ITPro
-ms.topic: conceptual
-ms.date: 09/08/2021
-ms.prod: w11
-ms.localizationpriority: medium
-ms.collection: 
-ms.custom: 
-ms.reviewer: kaeladawson, bmcneil
-f1.keywords: NOCSH  
----
-
-# The Windows Security app in Windows 11
-
-*This article provides an overview of the Windows Security app in Windows 11.*
-
-:::image type="content" source="images/windows-security-app-w11.png" alt-text="Windows Security app in Windows 11":::
-
-Visibility and awareness of device security and health is key to any action taken. The Windows built-in security app provides an at-a-glance view of the security status and health of your device. These insights help you identify issues and take action to make sure you’re protected. You can quickly see the status of your virus and threat protection, firewall and network security, device security controls, and more. 
-
-The Windows Security app in Windows 11 looks a lot like what you see in Windows 10, with the addition of the new **Protection history** button and increased security features and capabilities.
-
-The following table describes the various sections of the Windows Security app.<br/><br/>
-
-| Section | Description |
-|:---|:---|
-| Virus & threat protection | Description goes here |
-| Account protection | Description goes here |
-| Firewall & network protection | Description goes here |
-| App & browser control | Description goes here |
-| Device security | Description goes here |
-| Device performance & health | Description goes here |
-| Family options | Description goes here |
-| Protection history | Description goes here |
\ No newline at end of file

From ec7fa14aa1c5e5f73171846dd387a7b66e4f233c Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Wed, 8 Sep 2021 11:33:16 -0700
Subject: [PATCH 55/84] Update TOC.yml

---
 windows/security/TOC.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/TOC.yml b/windows/security/TOC.yml
index fde9174fb8..ecd6997651 100644
--- a/windows/security/TOC.yml
+++ b/windows/security/TOC.yml
@@ -42,7 +42,7 @@
      - name: Cryptography and certificate management
        href: cryptography-certificate-mgmt.md
      - name: Windows Security app in Windows 11
-       href: windows-security-app.md
+       href: threat-protection/windows-defender-security-center/windows-defender-security-center.md
    - name: Encryption and data protection 
      href: encryption-data-protection.md
      items:

From b16515b38100d8beb75e3c9eb2d0a133985498b6 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Wed, 8 Sep 2021 11:33:39 -0700
Subject: [PATCH 56/84] Update TOC.yml

---
 windows/security/TOC.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/TOC.yml b/windows/security/TOC.yml
index ecd6997651..d3d682fb40 100644
--- a/windows/security/TOC.yml
+++ b/windows/security/TOC.yml
@@ -41,7 +41,7 @@
        href: trusted-boot.md
      - name: Cryptography and certificate management
        href: cryptography-certificate-mgmt.md
-     - name: Windows Security app in Windows 11
+     - name: The Windows Security app
        href: threat-protection/windows-defender-security-center/windows-defender-security-center.md
    - name: Encryption and data protection 
      href: encryption-data-protection.md

From 211c955061b510daa07e5a5d0fdec6e3ee84ac3e Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Wed, 8 Sep 2021 11:38:04 -0700
Subject: [PATCH 57/84] Update cloud.md

---
 windows/security/cloud.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/cloud.md b/windows/security/cloud.md
index 3fb7c8e46f..efd9e32f1d 100644
--- a/windows/security/cloud.md
+++ b/windows/security/cloud.md
@@ -21,8 +21,8 @@ Windows 11 includes the cloud services that are listed in the following table:
 
 | Service type | Description |
 |:---|:---|
-| Access to Azure Active Directory | Microsoft Azure Active Directory (Azure AD) is a complete cloud identity and access management solution for managing identities and directories, enabling access to applications, and protecting identities from security threats.<br/>With Azure AD, you can manage and secure identities for your employees, partners, and customers to access the applications and services they need. <br/>Windows 11 works seamlessly with Azure Active Directory to provide secure access, identity management, and single sign-on to apps and services from anywhere. |
-| Modern device management (MDM) and Microsoft Endpoint Manager | Remote wipe <br/> Work or school account<br/>Config Lock<br/>Remote device attestation<br/>(other stuff coming soon):Device Installation<br/>DMA Guard<br/>Endpoint Detection and Response<br/>Microsoft Defender Security Center<br/>Smartscreen<br/>System Guard<br/>Windows Hello for Business |
+| Access to Azure Active Directory | Microsoft Azure Active Directory (Azure AD) is a complete cloud identity and access management solution for managing identities and directories, enabling access to applications, and protecting identities from security threats.<br/><br/>With Azure AD, you can manage and secure identities for your employees, partners, and customers to access the applications and services they need. <br/><br/>Windows 11 works seamlessly with Azure Active Directory to provide secure access, identity management, and single sign-on to apps and services from anywhere.<br/><br/>To learn more, see [What is Azure AD?](/azure/active-directory/fundamentals/active-directory-whatis) |
+| Modern device management (MDM) and Microsoft Endpoint Manager | Remote wipe <br/><br/> Work or school account<br/><br/>Config Lock<br/><br/>Remote device attestation<br/><br/>(other stuff coming soon):Device Installation<br/><br/>DMA Guard<br/><br/>Endpoint Detection and Response<br/><br/>Microsoft Defender Security Center<br/><br/>Smartscreen<br/><br/>System Guard<br/><br/>Windows Hello for Business |
 | Microsoft account |  |
 | OneDrive |  |
 | Family safety |  |

From af13a6cdbf90491a21cead19c3604d52532cdf57 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Wed, 8 Sep 2021 11:47:17 -0700
Subject: [PATCH 58/84] Update cloud.md

---
 windows/security/cloud.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/cloud.md b/windows/security/cloud.md
index efd9e32f1d..0fbd68985f 100644
--- a/windows/security/cloud.md
+++ b/windows/security/cloud.md
@@ -22,7 +22,7 @@ Windows 11 includes the cloud services that are listed in the following table:
 | Service type | Description |
 |:---|:---|
 | Access to Azure Active Directory | Microsoft Azure Active Directory (Azure AD) is a complete cloud identity and access management solution for managing identities and directories, enabling access to applications, and protecting identities from security threats.<br/><br/>With Azure AD, you can manage and secure identities for your employees, partners, and customers to access the applications and services they need. <br/><br/>Windows 11 works seamlessly with Azure Active Directory to provide secure access, identity management, and single sign-on to apps and services from anywhere.<br/><br/>To learn more, see [What is Azure AD?](/azure/active-directory/fundamentals/active-directory-whatis) |
-| Modern device management (MDM) and Microsoft Endpoint Manager | Remote wipe <br/><br/> Work or school account<br/><br/>Config Lock<br/><br/>Remote device attestation<br/><br/>(other stuff coming soon):Device Installation<br/><br/>DMA Guard<br/><br/>Endpoint Detection and Response<br/><br/>Microsoft Defender Security Center<br/><br/>Smartscreen<br/><br/>System Guard<br/><br/>Windows Hello for Business |
+| Modern device management (MDM) and Microsoft Endpoint Manager | Windows 11 supports MDM, an enterprise management solution to help you manage your organization's security policies and business applications. MDM enables your security team to manage devices without compromising people's privacy on their personal devices.<br/><br/>Windows 11 includes a management component that includes:<br/>- The enrollment client, which enrolls and configures the endpoint to communicate with the enterprise management server; and <br/>- The management client, which periodically synchronizes with the management server to check for updates and apply your security team's latest policies. <br/><br/>MDM includes several security features & capabilites. These include: <br/>- Remote wipe <br/>- Support for your work or school account<br/>- Config Lock<br/>- Remote device attestation<br/>- (other stuff coming soon): Device Installation, DMA Guard, Endpoint Detection and Response, the Microsoft Defender Security Center, Smartscreen, System Guard, and Windows Hello for Business <br/><br/>Non-Microsoft servers can be used to manage Windows 11 by using industry standard protocols.<br/><br/>Learn more about MDM and Windows 11 |
 | Microsoft account |  |
 | OneDrive |  |
 | Family safety |  |

From 39b49673a5d565cc24f799367d3214ff982530a3 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Wed, 8 Sep 2021 11:52:05 -0700
Subject: [PATCH 59/84] Update cloud.md

---
 windows/security/cloud.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/cloud.md b/windows/security/cloud.md
index 0fbd68985f..ba9d3e8118 100644
--- a/windows/security/cloud.md
+++ b/windows/security/cloud.md
@@ -22,7 +22,7 @@ Windows 11 includes the cloud services that are listed in the following table:
 | Service type | Description |
 |:---|:---|
 | Access to Azure Active Directory | Microsoft Azure Active Directory (Azure AD) is a complete cloud identity and access management solution for managing identities and directories, enabling access to applications, and protecting identities from security threats.<br/><br/>With Azure AD, you can manage and secure identities for your employees, partners, and customers to access the applications and services they need. <br/><br/>Windows 11 works seamlessly with Azure Active Directory to provide secure access, identity management, and single sign-on to apps and services from anywhere.<br/><br/>To learn more, see [What is Azure AD?](/azure/active-directory/fundamentals/active-directory-whatis) |
-| Modern device management (MDM) and Microsoft Endpoint Manager | Windows 11 supports MDM, an enterprise management solution to help you manage your organization's security policies and business applications. MDM enables your security team to manage devices without compromising people's privacy on their personal devices.<br/><br/>Windows 11 includes a management component that includes:<br/>- The enrollment client, which enrolls and configures the endpoint to communicate with the enterprise management server; and <br/>- The management client, which periodically synchronizes with the management server to check for updates and apply your security team's latest policies. <br/><br/>MDM includes several security features & capabilites. These include: <br/>- Remote wipe <br/>- Support for your work or school account<br/>- Config Lock<br/>- Remote device attestation<br/>- (other stuff coming soon): Device Installation, DMA Guard, Endpoint Detection and Response, the Microsoft Defender Security Center, Smartscreen, System Guard, and Windows Hello for Business <br/><br/>Non-Microsoft servers can be used to manage Windows 11 by using industry standard protocols.<br/><br/>Learn more about MDM and Windows 11 |
+| Modern device management (MDM) and Microsoft Endpoint Manager | Windows 11 supports MDM, an enterprise management solution to help you manage your organization's security policies and business applications. MDM enables your security team to manage devices without compromising people's privacy on their personal devices.<br/><br/>Windows 11 includes a management component that includes:<br/>- The enrollment client, which enrolls and configures the endpoint to communicate with the enterprise management server; and <br/>- The management client, which periodically synchronizes with the management server to check for updates and apply your security team's latest policies. <br/><br/>Non-Microsoft servers can be used to manage Windows 11 by using industry standard protocols.<br/><br/>Learn more about MDM and Windows 11 |
 | Microsoft account |  |
 | OneDrive |  |
 | Family safety |  |

From 1c273319af990ac6be11227c9d7c50572e5f2800 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Wed, 8 Sep 2021 11:57:17 -0700
Subject: [PATCH 60/84] Create mdm-windows.md

---
 windows/security/mdm-windows.md | 34 +++++++++++++++++++++++++++++++++
 1 file changed, 34 insertions(+)
 create mode 100644 windows/security/mdm-windows.md

diff --git a/windows/security/mdm-windows.md b/windows/security/mdm-windows.md
new file mode 100644
index 0000000000..6b5de3479e
--- /dev/null
+++ b/windows/security/mdm-windows.md
@@ -0,0 +1,34 @@
+---
+title: Modern device management and Windows 11
+description: Get an overview of modern device management with Microsoft Endpoint Manager and Windows 11
+search.appverid: MET150 
+author: denisebmsft
+ms.author: deniseb
+manager: dansimp 
+audience: ITPro
+ms.topic: conceptual
+ms.date: 09/08/2021
+ms.prod: w11
+ms.localizationpriority: medium
+ms.collection: 
+ms.custom: 
+ms.reviewer: 
+f1.keywords: NOCSH 
+---
+
+# Modern device management and Windows 11
+
+Windows 11 supports MDM, an enterprise management solution to help you manage your organization's security policies and business applications. MDM enables your security team to manage devices without compromising people's privacy on their personal devices.
+
+Windows 11 includes a management component that includes:
+- The enrollment client, which enrolls and configures the endpoint to communicate with the enterprise management server; and
+- The management client, which periodically synchronizes with the management server to check for updates and apply your security team's latest policies.
+
+MDM includes several security features & capabilities. These include:
+- Remote wipe
+- Support for your work or school account
+- Config Lock
+- Remote device attestation
+- (other stuff coming soon): Device Installation, DMA Guard, Endpoint Detection and Response, the Microsoft Defender Security Center, Smartscreen, System Guard, and Windows Hello for Business
+
+Non-Microsoft servers can be used to manage Windows 11 by using industry standard protocols.
\ No newline at end of file

From 88f6194aa4c98271565d671ce388cf33d8c1ddc8 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Wed, 8 Sep 2021 11:58:12 -0700
Subject: [PATCH 61/84] Update TOC.yml

---
 windows/security/TOC.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/windows/security/TOC.yml b/windows/security/TOC.yml
index d3d682fb40..5e5d767e80 100644
--- a/windows/security/TOC.yml
+++ b/windows/security/TOC.yml
@@ -226,6 +226,8 @@
 - name: Cloud services
   href: cloud.md
   items:
+    - name: MDM and Windows 11
+      href: mdm-windows.md
 - name: User protection
   items:
     - name: Technical support policy for lost or forgotten passwords

From 29b5c1f904cdae60dd14f0febfa764765039a223 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Wed, 8 Sep 2021 11:58:50 -0700
Subject: [PATCH 62/84] Update cloud.md

---
 windows/security/cloud.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/cloud.md b/windows/security/cloud.md
index ba9d3e8118..a52fd1128b 100644
--- a/windows/security/cloud.md
+++ b/windows/security/cloud.md
@@ -22,7 +22,7 @@ Windows 11 includes the cloud services that are listed in the following table:
 | Service type | Description |
 |:---|:---|
 | Access to Azure Active Directory | Microsoft Azure Active Directory (Azure AD) is a complete cloud identity and access management solution for managing identities and directories, enabling access to applications, and protecting identities from security threats.<br/><br/>With Azure AD, you can manage and secure identities for your employees, partners, and customers to access the applications and services they need. <br/><br/>Windows 11 works seamlessly with Azure Active Directory to provide secure access, identity management, and single sign-on to apps and services from anywhere.<br/><br/>To learn more, see [What is Azure AD?](/azure/active-directory/fundamentals/active-directory-whatis) |
-| Modern device management (MDM) and Microsoft Endpoint Manager | Windows 11 supports MDM, an enterprise management solution to help you manage your organization's security policies and business applications. MDM enables your security team to manage devices without compromising people's privacy on their personal devices.<br/><br/>Windows 11 includes a management component that includes:<br/>- The enrollment client, which enrolls and configures the endpoint to communicate with the enterprise management server; and <br/>- The management client, which periodically synchronizes with the management server to check for updates and apply your security team's latest policies. <br/><br/>Non-Microsoft servers can be used to manage Windows 11 by using industry standard protocols.<br/><br/>Learn more about MDM and Windows 11 |
+| Modern device management (MDM) and Microsoft Endpoint Manager | Windows 11 supports MDM, an enterprise management solution to help you manage your organization's security policies and business applications. MDM enables your security team to manage devices without compromising people's privacy on their personal devices.<br/><br/>Non-Microsoft servers can be used to manage Windows 11 by using industry standard protocols.<br/><br/>Learn more about MDM and Windows 11 |
 | Microsoft account |  |
 | OneDrive |  |
 | Family safety |  |

From 12aad635d46094612054cce4afe32498a958277d Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Wed, 8 Sep 2021 12:03:19 -0700
Subject: [PATCH 63/84] Update cloud.md

---
 windows/security/cloud.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/cloud.md b/windows/security/cloud.md
index a52fd1128b..51c4a4e806 100644
--- a/windows/security/cloud.md
+++ b/windows/security/cloud.md
@@ -22,7 +22,7 @@ Windows 11 includes the cloud services that are listed in the following table:
 | Service type | Description |
 |:---|:---|
 | Access to Azure Active Directory | Microsoft Azure Active Directory (Azure AD) is a complete cloud identity and access management solution for managing identities and directories, enabling access to applications, and protecting identities from security threats.<br/><br/>With Azure AD, you can manage and secure identities for your employees, partners, and customers to access the applications and services they need. <br/><br/>Windows 11 works seamlessly with Azure Active Directory to provide secure access, identity management, and single sign-on to apps and services from anywhere.<br/><br/>To learn more, see [What is Azure AD?](/azure/active-directory/fundamentals/active-directory-whatis) |
-| Modern device management (MDM) and Microsoft Endpoint Manager | Windows 11 supports MDM, an enterprise management solution to help you manage your organization's security policies and business applications. MDM enables your security team to manage devices without compromising people's privacy on their personal devices.<br/><br/>Non-Microsoft servers can be used to manage Windows 11 by using industry standard protocols.<br/><br/>Learn more about MDM and Windows 11 |
+| Modern device management (MDM) and Microsoft Endpoint Manager | Windows 11 supports MDM, an enterprise management solution to help you manage your organization's security policies and business applications. MDM enables your security team to manage devices without compromising people's privacy on their personal devices.<br/><br/>Non-Microsoft servers can be used to manage Windows 11 by using industry standard protocols.<br/><br/>To learn more, see [MDM and Windows 11](mdm-windows.md). |
 | Microsoft account |  |
 | OneDrive |  |
 | Family safety |  |

From a44f2fa06e52571abaa6d80709778aeece845c8b Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Wed, 8 Sep 2021 12:06:40 -0700
Subject: [PATCH 64/84] Update cloud.md

---
 windows/security/cloud.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/security/cloud.md b/windows/security/cloud.md
index 51c4a4e806..0dd25f1585 100644
--- a/windows/security/cloud.md
+++ b/windows/security/cloud.md
@@ -23,7 +23,7 @@ Windows 11 includes the cloud services that are listed in the following table:
 |:---|:---|
 | Access to Azure Active Directory | Microsoft Azure Active Directory (Azure AD) is a complete cloud identity and access management solution for managing identities and directories, enabling access to applications, and protecting identities from security threats.<br/><br/>With Azure AD, you can manage and secure identities for your employees, partners, and customers to access the applications and services they need. <br/><br/>Windows 11 works seamlessly with Azure Active Directory to provide secure access, identity management, and single sign-on to apps and services from anywhere.<br/><br/>To learn more, see [What is Azure AD?](/azure/active-directory/fundamentals/active-directory-whatis) |
 | Modern device management (MDM) and Microsoft Endpoint Manager | Windows 11 supports MDM, an enterprise management solution to help you manage your organization's security policies and business applications. MDM enables your security team to manage devices without compromising people's privacy on their personal devices.<br/><br/>Non-Microsoft servers can be used to manage Windows 11 by using industry standard protocols.<br/><br/>To learn more, see [MDM and Windows 11](mdm-windows.md). |
-| Microsoft account |  |
-| OneDrive |  |
-| Family safety |  |
+| Microsoft account | When you add your Microsoft Account to Windows 11, you can bring your Windows, Microsoft Edge, and Xbox settings, web page favorites, files, photos, and more across your different devices. Your Microsoft account lets you manage everything all in one place. Keep tabs on your subscriptions and order history, organize your family's digital life, update your privacy and security settings, track the health and safety of your devices, and get rewards. Everything stays with you in the cloud and across devices, including iOS and Android.   |
+| OneDrive | OneDrive provides additional security, backup, and restore options for your important files and photos. With options for both personal and business, OneDrive stores and protects your files in the cloud, allowing you to access them from your laptop, desktop, and mobile devices. Plus, OneDrive provides an excellent backup and restore solution. If your device is lost or stolen, you can quickly recover all your important files, photos, and data. <br/><br/>OneDrive also provides protection for your most sensitive files without losing the convenience of anywhere access. Protect digital copies of your passport, driver’s license, and other important documents in OneDrive Personal Vault. Your files will be secured by identity verification, yet easily accessible to you across your devices. <br/><br/>Learn how to set up your Personal Vault with a strong authentication method or a second step of identity verification, such as your fingerprint, face, PIN, or a code sent to you via email or SMS. <br/><br/>In the event of a ransomware attack, OneDrive can enable recovery. And if you’ve configured backups in OneDrive, you have additional options to mitigate and recover from a ransomware attack. Learn more about how to recover from a ransomware attack using Office 365 |
+| Family safety | Microsoft Family Safety empowers you and your family to create healthy habits and protect your loved ones, both online and offline. Get peace of mind that your family is safer while giving your kids independence.<br/><br/>Use your Microsoft account to create a family group on Windows, Xbox, or your mobile devices. Then customize your family settings as your needs change, from the family.microsoft.com website or the Microsoft Family Safety app on Android and iOS.<br/><br/>Develop healthy digital habits with transparency into your family's activities. View your kids’ weekly activity, including web, search, apps and games, and screen time. Balance their time online by setting screen time limits across Windows and Xbox, or set time limits on specific apps or games on Windows, Xbox, or Android to enable kids to be connected for online learning but stay focused. <br/><br/>Create a safe space for your kids to explore online. Use the content filtering settings to block inappropriate apps and games, and limit browsing to kid-friendly websites using Microsoft Edge on Windows, Xbox, and Android. To avoid surprises, get notified when your kids want to download a more mature app or game from the Microsoft Store on Windows and Xbox with age limits.<br/><br/>Stay connected even when you’re apart with family location sharing and tracking. Share your location with loved ones, spot them on a map, and save places they visit the most. <br/><br/>Learn more about Microsoft Family Safety.   |
 

From 60dd25515980b4a4f18f7cd1c8f82f4fef2221d6 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Wed, 8 Sep 2021 12:08:43 -0700
Subject: [PATCH 65/84] Update cloud.md

---
 windows/security/cloud.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/cloud.md b/windows/security/cloud.md
index 0dd25f1585..dcaa0a7cb0 100644
--- a/windows/security/cloud.md
+++ b/windows/security/cloud.md
@@ -24,6 +24,6 @@ Windows 11 includes the cloud services that are listed in the following table:
 | Access to Azure Active Directory | Microsoft Azure Active Directory (Azure AD) is a complete cloud identity and access management solution for managing identities and directories, enabling access to applications, and protecting identities from security threats.<br/><br/>With Azure AD, you can manage and secure identities for your employees, partners, and customers to access the applications and services they need. <br/><br/>Windows 11 works seamlessly with Azure Active Directory to provide secure access, identity management, and single sign-on to apps and services from anywhere.<br/><br/>To learn more, see [What is Azure AD?](/azure/active-directory/fundamentals/active-directory-whatis) |
 | Modern device management (MDM) and Microsoft Endpoint Manager | Windows 11 supports MDM, an enterprise management solution to help you manage your organization's security policies and business applications. MDM enables your security team to manage devices without compromising people's privacy on their personal devices.<br/><br/>Non-Microsoft servers can be used to manage Windows 11 by using industry standard protocols.<br/><br/>To learn more, see [MDM and Windows 11](mdm-windows.md). |
 | Microsoft account | When you add your Microsoft Account to Windows 11, you can bring your Windows, Microsoft Edge, and Xbox settings, web page favorites, files, photos, and more across your different devices. Your Microsoft account lets you manage everything all in one place. Keep tabs on your subscriptions and order history, organize your family's digital life, update your privacy and security settings, track the health and safety of your devices, and get rewards. Everything stays with you in the cloud and across devices, including iOS and Android.   |
-| OneDrive | OneDrive provides additional security, backup, and restore options for your important files and photos. With options for both personal and business, OneDrive stores and protects your files in the cloud, allowing you to access them from your laptop, desktop, and mobile devices. Plus, OneDrive provides an excellent backup and restore solution. If your device is lost or stolen, you can quickly recover all your important files, photos, and data. <br/><br/>OneDrive also provides protection for your most sensitive files without losing the convenience of anywhere access. Protect digital copies of your passport, driver’s license, and other important documents in OneDrive Personal Vault. Your files will be secured by identity verification, yet easily accessible to you across your devices. <br/><br/>Learn how to set up your Personal Vault with a strong authentication method or a second step of identity verification, such as your fingerprint, face, PIN, or a code sent to you via email or SMS. <br/><br/>In the event of a ransomware attack, OneDrive can enable recovery. And if you’ve configured backups in OneDrive, you have additional options to mitigate and recover from a ransomware attack. Learn more about how to recover from a ransomware attack using Office 365 |
+| OneDrive | OneDrive provides extra security, backup, and restore options for your important files and photos. With options for both personal and business, OneDrive stores and protects your files in the cloud, allowing you to access them from your laptop, desktop, and mobile devices. Plus, OneDrive provides an excellent backup and restore solution. If your device is lost or stolen, you can quickly recover all your important files, photos, and data. <br/><br/>OneDrive also provides protection for your most sensitive files without losing the convenience of anywhere access. Protect digital copies of your passport, driver’s license, and other important documents in OneDrive Personal Vault. Your files will be secured by identity verification, yet easily accessible to you across your devices. <br/><br/>Learn how to set up your Personal Vault with a strong authentication method or a second step of identity verification, such as your fingerprint, face, PIN, or a code sent to you via email or SMS. <br/><br/>In the event of a ransomware attack, OneDrive can enable recovery. And if you’ve configured backups in OneDrive, you have more options to mitigate and recover from a ransomware attack. Learn more about how to recover from a ransomware attack using Office 365 |
 | Family safety | Microsoft Family Safety empowers you and your family to create healthy habits and protect your loved ones, both online and offline. Get peace of mind that your family is safer while giving your kids independence.<br/><br/>Use your Microsoft account to create a family group on Windows, Xbox, or your mobile devices. Then customize your family settings as your needs change, from the family.microsoft.com website or the Microsoft Family Safety app on Android and iOS.<br/><br/>Develop healthy digital habits with transparency into your family's activities. View your kids’ weekly activity, including web, search, apps and games, and screen time. Balance their time online by setting screen time limits across Windows and Xbox, or set time limits on specific apps or games on Windows, Xbox, or Android to enable kids to be connected for online learning but stay focused. <br/><br/>Create a safe space for your kids to explore online. Use the content filtering settings to block inappropriate apps and games, and limit browsing to kid-friendly websites using Microsoft Edge on Windows, Xbox, and Android. To avoid surprises, get notified when your kids want to download a more mature app or game from the Microsoft Store on Windows and Xbox with age limits.<br/><br/>Stay connected even when you’re apart with family location sharing and tracking. Share your location with loved ones, spot them on a map, and save places they visit the most. <br/><br/>Learn more about Microsoft Family Safety.   |
 

From 71bb8c02d02813d43ae0a7095dc93632e4da762a Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Wed, 8 Sep 2021 12:18:27 -0700
Subject: [PATCH 66/84] Update cloud.md

---
 windows/security/cloud.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/cloud.md b/windows/security/cloud.md
index dcaa0a7cb0..4e2e6d3131 100644
--- a/windows/security/cloud.md
+++ b/windows/security/cloud.md
@@ -24,6 +24,6 @@ Windows 11 includes the cloud services that are listed in the following table:
 | Access to Azure Active Directory | Microsoft Azure Active Directory (Azure AD) is a complete cloud identity and access management solution for managing identities and directories, enabling access to applications, and protecting identities from security threats.<br/><br/>With Azure AD, you can manage and secure identities for your employees, partners, and customers to access the applications and services they need. <br/><br/>Windows 11 works seamlessly with Azure Active Directory to provide secure access, identity management, and single sign-on to apps and services from anywhere.<br/><br/>To learn more, see [What is Azure AD?](/azure/active-directory/fundamentals/active-directory-whatis) |
 | Modern device management (MDM) and Microsoft Endpoint Manager | Windows 11 supports MDM, an enterprise management solution to help you manage your organization's security policies and business applications. MDM enables your security team to manage devices without compromising people's privacy on their personal devices.<br/><br/>Non-Microsoft servers can be used to manage Windows 11 by using industry standard protocols.<br/><br/>To learn more, see [MDM and Windows 11](mdm-windows.md). |
 | Microsoft account | When you add your Microsoft Account to Windows 11, you can bring your Windows, Microsoft Edge, and Xbox settings, web page favorites, files, photos, and more across your different devices. Your Microsoft account lets you manage everything all in one place. Keep tabs on your subscriptions and order history, organize your family's digital life, update your privacy and security settings, track the health and safety of your devices, and get rewards. Everything stays with you in the cloud and across devices, including iOS and Android.   |
-| OneDrive | OneDrive provides extra security, backup, and restore options for your important files and photos. With options for both personal and business, OneDrive stores and protects your files in the cloud, allowing you to access them from your laptop, desktop, and mobile devices. Plus, OneDrive provides an excellent backup and restore solution. If your device is lost or stolen, you can quickly recover all your important files, photos, and data. <br/><br/>OneDrive also provides protection for your most sensitive files without losing the convenience of anywhere access. Protect digital copies of your passport, driver’s license, and other important documents in OneDrive Personal Vault. Your files will be secured by identity verification, yet easily accessible to you across your devices. <br/><br/>Learn how to set up your Personal Vault with a strong authentication method or a second step of identity verification, such as your fingerprint, face, PIN, or a code sent to you via email or SMS. <br/><br/>In the event of a ransomware attack, OneDrive can enable recovery. And if you’ve configured backups in OneDrive, you have more options to mitigate and recover from a ransomware attack. Learn more about how to recover from a ransomware attack using Office 365 |
+| OneDrive | OneDrive is your online storage for your files, photos, and data. OneDrive provides extra security, backup, and restore options for important files and photos. With options for both personal and business, people can use OneDrive to store and protect files in the cloud, allowing users to them on their laptops, desktops, and mobile devices. If a device is lost or stolen, people can quickly recover all their important files, photos, and data. <br/><br/>The OneDrive Personal Vault also provides protection for your most sensitive files without losing the convenience of anywhere access. Files are secured by identity verification, yet easily accessible to users across their devices. [Learn how to set up your Personal Vault](https://support.microsoft.com/en-us/office/protect-your-onedrive-files-in-personal-vault-6540ef37-e9bf-4121-a773-56f98dce78c4?ui=en-us&rs=en-us&ad=us) with a strong authentication method or a second step of identity verification, such as your fingerprint, face, PIN, or a code sent to you via email or SMS. <br/><br/>In the event of a ransomware attack, OneDrive can enable recovery. And if you’ve configured backups in OneDrive, you have more options to mitigate and recover from a ransomware attack. [Learn more about how to recover from a ransomware attack using Office 365](/microsoft-365/security/office-365-security/recover-from-ransomware?view=o365-worldwide) |
 | Family safety | Microsoft Family Safety empowers you and your family to create healthy habits and protect your loved ones, both online and offline. Get peace of mind that your family is safer while giving your kids independence.<br/><br/>Use your Microsoft account to create a family group on Windows, Xbox, or your mobile devices. Then customize your family settings as your needs change, from the family.microsoft.com website or the Microsoft Family Safety app on Android and iOS.<br/><br/>Develop healthy digital habits with transparency into your family's activities. View your kids’ weekly activity, including web, search, apps and games, and screen time. Balance their time online by setting screen time limits across Windows and Xbox, or set time limits on specific apps or games on Windows, Xbox, or Android to enable kids to be connected for online learning but stay focused. <br/><br/>Create a safe space for your kids to explore online. Use the content filtering settings to block inappropriate apps and games, and limit browsing to kid-friendly websites using Microsoft Edge on Windows, Xbox, and Android. To avoid surprises, get notified when your kids want to download a more mature app or game from the Microsoft Store on Windows and Xbox with age limits.<br/><br/>Stay connected even when you’re apart with family location sharing and tracking. Share your location with loved ones, spot them on a map, and save places they visit the most. <br/><br/>Learn more about Microsoft Family Safety.   |
 

From ce5eba5952585143d2100dea98b5fa903f1386bd Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Wed, 8 Sep 2021 12:19:17 -0700
Subject: [PATCH 67/84] Update cloud.md

---
 windows/security/cloud.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/cloud.md b/windows/security/cloud.md
index 4e2e6d3131..51ac9dadd3 100644
--- a/windows/security/cloud.md
+++ b/windows/security/cloud.md
@@ -25,5 +25,5 @@ Windows 11 includes the cloud services that are listed in the following table:
 | Modern device management (MDM) and Microsoft Endpoint Manager | Windows 11 supports MDM, an enterprise management solution to help you manage your organization's security policies and business applications. MDM enables your security team to manage devices without compromising people's privacy on their personal devices.<br/><br/>Non-Microsoft servers can be used to manage Windows 11 by using industry standard protocols.<br/><br/>To learn more, see [MDM and Windows 11](mdm-windows.md). |
 | Microsoft account | When you add your Microsoft Account to Windows 11, you can bring your Windows, Microsoft Edge, and Xbox settings, web page favorites, files, photos, and more across your different devices. Your Microsoft account lets you manage everything all in one place. Keep tabs on your subscriptions and order history, organize your family's digital life, update your privacy and security settings, track the health and safety of your devices, and get rewards. Everything stays with you in the cloud and across devices, including iOS and Android.   |
 | OneDrive | OneDrive is your online storage for your files, photos, and data. OneDrive provides extra security, backup, and restore options for important files and photos. With options for both personal and business, people can use OneDrive to store and protect files in the cloud, allowing users to them on their laptops, desktops, and mobile devices. If a device is lost or stolen, people can quickly recover all their important files, photos, and data. <br/><br/>The OneDrive Personal Vault also provides protection for your most sensitive files without losing the convenience of anywhere access. Files are secured by identity verification, yet easily accessible to users across their devices. [Learn how to set up your Personal Vault](https://support.microsoft.com/en-us/office/protect-your-onedrive-files-in-personal-vault-6540ef37-e9bf-4121-a773-56f98dce78c4?ui=en-us&rs=en-us&ad=us) with a strong authentication method or a second step of identity verification, such as your fingerprint, face, PIN, or a code sent to you via email or SMS. <br/><br/>In the event of a ransomware attack, OneDrive can enable recovery. And if you’ve configured backups in OneDrive, you have more options to mitigate and recover from a ransomware attack. [Learn more about how to recover from a ransomware attack using Office 365](/microsoft-365/security/office-365-security/recover-from-ransomware?view=o365-worldwide) |
-| Family safety | Microsoft Family Safety empowers you and your family to create healthy habits and protect your loved ones, both online and offline. Get peace of mind that your family is safer while giving your kids independence.<br/><br/>Use your Microsoft account to create a family group on Windows, Xbox, or your mobile devices. Then customize your family settings as your needs change, from the family.microsoft.com website or the Microsoft Family Safety app on Android and iOS.<br/><br/>Develop healthy digital habits with transparency into your family's activities. View your kids’ weekly activity, including web, search, apps and games, and screen time. Balance their time online by setting screen time limits across Windows and Xbox, or set time limits on specific apps or games on Windows, Xbox, or Android to enable kids to be connected for online learning but stay focused. <br/><br/>Create a safe space for your kids to explore online. Use the content filtering settings to block inappropriate apps and games, and limit browsing to kid-friendly websites using Microsoft Edge on Windows, Xbox, and Android. To avoid surprises, get notified when your kids want to download a more mature app or game from the Microsoft Store on Windows and Xbox with age limits.<br/><br/>Stay connected even when you’re apart with family location sharing and tracking. Share your location with loved ones, spot them on a map, and save places they visit the most. <br/><br/>Learn more about Microsoft Family Safety.   |
+| Family safety | Microsoft Family Safety empowers you and your family to create healthy habits and protect your loved ones, both online and offline. Get peace of mind that your family is safer while giving your kids independence.<br/><br/>Use your Microsoft account to create a family group on Windows, Xbox, or your mobile devices. Then customize your family settings as your needs change, from the family.microsoft.com website or the Microsoft Family Safety app on Android and iOS.<br/><br/>Develop healthy digital habits with transparency into your family's activities. View your kids’ weekly activity, including web, search, apps and games, and screen time. Balance their time online by setting screen time limits across Windows and Xbox, or set time limits on specific apps or games on Windows, Xbox, or Android to enable kids to be connected for online learning but stay focused. <br/><br/>Create a safe space for your kids to explore online. Use the content filtering settings to block inappropriate apps and games, and limit browsing to kid-friendly websites using Microsoft Edge on Windows, Xbox, and Android. To avoid surprises, get notified when your kids want to download a more mature app or game from the Microsoft Store on Windows and Xbox with age limits.<br/><br/>Stay connected even when you’re apart with family location sharing and tracking. Share your location with loved ones, spot them on a map, and save places they visit the most. <br/><br/>[Learn more about Microsoft Family Safety](https://www.microsoft.com/en-us/microsoft-365/family-safety).   |
 

From a19534b1b5ac35d33bbb9054176eab6727d6217c Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Wed, 8 Sep 2021 12:21:50 -0700
Subject: [PATCH 68/84] Update cloud.md

---
 windows/security/cloud.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/cloud.md b/windows/security/cloud.md
index 51ac9dadd3..773394f619 100644
--- a/windows/security/cloud.md
+++ b/windows/security/cloud.md
@@ -23,7 +23,7 @@ Windows 11 includes the cloud services that are listed in the following table:
 |:---|:---|
 | Access to Azure Active Directory | Microsoft Azure Active Directory (Azure AD) is a complete cloud identity and access management solution for managing identities and directories, enabling access to applications, and protecting identities from security threats.<br/><br/>With Azure AD, you can manage and secure identities for your employees, partners, and customers to access the applications and services they need. <br/><br/>Windows 11 works seamlessly with Azure Active Directory to provide secure access, identity management, and single sign-on to apps and services from anywhere.<br/><br/>To learn more, see [What is Azure AD?](/azure/active-directory/fundamentals/active-directory-whatis) |
 | Modern device management (MDM) and Microsoft Endpoint Manager | Windows 11 supports MDM, an enterprise management solution to help you manage your organization's security policies and business applications. MDM enables your security team to manage devices without compromising people's privacy on their personal devices.<br/><br/>Non-Microsoft servers can be used to manage Windows 11 by using industry standard protocols.<br/><br/>To learn more, see [MDM and Windows 11](mdm-windows.md). |
-| Microsoft account | When you add your Microsoft Account to Windows 11, you can bring your Windows, Microsoft Edge, and Xbox settings, web page favorites, files, photos, and more across your different devices. Your Microsoft account lets you manage everything all in one place. Keep tabs on your subscriptions and order history, organize your family's digital life, update your privacy and security settings, track the health and safety of your devices, and get rewards. Everything stays with you in the cloud and across devices, including iOS and Android.   |
+| Microsoft account | When users add their Microsoft account to Windows 11, they can bring their Windows, Microsoft Edge, Xbox settings, web page favorites, files, photos, and more across their devices. <br/><br/>The Microsoft account enables people to manage everything in one place. They can keep tabs on their subscriptions and order history, organize your family's digital life, update your privacy and security settings, track the health and safety of their devices, and even get rewards. |
 | OneDrive | OneDrive is your online storage for your files, photos, and data. OneDrive provides extra security, backup, and restore options for important files and photos. With options for both personal and business, people can use OneDrive to store and protect files in the cloud, allowing users to them on their laptops, desktops, and mobile devices. If a device is lost or stolen, people can quickly recover all their important files, photos, and data. <br/><br/>The OneDrive Personal Vault also provides protection for your most sensitive files without losing the convenience of anywhere access. Files are secured by identity verification, yet easily accessible to users across their devices. [Learn how to set up your Personal Vault](https://support.microsoft.com/en-us/office/protect-your-onedrive-files-in-personal-vault-6540ef37-e9bf-4121-a773-56f98dce78c4?ui=en-us&rs=en-us&ad=us) with a strong authentication method or a second step of identity verification, such as your fingerprint, face, PIN, or a code sent to you via email or SMS. <br/><br/>In the event of a ransomware attack, OneDrive can enable recovery. And if you’ve configured backups in OneDrive, you have more options to mitigate and recover from a ransomware attack. [Learn more about how to recover from a ransomware attack using Office 365](/microsoft-365/security/office-365-security/recover-from-ransomware?view=o365-worldwide) |
 | Family safety | Microsoft Family Safety empowers you and your family to create healthy habits and protect your loved ones, both online and offline. Get peace of mind that your family is safer while giving your kids independence.<br/><br/>Use your Microsoft account to create a family group on Windows, Xbox, or your mobile devices. Then customize your family settings as your needs change, from the family.microsoft.com website or the Microsoft Family Safety app on Android and iOS.<br/><br/>Develop healthy digital habits with transparency into your family's activities. View your kids’ weekly activity, including web, search, apps and games, and screen time. Balance their time online by setting screen time limits across Windows and Xbox, or set time limits on specific apps or games on Windows, Xbox, or Android to enable kids to be connected for online learning but stay focused. <br/><br/>Create a safe space for your kids to explore online. Use the content filtering settings to block inappropriate apps and games, and limit browsing to kid-friendly websites using Microsoft Edge on Windows, Xbox, and Android. To avoid surprises, get notified when your kids want to download a more mature app or game from the Microsoft Store on Windows and Xbox with age limits.<br/><br/>Stay connected even when you’re apart with family location sharing and tracking. Share your location with loved ones, spot them on a map, and save places they visit the most. <br/><br/>[Learn more about Microsoft Family Safety](https://www.microsoft.com/en-us/microsoft-365/family-safety).   |
 

From 489a499500abf23e82cb54644eb5c3df700ab865 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Wed, 8 Sep 2021 12:27:52 -0700
Subject: [PATCH 69/84] Update cloud.md

---
 windows/security/cloud.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/cloud.md b/windows/security/cloud.md
index 773394f619..a8ccd0ff3c 100644
--- a/windows/security/cloud.md
+++ b/windows/security/cloud.md
@@ -25,5 +25,5 @@ Windows 11 includes the cloud services that are listed in the following table:
 | Modern device management (MDM) and Microsoft Endpoint Manager | Windows 11 supports MDM, an enterprise management solution to help you manage your organization's security policies and business applications. MDM enables your security team to manage devices without compromising people's privacy on their personal devices.<br/><br/>Non-Microsoft servers can be used to manage Windows 11 by using industry standard protocols.<br/><br/>To learn more, see [MDM and Windows 11](mdm-windows.md). |
 | Microsoft account | When users add their Microsoft account to Windows 11, they can bring their Windows, Microsoft Edge, Xbox settings, web page favorites, files, photos, and more across their devices. <br/><br/>The Microsoft account enables people to manage everything in one place. They can keep tabs on their subscriptions and order history, organize your family's digital life, update your privacy and security settings, track the health and safety of their devices, and even get rewards. |
 | OneDrive | OneDrive is your online storage for your files, photos, and data. OneDrive provides extra security, backup, and restore options for important files and photos. With options for both personal and business, people can use OneDrive to store and protect files in the cloud, allowing users to them on their laptops, desktops, and mobile devices. If a device is lost or stolen, people can quickly recover all their important files, photos, and data. <br/><br/>The OneDrive Personal Vault also provides protection for your most sensitive files without losing the convenience of anywhere access. Files are secured by identity verification, yet easily accessible to users across their devices. [Learn how to set up your Personal Vault](https://support.microsoft.com/en-us/office/protect-your-onedrive-files-in-personal-vault-6540ef37-e9bf-4121-a773-56f98dce78c4?ui=en-us&rs=en-us&ad=us) with a strong authentication method or a second step of identity verification, such as your fingerprint, face, PIN, or a code sent to you via email or SMS. <br/><br/>In the event of a ransomware attack, OneDrive can enable recovery. And if you’ve configured backups in OneDrive, you have more options to mitigate and recover from a ransomware attack. [Learn more about how to recover from a ransomware attack using Office 365](/microsoft-365/security/office-365-security/recover-from-ransomware?view=o365-worldwide) |
-| Family safety | Microsoft Family Safety empowers you and your family to create healthy habits and protect your loved ones, both online and offline. Get peace of mind that your family is safer while giving your kids independence.<br/><br/>Use your Microsoft account to create a family group on Windows, Xbox, or your mobile devices. Then customize your family settings as your needs change, from the family.microsoft.com website or the Microsoft Family Safety app on Android and iOS.<br/><br/>Develop healthy digital habits with transparency into your family's activities. View your kids’ weekly activity, including web, search, apps and games, and screen time. Balance their time online by setting screen time limits across Windows and Xbox, or set time limits on specific apps or games on Windows, Xbox, or Android to enable kids to be connected for online learning but stay focused. <br/><br/>Create a safe space for your kids to explore online. Use the content filtering settings to block inappropriate apps and games, and limit browsing to kid-friendly websites using Microsoft Edge on Windows, Xbox, and Android. To avoid surprises, get notified when your kids want to download a more mature app or game from the Microsoft Store on Windows and Xbox with age limits.<br/><br/>Stay connected even when you’re apart with family location sharing and tracking. Share your location with loved ones, spot them on a map, and save places they visit the most. <br/><br/>[Learn more about Microsoft Family Safety](https://www.microsoft.com/en-us/microsoft-365/family-safety).   |
+| Family safety | Microsoft Family Safety empowers people and their family members to create healthy habits and protect their loved ones, both online and offline. People can use their Microsoft account to create a family group on Windows, Xbox, or your mobile devices, and then customize their your family settings by using the `family.microsoft.com` website or the Microsoft Family Safety app on Android and iOS.<br/><br/>[Learn more about Microsoft Family Safety](https://www.microsoft.com/en-us/microsoft-365/family-safety).   |
 

From ea8ddca8fa3ec811b1f7e5eeb6f8585cbbc420c1 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Wed, 8 Sep 2021 12:31:03 -0700
Subject: [PATCH 70/84] Update cloud.md

---
 windows/security/cloud.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/security/cloud.md b/windows/security/cloud.md
index a8ccd0ff3c..8f692a5af0 100644
--- a/windows/security/cloud.md
+++ b/windows/security/cloud.md
@@ -15,9 +15,9 @@ author: dansimp
 
 *This article provides an overview of cloud services built into Windows 11.*
 
-Today’s workforce has more freedom and mobility than ever before. With the growth of enterprise cloud adoption, increased personal app usage, and increased use of third-party apps, the risk of data exposure is at its highest. Enabling Zero-Trust protection, Windows 11 works with Microsoft cloud services to help organizations strengthen their multi-cloud security infrastructure, protect hybrid cloud workloads, and safeguard sensitive information while controlling access and mitigating threats. 
+Today’s workforce has more freedom and mobility than ever before. With the growth of enterprise cloud adoption, increased personal app usage, and increased use of third-party apps, the risk of data exposure is at its highest. Enabling Zero-Trust protection, Windows 11 works with Microsoft cloud services. Windows and cloud services together help organizations strengthen their multi-cloud security infrastructure, protect hybrid cloud workloads, and safeguard sensitive information while controlling access and mitigating threats. 
 
-Windows 11 includes the cloud services that are listed in the following table:
+Windows 11 includes the cloud services that are listed in the following table:<br/><br/>
 
 | Service type | Description |
 |:---|:---|
@@ -25,5 +25,5 @@ Windows 11 includes the cloud services that are listed in the following table:
 | Modern device management (MDM) and Microsoft Endpoint Manager | Windows 11 supports MDM, an enterprise management solution to help you manage your organization's security policies and business applications. MDM enables your security team to manage devices without compromising people's privacy on their personal devices.<br/><br/>Non-Microsoft servers can be used to manage Windows 11 by using industry standard protocols.<br/><br/>To learn more, see [MDM and Windows 11](mdm-windows.md). |
 | Microsoft account | When users add their Microsoft account to Windows 11, they can bring their Windows, Microsoft Edge, Xbox settings, web page favorites, files, photos, and more across their devices. <br/><br/>The Microsoft account enables people to manage everything in one place. They can keep tabs on their subscriptions and order history, organize your family's digital life, update your privacy and security settings, track the health and safety of their devices, and even get rewards. |
 | OneDrive | OneDrive is your online storage for your files, photos, and data. OneDrive provides extra security, backup, and restore options for important files and photos. With options for both personal and business, people can use OneDrive to store and protect files in the cloud, allowing users to them on their laptops, desktops, and mobile devices. If a device is lost or stolen, people can quickly recover all their important files, photos, and data. <br/><br/>The OneDrive Personal Vault also provides protection for your most sensitive files without losing the convenience of anywhere access. Files are secured by identity verification, yet easily accessible to users across their devices. [Learn how to set up your Personal Vault](https://support.microsoft.com/en-us/office/protect-your-onedrive-files-in-personal-vault-6540ef37-e9bf-4121-a773-56f98dce78c4?ui=en-us&rs=en-us&ad=us) with a strong authentication method or a second step of identity verification, such as your fingerprint, face, PIN, or a code sent to you via email or SMS. <br/><br/>In the event of a ransomware attack, OneDrive can enable recovery. And if you’ve configured backups in OneDrive, you have more options to mitigate and recover from a ransomware attack. [Learn more about how to recover from a ransomware attack using Office 365](/microsoft-365/security/office-365-security/recover-from-ransomware?view=o365-worldwide) |
-| Family safety | Microsoft Family Safety empowers people and their family members to create healthy habits and protect their loved ones, both online and offline. People can use their Microsoft account to create a family group on Windows, Xbox, or your mobile devices, and then customize their your family settings by using the `family.microsoft.com` website or the Microsoft Family Safety app on Android and iOS.<br/><br/>[Learn more about Microsoft Family Safety](https://www.microsoft.com/en-us/microsoft-365/family-safety).   |
+| Family safety | Microsoft Family Safety empowers people and their family members to create healthy habits and protect their loved ones, both online and offline. People can use their Microsoft account to create a family group on Windows, Xbox, or your mobile devices, and then customize their family settings by using the `family.microsoft.com` website or the Microsoft Family Safety app on Android and iOS.<br/><br/>[Learn more about Microsoft Family Safety](https://www.microsoft.com/en-us/microsoft-365/family-safety).   |
 

From 0023bfa72ec58e4223624377419efd9003efa46d Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Wed, 8 Sep 2021 12:32:47 -0700
Subject: [PATCH 71/84] Update cloud.md

---
 windows/security/cloud.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/cloud.md b/windows/security/cloud.md
index 8f692a5af0..879368adf1 100644
--- a/windows/security/cloud.md
+++ b/windows/security/cloud.md
@@ -23,7 +23,7 @@ Windows 11 includes the cloud services that are listed in the following table:<b
 |:---|:---|
 | Access to Azure Active Directory | Microsoft Azure Active Directory (Azure AD) is a complete cloud identity and access management solution for managing identities and directories, enabling access to applications, and protecting identities from security threats.<br/><br/>With Azure AD, you can manage and secure identities for your employees, partners, and customers to access the applications and services they need. <br/><br/>Windows 11 works seamlessly with Azure Active Directory to provide secure access, identity management, and single sign-on to apps and services from anywhere.<br/><br/>To learn more, see [What is Azure AD?](/azure/active-directory/fundamentals/active-directory-whatis) |
 | Modern device management (MDM) and Microsoft Endpoint Manager | Windows 11 supports MDM, an enterprise management solution to help you manage your organization's security policies and business applications. MDM enables your security team to manage devices without compromising people's privacy on their personal devices.<br/><br/>Non-Microsoft servers can be used to manage Windows 11 by using industry standard protocols.<br/><br/>To learn more, see [MDM and Windows 11](mdm-windows.md). |
-| Microsoft account | When users add their Microsoft account to Windows 11, they can bring their Windows, Microsoft Edge, Xbox settings, web page favorites, files, photos, and more across their devices. <br/><br/>The Microsoft account enables people to manage everything in one place. They can keep tabs on their subscriptions and order history, organize your family's digital life, update your privacy and security settings, track the health and safety of their devices, and even get rewards. |
+| Microsoft account | When users add their Microsoft account to Windows 11, they can bring their Windows, Microsoft Edge, Xbox settings, web page favorites, files, photos, and more across their devices. <br/><br/>The Microsoft account enables people to manage everything in one place. They can keep tabs on their subscriptions and order history, organize their family's digital life, update their privacy and security settings, track the health and safety of their devices, and even get rewards. <br/><br/>To learn more, see [Microsoft Accounts](identity-protection/access-control/microsoft-accounts.md).|
 | OneDrive | OneDrive is your online storage for your files, photos, and data. OneDrive provides extra security, backup, and restore options for important files and photos. With options for both personal and business, people can use OneDrive to store and protect files in the cloud, allowing users to them on their laptops, desktops, and mobile devices. If a device is lost or stolen, people can quickly recover all their important files, photos, and data. <br/><br/>The OneDrive Personal Vault also provides protection for your most sensitive files without losing the convenience of anywhere access. Files are secured by identity verification, yet easily accessible to users across their devices. [Learn how to set up your Personal Vault](https://support.microsoft.com/en-us/office/protect-your-onedrive-files-in-personal-vault-6540ef37-e9bf-4121-a773-56f98dce78c4?ui=en-us&rs=en-us&ad=us) with a strong authentication method or a second step of identity verification, such as your fingerprint, face, PIN, or a code sent to you via email or SMS. <br/><br/>In the event of a ransomware attack, OneDrive can enable recovery. And if you’ve configured backups in OneDrive, you have more options to mitigate and recover from a ransomware attack. [Learn more about how to recover from a ransomware attack using Office 365](/microsoft-365/security/office-365-security/recover-from-ransomware?view=o365-worldwide) |
 | Family safety | Microsoft Family Safety empowers people and their family members to create healthy habits and protect their loved ones, both online and offline. People can use their Microsoft account to create a family group on Windows, Xbox, or your mobile devices, and then customize their family settings by using the `family.microsoft.com` website or the Microsoft Family Safety app on Android and iOS.<br/><br/>[Learn more about Microsoft Family Safety](https://www.microsoft.com/en-us/microsoft-365/family-safety).   |
 

From 06c3a2d37d7e6709f75f62b4d2985cebdd7e52f3 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Wed, 8 Sep 2021 12:33:33 -0700
Subject: [PATCH 72/84] Update cloud.md

---
 windows/security/cloud.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/cloud.md b/windows/security/cloud.md
index 879368adf1..c48b1c6ba0 100644
--- a/windows/security/cloud.md
+++ b/windows/security/cloud.md
@@ -24,6 +24,6 @@ Windows 11 includes the cloud services that are listed in the following table:<b
 | Access to Azure Active Directory | Microsoft Azure Active Directory (Azure AD) is a complete cloud identity and access management solution for managing identities and directories, enabling access to applications, and protecting identities from security threats.<br/><br/>With Azure AD, you can manage and secure identities for your employees, partners, and customers to access the applications and services they need. <br/><br/>Windows 11 works seamlessly with Azure Active Directory to provide secure access, identity management, and single sign-on to apps and services from anywhere.<br/><br/>To learn more, see [What is Azure AD?](/azure/active-directory/fundamentals/active-directory-whatis) |
 | Modern device management (MDM) and Microsoft Endpoint Manager | Windows 11 supports MDM, an enterprise management solution to help you manage your organization's security policies and business applications. MDM enables your security team to manage devices without compromising people's privacy on their personal devices.<br/><br/>Non-Microsoft servers can be used to manage Windows 11 by using industry standard protocols.<br/><br/>To learn more, see [MDM and Windows 11](mdm-windows.md). |
 | Microsoft account | When users add their Microsoft account to Windows 11, they can bring their Windows, Microsoft Edge, Xbox settings, web page favorites, files, photos, and more across their devices. <br/><br/>The Microsoft account enables people to manage everything in one place. They can keep tabs on their subscriptions and order history, organize their family's digital life, update their privacy and security settings, track the health and safety of their devices, and even get rewards. <br/><br/>To learn more, see [Microsoft Accounts](identity-protection/access-control/microsoft-accounts.md).|
-| OneDrive | OneDrive is your online storage for your files, photos, and data. OneDrive provides extra security, backup, and restore options for important files and photos. With options for both personal and business, people can use OneDrive to store and protect files in the cloud, allowing users to them on their laptops, desktops, and mobile devices. If a device is lost or stolen, people can quickly recover all their important files, photos, and data. <br/><br/>The OneDrive Personal Vault also provides protection for your most sensitive files without losing the convenience of anywhere access. Files are secured by identity verification, yet easily accessible to users across their devices. [Learn how to set up your Personal Vault](https://support.microsoft.com/en-us/office/protect-your-onedrive-files-in-personal-vault-6540ef37-e9bf-4121-a773-56f98dce78c4?ui=en-us&rs=en-us&ad=us) with a strong authentication method or a second step of identity verification, such as your fingerprint, face, PIN, or a code sent to you via email or SMS. <br/><br/>In the event of a ransomware attack, OneDrive can enable recovery. And if you’ve configured backups in OneDrive, you have more options to mitigate and recover from a ransomware attack. [Learn more about how to recover from a ransomware attack using Office 365](/microsoft-365/security/office-365-security/recover-from-ransomware?view=o365-worldwide) |
+| OneDrive | OneDrive is your online storage for your files, photos, and data. OneDrive provides extra security, backup, and restore options for important files and photos. With options for both personal and business, people can use OneDrive to store and protect files in the cloud, allowing users to them on their laptops, desktops, and mobile devices. If a device is lost or stolen, people can quickly recover all their important files, photos, and data. <br/><br/>The OneDrive Personal Vault also provides protection for your most sensitive files without losing the convenience of anywhere access. Files are secured by identity verification, yet easily accessible to users across their devices. [Learn how to set up your Personal Vault](https://support.microsoft.com/en-us/office/protect-your-onedrive-files-in-personal-vault-6540ef37-e9bf-4121-a773-56f98dce78c4?ui=en-us&rs=en-us&ad=us) with a strong authentication method or a second step of identity verification, such as your fingerprint, face, PIN, or a code sent to you via email or SMS. <br/><br/>In the event of a ransomware attack, OneDrive can enable recovery. And if you’ve configured backups in OneDrive, you have more options to mitigate and recover from a ransomware attack. [Learn more about how to recover from a ransomware attack using Office 365](/microsoft-365/security/office-365-security/recover-from-ransomware) |
 | Family safety | Microsoft Family Safety empowers people and their family members to create healthy habits and protect their loved ones, both online and offline. People can use their Microsoft account to create a family group on Windows, Xbox, or your mobile devices, and then customize their family settings by using the `family.microsoft.com` website or the Microsoft Family Safety app on Android and iOS.<br/><br/>[Learn more about Microsoft Family Safety](https://www.microsoft.com/en-us/microsoft-365/family-safety).   |
 

From f54e646cfb25353a509615b8c32a8949935ab372 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Wed, 8 Sep 2021 12:33:54 -0700
Subject: [PATCH 73/84] Update cloud.md

---
 windows/security/cloud.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/cloud.md b/windows/security/cloud.md
index c48b1c6ba0..0b40946517 100644
--- a/windows/security/cloud.md
+++ b/windows/security/cloud.md
@@ -24,6 +24,6 @@ Windows 11 includes the cloud services that are listed in the following table:<b
 | Access to Azure Active Directory | Microsoft Azure Active Directory (Azure AD) is a complete cloud identity and access management solution for managing identities and directories, enabling access to applications, and protecting identities from security threats.<br/><br/>With Azure AD, you can manage and secure identities for your employees, partners, and customers to access the applications and services they need. <br/><br/>Windows 11 works seamlessly with Azure Active Directory to provide secure access, identity management, and single sign-on to apps and services from anywhere.<br/><br/>To learn more, see [What is Azure AD?](/azure/active-directory/fundamentals/active-directory-whatis) |
 | Modern device management (MDM) and Microsoft Endpoint Manager | Windows 11 supports MDM, an enterprise management solution to help you manage your organization's security policies and business applications. MDM enables your security team to manage devices without compromising people's privacy on their personal devices.<br/><br/>Non-Microsoft servers can be used to manage Windows 11 by using industry standard protocols.<br/><br/>To learn more, see [MDM and Windows 11](mdm-windows.md). |
 | Microsoft account | When users add their Microsoft account to Windows 11, they can bring their Windows, Microsoft Edge, Xbox settings, web page favorites, files, photos, and more across their devices. <br/><br/>The Microsoft account enables people to manage everything in one place. They can keep tabs on their subscriptions and order history, organize their family's digital life, update their privacy and security settings, track the health and safety of their devices, and even get rewards. <br/><br/>To learn more, see [Microsoft Accounts](identity-protection/access-control/microsoft-accounts.md).|
-| OneDrive | OneDrive is your online storage for your files, photos, and data. OneDrive provides extra security, backup, and restore options for important files and photos. With options for both personal and business, people can use OneDrive to store and protect files in the cloud, allowing users to them on their laptops, desktops, and mobile devices. If a device is lost or stolen, people can quickly recover all their important files, photos, and data. <br/><br/>The OneDrive Personal Vault also provides protection for your most sensitive files without losing the convenience of anywhere access. Files are secured by identity verification, yet easily accessible to users across their devices. [Learn how to set up your Personal Vault](https://support.microsoft.com/en-us/office/protect-your-onedrive-files-in-personal-vault-6540ef37-e9bf-4121-a773-56f98dce78c4?ui=en-us&rs=en-us&ad=us) with a strong authentication method or a second step of identity verification, such as your fingerprint, face, PIN, or a code sent to you via email or SMS. <br/><br/>In the event of a ransomware attack, OneDrive can enable recovery. And if you’ve configured backups in OneDrive, you have more options to mitigate and recover from a ransomware attack. [Learn more about how to recover from a ransomware attack using Office 365](/microsoft-365/security/office-365-security/recover-from-ransomware) |
+| OneDrive | OneDrive is your online storage for your files, photos, and data. OneDrive provides extra security, backup, and restore options for important files and photos. With options for both personal and business, people can use OneDrive to store and protect files in the cloud, allowing users to them on their laptops, desktops, and mobile devices. If a device is lost or stolen, people can quickly recover all their important files, photos, and data. <br/><br/>The OneDrive Personal Vault also provides protection for your most sensitive files without losing the convenience of anywhere access. Files are secured by identity verification, yet easily accessible to users across their devices. [Learn how to set up your Personal Vault](https://support.microsoft.com/office/protect-your-onedrive-files-in-personal-vault-6540ef37-e9bf-4121-a773-56f98dce78c4) with a strong authentication method or a second step of identity verification, such as your fingerprint, face, PIN, or a code sent to you via email or SMS. <br/><br/>In the event of a ransomware attack, OneDrive can enable recovery. And if you’ve configured backups in OneDrive, you have more options to mitigate and recover from a ransomware attack. [Learn more about how to recover from a ransomware attack using Office 365](/microsoft-365/security/office-365-security/recover-from-ransomware) |
 | Family safety | Microsoft Family Safety empowers people and their family members to create healthy habits and protect their loved ones, both online and offline. People can use their Microsoft account to create a family group on Windows, Xbox, or your mobile devices, and then customize their family settings by using the `family.microsoft.com` website or the Microsoft Family Safety app on Android and iOS.<br/><br/>[Learn more about Microsoft Family Safety](https://www.microsoft.com/en-us/microsoft-365/family-safety).   |
 

From 69635a233af330c1ec58cbfd84e088841b72474d Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Wed, 8 Sep 2021 12:34:36 -0700
Subject: [PATCH 74/84] Update cloud.md

---
 windows/security/cloud.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/cloud.md b/windows/security/cloud.md
index 0b40946517..389cae3460 100644
--- a/windows/security/cloud.md
+++ b/windows/security/cloud.md
@@ -24,6 +24,6 @@ Windows 11 includes the cloud services that are listed in the following table:<b
 | Access to Azure Active Directory | Microsoft Azure Active Directory (Azure AD) is a complete cloud identity and access management solution for managing identities and directories, enabling access to applications, and protecting identities from security threats.<br/><br/>With Azure AD, you can manage and secure identities for your employees, partners, and customers to access the applications and services they need. <br/><br/>Windows 11 works seamlessly with Azure Active Directory to provide secure access, identity management, and single sign-on to apps and services from anywhere.<br/><br/>To learn more, see [What is Azure AD?](/azure/active-directory/fundamentals/active-directory-whatis) |
 | Modern device management (MDM) and Microsoft Endpoint Manager | Windows 11 supports MDM, an enterprise management solution to help you manage your organization's security policies and business applications. MDM enables your security team to manage devices without compromising people's privacy on their personal devices.<br/><br/>Non-Microsoft servers can be used to manage Windows 11 by using industry standard protocols.<br/><br/>To learn more, see [MDM and Windows 11](mdm-windows.md). |
 | Microsoft account | When users add their Microsoft account to Windows 11, they can bring their Windows, Microsoft Edge, Xbox settings, web page favorites, files, photos, and more across their devices. <br/><br/>The Microsoft account enables people to manage everything in one place. They can keep tabs on their subscriptions and order history, organize their family's digital life, update their privacy and security settings, track the health and safety of their devices, and even get rewards. <br/><br/>To learn more, see [Microsoft Accounts](identity-protection/access-control/microsoft-accounts.md).|
-| OneDrive | OneDrive is your online storage for your files, photos, and data. OneDrive provides extra security, backup, and restore options for important files and photos. With options for both personal and business, people can use OneDrive to store and protect files in the cloud, allowing users to them on their laptops, desktops, and mobile devices. If a device is lost or stolen, people can quickly recover all their important files, photos, and data. <br/><br/>The OneDrive Personal Vault also provides protection for your most sensitive files without losing the convenience of anywhere access. Files are secured by identity verification, yet easily accessible to users across their devices. [Learn how to set up your Personal Vault](https://support.microsoft.com/office/protect-your-onedrive-files-in-personal-vault-6540ef37-e9bf-4121-a773-56f98dce78c4) with a strong authentication method or a second step of identity verification, such as your fingerprint, face, PIN, or a code sent to you via email or SMS. <br/><br/>In the event of a ransomware attack, OneDrive can enable recovery. And if you’ve configured backups in OneDrive, you have more options to mitigate and recover from a ransomware attack. [Learn more about how to recover from a ransomware attack using Office 365](/microsoft-365/security/office-365-security/recover-from-ransomware) |
+| OneDrive | OneDrive is your online storage for your files, photos, and data. OneDrive provides extra security, backup, and restore options for important files and photos. With options for both personal and business, people can use OneDrive to store and protect files in the cloud, allowing users to them on their laptops, desktops, and mobile devices. If a device is lost or stolen, people can quickly recover all their important files, photos, and data. <br/><br/>The OneDrive Personal Vault also provides protection for your most sensitive files without losing the convenience of anywhere access. Files are secured by identity verification, yet easily accessible to users across their devices. [Learn how to set up your Personal Vault](https://support.microsoft.com/office/protect-your-onedrive-files-in-personal-vault-6540ef37-e9bf-4121-a773-56f98dce78c4). <br/><br/>In the event of a ransomware attack, OneDrive can enable recovery. And if you’ve configured backups in OneDrive, you have more options to mitigate and recover from a ransomware attack. [Learn more about how to recover from a ransomware attack using Office 365](/microsoft-365/security/office-365-security/recover-from-ransomware). |
 | Family safety | Microsoft Family Safety empowers people and their family members to create healthy habits and protect their loved ones, both online and offline. People can use their Microsoft account to create a family group on Windows, Xbox, or your mobile devices, and then customize their family settings by using the `family.microsoft.com` website or the Microsoft Family Safety app on Android and iOS.<br/><br/>[Learn more about Microsoft Family Safety](https://www.microsoft.com/en-us/microsoft-365/family-safety).   |
 

From e9f4f576784d0b9eb2285aa9edb0b907266b0f84 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Wed, 8 Sep 2021 12:36:56 -0700
Subject: [PATCH 75/84] Update cloud.md

---
 windows/security/cloud.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/cloud.md b/windows/security/cloud.md
index 389cae3460..f167df48d7 100644
--- a/windows/security/cloud.md
+++ b/windows/security/cloud.md
@@ -21,7 +21,7 @@ Windows 11 includes the cloud services that are listed in the following table:<b
 
 | Service type | Description |
 |:---|:---|
-| Access to Azure Active Directory | Microsoft Azure Active Directory (Azure AD) is a complete cloud identity and access management solution for managing identities and directories, enabling access to applications, and protecting identities from security threats.<br/><br/>With Azure AD, you can manage and secure identities for your employees, partners, and customers to access the applications and services they need. <br/><br/>Windows 11 works seamlessly with Azure Active Directory to provide secure access, identity management, and single sign-on to apps and services from anywhere.<br/><br/>To learn more, see [What is Azure AD?](/azure/active-directory/fundamentals/active-directory-whatis) |
+| Access to Azure Active Directory | Microsoft Azure Active Directory (Azure AD) is a complete cloud identity and access management solution for managing identities and directories, enabling access to applications, and protecting identities from security threats.<br/><br/>With Azure AD, you can manage and secure identities for your employees, partners, and customers to access the applications and services they need. Windows 11 works seamlessly with Azure Active Directory to provide secure access, identity management, and single sign-on to apps and services from anywhere.<br/><br/>To learn more, see [What is Azure AD?](/azure/active-directory/fundamentals/active-directory-whatis) |
 | Modern device management (MDM) and Microsoft Endpoint Manager | Windows 11 supports MDM, an enterprise management solution to help you manage your organization's security policies and business applications. MDM enables your security team to manage devices without compromising people's privacy on their personal devices.<br/><br/>Non-Microsoft servers can be used to manage Windows 11 by using industry standard protocols.<br/><br/>To learn more, see [MDM and Windows 11](mdm-windows.md). |
 | Microsoft account | When users add their Microsoft account to Windows 11, they can bring their Windows, Microsoft Edge, Xbox settings, web page favorites, files, photos, and more across their devices. <br/><br/>The Microsoft account enables people to manage everything in one place. They can keep tabs on their subscriptions and order history, organize their family's digital life, update their privacy and security settings, track the health and safety of their devices, and even get rewards. <br/><br/>To learn more, see [Microsoft Accounts](identity-protection/access-control/microsoft-accounts.md).|
 | OneDrive | OneDrive is your online storage for your files, photos, and data. OneDrive provides extra security, backup, and restore options for important files and photos. With options for both personal and business, people can use OneDrive to store and protect files in the cloud, allowing users to them on their laptops, desktops, and mobile devices. If a device is lost or stolen, people can quickly recover all their important files, photos, and data. <br/><br/>The OneDrive Personal Vault also provides protection for your most sensitive files without losing the convenience of anywhere access. Files are secured by identity verification, yet easily accessible to users across their devices. [Learn how to set up your Personal Vault](https://support.microsoft.com/office/protect-your-onedrive-files-in-personal-vault-6540ef37-e9bf-4121-a773-56f98dce78c4). <br/><br/>In the event of a ransomware attack, OneDrive can enable recovery. And if you’ve configured backups in OneDrive, you have more options to mitigate and recover from a ransomware attack. [Learn more about how to recover from a ransomware attack using Office 365](/microsoft-365/security/office-365-security/recover-from-ransomware). |

From 9dd3cadae71f5a6f6a5c6aeee936d1d3e8367499 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Wed, 8 Sep 2021 12:47:28 -0700
Subject: [PATCH 76/84] Update mdm-windows.md

---
 windows/security/mdm-windows.md | 24 +++++++++++++++++++++++-
 1 file changed, 23 insertions(+), 1 deletion(-)

diff --git a/windows/security/mdm-windows.md b/windows/security/mdm-windows.md
index 6b5de3479e..6668d62e59 100644
--- a/windows/security/mdm-windows.md
+++ b/windows/security/mdm-windows.md
@@ -21,9 +21,12 @@ f1.keywords: NOCSH
 Windows 11 supports MDM, an enterprise management solution to help you manage your organization's security policies and business applications. MDM enables your security team to manage devices without compromising people's privacy on their personal devices.
 
 Windows 11 includes a management component that includes:
+
 - The enrollment client, which enrolls and configures the endpoint to communicate with the enterprise management server; and
 - The management client, which periodically synchronizes with the management server to check for updates and apply your security team's latest policies.
 
+## MDM features and capabilities
+
 MDM includes several security features & capabilities. These include:
 - Remote wipe
 - Support for your work or school account
@@ -31,4 +34,23 @@ MDM includes several security features & capabilities. These include:
 - Remote device attestation
 - (other stuff coming soon): Device Installation, DMA Guard, Endpoint Detection and Response, the Microsoft Defender Security Center, Smartscreen, System Guard, and Windows Hello for Business
 
-Non-Microsoft servers can be used to manage Windows 11 by using industry standard protocols.
\ No newline at end of file
+## Support for non-Microsoft MDM servers
+
+Non-Microsoft MDM servers can be used to manage Windows 11 by using industry standard protocols. The built-in management client can communicate with a third-party server proxy that supports the MDM protocols to perform enterprise management tasks. The third-party server will have the same consistent first-party user experience for enrollment, which also provides simplicity for Windows 11 users. MDM servers do not need to create or download a client to manage Windows 11. 
+
+For details about the MDM protocols, the following resources:
+
+- [MS-MDM: Mobile Device Management Protocol](/openspecs/windows_protocols/ms-mdm/33769a92-ac31-47ef-ae7b-dc8501f7104f) 
+- [MS-MDE2: Mobile Device Enrollment Protocol Version 2](/openspecs/windows_protocols/ms-mde2/4d7eadd5-3951-4f1c-8159-c39e07cbe692)
+
+## Security baselines
+
+Windows 11 can be configured with the Microsoft MDM security baseline backed by ADMX policies, which functions like the Microsoft GP-based security baseline. Security baseline enables IT admins to easily integrate this baseline into any MDM, addressing security concerns and compliance needs for modern cloud-managed devices.
+
+The MDM security baseline includes policies that cover the following areas:
+
+- Microsoft inbox security technology (not deprecated) such as BitLocker, Windows Defender SmartScreen, and Virtual-based security, Exploit Guard, Defender, and Firewall
+- Restricting remote access to devices
+- Setting credential requirements for passwords and PINs
+- Restricting use of legacy technology
+- Legacy technology policies that offer alternative solutions with modern technology

From 9d97e27242884a64c7a1e4d250c417f6eb4d36f4 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Wed, 8 Sep 2021 13:03:26 -0700
Subject: [PATCH 77/84] Update mdm-windows.md

---
 windows/security/mdm-windows.md | 21 ++++++++++++---------
 1 file changed, 12 insertions(+), 9 deletions(-)

diff --git a/windows/security/mdm-windows.md b/windows/security/mdm-windows.md
index 6668d62e59..c19ab3a22a 100644
--- a/windows/security/mdm-windows.md
+++ b/windows/security/mdm-windows.md
@@ -27,12 +27,15 @@ Windows 11 includes a management component that includes:
 
 ## MDM features and capabilities
 
-MDM includes several security features & capabilities. These include:
-- Remote wipe
-- Support for your work or school account
-- Config Lock
-- Remote device attestation
-- (other stuff coming soon): Device Installation, DMA Guard, Endpoint Detection and Response, the Microsoft Defender Security Center, Smartscreen, System Guard, and Windows Hello for Business
+MDM includes several security features & capabilities, as described in the following table:
+
+| Feature/capability | Description |
+|:---|:---|
+| Remote wipe | When a device is lost or stolen, IT admins can attempt to wipe it remotely and make the data stored in memory and hard disks difficult to recover. A help desk agent might also want to reset devices to fix issues encountered by remote workers. Windows 10 and Windows 11 supports the Remote Wipe configuration service provider (CSP) so that MDM solutions can remotely initiate any of the following operations: <br/>- Reset the device and remove user accounts and data <br/>- Reset the device and clean the drive <br/>- Reset the device but persist user accounts and data |
+| Support for your work or school account | Adding a work or school account enables devices to connect to your work environment. You can join the device to an Active Directory domain, an Azure Active Directory (Azure AD) domain, or by quickly provisioning corporate owned devices so they meet the policy and security guidelines for the company. Easily configure the devices with the apps and settings the person needs to do their work through management solutions such as Microsoft Endpoint Manager (MEM). <br/><br/>When a device is joined to Azure AD and managed with MDM, it will bring the following security values: <br/>- Default fully managed user and device settings and policies<br/>- Single Sign On to all Microsoft Online Services<br/>- Full suite of password management capabilities, using Windows Hello For Business<br/>- Authentication uses Tokens<br/>- No use of consumer Microsoft Account identity | 
+| Config Lock |  |
+| Remote device attestation |  |
+| (other stuff coming soon) | Device Installation, DMA Guard, Endpoint Detection and Response, the Microsoft Defender Security Center, Smartscreen, System Guard, and Windows Hello for Business |
 
 ## Support for non-Microsoft MDM servers
 
@@ -45,12 +48,12 @@ For details about the MDM protocols, the following resources:
 
 ## Security baselines
 
-Windows 11 can be configured with the Microsoft MDM security baseline backed by ADMX policies, which functions like the Microsoft GP-based security baseline. Security baseline enables IT admins to easily integrate this baseline into any MDM, addressing security concerns and compliance needs for modern cloud-managed devices.
+Windows 11 can be configured with the [Microsoft MDM security baseline](/mem/intune/protect/security-baseline-settings-mdm-all?pivots=mdm-december-2020) backed by ADMX policies, which functions like the Microsoft Group Policy security baseline. Security baselines enable security teams and IT admins to easily integrate this baseline into any MDM, addressing security concerns and compliance needs for modern cloud-managed devices.
 
 The MDM security baseline includes policies that cover the following areas:
 
-- Microsoft inbox security technology (not deprecated) such as BitLocker, Windows Defender SmartScreen, and Virtual-based security, Exploit Guard, Defender, and Firewall
+- Microsoft inbox security technology (such as BitLocker and Windows Defender SmartScreen), and Virtual-based security ( exploit protection, Microsoft Defender Antivirus, and Windows Defender Firewall)
 - Restricting remote access to devices
 - Setting credential requirements for passwords and PINs
-- Restricting use of legacy technology
+- Restricting the use of legacy technology
 - Legacy technology policies that offer alternative solutions with modern technology

From 95cdc814fd5685b3b6ab5d1930b43d74aa590c4a Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Wed, 8 Sep 2021 13:05:05 -0700
Subject: [PATCH 78/84] Update mdm-windows.md

---
 windows/security/mdm-windows.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/mdm-windows.md b/windows/security/mdm-windows.md
index c19ab3a22a..546c0c4aeb 100644
--- a/windows/security/mdm-windows.md
+++ b/windows/security/mdm-windows.md
@@ -18,7 +18,7 @@ f1.keywords: NOCSH
 
 # Modern device management and Windows 11
 
-Windows 11 supports MDM, an enterprise management solution to help you manage your organization's security policies and business applications. MDM enables your security team to manage devices without compromising people's privacy on their personal devices.
+Windows 11 supports modern device management (MDM), an enterprise management solution to help you manage your organization's security policies and business applications. MDM enables your security team to manage devices without compromising people's privacy on their personal devices.
 
 Windows 11 includes a management component that includes:
 

From 2d859018a2c817774e710ae88ac9b821753710ed Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Wed, 8 Sep 2021 13:07:40 -0700
Subject: [PATCH 79/84] Update mdm-windows.md

---
 windows/security/mdm-windows.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/mdm-windows.md b/windows/security/mdm-windows.md
index 546c0c4aeb..da333c0c9c 100644
--- a/windows/security/mdm-windows.md
+++ b/windows/security/mdm-windows.md
@@ -27,11 +27,11 @@ Windows 11 includes a management component that includes:
 
 ## MDM features and capabilities
 
-MDM includes several security features & capabilities, as described in the following table:
+MDM includes several security features & capabilities, as described in the following table:<br/><br/>
 
 | Feature/capability | Description |
 |:---|:---|
-| Remote wipe | When a device is lost or stolen, IT admins can attempt to wipe it remotely and make the data stored in memory and hard disks difficult to recover. A help desk agent might also want to reset devices to fix issues encountered by remote workers. Windows 10 and Windows 11 supports the Remote Wipe configuration service provider (CSP) so that MDM solutions can remotely initiate any of the following operations: <br/>- Reset the device and remove user accounts and data <br/>- Reset the device and clean the drive <br/>- Reset the device but persist user accounts and data |
+| Remote wipe | When a device is lost or stolen, IT admins can attempt to wipe it remotely and make the data stored in memory and hard disks difficult to recover. Help desk agents can also reset devices to fix issues that are encountered by remote workers.<br/><br/>Windows 10 and Windows 11 supports the remote wipe configuration service provider (CSP) so that MDM solutions can remotely initiate any of the following operations: <br/>- Reset the device and remove user accounts and data <br/>- Reset the device and clean the drive <br/>- Reset the device but persist user accounts and data |
 | Support for your work or school account | Adding a work or school account enables devices to connect to your work environment. You can join the device to an Active Directory domain, an Azure Active Directory (Azure AD) domain, or by quickly provisioning corporate owned devices so they meet the policy and security guidelines for the company. Easily configure the devices with the apps and settings the person needs to do their work through management solutions such as Microsoft Endpoint Manager (MEM). <br/><br/>When a device is joined to Azure AD and managed with MDM, it will bring the following security values: <br/>- Default fully managed user and device settings and policies<br/>- Single Sign On to all Microsoft Online Services<br/>- Full suite of password management capabilities, using Windows Hello For Business<br/>- Authentication uses Tokens<br/>- No use of consumer Microsoft Account identity | 
 | Config Lock |  |
 | Remote device attestation |  |

From 2a36d93435fe4029f01203358e541c695f3fab1f Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Wed, 8 Sep 2021 13:40:57 -0700
Subject: [PATCH 80/84] Update mdm-windows.md

---
 windows/security/mdm-windows.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/mdm-windows.md b/windows/security/mdm-windows.md
index da333c0c9c..1ba8b1ff88 100644
--- a/windows/security/mdm-windows.md
+++ b/windows/security/mdm-windows.md
@@ -32,7 +32,7 @@ MDM includes several security features & capabilities, as described in the follo
 | Feature/capability | Description |
 |:---|:---|
 | Remote wipe | When a device is lost or stolen, IT admins can attempt to wipe it remotely and make the data stored in memory and hard disks difficult to recover. Help desk agents can also reset devices to fix issues that are encountered by remote workers.<br/><br/>Windows 10 and Windows 11 supports the remote wipe configuration service provider (CSP) so that MDM solutions can remotely initiate any of the following operations: <br/>- Reset the device and remove user accounts and data <br/>- Reset the device and clean the drive <br/>- Reset the device but persist user accounts and data |
-| Support for your work or school account | Adding a work or school account enables devices to connect to your work environment. You can join the device to an Active Directory domain, an Azure Active Directory (Azure AD) domain, or by quickly provisioning corporate owned devices so they meet the policy and security guidelines for the company. Easily configure the devices with the apps and settings the person needs to do their work through management solutions such as Microsoft Endpoint Manager (MEM). <br/><br/>When a device is joined to Azure AD and managed with MDM, it will bring the following security values: <br/>- Default fully managed user and device settings and policies<br/>- Single Sign On to all Microsoft Online Services<br/>- Full suite of password management capabilities, using Windows Hello For Business<br/>- Authentication uses Tokens<br/>- No use of consumer Microsoft Account identity | 
+| Support for your work or school account | Adding a work or school account enables people to connect their devices to your work environment. Devices can be joined to an Active Directory domain, an Azure Active Directory (Azure AD) domain, or by quickly provisioning corporate-owned devices so they meet your security and policy guidelines. <br/><br/>When a device is joined to Azure AD and managed with MDM, you get teh following security benefits: <br/>- Fully managed user/device settings and policies by default<br/>- Single Sign On to all Microsoft online services<br/>- Password management capabilities (Windows Hello for Business)<br/>- Authentication using tokens<br/>- No use of consumer Microsoft Account identities | 
 | Config Lock |  |
 | Remote device attestation |  |
 | (other stuff coming soon) | Device Installation, DMA Guard, Endpoint Detection and Response, the Microsoft Defender Security Center, Smartscreen, System Guard, and Windows Hello for Business |

From ef784279f138ee03a4121ad42707d7d566e4a633 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Wed, 8 Sep 2021 13:53:04 -0700
Subject: [PATCH 81/84] Update mdm-windows.md

---
 windows/security/mdm-windows.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/mdm-windows.md b/windows/security/mdm-windows.md
index 1ba8b1ff88..e938581f41 100644
--- a/windows/security/mdm-windows.md
+++ b/windows/security/mdm-windows.md
@@ -33,8 +33,8 @@ MDM includes several security features & capabilities, as described in the follo
 |:---|:---|
 | Remote wipe | When a device is lost or stolen, IT admins can attempt to wipe it remotely and make the data stored in memory and hard disks difficult to recover. Help desk agents can also reset devices to fix issues that are encountered by remote workers.<br/><br/>Windows 10 and Windows 11 supports the remote wipe configuration service provider (CSP) so that MDM solutions can remotely initiate any of the following operations: <br/>- Reset the device and remove user accounts and data <br/>- Reset the device and clean the drive <br/>- Reset the device but persist user accounts and data |
 | Support for your work or school account | Adding a work or school account enables people to connect their devices to your work environment. Devices can be joined to an Active Directory domain, an Azure Active Directory (Azure AD) domain, or by quickly provisioning corporate-owned devices so they meet your security and policy guidelines. <br/><br/>When a device is joined to Azure AD and managed with MDM, you get teh following security benefits: <br/>- Fully managed user/device settings and policies by default<br/>- Single Sign On to all Microsoft online services<br/>- Password management capabilities (Windows Hello for Business)<br/>- Authentication using tokens<br/>- No use of consumer Microsoft Account identities | 
-| Config Lock |  |
-| Remote device attestation |  |
+| Config Lock | In enterprise organizations, security teams and IT admins typically enforce policies on corporate devices to keep the devices in a compliant state and protect the operating system from changes made by users.<br/><br/>When users who have local admin rights attempt to work around security policies, they run the risk of leaving the device in a non-compliant state. We call this *config drift*. Config drift can introduce security risks until the next time the device syncs with MDM and the configuration is reset. In a worst-case scenario, correcting config drift could take up to eight hours. Many organizations consider config drift a security risk. <br/><br/> Windows 11 with Config Lock enables IT admins to remediate config drift and keep the operating system configuration to the IT desired state on the following feature sets. The operating system monitors the registry keys that configures each feature and when a drift is detected, it will revert back to the IT desired state in seconds. <br/><br/>Config Lock works with Application Control, Application Guard, and BitLocker. |
+| Remote device attestation | Attestation relies on the Trusted Platform Module (TPM) and measured boot capabilities to enhance the security provided by trusted boot. IT Administrators of the attestation service can leverage the information available in the boot to protect themselves from boot level attacks and misconfigurations. An enterprise’s device management operators can rely on Microsoft Azure Attestation service to securely report on the device boot health, firmware security and other low level security features usually used for device compliance. Microsoft Azure Attestation is designed to be policy-configured, giving control of your enterprises device health to the administrator, allowing them to deal with low level threats with confidence. One of the fundamental device management verticals of any enterprise is the security stature of its devices. Windows 11 comes with MDM integration with Microsoft Azure Attestation allowing MDM providers to also leverage the attestation capabilities to trust and enhance the security of a device. |
 | (other stuff coming soon) | Device Installation, DMA Guard, Endpoint Detection and Response, the Microsoft Defender Security Center, Smartscreen, System Guard, and Windows Hello for Business |
 
 ## Support for non-Microsoft MDM servers

From 4923e4027c6858b3b08cf3a3dea3c650ecc2523a Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Wed, 8 Sep 2021 14:00:52 -0700
Subject: [PATCH 82/84] Update mdm-windows.md

---
 windows/security/mdm-windows.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/mdm-windows.md b/windows/security/mdm-windows.md
index e938581f41..3d2d701333 100644
--- a/windows/security/mdm-windows.md
+++ b/windows/security/mdm-windows.md
@@ -33,8 +33,8 @@ MDM includes several security features & capabilities, as described in the follo
 |:---|:---|
 | Remote wipe | When a device is lost or stolen, IT admins can attempt to wipe it remotely and make the data stored in memory and hard disks difficult to recover. Help desk agents can also reset devices to fix issues that are encountered by remote workers.<br/><br/>Windows 10 and Windows 11 supports the remote wipe configuration service provider (CSP) so that MDM solutions can remotely initiate any of the following operations: <br/>- Reset the device and remove user accounts and data <br/>- Reset the device and clean the drive <br/>- Reset the device but persist user accounts and data |
 | Support for your work or school account | Adding a work or school account enables people to connect their devices to your work environment. Devices can be joined to an Active Directory domain, an Azure Active Directory (Azure AD) domain, or by quickly provisioning corporate-owned devices so they meet your security and policy guidelines. <br/><br/>When a device is joined to Azure AD and managed with MDM, you get teh following security benefits: <br/>- Fully managed user/device settings and policies by default<br/>- Single Sign On to all Microsoft online services<br/>- Password management capabilities (Windows Hello for Business)<br/>- Authentication using tokens<br/>- No use of consumer Microsoft Account identities | 
-| Config Lock | In enterprise organizations, security teams and IT admins typically enforce policies on corporate devices to keep the devices in a compliant state and protect the operating system from changes made by users.<br/><br/>When users who have local admin rights attempt to work around security policies, they run the risk of leaving the device in a non-compliant state. We call this *config drift*. Config drift can introduce security risks until the next time the device syncs with MDM and the configuration is reset. In a worst-case scenario, correcting config drift could take up to eight hours. Many organizations consider config drift a security risk. <br/><br/> Windows 11 with Config Lock enables IT admins to remediate config drift and keep the operating system configuration to the IT desired state on the following feature sets. The operating system monitors the registry keys that configures each feature and when a drift is detected, it will revert back to the IT desired state in seconds. <br/><br/>Config Lock works with Application Control, Application Guard, and BitLocker. |
-| Remote device attestation | Attestation relies on the Trusted Platform Module (TPM) and measured boot capabilities to enhance the security provided by trusted boot. IT Administrators of the attestation service can leverage the information available in the boot to protect themselves from boot level attacks and misconfigurations. An enterprise’s device management operators can rely on Microsoft Azure Attestation service to securely report on the device boot health, firmware security and other low level security features usually used for device compliance. Microsoft Azure Attestation is designed to be policy-configured, giving control of your enterprises device health to the administrator, allowing them to deal with low level threats with confidence. One of the fundamental device management verticals of any enterprise is the security stature of its devices. Windows 11 comes with MDM integration with Microsoft Azure Attestation allowing MDM providers to also leverage the attestation capabilities to trust and enhance the security of a device. |
+| Config Lock | Security teams and IT admins typically enforce policies on corporate devices to keep those devices in a compliant state, and protect the operating system from changes made by users.<br/><br/>When users who have local admin rights attempt to work around security policies, they run the risk of leaving the device in a non-compliant state called *config drift*. Config drift can introduce security risks until the next time the device syncs with MDM and the configuration is reset. In a worst-case scenario, correcting config drift could take up to eight hours. Many organizations consider config drift a security risk. <br/><br/> Windows 11 with Config Lock enables IT admins to remediate config drift and keep the operating system configuration to its proper state. The operating system monitors the registry keys that configures each feature and when a drift is detected, it will revert back to the IT desired state in seconds. <br/><br/>Config Lock works with Application Control, Application Guard, and BitLocker. |
+| Remote device attestation | Attestation relies on the Trusted Platform Module (TPM) and measured boot capabilities to enhance the security provided by trusted boot. IT administrators can use available boot information to protect against boot-level attacks and misconfigurations. The Microsoft Azure Attestation service securely reports on device boot health, firmware security, and other low-level security features usually used for device compliance. Microsoft Azure Attestation is designed to be policy-configured, giving control of your enterprise's device health to the administrator, allowing them to deal with low-level threats with confidence. Windows 11 comes with MDM integration with Microsoft Azure Attestation, allowing MDM providers to use the attestation capabilities to trust and enhance device security. <br/><br/>Learn more about [Microsoft Azure Attestation](/azure/attestation). |
 | (other stuff coming soon) | Device Installation, DMA Guard, Endpoint Detection and Response, the Microsoft Defender Security Center, Smartscreen, System Guard, and Windows Hello for Business |
 
 ## Support for non-Microsoft MDM servers

From c71125c86601deb5278bbdc2172e0c6e97cb165d Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Wed, 8 Sep 2021 14:05:36 -0700
Subject: [PATCH 83/84] Update mdm-windows.md

---
 windows/security/mdm-windows.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/security/mdm-windows.md b/windows/security/mdm-windows.md
index 3d2d701333..356249fc2e 100644
--- a/windows/security/mdm-windows.md
+++ b/windows/security/mdm-windows.md
@@ -32,9 +32,9 @@ MDM includes several security features & capabilities, as described in the follo
 | Feature/capability | Description |
 |:---|:---|
 | Remote wipe | When a device is lost or stolen, IT admins can attempt to wipe it remotely and make the data stored in memory and hard disks difficult to recover. Help desk agents can also reset devices to fix issues that are encountered by remote workers.<br/><br/>Windows 10 and Windows 11 supports the remote wipe configuration service provider (CSP) so that MDM solutions can remotely initiate any of the following operations: <br/>- Reset the device and remove user accounts and data <br/>- Reset the device and clean the drive <br/>- Reset the device but persist user accounts and data |
-| Support for your work or school account | Adding a work or school account enables people to connect their devices to your work environment. Devices can be joined to an Active Directory domain, an Azure Active Directory (Azure AD) domain, or by quickly provisioning corporate-owned devices so they meet your security and policy guidelines. <br/><br/>When a device is joined to Azure AD and managed with MDM, you get teh following security benefits: <br/>- Fully managed user/device settings and policies by default<br/>- Single Sign On to all Microsoft online services<br/>- Password management capabilities (Windows Hello for Business)<br/>- Authentication using tokens<br/>- No use of consumer Microsoft Account identities | 
+| Support for your work or school account | Adding a work or school account enables people to connect their devices to your work environment. Devices can be joined to an Active Directory domain, an Azure Active Directory (Azure AD) domain, or by quickly provisioning corporate-owned devices so they meet your security and policy guidelines. <br/><br/>When a device is joined to Azure AD and managed with MDM, you get the following security benefits: <br/>- Fully managed user/device settings and policies by default<br/>- Single Sign On to all Microsoft online services<br/>- Password management capabilities (Windows Hello for Business)<br/>- Authentication using tokens<br/>- No use of consumer Microsoft Account identities | 
 | Config Lock | Security teams and IT admins typically enforce policies on corporate devices to keep those devices in a compliant state, and protect the operating system from changes made by users.<br/><br/>When users who have local admin rights attempt to work around security policies, they run the risk of leaving the device in a non-compliant state called *config drift*. Config drift can introduce security risks until the next time the device syncs with MDM and the configuration is reset. In a worst-case scenario, correcting config drift could take up to eight hours. Many organizations consider config drift a security risk. <br/><br/> Windows 11 with Config Lock enables IT admins to remediate config drift and keep the operating system configuration to its proper state. The operating system monitors the registry keys that configures each feature and when a drift is detected, it will revert back to the IT desired state in seconds. <br/><br/>Config Lock works with Application Control, Application Guard, and BitLocker. |
-| Remote device attestation | Attestation relies on the Trusted Platform Module (TPM) and measured boot capabilities to enhance the security provided by trusted boot. IT administrators can use available boot information to protect against boot-level attacks and misconfigurations. The Microsoft Azure Attestation service securely reports on device boot health, firmware security, and other low-level security features usually used for device compliance. Microsoft Azure Attestation is designed to be policy-configured, giving control of your enterprise's device health to the administrator, allowing them to deal with low-level threats with confidence. Windows 11 comes with MDM integration with Microsoft Azure Attestation, allowing MDM providers to use the attestation capabilities to trust and enhance device security. <br/><br/>Learn more about [Microsoft Azure Attestation](/azure/attestation). |
+| Remote device attestation | Attestation relies on the Trusted Platform Module (TPM) and measured boot capabilities to enhance the security provided by trusted boot. IT administrators can use available boot information to protect against boot-level attacks and misconfigurations. The Microsoft Azure Attestation service securely reports on device boot health, firmware security, and other low-level security features used for device compliance. Microsoft Azure Attestation is designed to be policy-configured, giving control of your enterprise's device health to the administrator, allowing them to deal with low-level threats with confidence. Windows 11 comes with MDM integration with Microsoft Azure Attestation, allowing MDM providers to use the attestation capabilities to trust and enhance device security. <br/><br/>Learn more about [Microsoft Azure Attestation](/azure/attestation). |
 | (other stuff coming soon) | Device Installation, DMA Guard, Endpoint Detection and Response, the Microsoft Defender Security Center, Smartscreen, System Guard, and Windows Hello for Business |
 
 ## Support for non-Microsoft MDM servers
@@ -52,7 +52,7 @@ Windows 11 can be configured with the [Microsoft MDM security baseline](/mem/int
 
 The MDM security baseline includes policies that cover the following areas:
 
-- Microsoft inbox security technology (such as BitLocker and Windows Defender SmartScreen), and Virtual-based security ( exploit protection, Microsoft Defender Antivirus, and Windows Defender Firewall)
+- Microsoft inbox security technology (such as BitLocker and Windows Defender SmartScreen), and Virtual-based security (exploit protection, Microsoft Defender Antivirus, and Windows Defender Firewall)
 - Restricting remote access to devices
 - Setting credential requirements for passwords and PINs
 - Restricting the use of legacy technology

From bb962e51002acb34a1c996a78fca520a1c2729c9 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Wed, 8 Sep 2021 14:06:19 -0700
Subject: [PATCH 84/84] Update mdm-windows.md

---
 windows/security/mdm-windows.md | 20 +++++++++++---------
 1 file changed, 11 insertions(+), 9 deletions(-)

diff --git a/windows/security/mdm-windows.md b/windows/security/mdm-windows.md
index 356249fc2e..2456527534 100644
--- a/windows/security/mdm-windows.md
+++ b/windows/security/mdm-windows.md
@@ -37,15 +37,6 @@ MDM includes several security features & capabilities, as described in the follo
 | Remote device attestation | Attestation relies on the Trusted Platform Module (TPM) and measured boot capabilities to enhance the security provided by trusted boot. IT administrators can use available boot information to protect against boot-level attacks and misconfigurations. The Microsoft Azure Attestation service securely reports on device boot health, firmware security, and other low-level security features used for device compliance. Microsoft Azure Attestation is designed to be policy-configured, giving control of your enterprise's device health to the administrator, allowing them to deal with low-level threats with confidence. Windows 11 comes with MDM integration with Microsoft Azure Attestation, allowing MDM providers to use the attestation capabilities to trust and enhance device security. <br/><br/>Learn more about [Microsoft Azure Attestation](/azure/attestation). |
 | (other stuff coming soon) | Device Installation, DMA Guard, Endpoint Detection and Response, the Microsoft Defender Security Center, Smartscreen, System Guard, and Windows Hello for Business |
 
-## Support for non-Microsoft MDM servers
-
-Non-Microsoft MDM servers can be used to manage Windows 11 by using industry standard protocols. The built-in management client can communicate with a third-party server proxy that supports the MDM protocols to perform enterprise management tasks. The third-party server will have the same consistent first-party user experience for enrollment, which also provides simplicity for Windows 11 users. MDM servers do not need to create or download a client to manage Windows 11. 
-
-For details about the MDM protocols, the following resources:
-
-- [MS-MDM: Mobile Device Management Protocol](/openspecs/windows_protocols/ms-mdm/33769a92-ac31-47ef-ae7b-dc8501f7104f) 
-- [MS-MDE2: Mobile Device Enrollment Protocol Version 2](/openspecs/windows_protocols/ms-mde2/4d7eadd5-3951-4f1c-8159-c39e07cbe692)
-
 ## Security baselines
 
 Windows 11 can be configured with the [Microsoft MDM security baseline](/mem/intune/protect/security-baseline-settings-mdm-all?pivots=mdm-december-2020) backed by ADMX policies, which functions like the Microsoft Group Policy security baseline. Security baselines enable security teams and IT admins to easily integrate this baseline into any MDM, addressing security concerns and compliance needs for modern cloud-managed devices.
@@ -57,3 +48,14 @@ The MDM security baseline includes policies that cover the following areas:
 - Setting credential requirements for passwords and PINs
 - Restricting the use of legacy technology
 - Legacy technology policies that offer alternative solutions with modern technology
+
+
+## Support for non-Microsoft MDM servers
+
+Non-Microsoft MDM servers can be used to manage Windows 11 by using industry standard protocols. The built-in management client can communicate with a third-party server proxy that supports the MDM protocols to perform enterprise management tasks. The third-party server will have the same consistent first-party user experience for enrollment, which also provides simplicity for Windows 11 users. MDM servers do not need to create or download a client to manage Windows 11. 
+
+For details about the MDM protocols, the following resources:
+
+- [MS-MDM: Mobile Device Management Protocol](/openspecs/windows_protocols/ms-mdm/33769a92-ac31-47ef-ae7b-dc8501f7104f) 
+- [MS-MDE2: Mobile Device Enrollment Protocol Version 2](/openspecs/windows_protocols/ms-mde2/4d7eadd5-3951-4f1c-8159-c39e07cbe692)
+