diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index 359a00110d..1965f039f3 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -19114,46 +19114,6 @@ "source_path": "windows/security/identity-protection/change-history-for-access-protection.md", "redirect_url": "/windows/security/", "redirect_document_id": false - }, - { - "source_path": "windows/deployment/deploy-windows-mdt/build-a-distributed-environment-for-windows-10-deployment.md", - "redirect_url": "/windows/deployment/deploy-windows-mdt/build-a-distributed-environment-for-windows-deployment", - "redirect_document_id": false - }, - { - "source_path": "windows/deployment/deploy-windows-mdt/create-a-windows-10-reference-image.md", - "redirect_url": "/windows/deployment/deploy-windows-mdt/create-a-windows-11-reference-image", - "redirect_document_id": false - }, - { - "source_path": "windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md", - "redirect_url": "/windows/deployment/deploy-windows-mdt/deploy-a-windows-11-image-using-mdt", - "redirect_document_id": false - }, - { - "source_path": "windows/deployment/deploy-windows-mdt/refresh-a-windows-7-computer-with-windows-10.md", - "redirect_url": "/windows/deployment/deploy-windows-mdt/refresh-a-windows-10-computer-with-windows-11", - "redirect_document_id": false - }, - { - "source_path": "windows/deployment/deploy-windows-mdt/replace-a-windows-7-computer-with-a-windows-10-computer.md", - "redirect_url": "/windows/deployment/deploy-windows-mdt/replace-a-windows-10-computer-with-a-windows-11-computer", - "redirect_document_id": false - }, - { - "source_path": "windows/deployment/deploy-windows-mdt/simulate-a-windows-10-deployment-in-a-test-environment.md", - "redirect_url": "/windows/deployment/deploy-windows-mdt/simulate-a-windows-11-deployment-in-a-test-environment", - "redirect_document_id": false - }, - { - "source_path": "windows/deployment/deploy-windows-mdt/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md", - "redirect_url": "/windows/deployment/deploy-windows-mdt/upgrade-to-windows-11-with-the-microsoft-deployment-toolkit", - "redirect_document_id": false - }, - { - "source_path": "windows/deployment/deploy-windows-mdt/use-the-mdt-database-to-stage-windows-10-deployment-information.md", - "redirect_url": "/windows/deployment/deploy-windows-mdt/use-the-mdt-database-to-stage-windows-11-deployment-information", - "redirect_document_id": false }, { "source_path": "windows/deploy-windows-cm/upgrade-to-windows-with-configuraton-manager.md", diff --git a/browsers/enterprise-mode/collect-data-using-enterprise-site-discovery.md b/browsers/enterprise-mode/collect-data-using-enterprise-site-discovery.md index d4f9600d8b..10d59733dd 100644 --- a/browsers/enterprise-mode/collect-data-using-enterprise-site-discovery.md +++ b/browsers/enterprise-mode/collect-data-using-enterprise-site-discovery.md @@ -201,68 +201,32 @@ You can use Group Policy to finish setting up Enterprise Site Discovery. If you You can use both the WMI and XML settings individually or together: **To turn off Enterprise Site Discovery** - - - - - - - - - - - - - -
Setting nameOption
Turn on Site Discovery WMI outputOff
Turn on Site Discovery XML outputBlank
+ +|Setting name |Option | +|---------|---------| +|Turn on Site Discovery WMI output | Off | +|Turn on Site Discovery XML output | Blank | **Turn on WMI recording only** - - - - - - - - - - - - - -
Setting nameOption
Turn on Site Discovery WMI outputOn
Turn on Site Discovery XML outputBlank
+ +|Setting name |Option | +|---------|---------| +|Turn on Site Discovery WMI output | On | +|Turn on Site Discovery XML output | Blank | **To turn on XML recording only** - - - - - - - - - - - - - -
Setting nameOption
Turn on Site Discovery WMI outputOff
Turn on Site Discovery XML outputXML file path
+ +|Setting name |Option | +|---------|---------| +|Turn on Site Discovery WMI output | Off | +|Turn on Site Discovery XML output | XML file path | **To turn on both WMI and XML recording** - - - - - - - - - - - - - -
Setting nameOption
Turn on Site Discovery WMI outputOn
Turn on Site Discovery XML outputXML file path
+ +|Setting name |Option | +|---------|---------| +|Turn on Site Discovery WMI output | On | +|Turn on Site Discovery XML output | XML file path | ## Use Configuration Manager to collect your data After you’ve collected your data, you’ll need to get the local files off of your employee’s computers. To do this, use the hardware inventory process in Configuration Manager, using one of these options: diff --git a/browsers/enterprise-mode/enterprise-mode-schema-version-1-guidance.md b/browsers/enterprise-mode/enterprise-mode-schema-version-1-guidance.md index 634fd7cd91..d04fbf79b9 100644 --- a/browsers/enterprise-mode/enterprise-mode-schema-version-1-guidance.md +++ b/browsers/enterprise-mode/enterprise-mode-schema-version-1-guidance.md @@ -60,132 +60,21 @@ Make sure that you don't specify a protocol when adding your URLs. Using a URL l ### Schema elements This table includes the elements used by the Enterprise Mode schema. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
ElementDescriptionSupported browser
<rules>Root node for the schema. -

Example -

-<rules version="205">
-  <emie>
-    <domain>contoso.com</domain>
-  </emie>
-</rules>
Internet Explorer 11 and Microsoft Edge
<emie>The parent node for the Enterprise Mode section of the schema. All <domain> entries will have either IE8 Enterprise Mode or IE7 Enterprise Mode applied. -

Example -

-<rules version="205">
-  <emie>
-    <domain>contoso.com</domain>
-  </emie>
-</rules>
--or- -

For IPv6 ranges:

<rules version="205">
-  <emie>
-    <domain>[10.122.34.99]:8080</domain>
-  </emie>
-  </rules>
--or- -

For IPv4 ranges:

<rules version="205">
-  <emie>
-    <domain>10.122.34.99:8080</domain>
-  </emie>
-  </rules>
Internet Explorer 11 and Microsoft Edge
<docMode>The parent node for the document mode section of the section. All <domain> entries will get IE5 - IE11 document modes applied. If there's a <domain> element in the <docMode> section that uses the same value as a <domain> element in the <emie> section, the <emie> element is applied. -

Example -

-<rules version="205">
-  <docMode>
-    <domain docMode="7">contoso.com</domain>
-  </docMode>
-</rules>
Internet Explorer 11
<domain>A unique entry added for each site you want to put on the Enterprise Mode site list. The first <domain> element will overrule any additional <domain> elements that use the same value for the section. You can use port numbers for this element. -

Example -

-<emie>
-  <domain>contoso.com:8080</domain>
-</emie>
Internet Explorer 11 and Microsoft Edge
<path>A unique entry added for each path under a domain you want to put on the Enterprise Mode site list. The <path> element is a child of the <domain> element. Additionally, the first <path> element will overrule any additional <path> elements in the schema section. -

Example -

-<emie>
-  <domain exclude="false">fabrikam.com
-    <path exclude="true">/products</path>
-  </domain>
-</emie>

-Where https://fabrikam.com doesn't use IE8 Enterprise Mode, but https://fabrikam.com/products does.

Internet Explorer 11 and Microsoft Edge
+|Element |Description |Supported browser | +|---------|---------|---------| +|<rules> | Root node for the schema.
**Example** 
<rules version="205"> 
  <emie> 
   <domain>contoso.com</domain> 
  </emie>
 </rules> |Internet Explorer 11 and Microsoft Edge         |
+|<emie>     |The parent node for the Enterprise Mode section of the schema. All <domain> entries will have either IE8 Enterprise Mode or IE7 Enterprise Mode applied. 
 **Example** 
<rules version="205"> 
 <emie> 
   <domain>contoso.com</domain> 
 </emie>
</rules>  
 
 **or** 
 For IPv6 ranges: 

<rules version="205"> 
 <emie> 
  <domain>[10.122.34.99]:8080</domain> 
 </emie>
</rules> 
 
 **or**
 For IPv4 ranges:
<rules version="205"> 
 <emie> 
  <domain>[10.122.34.99]:8080</domain> 
 </emie>
</rules> | Internet Explorer 11 and Microsoft Edge       |
+|<docMode>     |The parent node for the document mode section of the section. All <domain> entries will get IE5 - IE11 document modes applied. If there's a <domain> element in the docMode section that uses the same value as a <domain> element in the emie section, the emie element is applied.  
 **Example** 
 
<rules version="205"> 
 <docmode> 
   <domain docMode="7">contoso.com</domain> 
 </docmode>
</rules>     |Internet Explorer 11         |
+|<domain>     |A unique entry added for each site you want to put on the Enterprise Mode site list. The first <domain> element will overrule any additional <domain> elements that use the same value for the section. You can use port numbers for this element. 
 **Example** 
 
<emie> 
 <domain>contoso.com:8080</domain>
</emie>       |Internet Explorer 11 and Microsoft Edge         |
+|<path>    |A unique entry added for each path under a domain you want to put on the Enterprise Mode site list. The <path> element is a child of the <domain> element. Additionally, the first <path> element will overrule any additional <path> elements in the schema section.
 **Example**  
 
<emie> 
 <domain exclude="false">fabrikam.com 
   <path exclude="true">/products</path>
 </domain>
</emie>
 
 Where [https://fabrikam.com](https://fabrikam.com) doesn't use IE8 Enterprise Mode, but [https://fabrikam.com/products](https://fabrikam.com/products) does.   |Internet Explorer 11 and Microsoft Edge         |
 
 ### Schema attributes
 This table includes the attributes used by the Enterprise Mode schema.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
AttributeDescriptionSupported browser
<version>Specifies the version of the Enterprise Mode Site List. This attribute is supported for the <rules> element.Internet Explorer 11 and Microsoft Edge
<exclude>Specifies the domain or path that is excluded from getting the behavior applied. This attribute is supported on the <domain> and <path> elements.
-
Example
-
-<emie>
-  <domain exclude="false">fabrikam.com
-    <path exclude="true">/products</path>
-  </domain>
-</emie>

-Where https://fabrikam.com doesn't use IE8 Enterprise Mode, but https://fabrikam.com/products does.
Internet Explorer 11 and Microsoft Edge
<docMode>Specifies the document mode to apply. This attribute is only supported on <domain> or <path> elements in the <docMode> section.
-
Example
-
-<docMode>
-  <domain exclude="false">fabrikam.com
-    <path docMode="7">/products</path>
-  </domain>
-</docMode>
Internet Explorer 11

+|Attribute|Description|Supported browser|
+|--- |--- |--- |
+|<version>|Specifies the version of the Enterprise Mode Site List. This attribute is supported for the <rules> element.|Internet Explorer 11 and Microsoft Edge|
+|<exclude>|Specifies the domain or path that is excluded from getting the behavior applied. This attribute is supported on the  and  elements.
 **Example** 
<emie>
  <domain exclude="false">fabrikam.com 
    <path exclude="true">/products</path>
  </domain>
</emie> 
 Where [https://fabrikam.com](https://fabrikam.com) doesn't use IE8 Enterprise Mode, but [https://fabrikam.com/products](https://fabrikam.com/products) does.|Internet Explorer 11 and Microsoft Edge|
+|<docMode>|Specifies the document mode to apply. This attribute is only supported on <domain> or <path>elements in the <docMode> section.
 **Example**
<docMode> 
  <domain exclude="false">fabrikam.com 
    <path docMode="7">/products</path>
  </domain>
</docMode>|Internet Explorer 11|
 
 ### Using Enterprise Mode and document mode together
 If you want to use both Enterprise Mode and document mode together, you need to be aware that  <emie> entries override <docMode> entries for the same domain. 
diff --git a/browsers/enterprise-mode/enterprise-mode-schema-version-2-guidance.md b/browsers/enterprise-mode/enterprise-mode-schema-version-2-guidance.md
index 70694a3df2..fcdaa18eee 100644
--- a/browsers/enterprise-mode/enterprise-mode-schema-version-2-guidance.md
+++ b/browsers/enterprise-mode/enterprise-mode-schema-version-2-guidance.md
@@ -92,194 +92,32 @@ Make sure that you don't specify a protocol when adding your URLs. Using a URL l
 ### Updated schema elements
 This table includes the elements used by the v.2 version of the Enterprise Mode schema.
 
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
ElementDescriptionSupported browser
<site-list>A new root node with this text is using the updated v.2 version of the schema. It replaces <rules>.
-
Example
-
-<site-list version="205">
-  <site url="contoso.com">
-    <compat-mode>IE8Enterprise</compat-mode>
-    <open-in>IE11</open-in>
-  </site>
-</site-list>
Internet Explorer 11 and Microsoft Edge
<site>A unique entry added for each site you want to put on the Enterprise Mode site list. The first <site> element will overrule any additional <site> elements that use the same value for the <url> element.
-
Example
-
-<site url="contoso.com">
-  <compat-mode>default</compat-mode>
-  <open-in>none</open-in>
-</site>

--or-
-
For IPv4 ranges:
<site url="10.122.34.99:8080">
-  <compat-mode>IE8Enterprise</compat-mode>
-<site>

--or-
-
For IPv6 ranges:
<site url="[10.122.34.99]:8080">
-  <compat-mode>IE8Enterprise</compat-mode>
-<site>

-You can also use the self-closing version, <url="contoso.com" />, which also sets:
-
    
-  
  • <compat-mode>default</compat-mode>
    • 
-  
  • <open-in>none</open-in>
    • 
-
Internet Explorer 11 and Microsoft Edge
<compat-mode>A child element that controls what compatibility setting is used for specific sites or domains. This element is only supported in IE11.
-
Example
-
-<site url="contoso.com">
-  <compat-mode>IE8Enterprise</compat-mode>
-</site>

--or-
-
For IPv4 ranges:
<site url="10.122.34.99:8080">
-  <compat-mode>IE8Enterprise</compat-mode>
-<site>

--or-
-
For IPv6 ranges:
<site url="[10.122.34.99]:8080">
-  <compat-mode>IE8Enterprise</compat-mode>
-<site>

-Where:
-
    
-  
  • IE8Enterprise. Loads the site in IE8 Enterprise Mode.
    This element is required for sites included in the EmIE section of the v.1 schema and is needed to load in IE8 Enterprise Mode.
    • 
-  
  • IE7Enterprise. Loads the site in IE7 Enterprise Mode.
    This element is required for sites included in the EmIE section of the v.1 schema and is needed to load in IE7 Enterprise Mode.
    Important
    This tag replaces the combination of the `"forceCompatView"="true"` attribute and the list of sites specified in the EmIE section of the v.1 version of the schema.
    • 
-  
  • IE[x]. Where [x] is the document mode number into which the site loads.
    • 
-  
  • Default or not specified. Loads the site using the default compatibility mode for the page. In this situation, X-UA-compatible meta tags or HTTP headers are honored.
    • 
-
Internet Explorer 11
<open-in>A child element that controls what browser is used for sites. This element supports the Open in IE11 or Open in Microsoft Edge experiences, for devices running Windows 10.
-
Example
-
-<site url="contoso.com">
-  <open-in>none</open-in>
-</site>

-Where:
-
    
-  
  • IE11. Opens the site in IE11, regardless of which browser is opened by the employee.
    • 
-  
  • MSEdge. Opens the site in Microsoft Edge, regardless of which browser is opened by the employee.
    • 
-  
  • None or not specified. Opens in whatever browser the employee chooses.
    • 
-
Internet Explorer 11 and Microsoft Edge

+
+|Element  |Description |Supported browser  |
+|---------|---------|---------|
+|<site-list>     |A new root node with this text is using the updated v.2 version of the schema. It replaces <rules>. 
 **Example** 
 
<site-list version="205">
  <site url="contoso.com">
   <compat-mode>IE8Enterprise</compat-mode>
   <open-in>IE11</open-in>
  </site>
</site-list>
         | Internet Explorer 11 and Microsoft Edge        |
+|<site>    |A unique entry added for each site you want to put on the Enterprise Mode site list. The first <site> element will overrule any additional <site> elements that use the same value for the <url> element. 
 **Example** 
<site url="contoso.com">
  <compat-mode>default</compat-mode>
  <open-in>none</open-in>
</site>
 
 **or** For IPv4 ranges: 
  
<site url="10.122.34.99:8080">
 <compat-mode>IE8Enterprise</compat-mode>
<site>
 
 **or**  For IPv6 ranges:
<site url="[10.122.34.99]:8080">
  <compat-mode>IE8Enterprise</compat-mode>
<site>
 
 You can also use the self-closing version, <url="contoso.com" />, which also sets:
  • <compat-mode>default</compat-mode>
  • <open-in>none</open-in>
    • | Internet Explorer 11 and Microsoft Edge        |
+|<compat-mode>     |A child element that controls what compatibility setting is used for specific sites or domains. This element is only supported in IE11. 
     **Example** 

    <site url="contoso.com">
      <compat-mode>IE8Enterprise</compat-mode>
    </site>
     **or** 
     For IPv4 ranges:
    <site url="10.122.34.99:8080">
      <compat-mode>IE8Enterprise</compat-mode>
    <site>
     **or** For IPv6 ranges:
    <site url="[10.122.34.99]:8080">
      <compat-mode>IE8Enterprise</compat-mode>
    <site>
     Where
    • **IE8Enterprise.** Loads the site in IE8 Enterprise Mode.
      This element is required for sites included in the **EmIE** section of the v.1 schema and is needed to load in IE8 Enterprise Mode.
    • **IE7Enterprise.** Loads the site in IE7 Enterprise Mode.
      This element is required for sites included in the **EmIE** section of the v.1 schema and is needed to load in IE7 Enterprise Mode
      **Important**
      This tag replaces the combination of the `"forceCompatView"="true"` attribute and the list of sites specified in the EmIE section of the v.1 version of the schema.
    • **IE[x]**. Where [x] is the document mode number into which the site loads.
    • **Default or not specified.** Loads the site using the default compatibility mode for the page. In this situation, X-UA-compatible meta tags or HTTP headers are honored.
      •       |Internet Explorer 11         |
+|<open-in>    |A child element that controls what browser is used for sites. This element supports the **Open in IE11** or **Open in Microsoft Edge** experiences, for devices running Windows 10.
       **Examples**
      <site url="contoso.com">
        <open-in>none</open-in> 
      </site>
       
       Where
      • IE11. Opens the site in IE11, regardless of which browser is opened by the employee.
      • MSEdge. Opens the site in Microsoft Edge, regardless of which browser is opened by the employee.
      • None or not specified. Opens in whatever browser the employee chooses.
        •   | Internet Explorer 11 and Microsoft Edge        |
 
 ### Updated schema attributes
 The <url> attribute, as part of the <site> element in the v.2 version of the schema, replaces the <domain> element from the v.1 version of the schema.
 
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
        AttributeDescriptionSupported browser
        allow-redirectA boolean attribute of the <open-in> element that controls the behavior for redirected sites. Setting this attribute to "true" indicates that the site will open in IE11 or Microsoft Edge even if the site is navigated to as part of a HTTP or meta refresh redirection chain. Omitting the attribute is equivalent to "false" (sites in redirect chain will not open in another browser).
-
        Example
-
        -<site url="contoso.com/travel">
-  <open-in allow-redirect="true">IE11</open-in>
-</site>
        
-In this example, if https://contoso.com/travel is encountered in a redirect chain in Microsoft Edge, it will be opened in Internet Explorer.        		Internet Explorer 11 and Microsoft Edge
        versionSpecifies the version of the Enterprise Mode Site List. This attribute is supported for the <site-list> element.Internet Explorer 11 and Microsoft Edge
        urlSpecifies the URL (and port number using standard port conventions) to which the child elements apply. The URL can be a domain, sub-domain, or any path URL.
-
        Note
        
-Make sure that you don't specify a protocol. Using <site url="contoso.com"> applies to both https://contoso.com and https://contoso.com.
-
        Example
-
        -<site url="contoso.com:8080">
-  <compat-mode>IE8Enterprise</compat-mode>
-  <open-in>IE11</open-in>
-</site>
        
-In this example, going to https://contoso.com:8080 using Microsoft Edge, causes the site to open in IE11 and load in IE8 Enterprise Mode.        		Internet Explorer 11 and Microsoft Edge
        
+|Attribute|Description|Supported browser|
+|---------|---------|---------|
+|allow-redirect|A boolean attribute of the  element that controls the behavior for redirected sites. Setting this attribute to "true" indicates that the site will open in IE11 or Microsoft Edge even if the site is navigated to as part of a HTTP or meta refresh redirection chain. Omitting the attribute is equivalent to "false" (sites in redirect chain will not open in another browser).
        **Example**
        <site url="contoso.com/travel">
          <open-in allow-redirect="true">IE11 </open-in>
        </site> 
         In this example, if [https://contoso.com/travel](https://contoso.com/travel) is encountered in a redirect chain in Microsoft Edge, it will be opened in Internet Explorer.| Internet Explorer 11 and Microsoft Edge|
+|version     |Specifies the version of the Enterprise Mode Site List. This attribute is supported for the <site-list> element.   | Internet Explorer 11 and Microsoft Edge|
+|url|Specifies the URL (and port number using standard port conventions) to which the child elements apply. The URL can be a domain, sub-domain, or any path URL.
         **Note**
         Make sure that you don't specify a protocol. Using <site url="contoso.com">  applies to both [https://contoso.com](https://contoso.com) and [https://contoso.com](https://contoso.com). 
         **Example**
        <site url="contoso.com:8080">
           <compat-mode>IE8Enterprise</compat-mode> 
         <open-in>IE11</open-in>
        </site>
        In this example, going to [https://contoso.com:8080](https://contoso.com:8080) using Microsoft Edge, causes the site to open in IE11 and load in IE8 Enterprise Mode. | Internet Explorer 11 and Microsoft Edge|
 
 ### Deprecated attributes
 These v.1 version schema attributes have been deprecated in the v.2 version of the schema:
 
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
        Deprecated attributeNew attributeReplacement example
        <forceCompatView><compat-mode>Replace <forceCompatView="true"> with <compat-mode>IE7Enterprise</compat-mode>
        <docMode><compat-mode>Replace <docMode="IE5"> with <compat-mode>IE5</compat-mode>
        <doNotTransition><open-in>Replace <doNotTransition="true"> with <open-in>none</open-in>
        <domain> and <path><site>Replace:
-
        -<emie>
-  <domain exclude="false">contoso.com</domain>
-</emie>
        
-With:
-
        -<site url="contoso.com"/>
-  <compat-mode>IE8Enterprise</compat-mode>
-</site>
        
--AND-
        
-Replace:
-
        -<emie>
-  <domain exclude="true">contoso.com
-     <path exclude="false" forceCompatView="true">/about</path>
-  </domain>
-</emie>
        
-With:
-
        -<site url="contoso.com/about">
-  <compat-mode>IE7Enterprise</compat-mode>
-</site>
        
+|Deprecated attribute|New attribute|Replacement example|
+|--- |--- |--- |
+|<forceCompatView>|<compat-mode>|Replace <forceCompatView="true"> with <compat-mode>IE7Enterprise</compat-mode>|
+|<docMode>|<compat-mode>|Replace <docMode="IE5"> with <compat-mode>IE5</compat-mode>|
+|<doNotTransition>|<open-in>|Replace:
         <doNotTransition="true"> with <open-in>none</open-in>|
+|<domain> and <path>|<site>|Replace:
        <emie>
         <domain exclude="false">contoso.com</domain>
        </emie>
        With:
        <site url="contoso.com"/> 
          <compat-mode>IE8Enterprise</compat-mode>
        </site>
        **-AND-** 
        Replace:
        <emie> 
          <domain exclude="true">contoso.com 
         <path exclude="false" forceCompatView="true">/about</path>
         </domain>
        </emie>

         With:
        <site url="contoso.com/about">
         <compat-mode>IE7Enterprise</compat-mode>
        </site>|
 
 While the old, replaced attributes aren't supported in the v.2 version of the schema, they'll continue to work in the v.1 version of the schema. If, however, you're using the v.2 version of the schema and these attributes are still there, the v.2 version schema takes precedence. We don’t recommend combining the two schemas, and instead recommend that you move to the v.2 version of the schema to take advantage of the new features.
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/collect-data-using-enterprise-site-discovery.md b/browsers/internet-explorer/ie11-deploy-guide/collect-data-using-enterprise-site-discovery.md
index 65fbb8eaaf..8cef068687 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/collect-data-using-enterprise-site-discovery.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/collect-data-using-enterprise-site-discovery.md
@@ -63,17 +63,17 @@ Data is collected on the configuration characteristics of IE and the sites it br
 
 |Data point              |IE11 |IE10 |IE9  |IE8  |Description                                                             |
 |------------------------|-----|-----|-----|-----|------------------------------------------------------------------------|
-|URL                     |  X  |  X  |  X  |  X  |URL of the browsed site, including any parameters included in the URL.  |
-|Domain                  |  X  |  X  |  X  |  X  |Top-level domain of the browsed site.                                   |
-|ActiveX GUID            |  X  |  X  |  X  |  X  |GUID of the ActiveX controls loaded by the site.                        |
-|Document mode           |  X  |  X  |  X  |  X  |Document mode used by IE for a site, based on page characteristics.     |
-|Document mode reason    |  X  |  X  |     |     |The reason why a document mode was set by IE.                           |
-|Browser state reason    |  X  |  X  |     |     |Additional information about why the browser is in its current state. Also called, browser mode.           |
-|Hang count              |  X  |  X  |  X  |  X  |Number of visits to the URL when the browser hung.                      |
-|Crash count             |  X  |  X  |  X  |  X  |Number of visits to the URL when the browser crashed.                   |
-|Most recent navigation failure (and count) |  X  |  X  |  X  |  X  |Description of the most recent navigation failure (like, a 404 bad request or 500 internal server error) and the number of times it happened.  |
-|Number of visits        |  X  |  X  |  X  |  X  |Number of times a site has been visited.                                |
-|Zone                    |  X  |  X  |  X  |  X  |Zone used by IE to browse sites, based on browser settings.             |
+|URL                     |  ✔️  |  ✔️  |  ✔️  |  ✔️  |URL of the browsed site, including any parameters included in the URL.  |
+|Domain                  |  ✔️  |  ✔️  |  ✔️  |  ✔️  |Top-level domain of the browsed site.                                   |
+|ActiveX GUID            |  ✔️  |  ✔️  |  ✔️  |  ✔️  |GUID of the ActiveX controls loaded by the site.                        |
+|Document mode           |  ✔️  |  ✔️  |  ✔️  |  ✔️  |Document mode used by IE for a site, based on page characteristics.     |
+|Document mode reason    |  ✔️  |  ✔️  |     |     |The reason why a document mode was set by IE.                           |
+|Browser state reason    |  ✔️  |  ✔️  |     |     |Additional information about why the browser is in its current state. Also called, browser mode.           |
+|Hang count              |  ✔️  |  ✔️  |  ✔️  |  ✔️  |Number of visits to the URL when the browser hung.                      |
+|Crash count             |  ✔️  |  ✔️  |  ✔️  |  ✔️  |Number of visits to the URL when the browser crashed.                   |
+|Most recent navigation failure (and count) |  ✔️  |  ✔️  |  ✔️  |  ✔️  |Description of the most recent navigation failure (like, a 404 bad request or 500 internal server error) and the number of times it happened.  |
+|Number of visits        |  ✔️  |  ✔️  |  ✔️  |  ✔️  |Number of times a site has been visited.                                |
+|Zone                    |  ✔️  |  ✔️  |  ✔️  |  ✔️  |Zone used by IE to browse sites, based on browser settings.             |
 
 
 >**Important**
        By default, IE doesn’t collect this data; you have to turn this feature on if you want to use it. After you turn on this feature, data is collected on all sites visited by IE, except during InPrivate sessions. Additionally, the data collection process is silent, so there’s no notification to the employee. Therefore, you must get consent from the employee before you start collecting info. You must also make sure that using this feature complies with all applicable local laws and regulatory requirements.
@@ -205,68 +205,32 @@ You can use Group Policy to finish setting up Enterprise Site Discovery. If you
 You can use both the WMI and XML settings individually or together:
 
 **To turn off Enterprise Site Discovery**
-
-    
-        
-        
-    
-    
-        
-        
-    
-        
-        
-        
-    
-
        Setting nameOption
        Turn on Site Discovery WMI outputOff
        Turn on Site Discovery XML outputBlank
        
+
+|Setting name|Option|
+|--- |--- |
+|Turn on Site Discovery WMI output|Off|
+|Turn on Site Discovery XML output|Blank|
 
 **Turn on WMI recording only**
-
-    
-        
-        
-    
-    
-        
-        
-    
-        
-        
-        
-    
-
        Setting nameOption
        Turn on Site Discovery WMI outputOn
        Turn on Site Discovery XML outputBlank
        
+
+|Setting name|Option|
+|--- |--- |
+|Turn on Site Discovery WMI output|On|
+|Turn on Site Discovery XML output|Blank|
 
 **To turn on XML recording only**
-
-    
-        
-        
-    
-    
-        
-        
-    
-        
-        
-        
-    
-
        Setting nameOption
        Turn on Site Discovery WMI outputOff
        Turn on Site Discovery XML outputXML file path
        
+
+|Setting name|Option|
+|--- |--- |
+|Turn on Site Discovery WMI output|Off|
+|Turn on Site Discovery XML output|XML file path|
  
-To turn on both WMI and XML recording
-
-    
-        
-        
-    
-    
-        
-        
-    
-        
-        
-        
-    
-
        Setting nameOption
        Turn on Site Discovery WMI outputOn
        Turn on Site Discovery XML outputXML file path
        
+**To turn on both WMI and XML recording**
+
+|Setting name|Option|
+|--- |--- |
+|Turn on Site Discovery WMI output|On|
+|Turn on Site Discovery XML output|XML file path|
 
 ## Use Configuration Manager to collect your data
 After you’ve collected your data, you’ll need to get the local files off of your employee’s computers. To do this, use the hardware inventory process in Configuration Manager, using one of these options:
diff --git a/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-1-guidance.md b/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-1-guidance.md
index 6832c2797b..8ee8fbf055 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-1-guidance.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-1-guidance.md
@@ -65,162 +65,24 @@ The following is an example of the Enterprise Mode schema v.1. This schema can r
 ### Schema elements
 This table includes the elements used by the Enterprise Mode schema.
 
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
        ElementDescriptionSupported browser
        <rules>Root node for the schema.
-
        Example
-
        -<rules version="205">
-  <emie>
-    <domain>contoso.com</domain>
-  </emie>
-</rules>
        		Internet Explorer 11 and Microsoft Edge
        <emie>The parent node for the Enterprise Mode section of the schema. All <domain> entries will have either IE8 Enterprise Mode or IE7 Enterprise Mode applied.
-
        Example
-
        -<rules version="205">
-  <emie>
-    <domain>contoso.com</domain>
-  </emie>
-</rules>
        
--or-
-
        For IPv6 ranges:
        <rules version="205">
-  <emie>
-    <domain>[10.122.34.99]:8080</domain>
-  </emie>
-  </rules>
        
--or-
-
        For IPv4 ranges:
        <rules version="205">
-  <emie>
-    <domain>10.122.34.99:8080</domain>
-  </emie>
-  </rules>
        		Internet Explorer 11 and Microsoft Edge
        <docMode>The parent node for the document mode section of the section. All <domain> entries will get IE5 - IE11 document modes applied. If there's a <domain> element in the <docMode> section that uses the same value as a <domain> element in the <emie> section, the <emie> element is applied.
-
        Example
-
        -<rules version="205">
-  <docMode>
-    <domain docMode="7">contoso.com</domain>
-  </docMode>
-</rules>
        		Internet Explorer 11
        <domain>A unique entry added for each site you want to put on the Enterprise Mode site list. The first <domain> element will overrule any additional <domain> elements that use the same value for the section. You can use port numbers for this element.
-
        Example
-
        -<emie>
-  <domain>contoso.com:8080</domain>
-</emie>
        		Internet Explorer 11 and Microsoft Edge
        <path>A unique entry added for each path under a domain you want to put on the Enterprise Mode site list. The <path> element is a child of the <domain> element. Additionally, the first <path> element will overrule any additional <path> elements in the schema section.
-
        Example
-
        -<emie>
-  <domain exclude="true">fabrikam.com
-    <path exclude="false">/products</path>
-  </domain>
-</emie>
        
-Where https://fabrikam.com doesn't use IE8 Enterprise Mode, but https://fabrikam.com/products does.
        		Internet Explorer 11 and Microsoft Edge
        
+|Element |Description  |Supported browser  |
+|---------|---------|---------|
+|<rules>   | Root node for the schema.
        **Example** 
        <rules version="205"> 
          <emie> 
           <domain>contoso.com</domain> 
          </emie>
         </rules> |Internet Explorer 11 and Microsoft Edge         |
+|<emie>     |The parent node for the Enterprise Mode section of the schema. All <domain> entries will have either IE8 Enterprise Mode or IE7 Enterprise Mode applied. 
         **Example** 
        <rules version="205"> 
         <emie> 
           <domain>contoso.com</domain> 
         </emie>
        </rules>  
         
         **or** 
         For IPv6 ranges: 

        <rules version="205"> 
         <emie> 
          <domain>[10.122.34.99]:8080</domain> 
         </emie>
        </rules> 
         
         **or**
         For IPv4 ranges:
        <rules version="205"> 
         <emie> 
          <domain>[10.122.34.99]:8080</domain> 
         </emie>
        </rules> | Internet Explorer 11 and Microsoft Edge       |
+|<docMode>     |The parent node for the document mode section of the section. All <domain> entries will get IE5 - IE11 document modes applied. If there's a <domain> element in the docMode section that uses the same value as a <domain> element in the emie section, the emie element is applied.  
         **Example** 
         
        <rules version="205"> 
         <docmode> 
           <domain docMode="7">contoso.com</domain> 
         </docmode>
        </rules>     |Internet Explorer 11         |
+|<domain>     |A unique entry added for each site you want to put on the Enterprise Mode site list. The first <domain> element will overrule any additional <domain> elements that use the same value for the section. You can use port numbers for this element. 
         **Example** 
         
        <emie> 
         <domain>contoso.com:8080</domain>
        </emie>       |Internet Explorer 11 and Microsoft Edge         |
+|<path>    |A unique entry added for each path under a domain you want to put on the Enterprise Mode site list. The <path> element is a child of the <domain> element. Additionally, the first <path> element will overrule any additional <path> elements in the schema section.
         **Example**  
         
        <emie> 
         <domain exclude="true">fabrikam.com 
           <path exclude="false">/products</path>
         </domain>
        </emie>
         
         Where [https://fabrikam.com](https://fabrikam.com) doesn't use IE8 Enterprise Mode, but [https://fabrikam.com/products](https://fabrikam.com/products) does.   |Internet Explorer 11 and Microsoft Edge         |
 
 ### Schema attributes
 This table includes the attributes used by the Enterprise Mode schema.
 
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
        AttributeDescriptionSupported browser
        versionSpecifies the version of the Enterprise Mode Site List. This attribute is supported for the <rules> element.Internet Explorer 11 and Microsoft Edge
        excludeSpecifies the domain or path excluded from applying Enterprise Mode. This attribute is only supported on the <domain> and <path> elements in the <emie> section. If this attribute is absent, it defaults to false.
-
        
-
        Example:
        
-
        -<emie>
-  <domain exclude="false">fabrikam.com
-    <path exclude="true">/products</path>
-  </domain>
-</emie>
        
-Where https://fabrikam.com uses IE8 Enterprise Mode, but https://fabrikam.com/products does not.
        		Internet Explorer 11
        docModeSpecifies the document mode to apply. This attribute is only supported on <domain> or <path> elements in the <docMode> section.
-
        
-
        Example:
        
-
        -<docMode>
-  <domain>fabrikam.com
-    <path docMode="9">/products</path>
-  </domain>
-</docMode>
        
-Where https://fabrikam.com loads in IE11 document mode, but https://fabrikam.com/products uses IE9 document mode.
        		Internet Explorer 11
        doNotTransitionSpecifies that the page should load in the current browser, otherwise it will open in IE11. This attribute is supported on all <domain> or <path> elements. If this attribute is absent, it defaults to false.
-
        
-
        Example:
        
-
        -<emie>
-  <domain doNotTransition="false">fabrikam.com
-    <path doNotTransition="true">/products</path>
-  </domain>
-</emie>
        
-Where https://fabrikam.com opens in the IE11 browser, but https://fabrikam.com/products loads in the current browser (eg. Microsoft Edge).
        		Internet Explorer 11 and Microsoft Edge
        forceCompatViewSpecifies that the page should load in IE7 document mode (Compat View). This attribute is only supported on <domain> or <path> elements in the <emie> section. If the page is also configured to load in Enterprise Mode, it will load in IE7 Enterprise Mode. Otherwise (exclude="true"), it will load in IE11's IE7 document mode. If this attribute is absent, it defaults to false.
-
        
-
        Example:
        
-
        -<emie>
-  <domain exclude="true">fabrikam.com
-    <path forceCompatView="true">/products</path>
-  </domain>
-</emie>
        
-Where https://fabrikam.com does not use Enterprise Mode, but https://fabrikam.com/products uses IE7 Enterprise Mode.
        		Internet Explorer 11
        
+|Attribute|Description|Supported browser|
+|--- |--- |--- |
+|version|Specifies the version of the Enterprise Mode Site List. This attribute is supported for the <rules> element.|Internet Explorer 11 and Microsoft Edge|
+|exclude|Specifies the domain or path that is excluded from getting the behavior applied. This attribute is supported on the <domain> and <path> elements.
         **Example** 
        <emie>
          <domain exclude="false">fabrikam.com 
            <path exclude="true">/products</path>
          </domain>
        </emie> 
         Where [https://fabrikam.com](https://fabrikam.com) doesn't use IE8 Enterprise Mode, but [https://fabrikam.com/products](https://fabrikam.com/products) does.|Internet Explorer 11 and Microsoft Edge|
+|docMode|Specifies the document mode to apply. This attribute is only supported on <domain> or <path>elements in the <docMode> section.
         **Example**
        <docMode> 
          <domain exclude="false">fabrikam.com 
            <path docMode="9">/products</path>
          </domain>
        </docMode>|Internet Explorer 11|
+|doNotTransition| Specifies that the page should load in the current browser, otherwise it will open in IE11. This attribute is supported on all <domain> or <path> elements. If this attribute is absent, it defaults to false.
         **Example**
        <emie>
         <domain doNotTransition="false">fabrikam.com 
           <path doNotTransition="true">/products</path>
         </domain>
        </emie>
        Where [https://fabrikam.com](https://fabrikam.com) opens in the IE11 browser, but [https://fabrikam.com/products](https://fabrikam.com/products) loads in the current browser (eg. Microsoft Edge)|Internet Explorer 11 and Microsoft Edge|
+|forceCompatView|Specifies that the page should load in IE7 document mode (Compat View). This attribute is only supported on <domain> or <path> elements in the <emie> section. If the page is also configured to load in Enterprise Mode, it will load in IE7 Enterprise Mode. Otherwise (exclude="true"), it will load in IE11's IE7 document mode. If this attribute is absent, it defaults to false. 
         **Example**
        <emie>
         <domain exclude="true">fabrikam.com 
           <path forcecompatview="true">/products</path>
         </domain>
        </emie>
        Where [https://fabrikam.com](https://fabrikam.com) does not use Enterprise Mode, but [https://fabrikam.com/products](https://fabrikam.com/products) uses IE7 Enterprise Mode.|Internet Explorer 11|
 
 ### Using Enterprise Mode and document mode together
 If you want to use both Enterprise Mode and document mode together, you need to be aware that  <emie> entries override <docMode> entries for the same domain. 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-2-guidance.md b/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-2-guidance.md
index 299c6c093f..825646b237 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-2-guidance.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-2-guidance.md
@@ -97,197 +97,31 @@ The following is an example of the v.2 version of the Enterprise Mode schema.
 ### Updated schema elements
 This table includes the elements used by the v.2 version of the Enterprise Mode schema.
 
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
        ElementDescriptionSupported browser
        <site-list>A new root node with this text is using the updated v.2 version of the schema. It replaces <rules>.
-
        Example
-
        -<site-list version="205">
-  <site url="contoso.com">
-    <compat-mode>IE8Enterprise</compat-mode>
-    <open-in>IE11</open-in>
-  </site>
-</site-list>
        		Internet Explorer 11 and Microsoft Edge
        <site>A unique entry added for each site you want to put on the Enterprise Mode site list. The first <site> element will overrule any additional <site> elements that use the same value for the <url> element.
-
        Example
-
        -<site url="contoso.com">
-  <compat-mode>default</compat-mode>
-  <open-in>none</open-in>
-</site>
        
--or-
-
        For IPv4 ranges:
        <site url="10.122.34.99:8080">
-  <compat-mode>IE8Enterprise</compat-mode>
-<site>
        
--or-
-
        For IPv6 ranges:
        <site url="[10.122.34.99]:8080">
-  <compat-mode>IE8Enterprise</compat-mode>
-<site>
        
-You can also use the self-closing version, <url="contoso.com" />, which also sets:
-
          
-  
        • <compat-mode>default</compat-mode>
          • 
-  
        • <open-in>none</open-in>
          • 
-
        		Internet Explorer 11 and Microsoft Edge
        <compat-mode>A child element that controls what compatibility setting is used for specific sites or domains. This element is only supported in IE11.
-
        Example
-
        -<site url="contoso.com">
-  <compat-mode>IE8Enterprise</compat-mode>
-</site>
        
--or-
-
        For IPv4 ranges:
        <site url="10.122.34.99:8080">
-  <compat-mode>IE8Enterprise</compat-mode>
-<site>
        
--or-
-
        For IPv6 ranges:
        <site url="[10.122.34.99]:8080">
-  <compat-mode>IE8Enterprise</compat-mode>
-<site>
        
-Where:
-
          
-  
        • IE8Enterprise. Loads the site in IE8 Enterprise Mode.
          This element is required for sites included in the EmIE section of the v.1 schema and is needed to load in IE8 Enterprise Mode.
          • 
-  
        • IE7Enterprise. Loads the site in IE7 Enterprise Mode.
          This element is required for sites included in the EmIE section of the v.1 schema and is needed to load in IE7 Enterprise Mode.
          Important
          This tag replaces the combination of the "forceCompatView"="true" attribute and the list of sites specified in the EmIE section of the v.1 version of the schema.
          • 
-  
        • IE[x]. Where [x] is the document mode number into which the site loads.
          • 
-  
        • Default or not specified. Loads the site using the default compatibility mode for the page. In this situation, X-UA-compatible meta tags or HTTP headers are honored.
          • 
-
        		Internet Explorer 11
        <open-in>A child element that controls what browser is used for sites. This element supports the Open in IE11 or Open in Microsoft Edge experiences, for devices running Windows 10.
-
        Example
-
        -<site url="contoso.com">
-  <open-in>none</open-in>
-</site>
        
-Where:
-
          
-  
        • IE11. Opens the site in IE11, regardless of which browser is opened by the employee.
          • 
-  
        • MSEdge. Opens the site in Microsoft Edge, regardless of which browser is opened by the employee.
          • 
-  
        • None or not specified. Opens in whatever browser the employee chooses.
          • 
-
        		Internet Explorer 11 and Microsoft Edge
        
+|Element  |Description |Supported browser  |
+|---------|---------|---------|
+|<site-list>     |A new root node with this text is using the updated v.2 version of the schema. It replaces <rules>. 
         **Example** 
         
        <site-list version="205">
          <site url="contoso.com">
           <compat-mode>IE8Enterprise</compat-mode>
           <open-in>IE11</open-in>
          </site>
        </site-list>
                 | Internet Explorer 11 and Microsoft Edge        |
+|<site>    |A unique entry added for each site you want to put on the Enterprise Mode site list. The first <site> element will overrule any additional <site> elements that use the same value for the <url> element. 
         **Example** 
        <site url="contoso.com">
          <compat-mode>default</compat-mode>
          <open-in>none</open-in>
        </site>
         
         **or** For IPv4 ranges: 
          
        <site url="10.122.34.99:8080">
         <compat-mode>IE8Enterprise</compat-mode>
        <site>
         
         **or**  For IPv6 ranges:
        <site url="[10.122.34.99]:8080">
          <compat-mode>IE8Enterprise</compat-mode>
        <site>
         
         You can also use the self-closing version, <url="contoso.com" />, which also sets:
        • <compat-mode>default</compat-mode>
        • <open-in>none</open-in>
          • | Internet Explorer 11 and Microsoft Edge        |
+|<compat-mode>     |A child element that controls what compatibility setting is used for specific sites or domains. This element is only supported in IE11. 
           **Example** 

          <site url="contoso.com">
            <compat-mode>IE8Enterprise</compat-mode>
          </site>
           **or** 
           For IPv4 ranges:
          <site url="10.122.34.99:8080">
            <compat-mode>IE8Enterprise</compat-mode>
          <site>
           **or** For IPv6 ranges:
          <site url="[10.122.34.99]:8080">
            <compat-mode>IE8Enterprise</compat-mode>
          <site>
           Where
          • **IE8Enterprise.** Loads the site in IE8 Enterprise Mode.
            This element is required for sites included in the **EmIE** section of the v.1 schema and is needed to load in IE8 Enterprise Mode.
          • **IE7Enterprise.** Loads the site in IE7 Enterprise Mode.
            This element is required for sites included in the **EmIE** section of the v.1 schema and is needed to load in IE7 Enterprise Mode
            **Important**
            This tag replaces the combination of the `"forceCompatView"="true"` attribute and the list of sites specified in the EmIE section of the v.1 version of the schema.
          • **IE[x]**. Where [x] is the document mode number into which the site loads.
          • **Default or not specified.** Loads the site using the default compatibility mode for the page. In this situation, X-UA-compatible meta tags or HTTP headers are honored.
            •       |Internet Explorer 11         |
+|<open-in>    |A child element that controls what browser is used for sites. This element supports the **Open in IE11** or **Open in Microsoft Edge** experiences, for devices running Windows 10.
             **Examples**
            <site url="contoso.com">
              <open-in>none</open-in> 
            </site>
             
             Where
            • IE11. Opens the site in IE11, regardless of which browser is opened by the employee.
            • MSEdge. Opens the site in Microsoft Edge, regardless of which browser is opened by the employee.
            • None or not specified. Opens in whatever browser the employee chooses.
              •   | Internet Explorer 11 and Microsoft Edge        |
 
 ### Updated schema attributes
 The <url> attribute, as part of the <site> element in the v.2 version of the schema, replaces the <domain> element from the v.1 version of the schema.
 
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
              AttributeDescriptionSupported browser
              allow-redirectA boolean attribute of the <open-in> element that controls the behavior for redirected sites. Setting this attribute to "true" indicates that the site will open in IE11 or Microsoft Edge even if the site is navigated to as part of a HTTP or meta refresh redirection chain. Omitting the attribute is equivalent to "false" (sites in redirect chain will not open in another browser).
-
              Example
-
              -<site url="contoso.com/travel">
-  <open-in allow-redirect="true">IE11</open-in>
-</site>
              
-In this example, if https://contoso.com/travel is encountered in a redirect chain in Microsoft Edge, it will be opened in Internet Explorer.              		Internet Explorer 11 and Microsoft Edge
              versionSpecifies the version of the Enterprise Mode Site List. This attribute is supported for the <site-list> element.Internet Explorer 11 and Microsoft Edge
              urlSpecifies the URL (and port number using standard port conventions) to which the child elements apply. The URL can be a domain, sub-domain, or any path URL.
-
              Note
              
-Make sure that you don't specify a protocol. Using <site url="contoso.com"> applies to both http://contoso.com and https://contoso.com.
-
              Example
-
              -<site url="contoso.com:8080">
-  <compat-mode>IE8Enterprise</compat-mode>
-  <open-in>IE11</open-in>
-</site>
              
-In this example, going to https://contoso.com:8080 using Microsoft Edge, causes the site to open in IE11 and load in IE8 Enterprise Mode.              		Internet Explorer 11 and Microsoft Edge
              
+|Attribute|Description|Supported browser|
+|---------|---------|---------|
+|allow-redirect|A boolean attribute of the <open-in> element that controls the behavior for redirected sites. Setting this attribute to "true" indicates that the site will open in IE11 or Microsoft Edge even if the site is navigated to as part of a HTTP or meta refresh redirection chain. Omitting the attribute is equivalent to "false" (sites in redirect chain will not open in another browser).
              **Example**
              <site url="contoso.com/travel">
                <open-in allow-redirect="true">IE11 </open-in>
              </site>
               In this example, if [https://contoso.com/travel](https://contoso.com/travel) is encountered in a redirect chain in Microsoft Edge, it will be opened in Internet Explorer. 
            • | Internet Explorer 11 and Microsoft Edge|
+|version     |Specifies the version of the Enterprise Mode Site List. This attribute is supported for the <site-list> element.   | Internet Explorer 11 and Microsoft Edge|
+|url|Specifies the URL (and port number using standard port conventions) to which the child elements apply. The URL can be a domain, sub-domain, or any path URL.
               **Note**
               Make sure that you don't specify a protocol. Using <site url="contoso.com">  applies to both [https://contoso.com](https://contoso.com) and [https://contoso.com](https://contoso.com). 
               **Example**
              <site url="contoso.com:8080">
                 <compat-mode>IE8Enterprise</compat-mode> 
               <open-in>IE11</open-in>
              </site>
              In this example, going to [https://contoso.com:8080](https://contoso.com:8080) using Microsoft Edge, causes the site to open in IE11 and load in IE8 Enterprise Mode. | Internet Explorer 11 and Microsoft Edge|
 
 ### Deprecated attributes
 These v.1 version schema attributes have been deprecated in the v.2 version of the schema:
 
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
              Deprecated element/attributeNew elementReplacement example
              forceCompatView<compat-mode>Replace forceCompatView="true" with <compat-mode>IE7Enterprise</compat-mode>
              docMode<compat-mode>Replace docMode="IE5" with <compat-mode>IE5</compat-mode>
              doNotTransition<open-in>Replace doNotTransition="true" with <open-in>none</open-in>
              <domain> and <path><site>Replace:
-
              -<emie>
-  <domain>contoso.com</domain>
-</emie>
              
-With:
-
              -<site url="contoso.com"/>
-  <compat-mode>IE8Enterprise</compat-mode>
-  <open-in>IE11</open-in>
-</site>
              
--AND-
              
-Replace:
-
              -<emie>
-  <domain exclude="true" doNotTransition="true">
-    contoso.com
-    <path forceCompatView="true">/about</path>
-  </domain>
-</emie>
              
-With:
-
              -<site url="contoso.com/about">
-  <compat-mode>IE7Enterprise</compat-mode>
-  <open-in>IE11</open-in>
-</site>
              
+|Deprecated attribute|New attribute|Replacement example|
+|--- |--- |--- |
+|forceCompatView|<compat-mode>|Replace <forceCompatView="true"> with <compat-mode>IE7Enterprise</compat-mode>|
+|docMode|<compat-mode>|Replace <docMode="IE5"> with <compat-mode>IE5</compat-mode>|
+|doNotTransition|<open-in>|Replace:
               <doNotTransition="true"> with <open-in>none</open-in>|
+|<domain> and <path>|<site>|Replace:
              <emie>
               <domain>contoso.com</domain>
              </emie>
              With:
              <site url="contoso.com"/> 
                <compat-mode>IE8Enterprise</compat-mode>
                <open-in>IE11</open-in>
              </site>
              **-AND-** 
              Replace:
              <emie> 
                <domain exclude="true"  donotTransition="true">contoso.com 
               <path forceCompatView="true">/about</path>
               </domain>
              </emie>

               With:
              <site url="contoso.com/about">
               <compat-mode>IE7Enterprise</compat-mode>
               <open-in>IE11</open-in>
              </site>|
 
 While the old, replaced attributes aren't supported in the v.2 version of the schema, they'll continue to work in the v.1 version of the schema. If, however, you're using the v.2 version of the schema and these attributes are still there, the v.2 version schema takes precedence. We don’t recommend combining the two schemas, and instead recommend that you move to the v.2 version of the schema to take advantage of the new features.
 
diff --git a/education/includes/education-content-updates.md b/education/includes/education-content-updates.md
index 226a90d32e..227cfc8a46 100644
--- a/education/includes/education-content-updates.md
+++ b/education/includes/education-content-updates.md
@@ -2,6 +2,18 @@
 

 
 
+## Week of November 15, 2021
+
+
+| Published On |Topic title | Change |
+|------|------------|--------|
+| 11/16/2021 | [Chromebook migration guide (Windows 10)](/education/windows/chromebook-migration-guide) | modified |
+| 11/16/2021 | [Deploy Windows 10 in a school district (Windows 10)](/education/windows/deploy-windows-10-in-a-school-district) | modified |
+| 11/18/2021 | [Deploy Windows 10 in a school district (Windows 10)](/education/windows/deploy-windows-10-in-a-school-district) | modified |
+| 11/18/2021 | [Deploy Windows 10 in a school (Windows 10)](/education/windows/deploy-windows-10-in-a-school) | modified |
+| 11/18/2021 | [For IT administrators get Minecraft Education Edition](/education/windows/school-get-minecraft) | modified |
+
+
 ## Week of October 25, 2021
 
 
diff --git a/education/itadmins.yml b/education/itadmins.yml
index 849c8bb478..2847e59b71 100644
--- a/education/itadmins.yml
+++ b/education/itadmins.yml
@@ -79,7 +79,7 @@ productDirectory:
         - url: https://techcommunity.microsoft.com/t5/Azure-Information-Protection/Azure-Information-Protection-Deployment-Acceleration-Guide/ba-p/334423
           text: Azure information protection deployment acceleration guide
         - url: /cloud-app-security/getting-started-with-cloud-app-security
-          text: Microsoft Cloud app security
+          text: Microsoft Defender for Cloud Apps
         - url: /microsoft-365/compliance/create-test-tune-dlp-policy
           text: Office 365 data loss prevention
         - url: /microsoft-365/compliance/
@@ -117,4 +117,4 @@ productDirectory:
         - url: https://support.office.com/en-us/education
           text: Education help center
         - url: https://support.office.com/en-us/article/teacher-training-packs-7a9ee74a-8fe5-43d3-bc23-a55185896921
-          text: Teacher training packs
\ No newline at end of file
+          text: Teacher training packs
diff --git a/education/windows/chromebook-migration-guide.md b/education/windows/chromebook-migration-guide.md
index 2fb2324ddc..66569c4674 100644
--- a/education/windows/chromebook-migration-guide.md
+++ b/education/windows/chromebook-migration-guide.md
@@ -126,96 +126,23 @@ Table 2 lists the settings in the Device Management node in the Google Admin Con
 
 Table 2. Settings in the Device Management node in the Google Admin Console
 
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
              



              SectionSettings
              Network
              These settings configure the network connections for Chromebook devices and include the following settings categories:
              
-
                
-
              • Wi-Fi. Configures the Wi-Fi connections that are available. The Windows devices will need these configuration settings to connect to the same Wi-Fi networks.
                • 
-
              • Ethernet. Configures authentication for secured, wired Ethernet connections (802.1x). The Windows devices will need these configuration settings to connect to the network.
                • 
-
              • VPN. Specifies the VPN network connections used by devices when not directly connected to your intranet. The Windows devices will need the same VPN network connections for users to remotely connect to your intranet.
                • 
-
              • Certificates. Contains the certificates used for network authentication. The Windows devices will need these certificates to connect to the network.
                • 
-
              Mobile
              These settings configure and manage companion devices (such as smartphones or tablets) that are used in conjunction with the Chromebook devices and include the following settings categories:
              
-
                
-
              • Device management settings. Configures settings for mobile (companion) devices, such as device synchronization, password settings, auditing, enable remote wipe, and other settings. Record these settings so that you can ensure the same settings are applied when the devices are being managed by Microsoft Intune or another mobile device management (MDM) provider.
                • 
-
              • Device activation. Contains a list of mobile (companion) devices that need to be approved for management by using the Google Admin Console. Approve or block any devices in this list so that the list of managed devices accurately reflects active managed devices.
                • 
-
              • Managed devices. Performs management tasks on mobile (companion) devices that are managed by the Google Admin Console. Record the list of companion devices on this page so that you can ensure the same devices are managed by Intune or another MDM provider.
                • 
-
              • Set Up Apple Push Certificate. Configures the certificate that is essentially the digital signature that lets the Google Admin Console manage iOS devices. You will need this certificate if you plan to manage iOS devices by using Intune or another MDM provider.
                • 
-
              • Set Up Android for Work. Authorizes the Google Admin Console to be the MDM provider for Android devices by providing an Enterprise Mobility Management (EMM) token. You will need this token if you plan to manage Android devices by using another MDM provider.
                • 
-
              Chrome management
              These settings configure and manage companion devices (such as smartphones or tablets) that are used in conjunction with the Chromebook devices and include the following settings categories:
              
-
                
-
              • User settings. Configures user-based settings for the Chrome browser and Chromebook devices. Most of these Chromebook user-based settings can be mapped to a corresponding setting in Windows. Record the settings and then map them to settings in Group Policy or Intune.
                • 
-
              • Public session settings. Configures Public Sessions for Chrome devices that are used as kiosks, loaner devices, shared computers, or for any other work or school-related purpose for which users don't need to sign in with their credentials. You can configure Windows devices similarly by using Assigned Access. Record the settings and apps that are available in Public Sessions so that you can provide similar configuration in Assigned Access.
                • 
-
              • Device settings. Configures device-based settings for the Chrome browser and Chromebook devices. You can map most of these Chromebook device-based settings to a corresponding setting in Windows. Record the settings and then map them to settings in Group Policy or Intune.
                • 
-
              • Devices. Manages Chrome device management licenses. The number of licenses recorded here should correspond to the number of licenses you will need for your new management system, such as Intune. Record the number of licenses and use those to determine how many licenses you will need to manage your Windows devices.
                • 
-
              • App Management. Provides configuration settings for Chrome apps. Record the settings for any apps that you have identified that will run on Windows devices.
                • 
-
              
-
- 
+|Section  |Settings  |
+|---------|---------|
+|Network     | 
              These settings configure the network connections for Chromebook devices and include the following settings categories:
              •  **Wi-Fi.** Configures the Wi-Fi connections that are available. The Windows devices will need these configuration settings to connect to the same Wi-Fi networks.
                •  
              • **Ethernet.** Configures authentication for secured, wired Ethernet connections (802.1x). The Windows devices will need these configuration settings to connect to the network.
              • **VPN.** Specifies the VPN network connections used by devices when not directly connected to your intranet. The Windows devices will need the same VPN network connections for users to remotely connect to your intranet.
              • **Certificates.** Contains the certificates used for network authentication. The Windows devices will need these certificates to connect to the network.
                        |
+|Mobile     |These settings configure and manage companion devices (such as smartphones or tablets) that are used in conjunction with the Chromebook devices and include the following settings categories:
                   
                • **Device management settings.** Configures settings for mobile (companion) devices, such as device synchronization, password settings, auditing, enable remote wipe, and other settings. Record these settings so that you can ensure the same settings are applied when the devices are being managed by Microsoft Intune or another mobile device management (MDM) provider.
                • **Device activation.** Contains a list of mobile (companion) devices that need to be approved for management by using the Google Admin Console. Approve or block any devices in this list so that the list of managed devices accurately reflects active managed devices.
                • **Managed devices.** Performs management tasks on mobile (companion) devices that are managed by the Google Admin Console. Record the list of companion devices on this page so that you can ensure the same devices are managed by Intune or another MDM provider.
                •  **Set Up Apple Push Certificate.** Configures the certificate that is essentially the digital signature that lets the Google Admin Console manage iOS devices. You will need this certificate if you plan to manage iOS devices by using Intune or another MDM provider. 
                • **Set Up Android for Work.** Authorizes the Google Admin Console to be the MDM provider for Android devices by providing an Enterprise Mobility Management (EMM) token. You will need this token if you plan to manage Android devices by using another MDM provider.        |
+|Chrome management    |These settings configure and manage companion devices (such as smartphones or tablets) that are used in conjunction with the Chromebook devices and include the following settings categories:
                     
                  • **User settings.** Configures user-based settings for the Chrome browser and Chromebook devices. Most of these Chromebook user-based settings can be mapped to a corresponding setting in Windows. Record the settings and then map them to settings in Group Policy or Intune.
                  • **Public session settings.** Configures Public Sessions for Chrome devices that are used as kiosks, loaner devices, shared computers, or for any other work or school-related purpose for which users don't need to sign in with their credentials. You can configure Windows devices similarly by using Assigned Access. Record the settings and apps that are available in Public Sessions so that you can provide similar configuration in Assigned Access.
                  •  **Device settings.** Configures device-based settings for the Chrome browser and Chromebook devices. You can map most of these Chromebook device-based settings to a corresponding setting in Windows. Record the settings and then map them to settings in Group Policy or Intune.
                  • **Devices.** Manages Chrome device management licenses. The number of licenses recorded here should correspond to the number of licenses you will need for your new management system, such as Intune. Record the number of licenses and use those to determine how many licenses you will need to manage your Windows devices 
                  • **App Management.** Provides configuration settings for Chrome apps. Record the settings for any apps that you have identified that will run on Windows devices.      |
 
 Table 3 lists the settings in the Security node in the Google Admin Console. Review the settings and determine which settings you will migrate to Windows.
 
 Table 3. Settings in the Security node in the Google Admin Console
 
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    



                    SectionSettings
                    Basic settings
                    These settings configure password management and whether or not two-factor authentication (2FA) is configured. You can set the minimum password length, the maximum password length, if non-admin users can recover their own passwords, and enable 2FA.
                    
-
                    Record these settings and use them to help configure your on-premises Active Directory or Azure Active Directory (Azure AD) to mirror the current behavior of your Chromebook environment.
                    Password monitoring
                    This section is used to monitor the strength of user passwords. You don’t need to migrate any settings in this section.
                    API reference
                    This section is used to enable access to various Google Apps Administrative APIs. You don’t need to migrate any settings in this section.
                    Set up single sign-on (SSO)
                    This section is used to configure SSO for Google web-based apps (such as Google Apps Gmail or Google Apps Calendar). While you don’t need to migrate any settings in this section, you probably will want to configure Azure Active Directory synchronization to replace Google-based SSO.
                    Advanced settings
                    This section is used to configure administrative access to user data and to configure the Google Secure Data Connector (which allows Google Apps to access data on your local network). You don’t need to migrate any settings in this section.
                    
-
- 
+|Section|Settings|
+|--- |--- |
+|Basic settings|These settings configure password management and whether or not two-factor authentication (2FA) is configured. You can set the minimum password length, the maximum password length, if non-admin users can recover their own passwords, and enable 2FA.
                     Record these settings and use them to help configure your on-premises Active Directory or Azure Active Directory (Azure AD) to mirror the current behavior of your Chromebook environment.|
+|Password monitoring|This section is used to monitor the strength of user passwords. You don’t need to migrate any settings in this section.|
+|API reference|This section is used to enable access to various Google Apps Administrative APIs. You don’t need to migrate any settings in this section.|
+|Set up single sign-on (SSO)|This section is used to configure SSO for Google web-based apps (such as Google Apps Gmail or Google Apps Calendar). While you don’t need to migrate any settings in this section, you probably will want to configure Azure Active Directory synchronization to replace Google-based SSO.|
+|Advanced settings|This section is used to configure administrative access to user data and to configure the Google Secure Data Connector (which allows Google Apps to access data on your local network). You don’t need to migrate any settings in this section.|
 
 **Identify locally-configured settings to migrate**
 
@@ -428,62 +355,14 @@ Table 5 is a decision matrix that helps you decide if you can use only on-premis
 
 Table 5. Select on-premises AD DS, Azure AD, or hybrid
 
-
------
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    





                    If you plan to...On-premises AD DSAzure ADHybrid
                    Use Office 365XX
                    Use Intune for managementXX
                    Use Microsoft Endpoint Manager for managementXX
                    Use Group Policy for managementXX
                    Have devices that are domain-joinedXX
                    Allow faculty and students to Bring Your Own Device (BYOD) which are not domain-joinedXX
                    
-
- 
+|If you plan to...|On-premises AD DS|Azure AD|Hybrid|
+|--- |--- |--- |--- |
+|Use Office 365||✔️|✔️|
+|Use Intune for management||✔️|✔️|
+|Use Microsoft Endpoint Manager for management|✔️||✔️|
+|Use Group Policy for management|✔️||✔️|
+|Have devices that are domain-joined|✔️||✔️|
+|Allow faculty and students to Bring Your Own Device (BYOD) which are not domain-joined||✔️|✔️|
 
 ### 
 
@@ -497,113 +376,17 @@ Table 6 is a decision matrix that lists the device, user, and app management pro
 
 Table 6. Device, user, and app management products and technologies
 
-
---------
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    








                    Desired featureWindows provisioning packagesGroup PolicyConfiguration ManagerIntuneMDTWindows Software Update Services
                    Deploy operating system imagesXXX
                    Deploy apps during operating system deploymentXXX
                    Deploy apps after operating system deploymentXXX
                    Deploy software updates during operating system deploymentXX
                    Deploy software updates after operating system deploymentXXXXX
                    Support devices that are domain-joinedXXXXX
                    Support devices that are not domain-joinedXXX
                    Use on-premises resourcesXXXX
                    Use cloud-based servicesX
                    
-
- 
+|Desired feature|Windows provisioning packages|Group Policy|Configuration Manager|Intune|MDT|Windows Software Update Services|
+|--- |--- |--- |--- |--- |--- |--- |
+|Deploy operating system images|✔️||✔️||✔️||
+|Deploy apps during operating system deployment|✔️||✔️||✔️||
+|Deploy apps after operating system deployment|✔️|✔️|✔️||||
+|Deploy software updates during operating system deployment|||✔️||✔️||
+|Deploy software updates after operating system deployment|✔️|✔️|✔️|✔️||✔️|
+|Support devices that are domain-joined|✔️|✔️|✔️|✔️|✔️||
+|Support devices that are not domain-joined|✔️|||✔️|✔️||
+|Use on-premises resources|✔️|✔️|✔️||✔️||
+|Use cloud-based services||||✔️|||
 
 You can use Configuration Manager and Intune in conjunction with each other to provide features from both products and technologies. In some instances you may need only one of these products or technologies. In other instances, you may need two or more to meet the device, user, and app management needs for your institution.
 
@@ -665,35 +448,10 @@ It is important that you perform any network infrastructure remediation first be
 
 Table 7. Network infrastructure products and technologies and deployment resources
 
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    



                    Product or technologyResources
                    DHCP
                    DNS
                    
-
+|Product or technology|Resources|
+|--- |--- |
+|DHCP|
                  •  [Core Network Guide](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh911995(v=ws.11)) 
                  •  [DHCP Deployment Guide](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd283051(v=ws.10))|
+|DNS|
                  • [Core Network Guide](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh911995(v=ws.11)) 
                  • [Deploying Domain Name System (DNS)](/previous-versions/windows/it-pro/windows-server-2003/cc780661(v=ws.10))|
  
 
 If you use network infrastructure products and technologies from other vendors, refer to the vendor documentation on how to perform the necessary remediation. If you determined that no remediation is necessary, you can skip this section.
@@ -707,37 +465,10 @@ In the [Plan for Active Directory services](#plan-adservices) section, you deter
 
 Table 8. AD DS, Azure AD and deployment resources
 
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    



                    Product or technologyResources
                    AD DS
                    Azure AD
                    
-
- 
+|Product or technology|Resources|
+|--- |--- |
+|AD DS| 
                  •  [Core Network Guide](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh911995(v=ws.11)) 
                  • [Active Directory Domain Services Overview](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh831484(v=ws.11))|
+|Azure AD| 
                  •  [Azure Active Directory documentation](/azure/active-directory/) 
                  • [Manage and support Azure Active Directory Premium](https://go.microsoft.com/fwlink/p/?LinkId=690259) 
                  • [Guidelines for Deploying Windows Server Active Directory on Azure Virtual Machines](/windows-server/identity/ad-ds/introduction-to-active-directory-domain-services-ad-ds-virtualization-level-100)|
 
 If you decided not to migrate to AD DS or Azure AD as a part of the migration, or if you determined that no remediation is necessary, you can skip this section. If you use identity products and technologies from another vendor, refer to the vendor documentation on how to perform the necessary steps.
 
@@ -750,59 +481,13 @@ Table 9 lists the Microsoft management systems and the deployment resources for
 
 Table 9. Management systems and deployment resources
 
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    



                    Management systemResources
                    Windows provisioning packages
                    Group Policy
                    Configuration Manager
                    Intune
                    MDT
                    
-
- 
+|Management system|Resources|
+|--- |--- |
+|Windows provisioning packages| 
                  •  [Build and apply a provisioning package](/windows/configuration/provisioning-packages/provisioning-create-package) 
                  • [Windows Imaging and Configuration Designer](/windows/configuration/provisioning-packages/provisioning-install-icd) 
                  •  [Step-By-Step: Building Windows 10 Provisioning Packages](/archive/blogs/canitpro/step-by-step-building-windows-10-provisioning-packages)|
+|Group Policy|
                  •  [Core Network Companion Guide: Group Policy Deployment](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj899807(v=ws.11)) 
                  •  [Deploying Group Policy](/previous-versions/windows/it-pro/windows-server-2003/cc737330(v=ws.10))"|
+|Configuration Manager| 
                  •  [Site Administration for System Center 2012 Configuration Manager](/previous-versions/system-center/system-center-2012-R2/gg681983(v=technet.10)) 
                  •  [Deploying Clients for System Center 2012 Configuration Manager](/previous-versions/system-center/system-center-2012-R2/gg699391(v=technet.10))|
+|Intune| 
                  •  [Set up and manage devices with Microsoft Intune](https://go.microsoft.com/fwlink/p/?LinkId=690262) 
                  •  [Smoother Management Of Office 365 Deployments with Windows Intune](https://go.microsoft.com/fwlink/p/?LinkId=690263) 
                  •  [System Center 2012 R2 Configuration Manager &amp; Windows Intune](/learn/?l=fCzIjVKy_6404984382)|
+|MDT| 
                  • [MDT documentation in the Microsoft Deployment Toolkit (MDT) 2013](https://go.microsoft.com/fwlink/p/?LinkId=690324) 
                  •  [Step-By-Step: Installing Windows 8.1 From A USB Key](/archive/blogs/canitpro/step-by-step-installing-windows-8-1-from-a-usb-key)|
 
 If you determined that no new management system or no remediation of existing systems is necessary, you can skip this section. If you use a management system from another vendor, refer to the vendor documentation on how to perform the necessary steps.
 
@@ -815,44 +500,11 @@ In this step, you need to configure your management system to deploy the apps to
 
 Table 10. Management systems and app deployment resources
 
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    



                    Management systemResources
                    Group Policy
                    Configuration Manager
                    Intune
                    
-
- 
+|Management system|Resources|
+|--- |--- |
+|Group Policy| 
                  •  [Editing an AppLocker Policy](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/ee791894(v=ws.10)) 
                  •  [Group Policy Software Deployment Background](/previous-versions/windows/it-pro/windows-server-2003/cc739305(v=ws.10)) 
                  •  [Assigning and Publishing Software](/previous-versions/windows/it-pro/windows-server-2003/cc783635(v=ws.10))|
+|Configuration Manager| 
                  •  [How to Deploy Applications in Configuration Manager](/previous-versions/system-center/system-center-2012-R2/gg682082(v=technet.10)) 
                  •  [Application Management in Configuration Manager](/previous-versions/system-center/system-center-2012-R2/gg699373(v=technet.10))|
+|Intune| 
                  •  [Deploy apps to mobile devices in Microsoft Intune](https://go.microsoft.com/fwlink/p/?LinkId=733913) 
                  •  [Manage apps with Microsoft Intune](/mem/intune/)|
 
 If you determined that no deployment of apps is necessary, you can skip this section. If you use a management system from another vendor, refer to the vendor documentation on how to perform the necessary steps.
 
diff --git a/education/windows/deploy-windows-10-in-a-school-district.md b/education/windows/deploy-windows-10-in-a-school-district.md
index 09c8ad86fe..2c43aa28c6 100644
--- a/education/windows/deploy-windows-10-in-a-school-district.md
+++ b/education/windows/deploy-windows-10-in-a-school-district.md
@@ -83,7 +83,7 @@ This district configuration has the following characteristics:
 
 * If you have on-premises AD DS, you can [integrate Azure AD with on-premises AD DS](/azure/active-directory/hybrid/whatis-hybrid-identity).
 
-* Use [Intune](/intune/), [Mobile Device Management for Office 365](https://support.office.com/en-us/article/Set-up-Mobile-Device-Management-MDM-in-Office-365-dd892318-bc44-4eb1-af00-9db5430be3cd?ui=en-US&rs=en-US&ad=US), or [Group Policy in AD DS](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc725828(v=ws.10)) to manage devices.
+* Use [Intune](/intune/), [Mobile Device Management for Office 365](/microsoft-365/admin/basic-mobility-security/set-up), or [Group Policy in AD DS](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc725828(v=ws.10)) to manage devices.
 
 * Each device supports a one-student-per-device or multiple-students-per-device scenario.
 
@@ -128,7 +128,7 @@ Office 365 Education allows:
 
 * Students and faculty to access classroom resources from anywhere on any device (including iOS and Android devices).
 
-For more information about Office 365 Education features and an FAQ, go to [Office 365 Education plans and pricing](https://products.office.com/en-us/academic).
+For more information about Office 365 Education features and an FAQ, go to [Office 365 Education plans and pricing](https://www.microsoft.com/microsoft-365/academic/compare-office-365-education-plans).
 
 ### How to configure a district
 
@@ -225,80 +225,10 @@ Use the cloud-centric scenario and on-premises and cloud scenario as a guide for
 
 To deploy Windows 10 and your apps, you can use MDT by itself or Microsoft Endpoint Manager and MDT together. For a district, there are a few ways to deploy Windows 10 to devices. Table 2 lists the methods that this guide describes and recommends. Use this information to determine which combination of deployment methods is right for your institution.
 
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    



                    MethodDescription
                    MDT
                    MDT is an on-premises solution that supports initial operating system deployment and upgrade. You can use MDT to deploy and upgrade Windows 10. In addition, you can initially deploy Windows desktop and Microsoft Store apps and software updates.

                    
-Select this method when you:
                    
-
                      
-
                    • Want to deploy Windows 10 to institution-owned and personal devices. (Devices need not be domain joined.)
                      • 
-
                    • Don’t have an existing AD DS infrastructure.
                      • 
-
                    • Need to manage devices regardless of where they are (on or off premises).
                      • 
-
                    
-
-
                    The advantages of this method are that:
                    
-
                      
-
                    • You can deploy Windows 10 operating systems.
                      • 
-
                    • You can manage device drivers during initial deployment.
                      • 
-
                    • You can deploy Windows desktop apps (during initial deployment)
                      • 
-
                    • It doesn’t require an AD DS infrastructure.
                      • 
-
                    • It doesn’t have additional infrastructure requirements.
                      • 
-
                    • MDT doesn’t incur additional cost: it’s a free tool.
                      • 
-
                    • You can deploy Windows 10 operating systems to institution-owned and personal devices.
                      • 
-
                    
-
-
                    The disadvantages of this method are that it:
                    
-
-
                      
-
                    • Can’t manage applications throughout entire application life cycle (by itself).
                      • 
-
                    • Can’t manage software updates for Windows 10 and apps (by itself).
                      • 
-
                    • Doesn’t provide antivirus and malware protection (by itself).
                      • 
-
                    • Has limited scaling to large numbers of users and devices.
                      • 
-
                    
-
-
                    Microsoft Endpoint Configuration Manager
                    Configuration Manager is an on-premises solution that supports operating system management throughout the entire operating system life cycle. You can use Configuration Manager to deploy and upgrade Windows 10. In addition, you can manage Windows desktop and Microsoft Store apps and software updates as well as provide antivirus and antimalware protection.

                    
-Select this method when you:
                    
-
                      
-
                    • Want to deploy Windows 10 to institution-owned devices that are domain joined (personal devices are typically not domain joined).
                      • 
-
                    • Have an existing AD DS infrastructure (or plan to deploy an AD DS infrastructure).
                      • 
-
                    • Typically deploy Windows 10 to on-premises devices.
                      • 
-
                    
-
-
                    The advantages of this method are that:
                    
-
                      
-
                    • You can deploy Windows 10 operating systems.
                      • 
-
                    • You can manage (deploy) Windows desktop and Microsoft Store apps throughout entire application life cycle.
                      • 
-
                    • You can manage software updates for Windows 10 and apps.
                      • 
-
                    • You can manage antivirus and malware protection.
                      • 
-
                    • It scales to large number of users and devices.
                      • 
-
                    
-
                    The disadvantages of this method are that it:
                    
-
                      
-
                    • Carries an additional cost for Microsoft Endpoint Manager server licenses (if the institution does not have Configuration Manager already).
                      • 
-
                    • Can deploy Windows 10 only to domain-joined (institution-owned devices).
                      • 
-
                    • Requires an AD DS infrastructure (if the institution does not have AD DS already).
                      • 
-
                    
-
                    
+|Method|Description|
+|--- |--- |
+|MDT|MDT is an on-premises solution that supports initial operating system deployment and upgrade. You can use MDT to deploy and upgrade Windows 10. In addition, you can initially deploy Windows desktop and Microsoft Store apps and software updates.
                     Select this method when you: 
                  •  Want to deploy Windows 10 to institution-owned and personal devices. (Devices need not be domain joined.) 
                  •  Don’t have an existing AD DS infrastructure. 
                  •  Need to manage devices regardless of where they are (on or off premises). 
                    The advantages of this method are that: 
                     
                  •  You can deploy Windows 10 operating systems 
                  •  You can manage device drivers during initial deployment. 
                  • You can deploy Windows desktop apps (during initial deployment)
                  •  It doesn’t require an AD DS infrastructure.
                  • It doesn’t have additional infrastructure requirements.
                  • MDT doesn’t incur additional cost: it’s a free tool.
                  • You can deploy Windows 10 operating systems to institution-owned and personal devices. 
                     The disadvantages of this method are that it:
                     
                  • Can’t manage applications throughout entire application life cycle (by itself).
                  • Can’t manage software updates for Windows 10 and apps (by itself).
                  • Doesn’t provide antivirus and malware protection (by itself).
                  • Has limited scaling to large numbers of users and devices.|
+|Microsoft Endpoint Configuration Manager|
                  •  Configuration Manager is an on-premises solution that supports operating system management throughout the entire operating system life cycle 
                  • You can use Configuration Manager to deploy and upgrade Windows 10. In addition, you can manage Windows desktop and Microsoft Store apps and software updates as well as provide antivirus and antimalware protection. 
                     Select this method when you: 
                  •  Want to deploy Windows 10 to institution-owned devices that are domain joined (personal devices are typically not domain joined). 
                  • Have an existing AD DS infrastructure (or plan to deploy an AD DS infrastructure). 
                  • Typically deploy Windows 10 to on-premises devices. 
                     The advantages of this method are that: 
                  • You can deploy Windows 10 operating systems.
                  • You can manage (deploy) Windows desktop and Microsoft Store apps throughout entire application life cycle.
                  • You can manage software updates for Windows 10 and apps.
                  • You can manage antivirus and malware protection.
                  • It scales to large number of users and devices. 
                    The disadvantages of this method are that it:
                  • Carries an additional cost for Microsoft Endpoint Manager server licenses (if the institution does not have Configuration Manager already).
                  • Can deploy Windows 10 only to domain-joined (institution-owned devices).
                  • Requires an AD DS infrastructure (if the institution does not have AD DS already).|
 
 *Table 2. Deployment methods*
 
@@ -317,81 +247,10 @@ If you have only one device to configure, manually configuring that one device i
 
 For a district, there are many ways to manage the configuration setting for users and devices. Table 4 lists the methods that this guide describes and recommends. Use this information to determine which combination of configuration setting management methods is right for your institution.
 
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    



                    MethodDescription
                    Group Policy
                    Group Policy is an integral part of AD DS and allows you to specify configuration settings for Windows 10 and previous versions of Windows.

                    
-Select this method when you:
                    
-
-
                      
-
                    • Want to manage institution-owned devices that are domain joined (personal devices are typically not domain joined).
                      • 
-
                    • Want more granular control of device and user settings.
                      • 
-
                    • Have an existing AD DS infrastructure.
                      • 
-
                    • Typically manage on-premises devices.
                      • 
-
                    • Can manage a required setting only by using Group Policy.
                      • 
-
                    
-
-
                    The advantages of this method include:
                    
-
                      
-
                    • No cost beyond the AD DS infrastructure.
                      • 
-
                    • A larger number of settings (compared to Intune).
                      • 
-
                    
-
-
                    The disadvantages of this method are that it:
                    
-
                      
-
                    • Can only manage domain-joined (institution-owned devices).
                      • 
-
                    • Requires an AD DS infrastructure (if the institution does not have AD DS already).
                      • 
-
                    • Typically manages on-premises devices (unless devices use a virtual private network [VPN] or Microsoft DirectAccess to connect).
                      • 
-
                    • Has rudimentary app management capabilities.
                      • 
-
                    • Cannot deploy Windows 10 operating systems.
                      • 
-
                    
-
                    Intune
                    Intune is a cloud-based management system that allows you to specify configuration settings for Windows 10, previous versions of Windows, and other operating systems (such as iOS or Android). Intune is a subscription-based cloud service that integrates with Office 365 and Azure AD.

                    
-Intune is the cloud-based management system described in this guide, but you can use other MDM providers. If you use an MDM provider other than Intune, integration with Configuration Manager is unavailable.

                    
-Select this method when you:
                    
-
-
                      
-
                    • Want to manage institution-owned and personal devices (does not require that the device be domain joined).
                      • 
-
                    • Don’t need granular control over device and user settings (compared to Group Policy).
                      • 
-
                    • Don’t have an existing AD DS infrastructure.
                      • 
-
                    • Need to manage devices regardless of where they are (on or off premises).
                      • 
-
                    • Want to provide application management for the entire application life cycle.
                      • 
-
                    • Can manage a required setting only by using Intune.
                      • 
-
                    
-
-
                    The advantages of this method are that:
                    
-
                      
-
                    • You can manage institution-owned and personal devices.
                      • 
-
                    • It doesn’t require that devices be domain joined.
                      • 
-
                    • It doesn’t require any on-premises infrastructure.
                      • 
-
                    • It can manage devices regardless of their location (on or off premises).
                      • 
-
                    
-
                    The disadvantages of this method are that it:
                    
-
                      
-
                    • Carries an additional cost for Intune subscription licenses.
                      • 
-
                    • Doesn’t offer granular control over device and user settings (compared to Group Policy).
                      • 
-
                    • Cannot deploy Windows 10 operating systems.
                      • 
-
                    
-
                    
+|Method|Description|
+|--- |--- |
+|Group Policy|Group Policy is an integral part of AD DS and allows you to specify configuration settings for Windows 10 and previous versions of Windows. 
                     Select this method when you 
                  • Want to manage institution-owned devices that are domain joined (personal devices are typically not domain joined).
                  •  Want more granular control of device and user settings. 
                  • Have an existing AD DS infrastructure.
                  • Typically manage on-premises devices.
                  • Can manage a required setting only by using Group Policy. 
                    The advantages of this method include: 
                  • No cost beyond the AD DS infrastructure. 
                  • A larger number of settings (compared to Intune).
                    The disadvantages of this method are that it:
                  • Can only manage domain-joined (institution-owned devices).
                  • Requires an AD DS infrastructure (if the institution does not have AD DS already).
                  • Typically manages on-premises devices (unless devices use a virtual private network [VPN] or Microsoft DirectAccess to connect).
                  •  Has rudimentary app management capabilities.
                  •  Cannot deploy Windows 10 operating systems.|
+|Intune|Intune is a cloud-based management system that allows you to specify configuration settings for Windows 10, previous versions of Windows, and other operating systems (such as iOS or Android). Intune is a subscription-based cloud service that integrates with Office 365 and Azure AD.
                    Intune is the cloud-based management system described in this guide, but you can use other MDM providers. If you use an MDM provider other than Intune, integration with Configuration Manager is unavailable.
                    Select this method when you:
                  •  Want to manage institution-owned and personal devices (does not require that the device be domain joined).
                  • Don’t need granular control over device and user settings (compared to Group Policy).
                  • Don’t have an existing AD DS infrastructure.
                  • Need to manage devices regardless of where they are (on or off premises).
                  • Want to provide application management for the entire application life cycle.
                  • Can manage a required setting only by using Intune.
                    The advantages of this method are that:
                  • You can manage institution-owned and personal devices.
                  • It doesn’t require that devices be domain joined.
                  • It doesn’t require any on-premises infrastructure.
                  • It can manage devices regardless of their location (on or off premises).
                    The disadvantages of this method are that it:
                  • Carries an additional cost for Intune subscription licenses.
                  • Doesn’t offer granular control over device and user settings (compared to Group Policy).
                  • Cannot deploy Windows 10 operating systems.|
 
 *Table 4. Configuration setting management methods*
 
@@ -410,114 +269,11 @@ For a district, there are many ways to manage apps and software updates. Table 6
 
 Use the information in Table 6 to determine which combination of app and update management products is right for your district.
 
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    



                    SelectionManagement method
                    Microsoft Endpoint Configuration Manager
                    Configuration Manager is an on-premises solution that allows you to specify configuration settings for Windows 10; previous versions of Windows; and other operating systems, such as iOS or Android, through integration with Intune.

                    Configuration Manager supports application management throughout the entire application life cycle. You can deploy, upgrade, manage multiple versions, and retire applications by using Configuration Manager. You can also manage Windows desktop and Microsoft Store applications.

                    Select this method when you:
                    
-
                      
-
                    • Selected Configuration Manager to deploy Windows 10.
                      • 
-
                    • Want to manage institution-owned devices that are domain joined (personally owned devices are typically not domain joined).
                      • 
-
                    • Want to manage AD DS domain-joined devices.
                      • 
-
                    • Have an existing AD DS infrastructure.
                      • 
-
                    • Typically manage on-premises devices.
                      • 
-
                    • Want to deploy operating systems.
                      • 
-
                    • Want to provide application management for the entire application life cycle.
                      • 
-
                    
-
-
                    The advantages of this method are that:
                    
-
                      
-
                    • You can deploy Windows 10 operating systems.
                      • 
-
                    • You can manage applications throughout the entire application life cycle.
                      • 
-
                    • You can manage software updates for Windows 10 and apps.
                      • 
-
                    • You can manage antivirus and malware protection.
                      • 
-
                    • It scales to large numbers of users and devices.
                      • 
-
                    
-
                    The disadvantages of this method are that it:
                    
-
                      
-
                    • Carries an additional cost for Configuration Manager server licenses (if the institution does not have Configuration Manager already).
                      • 
-
                    • Carries an additional cost for Windows Server licenses and the corresponding server hardware.
                      • 
-
                    • Can only manage domain-joined (institution-owned devices).
                      • 
-
                    • Requires an AD DS infrastructure (if the institution does not have AD DS already).
                      • 
-
                    • Typically manages on-premises devices (unless devices through VPN or DirectAccess).
                      • 
-
                    
-
                    Intune
                    Intune is a cloud-based solution that allows you to manage apps and software updates for Windows 10, previous versions of Windows, and other operating systems (such as iOS or Android). Intune is a subscription-based cloud service that integrates with Office 365 and Azure AD.

                    
-Select this method when you:
                    
-
                      
-
                    • Selected MDT only to deploy Windows 10.
                      • 
-
                    • Want to manage institution-owned and personal devices that are not domain joined.
                      • 
-
                    • Want to manage Azure AD domain-joined devices.
                      • 
-
                    • Need to manage devices regardless of where they are (on or off premises).
                      • 
-
                    • Want to provide application management for the entire application life cycle.
                      • 
-
                    
-
                    The advantages of this method are that:
                    
-
                      
-
                    • You can manage institution-owned and personal devices.
                      • 
-
                    • It doesn’t require that devices be domain joined.
                      • 
-
                    • It doesn’t require on-premises infrastructure.
                      • 
-
                    • It can manage devices regardless of their location (on or off premises).
                      • 
-
                    • You can deploy keys to perform in-place Windows 10 upgrades (such as upgrading from Windows 10 Pro to Windows 10 Education edition).
                      • 
-
                    
-
                    The disadvantages of this method are that it:
                    
-
                      
-
                    • Carries an additional cost for Intune subscription licenses.
                      • 
-
                    • Cannot deploy Windows 10 operating systems.
                      • 
-
                    
-
                    Microsoft Endpoint Manager and Intune (hybrid)
                    Configuration Manager and Intune together extend Configuration Manager from an on-premises management system for domain-joined devices to a solution that can manage devices regardless of their location and connectivity options. This hybrid option provides the benefits of both Configuration Manager and Intune.

                    
-Configuration Manager and Intune in the hybrid configuration allow you to support application management throughout the entire application life cycle. You can deploy, upgrade, manage multiple versions, and retire applications by using Configuration Manager, and you can manage Windows desktop and Microsoft Store applications for both institution-owned and personal devices.

                    
-Select this method when you:
                    
-
                      
-
                    • Selected Microsoft Endpoint Manager to deploy Windows 10.
                      • 
-
                    • Want to manage institution-owned and personal devices (does not require that the device be domain joined).
                      • 
-
                    • Want to manage domain-joined devices.
                      • 
-
                    • Want to manage Azure AD domain-joined devices.
                      • 
-
                    • Have an existing AD DS infrastructure.
                      • 
-
                    • Want to manage devices regardless of their connectivity.
                      • 
-
                    • Want to deploy operating systems.
                      • 
-
                    • Want to provide application management for the entire application life cycle.
                      • 
-
                    
-
                    The advantages of this method are that:
                    
-
                      
-
                    • You can deploy operating systems.
                      • 
-
                    • You can manage applications throughout the entire application life cycle.
                      • 
-
                    • You can scale to large numbers of users and devices.
                      • 
-
                    • You can support institution-owned and personal devices.
                      • 
-
                    • It doesn’t require that devices be domain joined.
                      • 
-
                    • It can manage devices regardless of their location (on or off premises).
                      • 
-
                    
-
                    The disadvantages of this method are that it:
                    
-
                      
-
                    • Carries an additional cost for Configuration Manager server licenses (if the institution does not have Configuration Manager already).
                      • 
-
                    • Carries an additional cost for Windows Server licenses and the corresponding server hardware.
                      • 
-
                    • Carries an additional cost for Intune subscription licenses.
                      • 
-
                    • Requires an AD DS infrastructure (if the institution does not have AD DS already).
                      • 
-
                    
-
                    
+|Selection|Management method|
+|--- |--- |
+|Microsoft Endpoint Configuration Manager|Configuration Manager is an on-premises solution that allows you to specify configuration settings for Windows 10; previous versions of Windows; and other operating systems, such as iOS or Android, through integration with Intune.Configuration Manager supports application management throughout the entire application life cycle. You can deploy, upgrade, manage multiple versions, and retire applications by using Configuration Manager. You can also manage Windows desktop and Microsoft Store applications. Select this method when you:
                  • Selected Configuration Manager to deploy Windows 10.
                  • Want to manage institution-owned devices that are domain joined (personally owned devices are typically not domain joined).
                  • Want to manage AD DS domain-joined devices.
                  • Have an existing AD DS infrastructure.
                  • Typically manage on-premises devices.
                  • Want to deploy operating systems.
                  • Want to provide application management for the entire application life cycle.
                    The advantages of this method are that:
                  • You can deploy Windows 10 operating systems.
                  • You can manage applications throughout the entire application life cycle.
                  • You can manage software updates for Windows 10 and apps.
                  • You can manage antivirus and malware protection.
                  • It scales to large numbers of users and devices.
                    The disadvantages of this method are that it:
                  • Carries an additional cost for Configuration Manager server licenses (if the institution does not have Configuration Manager already).
                  • Carries an additional cost for Windows Server licenses and the corresponding server hardware.
                  • Can only manage domain-joined (institution-owned devices).
                  • Requires an AD DS infrastructure (if the institution does not have AD DS already).
                  • Typically manages on-premises devices (unless devices through VPN or DirectAccess).|
+|Intune|Intune is a cloud-based solution that allows you to manage apps and software updates for Windows 10, previous versions of Windows, and other operating systems (such as iOS or Android). Intune is a subscription-based cloud service that integrates with Office 365 and Azure AD.
                    Select this method when you:
                  • Selected MDT only to deploy Windows 10.
                  • Want to manage institution-owned and personal devices that are not domain joined.
                  • Want to manage Azure AD domain-joined devices.
                  • Need to manage devices regardless of where they are (on or off premises).
                  • Want to provide application management for the entire application life cycle.
                    The advantages of this method are that:
                  • You can manage institution-owned and personal devices.
                  • It doesn’t require that devices be domain joined.
                  • It doesn’t require on-premises infrastructure.vIt can manage devices regardless of their location (on or off premises).
                  • You can deploy keys to perform in-place Windows 10 upgrades (such as upgrading from Windows 10 Pro to Windows 10 Education edition).
                    The disadvantages of this method are that it:
                  • Carries an additional cost for Intune subscription licenses.
                  • Cannot deploy Windows 10 operating systems.|
+|Microsoft Endpoint Manager and Intune (hybrid)|Configuration Manager and Intune together extend Configuration Manager from an on-premises management system for domain-joined devices to a solution that can manage devices regardless of their location and connectivity options. This hybrid option provides the benefits of both Configuration Manager and Intune.
                    Configuration Manager and Intune in the hybrid configuration allow you to support application management throughout the entire application life cycle. You can deploy, upgrade, manage multiple versions, and retire applications by using Configuration Manager, and you can manage Windows desktop and Microsoft Store applications for both institution-owned and personal devices. 
                    Select this method when you:
                  • Selected Microsoft Endpoint Manager to deploy Windows 10.
                  • Want to manage institution-owned and personal devices (does not require that the device be domain joined).
                  • Want to manage domain-joined devices.
                  • Want to manage Azure AD domain-joined devices.
                  • Have an existing AD DS infrastructure.
                  • Want to manage devices regardless of their connectivity.vWant to deploy operating systems.
                  • Want to provide application management for the entire application life cycle.
                    The advantages of this method are that:
                  • You can deploy operating systems.
                  • You can manage applications throughout the entire application life cycle.
                  • You can scale to large numbers of users and devices.
                  • You can support institution-owned and personal devices.
                  • It doesn’t require that devices be domain joined.
                  • It can manage devices regardless of their location (on or off premises).
                    The disadvantages of this method are that it:
                  • Carries an additional cost for Configuration Manager server licenses (if the institution does not have Configuration Manager already).
                  • Carries an additional cost for Windows Server licenses and the corresponding server hardware.
                  • Carries an additional cost for Intune subscription licenses.
                  • Requires an AD DS infrastructure (if the institution does not have AD DS already).|
 
 *Table 6. App and update management products*
 
@@ -683,7 +439,7 @@ Now that you have created your new Office 365 Education subscription, add the do
 To make it easier for faculty and students to join your Office 365 Education subscription (or *tenant*), allow them to automatically sign up to your tenant (*automatic tenant join*). In automatic tenant join, when a faculty member or student signs up for Office 365, Office 365 automatically adds (joins) the user to your Office 365 tenant.
 
 > [!NOTE]
-> By default, automatic tenant join is enabled in Office 365 Education, with the exception of certain areas in Europe, the Middle East, and Africa. These countries/regions require opt-in steps to add new users to existing Office 365 tenants. Check your country/region requirements to determine the automatic tenant join default configuration. Also, if you use Azure AD Connect, then automatic tenant join is disabled. For more information, see [Office 365 Education Self-Sign up: Technical FAQ](https://support.office.com/en-us/article/Office-365-Education-Self-Sign-up-Technical-FAQ-7fb1b2f9-94c2-4cbb-b01e-a6eca34261d6?ui=en-US&rs=en-US&ad=US&WT.mc_id=eml_CXM__33537_MOD_EDU_Student_Advantage_Rush).
+> By default, automatic tenant join is enabled in Office 365 Education, with the exception of certain areas in Europe, the Middle East, and Africa. These countries/regions require opt-in steps to add new users to existing Office 365 tenants. Check your country/region requirements to determine the automatic tenant join default configuration. Also, if you use Azure AD Connect, then automatic tenant join is disabled. For more information, see [Office 365 Education Self-Sign up FAQ](/microsoft-365/education/deploy/office-365-education-self-sign-up).
 
 Office 365 uses the domain portion of the user’s email address to know which Office 365 tenant to join. For example, if a faculty member or student provides an email address of user@contoso.edu, then Office 365 automatically performs one of the following tasks:
 
@@ -695,7 +451,7 @@ You will always want faculty and students to join the Office 365 tenant that you
 > [!NOTE]
 > You cannot merge multiple tenants, so any faculty or students who create their own tenant will need to abandon their existing tenant and join yours.
 
-By default, all new Office 365 Education subscriptions have automatic tenant join enabled, but you can enable or disable automatic tenant join by using the Windows PowerShell commands in Table 10. For more information about how to run these commands, see [How can I prevent students from joining my existing Office 365 tenant](https://support.office.com/en-us/article/Office-365-Education-Self-Sign-up-Technical-FAQ-7fb1b2f9-94c2-4cbb-b01e-a6eca34261d6?ui=en-US&rs=en-US&ad=US#BKMK_PreventJoins).
+By default, all new Office 365 Education subscriptions have automatic tenant join enabled, but you can enable or disable automatic tenant join by using the Windows PowerShell commands in Table 10. For more information about how to run these commands, see [How can I prevent students from joining my existing Office 365 tenant](/microsoft-365/education/deploy/office-365-education-self-sign-up).
 
 |Action |Windows PowerShell command|
 |-------|--------------------------|
@@ -714,7 +470,7 @@ To reduce your administrative effort, automatically assign Office 365 Education
 > [!NOTE]
 > By default, automatic licensing is enabled in Office 365 Education. If you want to use automatic licensing, then skip this section and go to the next section.
 
-Although all new Office 365 Education subscriptions have automatic licensing enabled by default, you can enable or disable it for your Office 365 tenant by using the Windows PowerShell commands in Table 11. For more information about how to run these commands, see [How can I prevent students from joining my existing Office 365 tenant](https://support.office.com/en-us/article/Office-365-Education-Self-Sign-up-Technical-FAQ-7fb1b2f9-94c2-4cbb-b01e-a6eca34261d6?ui=en-US&rs=en-US&ad=US#BKMK_PreventJoins).
+Although all new Office 365 Education subscriptions have automatic licensing enabled by default, you can enable or disable it for your Office 365 tenant by using the Windows PowerShell commands in Table 11. For more information about how to run these commands, see [How can I prevent students from joining my existing Office 365 tenant](/microsoft-365/education/deploy/office-365-education-self-sign-up).
 
 |Action |Windows PowerShell command|
 |-------|--------------------------|
@@ -887,7 +643,7 @@ Several methods are available to bulk-import user accounts into AD DS domains. T
 |-------|---------------------------------------------|
 |Ldifde.exe|This command-line tool allows you to import and export objects (such as user accounts) from AD DS. Select this method if you aren't comfortable with Microsoft Visual Basic Scripting Edition (VBScript), Windows PowerShell, or other scripting languages. For more information about using Ldifde.exe, see [Step-by-Step Guide to Bulk Import and Export to Active Directory](/previous-versions/windows/it-pro/windows-2000-server/bb727091(v=technet.10)), [LDIFDE—Export/Import data from Active Directory—LDIFDE commands](https://support.microsoft.com/kb/555636), [Import or Export Directory Objects Using Ldifde](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc816781(v=ws.10)), and [LDIFDE](/previous-versions/orphan-topics/ws.10/cc755456(v=ws.10)).|
 |VBScript|This scripting language uses the Active Directory Services Interfaces (ADSI) Component Object Model interface to manage AD DS objects, including user and group objects. Select this method if you’re comfortable with VBScript. For more information about using VBScript and ADSI, see [Step-by-Step Guide to Bulk Import and Export to Active Directory](/previous-versions/windows/it-pro/windows-2000-server/bb727091(v=technet.10)) and [ADSI Scriptomatic](https://technet.microsoft.com/scriptcenter/dd939958.aspx).|
-|Windows PowerShell|This scripting language natively supports cmdlets to manage AD DS objects, including user and group objects. Select this method if you’re comfortable with Window PowerShell scripting. For more information about using Windows PowerShell, see [Import Bulk Users to Active Directory](/archive/blogs/technet/bettertogether/import-bulk-users-to-active-directory) and [PowerShell: Bulk create AD Users from CSV file](https://social.technet.microsoft.com/wiki/contents/articles/24541.powershell-bulk-create-ad-users-from-csv-file.aspx).|
+|Windows PowerShell|This scripting language natively supports cmdlets to manage AD DS objects, including user and group objects. Select this method if you’re comfortable with Windows PowerShell scripting. For more information about using Windows PowerShell, see [Import Bulk Users to Active Directory](/archive/blogs/technet/bettertogether/import-bulk-users-to-active-directory) and [PowerShell: Bulk create AD Users from CSV file](https://social.technet.microsoft.com/wiki/contents/articles/24541.powershell-bulk-create-ad-users-from-csv-file.aspx).|
 
 *Table 12. AD DS bulk-import account methods*
 
@@ -935,7 +691,7 @@ You can use the Microsoft 365 admin center to add individual Office 365 accounts
 
 The bulk-add process assigns the same Office 365 Education license plan to all users on the list. Therefore, you must create a separate list for each license plan you recorded in Table 9. Depending on the number of faculty members who need to use the classroom, you may want to add the faculty Office 365 accounts manually; however, use the bulk-add process to add student accounts.
 
-For more information about how to bulk-add users to Office 365, see [Add several users at the same time to Office 365 - Admin help](https://support.office.com/en-us/article/Add-several-users-at-the-same-time-to-Office-365-Admin-Help-1f5767ed-e717-4f24-969c-6ea9d412ca88?ui=en-US&rs=en-US&ad=US).
+For more information about how to bulk-add users to Office 365, see [Add several users at the same time to Microsoft 365](/microsoft-365/enterprise/add-several-users-at-the-same-time).
 
 > [!NOTE]
 > If you encountered errors during bulk add, resolve them before you continue the bulk-add process. You can view the log file to see which users caused the errors, and then modify the .csv file to correct the problems. Click **Back** to retry the verification process.
@@ -949,7 +705,7 @@ Assign SharePoint Online resource permissions to Office 365 security groups, not
 > [!NOTE]
 > If your institution has AD DS, don’t create security accounts in Office 365. Instead, create the security groups in AD DS, and then use Azure AD integration to synchronize the security groups with your Office 365 tenant.
 
-For information about creating security groups, see [Create an Office 365 Group in the admin center](https://support.office.com/en-us/article/Create-an-Office-365-Group-in-the-admin-center-74a1ef8b-3844-4d08-9980-9f8f7a36000f?ui=en-US&rs=en-001&ad=US).
+For information about creating security groups, see [Create an Office 365 Group in the admin center](/microsoft-365/admin/create-groups/create-groups).
 
 You can add and remove users from security groups at any time.
 
@@ -966,7 +722,7 @@ You can create email distribution groups based on job role (such as teacher, adm
 > Office 365 can take some time to complete the Exchange Online creation process. You will have to wait until the creation process ends before you can perform the following steps.
 
 
-For information about creating email distribution groups, see [Create an Office 365 Group in the admin center](https://support.office.com/en-us/article/Create-an-Office-365-Group-in-the-admin-center-74a1ef8b-3844-4d08-9980-9f8f7a36000f?ui=en-US&rs=en-001&ad=US).
+For information about creating email distribution groups, see [Create a Microsoft 365 group in the admin center](/microsoft-365/admin/create-groups/create-groups).
 
 #### Summary
 
@@ -1083,63 +839,11 @@ This guide discusses thick image deployment. For information about thin image de
 ### Select a method to initiate deployment
 The LTI deployment process is highly automated: it requires minimal information to deploy or upgrade Windows 10. The ZTI deployment process is fully automated, but you must manually initiate it. To do so, use the method listed in Table 15 that best meets the needs of your institution.
 
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    



                    MethodDescription and reason to select this method
                    Windows Deployment Services
                    This method:
                    
-
                      
-
                    • Uses diskless booting to initiate LTI and ZTI deployments.
                      • 
-
                    • Works only with devices that support PXE boot.
                      • 
-
                    • Deploys Windows 10 over the network, which consumes more network bandwidth than deployment from local media.
                      • 
-
                    • Deploys images more slowly than when you use local media.
                      • 
-
                    • Requires that you deploy a Windows Deployment Services server.
                      • 
-
                    
-
                    Select this method when you want to deploy Windows over-the-network and perform diskless booting. The advantage of this method is that the diskless media are generic and typically don’t require updates after you create them (LTI and ZTI access the centrally located deployment content over the network). The disadvantage of this method is that over-the-network deployments are slower than deployments from local media, and you must deploy a Windows Deployment Services server.
-
                    Bootable media
                    This method:
                    
-
                      
-
                    • Initiates LTI or ZTI deployment by booting from local media, including from USB drives, DVD, or CD.
                      • 
-
                    • Deploys Windows 10 over the network, which consumes more network bandwidth than deployment from local media.
                      • 
-
                    • Deploys images more slowly than when using local media.
                      • 
-
                    • Requires no additional infrastructure.
                      • 
-
                    
-
                    Select this method when you want to deploy Windows over the network and are willing to boot the target device from local media. The advantage of this method is that the media are generic and typically don’t require updates after you create them (LTI and ZTI access the centrally located deployment content over the network). The disadvantage of this method is that over-the-network deployments are slower than deployment from local media.
-
                    Deployment media
                    This method:
                    
-
                      
-
                    • Initiates LTI or ZTI deployment by booting from a local USB hard disk.
                      • 
-
                    • Deploys Windows 10 from local media, which consumes less network bandwidth than over-the-network methods.
                      • 
-
                    • Deploys images more quickly than network-based methods do.
                      • 
-
                    • Requires a USB hard disk because of the deployment share’s storage requirements (up to 100 GB).
                      • 
-
                    
-
                    Select this method when you want to perform local deployments and are willing to boot the target device from a local USB hard disk. The advantage of this method is that local deployments are faster than over-the-network deployments. The disadvantage of this method is that each time you change the deployment share or distribution point content, you must regenerate the deployment media and update the USB hard disk.
-
                    
+|Method|Description and reason to select this method|
+|--- |--- |
+|Windows Deployment Services|This method:
                  • Uses diskless booting to initiate LTI and ZTI deployments.
                  • Works only with devices that support PXE boot.
                  • Deploys Windows 10 over the network, which consumes more network bandwidth than deployment from local media.
                  • Deploys images more slowly than when you use local media.
                  • Requires that you deploy a Windows Deployment Services server.

                    Select this method when you want to deploy Windows over-the-network and perform diskless booting. The advantage of this method is that the diskless media are generic and typically don’t require updates after you create them (LTI and ZTI access the centrally located deployment content over the network). The disadvantage of this method is that over-the-network deployments are slower than deployments from local media, and you must deploy a Windows Deployment Services server.|
+|Bootable media|This method:
                  • Initiates LTI or ZTI deployment by booting from local media, including from USB drives, DVD, or CD.
                  • Deploys Windows 10 over the network, which consumes more network bandwidth than deployment from local media.
                  • Deploys images more slowly than when using local media.
                  • Requires no additional infrastructure.
                     
                    Select this method when you want to deploy Windows over the network and are willing to boot the target device from local media. The advantage of this method is that the media are generic and typically don’t require updates after you create them (LTI and ZTI access the centrally located deployment content over the network). The disadvantage of this method is that over-the-network deployments are slower than deployment from local media.|
+|Deployment media|This method:
                  • Initiates LTI or ZTI deployment by booting from a local USB hard disk.
                  • Deploys Windows 10 from local media, which consumes less network bandwidth than over-the-network methods.
                  • Deploys images more quickly than network-based methods do.
                  • Requires a USB hard disk because of the deployment share’s storage requirements (up to 100 GB).
                     
                    Select this method when you want to perform local deployments and are willing to boot the target device from a local USB hard disk. The advantage of this method is that local deployments are faster than over-the-network deployments. The disadvantage of this method is that each time you change the deployment share or distribution point content, you must regenerate the deployment media and update the USB hard disk.
 
 *Table 15. Methods to initiate LTI and ZTI deployments*
 
@@ -1154,91 +858,14 @@ Before you can deploy Windows 10 and your apps to devices, you need to prepare y
 
 The first step in preparing for Windows 10 deployment is to configure—that is, *populate*—the MDT deployment share. Table 16 lists the MDT deployment share configuration tasks that you must perform. Perform the tasks in the order represented in Table 16.
 
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    



                    TaskDescription
                    1. Import operating systemsImport the operating systems that you selected in the Select the operating systems section into the deployment share. For more information about how to import operating systems, see Import an Operating System into the Deployment Workbench.
                    2. Import device driversDevice drivers allow Windows 10 to know a device’s hardware resources and connected hardware accessories. Without the proper device drivers, certain features may be unavailable. For example, without the proper audio driver, a device cannot play sounds; without the proper camera driver, the device cannot take photos or use video chat.

                    
-Import device drivers for each device in your institution. For more information about how to import device drivers, see Import Device Drivers into the Deployment Workbench.
-
                    3. Create MDT applications for Microsoft Store appsCreate an MDT application for each Microsoft Store app you want to deploy. You can deploy Microsoft Store apps by using sideloading, which allows you to use the Add-AppxPackage Windows PowerShell cmdlet to deploy the .appx files associated with the app (called provisioned apps). Use this method to deploy up to 24 apps to Windows 10.

                    
-
                    Prior to sideloading the .appx files, obtain the Microsoft Store .appx files that you will use to deploy (sideload) the apps in your provisioning package. For apps in Microsoft Store, you will need to obtain the .appx files by performing one of the following tasks:
                    
-
                      
-
                    • For offline-licensed apps, download the .appx files from the Microsoft Store for Business.
                      • 
-
                    • For apps that are not offline licensed, obtain the .appx files from the app software vendor directly.
                      • 
-
                    
-
                    If you are unable to obtain the .appx files from the app software vendor, then you or the students will need to install the apps on the student devices directly from Microsoft Store or Microsoft Store for Business.

                    
-If you have Intune or Microsoft Endpoint Configuration Manager, you can deploy Microsoft Store apps after you deploy Windows 10, as described in the Deploy and manage apps by using Intune and Deploy and manage apps by using Microsoft Endpoint Configuration Manager sections. This method provides granular deployment of Microsoft Store apps, and you can use it for ongoing management of Microsoft Store apps. This is the preferred method of deploying and managing Microsoft Store apps.

                    
-In addition, you must prepare your environment for sideloading Microsoft Store apps. For more information about how to:

                    
-
-
-
                    4. Create MDT applications for Windows desktop appsYou need to create an MDT application for each Windows desktop app you want to deploy. You can obtain the Windows desktop apps from any source, but ensure that you have sufficient licenses for them.

                    
-To help reduce the effort needed to deploy Microsoft Office 2016 desktop apps, use the Office Deployment Tool, as described in Deploy Click-to-Run for Office 365 products by using the Office Deployment Tool.

                    
-If you have Intune, you can deploy Windows desktop apps after you deploy Windows 10, as described in the Deploy and manage apps by using Intune section. This method provides granular deployment of Windows desktop apps, and you can use it for ongoing management of the apps. This is the preferred method for deploying and managing Windows desktop apps.
-

                    
-Note  You can also deploy Windows desktop apps after you deploy Windows 10, as described in the Deploy and manage apps by using Intune section.
-
-For more information about how to create an MDT application for Window desktop apps, see [Create a New Application in the Deployment Workbench](/mem/configmgr/mdt/use-the-mdt).
-
-
                    5. Create task sequences
                    You must create separate task sequences for each Windows 10 edition, processor architecture, operating system upgrade process, and new operating system deployment process. Minimally, create a task sequence for each Windows 10 operating system you imported in step 1—for example, (1) if you want to deploy Windows 10 Education to new devices or refresh existing devices with a new deployment of Windows 10 Education, (2) if you want to upgrade existing devices running Windows 8.1 or Windows 7 to Windows 10 Education, or (3) if you want to run deployments and upgrades for both 32-bit and 64-bit versions of Windows 10. To do so, you must create task sequences that will:
                    
-
                      
-
                    • Deploy 64-bit Windows 10 Education to devices.
                      • 
-
                    • Deploy 32-bit Windows 10 Education to devices.
                      • 
-
                    • Upgrade existing devices to 64-bit Windows 10 Education.
                      • 
-
                    • Upgrade existing devices to 32-bit Windows 10 Education.
                      • 
-
                    
-
                    Again, you will create the task sequences based on the operating systems that you imported in step 1. For more information about how to create a task sequence, see Create a New Task Sequence in the Deployment Workbench.
-
-
                    6. Update the deployment shareUpdating a deployment share generates the MDT boot images you use to initiate the Windows 10 deployment process. You can configure the process to create 32-bit and 64-bit versions of the .iso and .wim files you can use to create bootable media or in Windows Deployment Services.

                    
-For more information about how to update a deployment share, see Update a Deployment Share in the Deployment Workbench.
-
-
                    
+|Task|Description|
+|--- |--- |
+|1. Import operating systems|Import the operating systems that you selected in the [Select the operating systems](#select-the-operating-systems) section into the deployment share. For more information about how to import operating systems, see [Import Device Drivers into the Deployment Workbench](/mem/configmgr/mdt/use-the-mdt#ImportDeviceDriversintotheDeploymentWorkbench)|
+|2. Import device drivers|Device drivers allow Windows 10 to know a device’s hardware resources and connected hardware accessories. Without the proper device drivers, certain features may be unavailable. For example, without the proper audio driver, a device cannot play sounds; without the proper camera driver, the device cannot take photos or use video chat.
                    Import device drivers for each device in your institution. For more information about how to import device drivers, see [Import Device Drivers into the Deployment Workbench](/mem/configmgr/mdt/use-the-mdt#ImportDeviceDriversintotheDeploymentWorkbench)|
+|3. Create MDT applications for Microsoft Store apps|Create an MDT application for each Microsoft Store app you want to deploy. You can deploy Microsoft Store apps by using sideloading, which allows you to use the **Add-AppxPackage** Windows PowerShell cmdlet to deploy the .appx files associated with the app (called provisioned apps). Use this method to deploy up to 24 apps to Windows 10.
                    Prior to sideloading the .appx files, obtain the Microsoft Store .appx files that you will use to deploy (sideload) the apps in your provisioning package. For apps in Microsoft Store, you will need to obtain the .appx files by performing one of the following tasks:
                  • For offline-licensed apps, download the .appx files from the Microsoft Store for Business.
                  • For apps that are not offline licensed, obtain the .appx files from the app software vendor directly.
                     
                     If you are unable to obtain the .appx files from the app software vendor, then you or the students will need to install the apps on the student devices directly from Microsoft Store or Microsoft Store for Business.
                    If you have Intune or Microsoft Endpoint Configuration Manager, you can deploy Microsoft Store apps after you deploy Windows 10, as described in the [Deploy and manage apps by using Intune](#deploy-and-manage-apps-by-using-intune) and [Deploy and manage apps by using Microsoft Endpoint Configuration Manager](#deploy-and-manage-apps-by-using-microsoft-endpoint-configuration-manager). This method provides granular deployment of Microsoft Store apps, and you can use it for ongoing management of Microsoft Store apps. This is the preferred method of deploying and managing Microsoft Store apps.
                    In addition, you must prepare your environment for sideloading Microsoft Store apps. For more information about how to:
                  • Prepare your environment for sideloading, see [Try it out: sideload Microsoft Store apps](/previous-versions/windows/).
                  • Create an MDT application, see [Create a New Application in the Deployment Workbench](/mem/configmgr/mdt/use-the-mdt#CreateaNewApplicationintheDeploymentWorkbench).|
+|4. Create MDT applications for Windows desktop apps|You need to create an MDT application for each Windows desktop app you want to deploy. You can obtain the Windows desktop apps from any source, but ensure that you have sufficient licenses for them.
                    To help reduce the effort needed to deploy Microsoft Office 2016 desktop apps, use the Office Deployment Tool, as described in[Deploy Click-to-Run for Office 365 products by using the Office Deployment Tool](/deployoffice/deploy-microsoft-365-apps-local-source).
                     If you have Intune, you can [Deploy and manage apps by using Intune](#deploy-and-manage-apps-by-using-intune), as described in the Deploy and manage apps by using Intune section. This method provides granular deployment of Windows desktop apps, and you can use it for ongoing management of the apps.
                    This is the preferred method for deploying and managing Windows desktop apps.
                    **Note:**  You can also deploy Windows desktop apps after you deploy Windows 10, as described in the [Deploy and manage apps by using Intune](#deploy-and-manage-apps-by-using-intune) 
                    For more information about how to create an MDT application for Windows desktop apps, see [Create a New Application in the Deployment Workbench](/mem/configmgr/mdt/use-the-mdt).|
+|5. Create task sequences|You must create separate task sequences for each Windows 10 edition, processor architecture, operating system upgrade process, and new operating system deployment process. Minimally, create a task sequence for each Windows 10 operating system you imported in step 1—for example, (1) if you want to deploy Windows 10 Education to new devices or refresh existing devices with a new deployment of Windows 10 Education, (2) if you want to upgrade existing devices running Windows 8.1 or Windows 7 to Windows 10 Education, or (3) if you want to run deployments and upgrades for both 32-bit and 64-bit versions of Windows 10. To do so, you must create task sequences that will:
                  • Deploy 64-bit Windows 10 Education to devices.
                  • Deploy 32-bit Windows 10 Education to devices.
                  • Upgrade existing devices to 64-bit Windows 10 Education.
                  • Upgrade existing devices to 32-bit Windows 10 Education.
                     
                    Again, you will create the task sequences based on the operating systems that you imported in step 1. For more information about how to create a task sequence, see [Create a New Task Sequence in the Deployment Workbench](/mem/configmgr/mdt/use-the-mdt#CreateaNewTaskSequenceintheDeploymentWorkbench).|
+|6. Update the deployment share|Updating a deployment share generates the MDT boot images you use to initiate the Windows 10 deployment process. You can configure the process to create 32-bit and 64-bit versions of the .iso and .wim files you can use to create bootable media or in Windows Deployment Services.
                    For more information about how to update a deployment share, see [Update a Deployment Share in the Deployment Workbench](/mem/configmgr/mdt/use-the-mdt#UpdateaDeploymentShareintheDeploymentWorkbench).|
 
 *Table 16. Tasks to configure the MDT deployment share*
 
@@ -1276,7 +903,7 @@ Deploying a new Configuration Manager infrastructure is beyond the scope of this
 
     Create a Configuration Manager application for each Windows desktop or Microsoft Store app that you want to deploy after you apply the reference image to a device. For more information, see [Deploy and manage applications with Configuration Manager](/mem/configmgr/apps/deploy-use/deploy-applications).
 
-### Configure Window Deployment Services for MDT
+### Configure Windows Deployment Services for MDT
 
 You can use Windows Deployment Services in conjunction with MDT to automatically initiate boot images on target devices. These boot images can be Windows PE images (which you generated in step 6 in Table 16) or custom images that can deploy operating systems directly to the target devices.
 
@@ -1298,7 +925,7 @@ You can use Windows Deployment Services in conjunction with MDT to automatically
 
     For more information about how to perform this step, see [Add LTI Boot Images to Windows Deployment Services](/mem/configmgr/mdt/use-the-mdt#AddLTIBootImagestoWindowsDeploymentServices).
 
-### Configure Window Deployment Services for Microsoft Endpoint Configuration Manager
+### Configure Windows Deployment Services for Microsoft Endpoint Configuration Manager
 
 > [!NOTE]
 > If you have already configured your Microsoft Endpoint Manager infrastructure to support PXE boot or selected to deploy Windows 10 by using MDT only, then skip this section and continue to the next.
@@ -1430,116 +1057,20 @@ Microsoft has several recommended settings for educational institutions. Table 1
 
 Use the information in Table 17 to help you determine whether you need to configure the setting and which method you will use to do so. At the end, you will have a list of settings that you want to apply to the Windows 10 devices and know which management method you will use to configure the settings.
 
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+|Recommendation|Description|
+|--- |--- |
+|Use of Microsoft accounts|You want faculty and students to use only Azure AD accounts for institution-owned devices. For these devices, do not use Microsoft accounts or associate a Microsoft account with the Azure AD accounts.
                    **Note**  Personal devices typically use Microsoft accounts. Faculty and students can associate their Microsoft account with their Azure AD account on these devices. 
                    **Group Policy.** Configure the [Accounts: Block Microsoft accounts](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj966262(v=ws.11)) Group Policy setting to use the **Users can’t add Microsoft accounts** setting option.
                    ****Intune**.** To enable or disable the use of Microsoft accounts, use the **Allow Microsoft account**, **Allow adding non-Microsoft accounts manually**, and **Allow settings synchronization for Microsoft accounts** policy settings under the **Accounts and Synchronization** section of a **Windows 10 General Configuration** policy.|
+|Restrict the local administrator accounts on the devices|Ensure that only authorized users are local administrators on institution-owned devices. Typically, you don’t want students to be administrators on instruction-owned devices. Explicitly specify the users who will be local administrators on a group of devices.
                    **Group Policy**. Create a Local Group Group Policy preference to limit the local administrators group membership. Select the Delete all member users and Delete all member groups check boxes to remove any existing members. For more information about how to configure Local Group preferences, see Configure a Local Group Item. 
                    **Intune**. Not available.|
+|Manage the built-in administrator account created during device deployment|When you use MDT to deploy Windows 10, the MDT deployment process automatically creates a local Administrator account with the password you specified. As a security best practice, rename the built-in Administrator account and (optionally) disable it.
                     **Group Policy**. To rename the built-in Administrator account, use the Accounts: Rename administrator account Group policy setting. For more information about how to rename the built-in Administrator account, see [To rename the Administrator account using the Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-essentials-sbs/cc747484(v=ws.10)). You specify the new name for the Administrator account. To disable the built-in Administrator account, use the Accounts: Administrator account status Group policy setting. For more information about how to disable the built-in Administrator account, see [Accounts: Administrator account status](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj852165(v=ws.11)).
                     **Intune**. Not available.|
+|Control Microsoft Store access|You can control access to Microsoft Store and whether existing Microsoft Store apps receive updates. You can only disable the Microsoft Store app in Windows 10 Education and Windows 10 Enterprise.
                    **Group policy**. To disable the Microsoft Store app, use the Turn off the Store Application group policy setting. To prevent Microsoft Store apps from receiving updates, use the Turn off Automatic Download and Install of updates Group Policy setting. For more information about configuring these settings, see Can I use Group Policy to control the Microsoft Store in my enterprise environment?
                    **Intune**. To enable or disable Microsoft Store access, use the Allow application store policy setting in the Apps section of a Windows 10 General Configuration policy.|
+|Use of Remote Desktop connections to devices|Remote Desktop connections could allow unauthorized access to the device. Depending on your institution’s policies, you may want to disable Remote Desktop connections on your devices.
                    **Group policy**. To enable or disable Remote Desktop connections to devices, use the Allow Users to connect remotely using Remote Desktop setting in Computer Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections.
                    **Intune**. Not available.|
+|Use of camera|A device’s camera can be a source of disclosure or privacy issues in an education environment. Depending on your institution’s policies, you may want to disable the camera on your devices.
                    **Group policy**. Not available.
                    **Intune**. To enable or disable the camera, use the Allow camera policy setting in the Hardware section of a Windows 10 General Configuration policy.|
+|Use of audio recording|Audio recording (by using the Sound Recorder app) can be a source of disclosure or privacy issues in an education environment. Depending on your institution’s policies, you may want to disable the Sound Recorder app on your devices.
                    **Group policy**. To disable the Sound Recorder app, use the Do not allow Sound Recorder to run Group Policy setting. You can disable other audio recording apps by using AppLocker policies. To create AppLocker policies, use the information in [Editing an AppLocker Policy](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/ee791894(v=ws.10)) and [Create Your AppLocker Policies](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/ee791899(v=ws.11)).
                    **Intune**. To enable or disable audio recording, use the Allow voice recording policy setting in the Features section of a Windows 10 General Configuration policy.|
+|Use of screen capture|Screen captures can be a source of disclosure or privacy issues in an education environment. Depending on your institution’s policies, you may want to disable the ability to perform screen captures on your devices.
                    **Group policy**. Not available.
                    **Intune**. To enable or disable screen capture, use the Allow screen capture policy setting in the System section of a Windows 10 General Configuration policy.|
+|Use of location services|Providing a device’s location can be a source of disclosure or privacy issues in an education environment. Depending on your institution’s policies, you may want to disable the location service on your devices.
                    **Group policy**. To enable or disable location services, use the Turn off location group policy setting in User Configuration\Windows Components\Location and Sensors.
                    **Intune**. To enable or disable location services, use the Allow geolocation policy setting in the Hardware section of a Windows 10 General Configuration policy.|
+|Changing wallpaper|Custom wallpapers can be a source of disclosure or privacy issues in an education environment (if the wallpaper displays information about the user or device). Depending on your institution’s policies, you may want to prevent users from changing the wallpaper on institution-owned devices.
                    **Group policy**. To configure the wallpaper, use the Desktop WallPaper setting in User Configuration\Administrative Templates\Desktop\Desktop.
                    **Intune**. Not available.|
 
 
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    



                    RecommendationDescription
                    Use of Microsoft accountsYou want faculty and students to use only Azure AD accounts for institution-owned devices. For these devices, do not use Microsoft accounts or associate a Microsoft account with the Azure AD accounts.

                    
-
-**Note**  Personal devices typically use Microsoft accounts. Faculty and students can associate their Microsoft account with their Azure AD account on these devices.

                    
-**Group Policy.** Configure the [Accounts: Block Microsoft accounts](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj966262(v=ws.11)) Group Policy setting to use the **Users can’t add Microsoft accounts** setting option.

                    
-**Intune.** To enable or disable the use of Microsoft accounts, use the **Allow Microsoft account**, **Allow adding non-Microsoft accounts manually**, and **Allow settings synchronization for Microsoft accounts** policy settings under the **Accounts and Synchronization** section of a **Windows 10 General Configuration** policy.
-
-
                    Restrict the local administrator accounts on the devicesEnsure that only authorized users are local administrators on institution-owned devices. Typically, you don’t want students to be administrators on instruction-owned devices. Explicitly specify the users who will be local administrators on a group of devices.

                    
-Group Policy. Create a Local Group Group Policy preference to limit the local administrators group membership. Select the Delete all member users and Delete all member groups check boxes to remove any existing members. For more information about how to configure Local Group preferences, see Configure a Local Group Item.

                    
-Intune. Not available.
-
-
                    Manage the built-in administrator account created during device deploymentWhen you use MDT to deploy Windows 10, the MDT deployment process automatically creates a local Administrator account with the password you specified. As a security best practice, rename the built-in Administrator account and (optionally) disable it.

                    
-Group Policy. To rename the built-in Administrator account, use the Accounts: Rename administrator account Group Policy setting. For more information about how to rename the built-in Administrator account, see To rename the Administrator account using the Group Policy Management Console. You specify the new name for the Administrator account. To disable the built-in Administrator account, use the Accounts: Administrator account status Group Policy setting. For more information about how to disable the built-in Administrator account, see Accounts: Administrator account status.

                    
-Intune. Not available.
-
-
                    Control Microsoft Store accessYou can control access to Microsoft Store and whether existing Microsoft Store apps receive updates. You can only disable the Microsoft Store app in Windows 10 Education and Windows 10 Enterprise.

                    
-Group Policy. To disable the Microsoft Store app, use the Turn off the Store Application group policy setting. To prevent Microsoft Store apps from receiving updates, use the Turn off Automatic Download and Install of updates Group Policy setting. For more information about configuring these settings, see Can I use Group Policy to control the Microsoft Store in my enterprise environment?.

                    
-Intune. To enable or disable Microsoft Store access, use the Allow application store policy setting in the Apps section of a Windows 10 General Configuration policy.
-
-
                    Use of Remote Desktop connections to devicesRemote Desktop connections could allow unauthorized access to the device. Depending on your institution’s policies, you may want to disable Remote Desktop connections on your devices.

                    
-Group Policy. To enable or disable Remote Desktop connections to devices, use the Allow Users to connect remotely using Remote Desktop setting in Computer Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections.

                    
-Intune. Not available.
-
-
                    Use of cameraA device’s camera can be a source of disclosure or privacy issues in an education environment. Depending on your institution’s policies, you may want to disable the camera on your devices.

                    
-Group Policy. Not available.

                    
-Intune. To enable or disable the camera, use the Allow camera policy setting in the Hardware section of a Windows 10 General Configuration policy.
-
-
                    Use of audio recordingAudio recording (by using the Sound Recorder app) can be a source of disclosure or privacy issues in an education environment. Depending on your institution’s policies, you may want to disable the Sound Recorder app on your devices.

                    
-Group Policy. To disable the Sound Recorder app, use the Do not allow Sound Recorder to run Group Policy setting. You can disable other audio recording apps by using AppLocker policies. To create AppLocker policies, use the information in Editing an AppLocker Policy and Create Your AppLocker Policies.

                    
-Intune. To enable or disable audio recording, use the Allow voice recording policy setting in the Features section of a Windows 10 General Configuration policy.
-
-
                    Use of screen captureScreen captures can be a source of disclosure or privacy issues in an education environment. Depending on your institution’s policies, you may want to disable the ability to perform screen captures on your devices.

                    
-Group Policy. Not available.

                    
-Intune. To enable or disable screen capture, use the Allow screen capture policy setting in the System section of a Windows 10 General Configuration policy.
-
-
                    Use of location servicesProviding a device’s location can be a source of disclosure or privacy issues in an education environment. Depending on your institution’s policies, you may want to disable the location service on your devices.

                    
-Group Policy. To enable or disable location services, use the Turn off location group policy setting in User Configuration\Windows Components\Location and Sensors.

                    
-Intune. To enable or disable location services, use the Allow geolocation policy setting in the Hardware section of a Windows 10 General Configuration policy.
-
-
                    Changing wallpaperCustom wallpapers can be a source of disclosure or privacy issues in an education environment (if the wallpaper displays information about the user or device). Depending on your institution’s policies, you may want to prevent users from changing the wallpaper on institution-owned devices.

                    
-Group Policy. To configure the wallpaper, use the Desktop WallPaper setting in User Configuration\Administrative Templates\Desktop\Desktop.

                    
-Intune. Not available.
-
-
                    
 
                    
 Table 17. Recommended settings for educational institutions
 
@@ -1719,205 +1250,23 @@ After the initial deployment, you need to perform certain tasks to maintain the
 
 Table 19 lists the school and individual classroom maintenance tasks, the resources for performing the tasks, and the schedule (or frequency) on which you should perform the tasks.
 
-
------
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    





                    Task and resourcesMonthlyNew semester or academic yearAs required
                    Verify that Windows Update is active and current with operating system and software updates.

                    
-For more information about completing this task when you have:
-
-                    		xxx
                    Verify that Windows Defender is active and current with malware Security intelligence.

                    
-For more information about completing this task, see Turn Windows Defender on or off and Updating Windows Defender.
-                    		xxx
                    Verify that Windows Defender has run a scan in the past week and that no viruses or malware were found.

                    
-For more information about completing this task, see the “How do I find and remove a virus?” topic in Protect my PC from viruses.
-                    		xxx
                    Download and approve updates for Windows 10, apps, device driver, and other software.

                    
-For more information, see:
-
-                    		xxx
                    Verify that you’re using the appropriate Windows 10 servicing options for updates and upgrades (such as selecting whether you want to use Current Branch or Current Branch for Business).

                    
-For more information about Windows 10 servicing options for updates and upgrades, see Windows 10 servicing options.
-                    		xx
                    Refresh the operating system and apps on devices.

                    
-For more information about completing this task, see the following resources:
-
-                    		xx
                    Install any new Windows desktop apps, or update any Windows desktop apps used in the curriculum.

                    
-For more information, see:
-
-                    		xx
                    Install new or update existing Microsoft Store apps used in the curriculum.

                    
-Microsoft Store apps are automatically updated from Microsoft Store. The menu bar in the Microsoft Store app shows whether any Microsoft Store app updates are available for download.

                    
-You can also deploy Microsoft Store apps directly to devices by using Intune, Microsoft Endpoint Configuration Manager, or both in a hybrid configuration. For more information, see:
-
-                    		xx
                    Remove unnecessary user accounts (and corresponding licenses) from AD DS and Office 365 (if you have an on-premises AD DS infrastructure).

                    
-For more information about how to:
-
-                    		xx
                    Add new accounts (and corresponding licenses) to AD DS (if you have an on-premises AD DS infrastructure).

                    
-For more information about how to:
-
-                    		xx
                    Remove unnecessary user accounts (and corresponding licenses) from Office 365 (if you do not have an on-premises AD DS infrastructure).

                    
-For more information about how to:
-
-                    		xx
                    Add new accounts (and corresponding licenses) to Office 365 (if you don’t have an on-premises AD DS infrastructure).

                    
-For more information about how to:
-
-                    		xx
                    Create or modify security groups, and manage group membership in Office 365.

                    
-For more information about how to:
-
-                    		xx
                    Create or modify Exchange Online or Microsoft Exchange Server distribution lists in Office 365.

                    
-For more information about how to create or modify Exchange Online or Exchange Server distribution lists in Office 365, see Create and manage distribution groups and Create, edit, or delete a security group.
-                    		xx
                    Install new student devices.

                    
-Follow the same steps you followed in the Deploy Windows 10 to devices section.
-                    		x
                    
-
                    
+|Task and resources|Monthly|New semester or academic year|As required|
+|--- |--- |--- |--- |
+|Verify that Windows Update is active and current with operating system and software updates.
                    For more information about completing this task when you have:
                  • Intune, see [Keep Windows PCs up to date with software updates in Microsoft Intune](/intune/deploy-use/keep-windows-pcs-up-to-date-with-software-updates-in-microsoft-intune)
                  • Group Policy, see [Windows Update for Business](/windows/deployment/update/waas-manage-updates-wufb).
                  • WSUS, see [Windows Server Update Services](/windows/deployment/deploy-whats-new).
                    Neither Intune, Group Policy, nor WSUS, see “Install, upgrade, & activate” in Windows 10 help.|✔️|✔️|✔️|
+|Verify that Windows Defender is active and current with malware Security intelligence.
                    For more information about completing this task, see [Turn Windows Defender on or off](https://support.microsoft.com/instantanswers/742778f2-6aad-4a8d-8f5d-db59cebc4f24/how-to-protect-your-windows-10-pc#v1h=tab02)and [Updating Windows Defender](https://support.microsoft.com/instantanswers/742778f2-6aad-4a8d-8f5d-db59cebc4f24/how-to-protect-your-windows-10-pc#v1h=tab03).|✔️|✔️|✔️|
+|Verify that Windows Defender has run a scan in the past week and that no viruses or malware were found.
                    For more information about completing this task, see the “How do I find and remove a virus?” topic in [Protect my PC from viruses](https://support.microsoft.com/help/17228/windows-protect-my-pc-from-viruses).|✔️|✔️|✔️|
+|Download and approve updates for Windows 10, apps, device driver, and other software.
                    For more information, see:
                  • [Manage updates by using Intune](#manage-updates-by-using-intune)
                  • [Manage updates by using Microsoft Endpoint Configuration Manager](#manage-updates-by-using-microsoft-endpoint-configuration-manager)|✔️|✔️|✔️|
+|Verify that you’re using the appropriate Windows 10 servicing options for updates and upgrades (such as selecting whether you want to use Current Branch or Current Branch for Business).
                    For more information about Windows 10 servicing options for updates and upgrades, see [Windows 10 servicing options](/windows/deployment/update/).||✔️|✔️|
+|Refresh the operating system and apps on devices.
                    For more information about completing this task, see the following resources:
                  • [Prepare for deployment](#prepare-for-deployment)
                  • [Capture the reference image](#capture-the-reference-image)
                  • [Deploy Windows 10 to devices](#deploy-windows-10-to-devices)||✔️|✔️|
+|Install any new Windows desktop apps, or update any Windows desktop apps used in the curriculum.
                    For more information, see:
                  • [Deploy and manage apps by using Intune](#deploy-and-manage-apps-by-using-intune)
                  • [Deploy and manage apps by using Microsoft Endpoint Configuration Manager](#deploy-and-manage-apps-by-using-microsoft-endpoint-configuration-manager)||✔️|✔️|
+|Install new or update existing Microsoft Store apps used in the curriculum.
                    Microsoft Store apps are automatically updated from Microsoft Store. The menu bar in the Microsoft Store app shows whether any Microsoft Store app updates are available for download.
                    You can also deploy Microsoft Store apps directly to devices by using Intune, Microsoft Endpoint Configuration Manager, or both in a hybrid configuration. 
                    For more information, see:
                  • [Deploy and manage apps by using Intune](#deploy-and-manage-apps-by-using-intune)
                  • [Deploy and manage apps by using Microsoft Endpoint Configuration Manager](#deploy-and-manage-apps-by-using-microsoft-endpoint-configuration-manager)||✔️|✔️|
+|Remove unnecessary user accounts (and corresponding licenses) from AD DS and Office 365 (if you have an on-premises AD DS infrastructure).
                    For more information about how to:
                  • Remove unnecessary user accounts, see [Active Directory Administrative Center](/windows-server/identity/ad-ds/get-started/adac/active-directory-administrative-center) 
                  • Remove licenses, see [Add users and assign licenses](/microsoft-365/admin/add-users/add-users)||✔️|✔️|
+|Add new accounts (and corresponding licenses) to AD DS (if you have an on-premises AD DS infrastructure).
                    For more information about how to:
                  • Add user accounts, see [Bulk-import user and group accounts into AD DS](#bulk-import-user-and-group-accounts-into-ad-ds)
                  • Assign licenses, see [Add users and assign licenses](/microsoft-365/admin/add-users/add-users)||✔️|✔️|
+|Remove unnecessary user accounts (and corresponding licenses) from Office 365 (if you do not have an on-premises AD DS infrastructure).
                    For more information about how to:
                  • Remove unnecessary user accounts, see [Delete or restore users](/microsoft-365/admin/add-users/delete-a-user)
                  •  Remove licenses, [Assign or remove licenses for Microsoft 365](/microsoft-365/admin/add-users/add-users).||✔️|✔️|
+|Add new accounts (and corresponding licenses) to Office 365 (if you don’t have an on-premises AD DS infrastructure).
                    For more information about how to:
                  • Add user accounts, see [Add users to Microsoft 365](/microsoft-365/admin/add-users/add-users) and [Add users individually or in bulk to Office 365](https://www.youtube.com/watch?v=zDs3VltTJps).
                  • Assign licenses, see [Add users to Microsoft 365](/microsoft-365/admin/add-users/add-users).||✔️|✔️|
+|Create or modify security groups, and manage group membership in Office 365.
                    For more information about how to:
                  • Create or modify security groups, see [Create a Microsoft 365 group](/microsoft-365/admin/create-groups/create-groups)
                  • Manage group membership, see [Manage Group membership](/microsoft-365/admin/create-groups/add-or-remove-members-from-groups).||✔️|✔️|
+|Create or modify Exchange Online or Microsoft Exchange Server distribution lists in Office 365.
                    For more information about how to create or modify Exchange Online or Exchange Server distribution lists in Office 365, see [Create and manage distribution groups](/exchange/recipients-in-exchange-online/manage-distribution-groups/manage-distribution-groups) and [Create, edit, or delete a security group](/microsoft-365/admin/email/create-edit-or-delete-a-security-group).||✔️|✔️|
+|Install new student devices.
                     Follow the same steps you followed in the[Deploy Windows 10 to devices](#deploy-windows-10-to-devices) section.|||✔️|
 
 *Table 19. School and individual classroom maintenance tasks, with resources and the schedule for performing them*
 
@@ -1936,4 +1285,4 @@ You have now identified the tasks you need to perform monthly, at the end of an
 * [Manage Windows 10 updates and upgrades in a school environment (video)](./index.md)
 * [Reprovision devices at the end of the school year (video)](./index.md)
 * [Use MDT to deploy Windows 10 in a school (video)](./index.md)
-* [Use Microsoft Store for Business in a school environment (video)](./index.md)
\ No newline at end of file
+* [Use Microsoft Store for Business in a school environment (video)](./index.md)
diff --git a/education/windows/deploy-windows-10-in-a-school.md b/education/windows/deploy-windows-10-in-a-school.md
index d06c0039c5..c0e52a36d6 100644
--- a/education/windows/deploy-windows-10-in-a-school.md
+++ b/education/windows/deploy-windows-10-in-a-school.md
@@ -441,7 +441,7 @@ Several methods are available to bulk-import user accounts into AD DS domains. T
 |---|---|
 | **Ldifde.exe** | This command-line tool allows you to import and export objects (such as user accounts) from AD DS. Select this method if you aren’t comfortable with Microsoft Visual Basic Scripting Edition (VBScript), Windows PowerShell, or other scripting languages. For more information about using Ldifde.exe, see [Step-by-Step Guide to Bulk Import and Export to Active Directory](https://social.technet.microsoft.com/wiki/contents/articles/116.active-directory-step-by-step-guide-bulk-import-and-export.aspx), [LDIFDE—Export/Import data from Active Directory—LDIFDE commands](https://support.microsoft.com/kb/555636), [Import or Export Directory Objects Using Ldifde](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc816781(v=ws.10)), and [LDIFDE](/previous-versions/orphan-topics/ws.10/cc755456(v=ws.10)). |
 | **VBScript** | This scripting language uses the Active Directory Services Interfaces (ADSI) Component Object Model interface to manage AD DS objects, including user and group objects. Select this method if you’re comfortable with VBScript. For more information about using VBScript and ADSI, see [Step-by-Step Guide to Bulk Import and Export to Active Directory](https://social.technet.microsoft.com/wiki/contents/articles/116.active-directory-step-by-step-guide-bulk-import-and-export.aspx). |
-| **Windows PowerShell** |  This scripting language natively supports cmdlets to manage AD DS objects, including user and group objects. Select this method if you’re comfortable with Window PowerShell scripting. For more information about using Windows PowerShell, see [Import Bulk Users to Active Directory](/archive/blogs/technet/bettertogether/import-bulk-users-to-active-directory) and [PowerShell: Bulk create AD Users from CSV file](https://social.technet.microsoft.com/wiki/contents/articles/24541.powershell-bulk-create-ad-users-from-csv-file.aspx).  |
+| **Windows PowerShell** |  This scripting language natively supports cmdlets to manage AD DS objects, including user and group objects. Select this method if you’re comfortable with Windows PowerShell scripting. For more information about using Windows PowerShell, see [Import Bulk Users to Active Directory](/archive/blogs/technet/bettertogether/import-bulk-users-to-active-directory) and [PowerShell: Bulk create AD Users from CSV file](https://social.technet.microsoft.com/wiki/contents/articles/24541.powershell-bulk-create-ad-users-from-csv-file.aspx).  |
 
 ---
 
@@ -670,13 +670,13 @@ The first step in preparation for Windows 10 deployment is to configure—that i
 | **1. Import operating systems** | Import the operating systems that you selected in the [Select operating systems](#select-the-operating-systems) section into the deployment share. For more information about how to import operating systems, see [Import an Operating System into the Deployment Workbench](/mem/configmgr/mdt/use-the-mdt#ImportanOperatingSystemintotheDeploymentWorkbench). |
 | **2. Import device drives** | Device drivers allow Windows 10 to know a device’s hardware resources and connected hardware accessories. Without the proper device drivers, certain features may be unavailable. For example, without the proper audio driver, a device cannot play sounds; without the proper camera driver, the device cannot take photos or use video chat.

                     Import device drivers for each device in your institution. For more information about how to import device drivers, see [Import Device Drivers into the Deployment Workbench](/mem/configmgr/mdt/use-the-mdt#ImportDeviceDriversintotheDeploymentWorkbench). |
 | **3. Create MDT applications for Microsoft Store apps** | Create an MDT application for each Microsoft Store app you want to deploy. You can deploy Microsoft Store apps by using sideloading, which allows you to use the Add-AppxPackage Windows PowerShell cmdlet to deploy the .appx files associated with the app (called provisioned apps). Use this method to deploy up to 24 apps to Windows 10.

                    Prior to sideloading the .appx files, obtain the Microsoft Store .appx files that you will use to deploy (sideload) the apps in your provisioning package. For apps in Microsoft Store, you will need to obtain the .appx files from the app software vendor directly. If you are unable to obtain the .appx files from the app software vendor, then you or the students will need to install the apps on the student devices directly from Microsoft Store or Microsoft Store for Business.

                    If you have Intune, you can deploy Microsoft Store apps after you deploy Windows 10, as described in the [Deploy apps by using Intune](#deploy-apps-by-using-intune) section. This method provides granular deployment of Microsoft Store apps, and you can use it for ongoing management of Microsoft Store apps. This is the preferred method of deploying and managing Microsoft Store apps.

                    In addition, you must prepare your environment for sideloading (deploying) Microsoft Store apps. For more information about how to:

                    - Prepare your environment for sideloading, see [Sideload LOB apps in Windows 10](/windows/application-management/sideload-apps-in-windows-10).
                    - Create an MDT application, see [Create a New Application in the Deployment Workbench](/mem/configmgr/mdt/use-the-mdt#CreateaNewApplicationintheDeploymentWorkbench). |
-| **4. Create MDT applications for Windows desktop apps** | You need to create an MDT application for each Windows desktop app you want to deploy. You can obtain the Windows desktop apps from any source, but ensure that you have sufficient licenses for them.

                    To help reduce the effort needed to deploy Microsoft Office 2016 desktop apps, use the Office Deployment Tool, as described in [Deploy Click-to-Run for Office 365 products by using the Office Deployment Tool](/deployoffice/deploy-microsoft-365-apps-local-source?f=255&MSPPError=-2147217396).

                    If you have Intune, you can deploy Windows desktop apps after you deploy Windows 10, as described in the [Deploy apps by using Intune](#deploy-apps-by-using-intune) section. This method provides granular deployment of Windows desktop apps, and you can use it for ongoing management of the apps. This is the preferred method for deploying and managing Windows desktop apps.

                     You can also deploy Windows desktop apps after you deploy Windows 10, as described in the [Deploy apps by using Intune](#deploy-apps-by-using-intune) section.

                    For more information about how to create an MDT application for Window desktop apps, see [Create a New Application in the Deployment Workbench](/mem/configmgr/mdt/use-the-mdt#CreateaNewApplicationintheDeploymentWorkbench). | 
+| **4. Create MDT applications for Windows desktop apps** | You need to create an MDT application for each Windows desktop app you want to deploy. You can obtain the Windows desktop apps from any source, but ensure that you have sufficient licenses for them.

                    To help reduce the effort needed to deploy Microsoft Office 2016 desktop apps, use the Office Deployment Tool, as described in [Deploy Click-to-Run for Office 365 products by using the Office Deployment Tool](/deployoffice/deploy-microsoft-365-apps-local-source?f=255&MSPPError=-2147217396).

                    If you have Intune, you can deploy Windows desktop apps after you deploy Windows 10, as described in the [Deploy apps by using Intune](#deploy-apps-by-using-intune) section. This method provides granular deployment of Windows desktop apps, and you can use it for ongoing management of the apps. This is the preferred method for deploying and managing Windows desktop apps.

                     You can also deploy Windows desktop apps after you deploy Windows 10, as described in the [Deploy apps by using Intune](#deploy-apps-by-using-intune) section.

                    For more information about how to create an MDT application for Windows desktop apps, see [Create a New Application in the Deployment Workbench](/mem/configmgr/mdt/use-the-mdt#CreateaNewApplicationintheDeploymentWorkbench). | 
 | **5. Create task sequences.** | You must create a separate task sequence for each Windows 10 edition, processor architecture, operating system upgrade process, and new operating system deployment process. Minimally, create a task sequence for each Windows 10 operating system you imported in Step 1—for example, (1) if you want to deploy Windows 10 Education to new devices or refresh existing devices with a new deployment of Windows 10 Education; (2) if you want to upgrade existing devices running Windows 8.1 or Windows 7 to Windows 10 Education; or (3) if you want to run deployments and upgrades for both 32 bit and 64-bit versions of Windows 10. To do so, you must create task sequences that will:

                    - Deploy Windows 10 Education 64-bit to devices.
                    - Deploy Windows 10 Education 32-bit to devices.
                    - Upgrade existing devices to Windows 10 Education 64-bit.
                    - Upgrade existing devices to Windows 10 Education 32-bit.

                    Again, you will create the task sequences based on the operating systems that you imported in Step 1. For more information about how to create a task sequence, see [Create a New Task Sequence in the Deployment Workbench](/mem/configmgr/mdt/use-the-mdt#CreateaNewTaskSequenceintheDeploymentWorkbench). |
 | **6. Update the deployment share.** | Updating a deployment share generates the MDT boot images you use to initiate the Windows 10 deployment process. You can configure the process to create 32 bit and 64-bit versions of the .iso and .wim files you can use to create bootable media or in Windows Deployment Services.

                     For more information about how to update a deployment share, see [Update a Deployment Share in the Deployment Workbench](/mem/configmgr/mdt/use-the-mdt#UpdateaDeploymentShareintheDeploymentWorkbench).|
 
 ---
 
-### Configure Window Deployment Services for MDT
+### Configure Windows Deployment Services for MDT
 
 You can use Windows Deployment Services with MDT to automatically initiate boot images on target computers. These boot images can be Windows PE images (which you generated in Step 6 in Table 9) or custom images that can deploy operating systems directly to the target computers.
 
diff --git a/education/windows/school-get-minecraft.md b/education/windows/school-get-minecraft.md
index a728b75a41..38b068d300 100644
--- a/education/windows/school-get-minecraft.md
+++ b/education/windows/school-get-minecraft.md
@@ -250,7 +250,7 @@ You'll download a .zip file, extract the files, and then use one of the files to
 
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
 
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProYesYes
                    EnterpriseYesYes
                    EducationYesYes
                    
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
@@ -105,28 +85,13 @@ The following list shows the supported values:
 **AboveLock/AllowToasts**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
-
-    
-    
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProYes, starting in Windows 10, version 1607Yes
                    EnterpriseYes, starting in Windows 10, version 1607Yes
                    EducationYes, starting in Windows 10, version 1607Yes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes, starting in Windows 10, version 1607|Yes|
+|Enterprise|Yes, starting in Windows 10, version 1607|Yes|
+|Education|Yes, starting in Windows 10, version 1607|Yes|
 
 
 
                    
diff --git a/windows/client-management/mdm/policy-csp-accounts.md b/windows/client-management/mdm/policy-csp-accounts.md
index ed466fe64a..795f89e92c 100644
--- a/windows/client-management/mdm/policy-csp-accounts.md
+++ b/windows/client-management/mdm/policy-csp-accounts.md
@@ -40,43 +40,15 @@ manager: dansimp
 **Accounts/AllowAddingNonMicrosoftAccountsManually**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProYesYes
                    EnterpriseYesYes
                    EducationYesYes
                    MobileYesYes
                    Mobile EnterpriseYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+|Mobile|Yes|Yes|
+|Mobile Enterprise|Yes|Yes|
 
 
 
                    
@@ -114,48 +86,16 @@ The following list shows the supported values:
 **Accounts/AllowMicrosoftAccountConnection**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProYesYes
                    BusinessYesYes
                    EnterpriseYesYes
                    EducationYesYes
                    MobileYesYes
                    Mobile EnterpriseYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+|Mobile|Yes|Yes|
+|Mobile Enterprise|Yes|Yes|
 
 
 
                    
@@ -190,48 +130,16 @@ The following list shows the supported values:
 **Accounts/AllowMicrosoftAccountSignInAssistant**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProYesYes
                    BusinessYesYes
                    EnterpriseYesYes
                    EducationYesYes
                    MobileYesYes
                    Mobile EnterpriseYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+|Mobile|Yes|Yes|
+|Mobile Enterprise|Yes|Yes|
 
 
 
                    
diff --git a/windows/client-management/mdm/policy-csp-activexcontrols.md b/windows/client-management/mdm/policy-csp-activexcontrols.md
index 95c9e7d80b..60248d3ecc 100644
--- a/windows/client-management/mdm/policy-csp-activexcontrols.md
+++ b/windows/client-management/mdm/policy-csp-activexcontrols.md
@@ -40,31 +40,13 @@ manager: dansimp
 **ActiveXControls/ApprovedInstallationSites**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProYesYes
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
diff --git a/windows/client-management/mdm/policy-csp-admx-activexinstallservice.md b/windows/client-management/mdm/policy-csp-admx-activexinstallservice.md
index c574952e31..0b63ffc56d 100644
--- a/windows/client-management/mdm/policy-csp-admx-activexinstallservice.md
+++ b/windows/client-management/mdm/policy-csp-admx-activexinstallservice.md
@@ -40,31 +40,14 @@ manager: dansimp
 **ADMX_ActiveXInstallService/AxISURLZonePolicies**  
 
 
-
-
-    
-    
-    
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProYesYes
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
 
 
 
                    
diff --git a/windows/client-management/mdm/policy-csp-admx-addremoveprograms.md b/windows/client-management/mdm/policy-csp-admx-addremoveprograms.md
index dfb1da857f..de3506d5e5 100644
--- a/windows/client-management/mdm/policy-csp-admx-addremoveprograms.md
+++ b/windows/client-management/mdm/policy-csp-admx-addremoveprograms.md
@@ -70,20 +70,10 @@ manager: dansimp
 **ADMX_AddRemovePrograms/DefaultCategory**  
 
 
-
-
-    
-    
-    
-
-
-    
-     
-     
-
 
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
 
 
 
                    
@@ -135,34 +125,14 @@ ADMX Info:
 **ADMX_AddRemovePrograms/NoAddFromCDorFloppy**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-
-
-    
-    
-    
-
-
-    
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    Business
                    EnterpriseYesYes
                    Education
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|||
+|Enterprise|Yes|Yes|
+|Education|||
 
 
 
                    
@@ -212,38 +182,14 @@ ADMX Info:
 **ADMX_AddRemovePrograms/NoAddFromInternet**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
@@ -294,38 +240,14 @@ ADMX Info:
 **ADMX_AddRemovePrograms/NoAddFromNetwork**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
@@ -377,38 +299,14 @@ ADMX Info:
 **ADMX_AddRemovePrograms/NoAddPage**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
@@ -456,38 +354,14 @@ ADMX Info:
 **ADMX_AddRemovePrograms/NoAddRemovePrograms**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
@@ -535,38 +409,14 @@ ADMX Info:
 **ADMX_AddRemovePrograms/NoChooseProgramsPage**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
@@ -615,37 +465,14 @@ ADMX Info:
 **ADMX_AddRemovePrograms/NoRemovePage**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
@@ -693,38 +520,14 @@ ADMX Info:
 **ADMX_AddRemovePrograms/NoServices**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
@@ -775,38 +578,14 @@ ADMX Info:
 **ADMX_AddRemovePrograms/NoSupportInfo**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
@@ -856,38 +635,14 @@ ADMX Info:
 **ADMX_AddRemovePrograms/NoWindowsSetupPage**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
diff --git a/windows/client-management/mdm/policy-csp-admx-admpwd.md b/windows/client-management/mdm/policy-csp-admx-admpwd.md
index 19b22053f4..dbb231d5c5 100644
--- a/windows/client-management/mdm/policy-csp-admx-admpwd.md
+++ b/windows/client-management/mdm/policy-csp-admx-admpwd.md
@@ -49,31 +49,13 @@ manager: dansimp
 **ADMX_AdmPwd/POL_AdmPwd_DontAllowPwdExpirationBehindPolicy**  
 
 
-
-
-    
-    
-    
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProYesYes
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
@@ -109,31 +91,13 @@ ADMX Info:
 **ADMX_AdmPwd/POL_AdmPwd_Enabled**  
 
 
-
-
-    
-    
-    
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProYesYes
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
@@ -172,31 +136,13 @@ ADMX Info:
 **ADMX_AdmPwd/POL_AdmPwd_AdminName**  
 
 
-
-
-    
-    
-    
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProYesYes
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
@@ -235,31 +181,13 @@ ADMX Info:
 **ADMX_AdmPwd/POL_AdmPwd**  
 
 
-
-
-    
-    
-    
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProYesYes
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
diff --git a/windows/client-management/mdm/policy-csp-admx-appcompat.md b/windows/client-management/mdm/policy-csp-admx-appcompat.md
index 110c13b38f..c25bbf261a 100644
--- a/windows/client-management/mdm/policy-csp-admx-appcompat.md
+++ b/windows/client-management/mdm/policy-csp-admx-appcompat.md
@@ -72,36 +72,14 @@ manager: dansimp
 **ADMX_AppCompat/AppCompatPrevent16BitMach**  
 
 
-
-
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
                    Edition
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
@@ -147,38 +125,14 @@ ADMX Info:
 **ADMX_AppCompat/AppCompatRemoveProgramCompatPropPage**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
@@ -218,38 +172,14 @@ ADMX Info:
 **ADMX_AppCompat/AppCompatTurnOffApplicationImpactTelemetry**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
@@ -293,38 +223,14 @@ ADMX Info:
 **ADMX_AppCompat/AppCompatTurnOffSwitchBack**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
@@ -369,37 +275,13 @@ ADMX Info:
 **ADMX_AppCompat/AppCompatTurnOffEngine**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
@@ -446,38 +328,14 @@ ADMX Info:
 **ADMX_AppCompat/AppCompatTurnOffProgramCompatibilityAssistant_1**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
@@ -513,38 +371,14 @@ ADMX Info:
 **ADMX_AppCompat/AppCompatTurnOffProgramCompatibilityAssistant_2**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
@@ -587,38 +421,14 @@ ADMX Info:
 **ADMX_AppCompat/AppCompatTurnOffUserActionRecord**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
@@ -660,38 +470,14 @@ ADMX Info:
 **ADMX_AppCompat/AppCompatTurnOffProgramInventory**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
diff --git a/windows/client-management/mdm/policy-csp-admx-appxpackagemanager.md b/windows/client-management/mdm/policy-csp-admx-appxpackagemanager.md
index 4e924cb2a7..b3a9d9197f 100644
--- a/windows/client-management/mdm/policy-csp-admx-appxpackagemanager.md
+++ b/windows/client-management/mdm/policy-csp-admx-appxpackagemanager.md
@@ -39,38 +39,14 @@ manager: dansimp
 **ADMX_AppxPackageManager/AllowDeploymentInSpecialProfiles**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
diff --git a/windows/client-management/mdm/policy-csp-admx-appxruntime.md b/windows/client-management/mdm/policy-csp-admx-appxruntime.md
index 74860dbb38..7440cfbb70 100644
--- a/windows/client-management/mdm/policy-csp-admx-appxruntime.md
+++ b/windows/client-management/mdm/policy-csp-admx-appxruntime.md
@@ -48,37 +48,14 @@ manager: dansimp
 **ADMX_AppXRuntime/AppxRuntimeApplicationContentUriRules**  
 
 
-
-
-    
-    
-      
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
@@ -117,38 +94,14 @@ ADMX Info:
 **ADMX_AppXRuntime/AppxRuntimeBlockFileElevation**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
@@ -187,38 +140,14 @@ ADMX Info:
 **ADMX_AppXRuntime/AppxRuntimeBlockHostedAppAccessWinRT**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
@@ -259,38 +188,14 @@ ADMX Info:
 **ADMX_AppXRuntime/AppxRuntimeBlockProtocolElevation**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
diff --git a/windows/client-management/mdm/policy-csp-admx-attachmentmanager.md b/windows/client-management/mdm/policy-csp-admx-attachmentmanager.md
index 9ddc5dc7bc..60757b10f3 100644
--- a/windows/client-management/mdm/policy-csp-admx-attachmentmanager.md
+++ b/windows/client-management/mdm/policy-csp-admx-attachmentmanager.md
@@ -51,38 +51,14 @@ manager: dansimp
 **ADMX_AttachmentManager/AM_EstimateFileHandlerRisk**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
@@ -126,37 +102,14 @@ ADMX Info:
 **ADMX_AttachmentManager/AM_SetFileRiskLevel**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes
 
 
 
                    
@@ -202,38 +155,14 @@ ADMX Info:
 **ADMX_AttachmentManager/AM_SetHighRiskInclusion**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
@@ -273,38 +202,14 @@ ADMX Info:
 **ADMX_AttachmentManager/AM_SetLowRiskInclusion**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
@@ -344,38 +249,14 @@ ADMX Info:
 **ADMX_AttachmentManager/AM_SetModRiskInclusion**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
diff --git a/windows/client-management/mdm/policy-csp-admx-auditsettings.md b/windows/client-management/mdm/policy-csp-admx-auditsettings.md
index 5e4ce66ca3..4ade562c8f 100644
--- a/windows/client-management/mdm/policy-csp-admx-auditsettings.md
+++ b/windows/client-management/mdm/policy-csp-admx-auditsettings.md
@@ -39,38 +39,14 @@ manager: dansimp
 **ADMX_AuditSettings/IncludeCmdLine**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
diff --git a/windows/client-management/mdm/policy-csp-admx-bits.md b/windows/client-management/mdm/policy-csp-admx-bits.md
index db5b7fc71f..f14750b59c 100644
--- a/windows/client-management/mdm/policy-csp-admx-bits.md
+++ b/windows/client-management/mdm/policy-csp-admx-bits.md
@@ -78,38 +78,14 @@ manager: dansimp
 **ADMX_Bits/BITS_DisableBranchCache**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
@@ -150,38 +126,14 @@ ADMX Info:
 **ADMX_Bits/BITS_DisablePeercachingClient**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
                    EditionWindows 10windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
@@ -223,38 +175,14 @@ ADMX Info:
 **ADMX_Bits/BITS_DisablePeercachingServer**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
@@ -297,38 +225,14 @@ ADMX Info:
 **ADMX_Bits/BITS_EnablePeercaching**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
@@ -370,38 +274,14 @@ ADMX Info:
 **ADMX_Bits/BITS_MaxBandwidthServedForPeers**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
@@ -446,38 +326,14 @@ ADMX Info:
 **ADMX_Bits/BITS_MaxBandwidthV2_Maintenance**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
@@ -521,38 +377,14 @@ ADMX Info:
 **ADMX_Bits/BITS_MaxBandwidthV2_Work**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
@@ -593,38 +425,14 @@ ADMX Info:
 **ADMX_Bits/BITS_MaxCacheSize**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
@@ -665,38 +473,14 @@ ADMX Info:
 **ADMX_Bits/BITS_MaxContentAge**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
@@ -737,38 +521,14 @@ ADMX Info:
 **ADMX_Bits/BITS_MaxDownloadTime**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
@@ -811,38 +571,14 @@ ADMX Info:
 **ADMX_Bits/BITS_MaxFilesPerJob**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
@@ -884,38 +620,14 @@ ADMX Info:
 **ADMX_Bits/BITS_MaxJobsPerMachine**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
@@ -957,38 +669,14 @@ ADMX Info:
 **ADMX_Bits/BITS_MaxJobsPerUser**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
@@ -1030,38 +718,14 @@ ADMX Info:
 **ADMX_Bits/BITS_MaxRangesPerFile**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
diff --git a/windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md b/windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md
index 514efdce81..1aafb0d27a 100644
--- a/windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md
+++ b/windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md
@@ -42,38 +42,14 @@ manager: dansimp
 **ADMX_CipherSuiteOrder/SSLCipherSuiteOrder**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
@@ -116,38 +92,14 @@ ADMX Info:
 **ADMX_CipherSuiteOrder/SSLCurveOrder**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
diff --git a/windows/client-management/mdm/policy-csp-admx-com.md b/windows/client-management/mdm/policy-csp-admx-com.md
index abac5580d8..6ddb16921c 100644
--- a/windows/client-management/mdm/policy-csp-admx-com.md
+++ b/windows/client-management/mdm/policy-csp-admx-com.md
@@ -42,38 +42,14 @@ manager: dansimp
 **ADMX_COM/AppMgmt_COM_SearchForCLSID_1**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
@@ -118,38 +94,14 @@ ADMX Info:
 **ADMX_COM/AppMgmt_COM_SearchForCLSID_2**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
diff --git a/windows/client-management/mdm/policy-csp-admx-controlpanel.md b/windows/client-management/mdm/policy-csp-admx-controlpanel.md
index bdd6e7f313..fd6ce7faed 100644
--- a/windows/client-management/mdm/policy-csp-admx-controlpanel.md
+++ b/windows/client-management/mdm/policy-csp-admx-controlpanel.md
@@ -48,38 +48,14 @@ manager: dansimp
 **ADMX_ControlPanel/DisallowCpls**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
@@ -126,38 +102,14 @@ ADMX Info:
 **ADMX_ControlPanel/ForceClassicControlPanel**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
@@ -201,38 +153,14 @@ ADMX Info:
 **ADMX_ControlPanel/NoControlPanel**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
@@ -283,42 +211,14 @@ ADMX Info:
 **ADMX_ControlPanel/RestrictCpls**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
diff --git a/windows/client-management/mdm/policy-csp-admx-controlpaneldisplay.md b/windows/client-management/mdm/policy-csp-admx-controlpaneldisplay.md
index 644cc93fd2..8005489dba 100644
--- a/windows/client-management/mdm/policy-csp-admx-controlpaneldisplay.md
+++ b/windows/client-management/mdm/policy-csp-admx-controlpaneldisplay.md
@@ -108,38 +108,14 @@ manager: dansimp
 **ADMX_ControlPanelDisplay/CPL_Display_Disable**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
@@ -178,43 +154,14 @@ ADMX Info:
 **ADMX_ControlPanelDisplay/CPL_Display_HideSettings**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
@@ -251,44 +198,14 @@ ADMX Info:
 **ADMX_ControlPanelDisplay/CPL_Personalization_DisableColorSchemeChoice**  
 
 
-
-
-    
-    
-    
-    
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
@@ -328,43 +245,14 @@ ADMX Info:
 **ADMX_ControlPanelDisplay/CPL_Personalization_DisableThemeChange**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
@@ -405,43 +293,14 @@ ADMX Info:
 **ADMX_ControlPanelDisplay/CPL_Personalization_DisableVisualStyle**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
@@ -479,43 +338,14 @@ ADMX Info:
 **ADMX_ControlPanelDisplay/CPL_Personalization_EnableScreenSaver**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
@@ -557,43 +387,14 @@ ADMX Info:
 **ADMX_ControlPanelDisplay/CPL_Personalization_ForceDefaultLockScreen**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
@@ -636,43 +437,14 @@ ADMX Info:
 **ADMX_ControlPanelDisplay/CPL_Personalization_LockFontSize**  
 
 
-
-
-    
-    
-      
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
@@ -710,43 +482,14 @@ ADMX Info:
 **ADMX_ControlPanelDisplay/CPL_Personalization_NoChangingLockScreen**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
@@ -784,43 +527,14 @@ ADMX Info:
 **ADMX_ControlPanelDisplay/CPL_Personalization_NoChangingStartMenuBackground**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
@@ -862,43 +576,14 @@ ADMX Info:
 **ADMX_ControlPanelDisplay/CPL_Personalization_NoColorAppearanceUI**  
 
 
-
-
-    
-    
-    
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
                    EditionWindows 10Windows 11
-
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
@@ -938,43 +623,14 @@ ADMX Info:
 **ADMX_ControlPanelDisplay/CPL_Personalization_NoDesktopBackgroundUI**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
@@ -1018,43 +674,14 @@ ADMX Info:
 **ADMX_ControlPanelDisplay/CPL_Personalization_NoDesktopIconsUI**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
@@ -1094,43 +721,14 @@ ADMX Info:
 **ADMX_ControlPanelDisplay/CPL_Personalization_NoLockScreen**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
@@ -1168,43 +766,14 @@ ADMX Info:
 **ADMX_ControlPanelDisplay/CPL_Personalization_NoMousePointersUI**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
@@ -1242,43 +811,14 @@ ADMX Info:
 **ADMX_ControlPanelDisplay/CPL_Personalization_NoScreenSaverUI**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
@@ -1314,43 +854,14 @@ ADMX Info:
 **ADMX_ControlPanelDisplay/CPL_Personalization_NoSoundSchemeUI**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
@@ -1388,43 +899,14 @@ ADMX Info:
 **ADMX_ControlPanelDisplay/CPL_Personalization_PersonalColors**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
@@ -1462,43 +944,14 @@ ADMX Info:
 **ADMX_ControlPanelDisplay/CPL_Personalization_ScreenSaverIsSecure**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
@@ -1543,42 +996,14 @@ ADMX Info:
 **ADMX_ControlPanelDisplay/CPL_Personalization_ScreenSaverTimeOut**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
@@ -1626,43 +1051,14 @@ ADMX Info:
 **ADMX_ControlPanelDisplay/CPL_Personalization_SetScreenSaver**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
@@ -1707,43 +1103,14 @@ ADMX Info:
 **ADMX_ControlPanelDisplay/CPL_Personalization_SetTheme**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
@@ -1781,43 +1148,14 @@ ADMX Info:
 **ADMX_ControlPanelDisplay/CPL_Personalization_SetVisualStyle**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
@@ -1864,43 +1202,14 @@ ADMX Info:
 **ADMX_ControlPanelDisplay/CPL_Personalization_StartBackground**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
diff --git a/windows/client-management/mdm/policy-csp-admx-cpls.md b/windows/client-management/mdm/policy-csp-admx-cpls.md
index 71ba7fb9c0..4e1d864337 100644
--- a/windows/client-management/mdm/policy-csp-admx-cpls.md
+++ b/windows/client-management/mdm/policy-csp-admx-cpls.md
@@ -39,43 +39,14 @@ manager: dansimp
 **ADMX_Cpls/UseDefaultTile**  
 
 
-
-
-    
-    
-      
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
diff --git a/windows/client-management/mdm/policy-csp-admx-credentialproviders.md b/windows/client-management/mdm/policy-csp-admx-credentialproviders.md
index 92d2b7cfc2..e7951df443 100644
--- a/windows/client-management/mdm/policy-csp-admx-credentialproviders.md
+++ b/windows/client-management/mdm/policy-csp-admx-credentialproviders.md
@@ -45,43 +45,15 @@ manager: dansimp
 **ADMX_CredentialProviders/AllowDomainDelayLock**  
 
 
-
-
-    
-    
-    
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
                    EditionWindows 10Windows 11
-
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
@@ -124,43 +96,14 @@ ADMX Info:
 **ADMX_CredentialProviders/DefaultCredentialProvider**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
@@ -202,43 +145,14 @@ ADMX Info:
 **ADMX_CredentialProviders/ExcludedCredentialProviders**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
diff --git a/windows/client-management/mdm/policy-csp-admx-credssp.md b/windows/client-management/mdm/policy-csp-admx-credssp.md
index 2c66db1203..cb4c42d7af 100644
--- a/windows/client-management/mdm/policy-csp-admx-credssp.md
+++ b/windows/client-management/mdm/policy-csp-admx-credssp.md
@@ -69,42 +69,14 @@ manager: dansimp
 **ADMX_CredSsp/AllowDefCredentialsWhenNTLMOnly**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
@@ -154,43 +126,14 @@ ADMX Info:
 **ADMX_CredSsp/AllowDefaultCredentials**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
@@ -244,43 +187,14 @@ ADMX Info:
 **ADMX_CredSsp/AllowEncryptionOracle**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
@@ -329,43 +243,14 @@ ADMX Info:
 **ADMX_CredSsp/AllowFreshCredentials**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
@@ -416,43 +301,14 @@ ADMX Info:
 **ADMX_CredSsp/AllowFreshCredentialsWhenNTLMOnly**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
@@ -503,43 +359,14 @@ ADMX Info:
 **ADMX_CredSsp/AllowSavedCredentials**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
@@ -590,43 +417,14 @@ ADMX Info:
 **ADMX_CredSsp/AllowSavedCredentialsWhenNTLMOnly**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
@@ -677,43 +475,14 @@ ADMX Info:
 **ADMX_CredSsp/DenyDefaultCredentials**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
@@ -762,43 +531,14 @@ ADMX Info:
 **ADMX_CredSsp/DenyFreshCredentials**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
@@ -847,43 +587,14 @@ ADMX Info:
 **ADMX_CredSsp/DenySavedCredentials**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
@@ -932,43 +643,14 @@ ADMX Info:
 **ADMX_CredSsp/RestrictedRemoteAdministration**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
diff --git a/windows/client-management/mdm/policy-csp-admx-credui.md b/windows/client-management/mdm/policy-csp-admx-credui.md
index b6e48f936c..31ef959ed4 100644
--- a/windows/client-management/mdm/policy-csp-admx-credui.md
+++ b/windows/client-management/mdm/policy-csp-admx-credui.md
@@ -42,43 +42,14 @@ manager: dansimp
 **ADMX_CredUI/EnableSecureCredentialPrompting**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
@@ -119,43 +90,14 @@ ADMX Info:
 **ADMX_CredUI/NoLocalPasswordResetQuestions**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
diff --git a/windows/client-management/mdm/policy-csp-admx-ctrlaltdel.md b/windows/client-management/mdm/policy-csp-admx-ctrlaltdel.md
index 0098e79df8..ba59b9dd2d 100644
--- a/windows/client-management/mdm/policy-csp-admx-ctrlaltdel.md
+++ b/windows/client-management/mdm/policy-csp-admx-ctrlaltdel.md
@@ -48,43 +48,14 @@ manager: dansimp
 **ADMX_CtrlAltDel/DisableChangePassword**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
@@ -124,43 +95,14 @@ ADMX Info:
 **ADMX_CtrlAltDel/DisableLockComputer**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
@@ -202,43 +144,14 @@ ADMX Info:
 
 **ADMX_CtrlAltDel/DisableTaskMgr**  
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
@@ -278,43 +191,14 @@ ADMX Info:
 **ADMX_CtrlAltDel/NoLogoff**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
-    
-    
-    
-
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
diff --git a/windows/client-management/mdm/policy-csp-admx-datacollection.md b/windows/client-management/mdm/policy-csp-admx-datacollection.md
index 3955a74bc1..823a56b05b 100644
--- a/windows/client-management/mdm/policy-csp-admx-datacollection.md
+++ b/windows/client-management/mdm/policy-csp-admx-datacollection.md
@@ -39,38 +39,14 @@ manager: dansimp
 **ADMX_DataCollection/CommercialIdPolicy**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
diff --git a/windows/client-management/mdm/policy-csp-admx-dcom.md b/windows/client-management/mdm/policy-csp-admx-dcom.md
index fa77b55d96..4efe29532e 100644
--- a/windows/client-management/mdm/policy-csp-admx-dcom.md
+++ b/windows/client-management/mdm/policy-csp-admx-dcom.md
@@ -42,37 +42,14 @@ manager: dansimp
 **ADMX_DCOM/DCOMActivationSecurityCheckAllowLocalList**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
@@ -114,37 +91,14 @@ ADMX Info:
 **ADMX_DCOM/DCOMActivationSecurityCheckExemptionList**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
diff --git a/windows/client-management/mdm/policy-csp-admx-desktop.md b/windows/client-management/mdm/policy-csp-admx-desktop.md
index 575e15bf06..77a47cb92e 100644
--- a/windows/client-management/mdm/policy-csp-admx-desktop.md
+++ b/windows/client-management/mdm/policy-csp-admx-desktop.md
@@ -123,38 +123,14 @@ manager: dansimp
 **ADMX_Desktop/AD_EnableFilter**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
@@ -195,38 +171,14 @@ ADMX Info:
 **ADMX_Desktop/AD_HideDirectoryFolder**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
@@ -269,38 +221,14 @@ ADMX Info:
 **ADMX_Desktop/AD_QueryLimit**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
@@ -341,38 +269,14 @@ ADMX Info:
 **ADMX_Desktop/ForceActiveDesktopOn**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
@@ -413,38 +317,14 @@ ADMX Info:
 **ADMX_Desktop/NoActiveDesktop**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
@@ -486,37 +366,14 @@ ADMX Info:
 **ADMX_Desktop/NoActiveDesktopChanges**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-    
-    
-    
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
@@ -552,38 +409,14 @@ ADMX Info:
 **ADMX_Desktop/NoDesktop**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
@@ -622,38 +455,14 @@ ADMX Info:
 **ADMX_Desktop/NoDesktopCleanupWizard**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
@@ -695,38 +504,14 @@ ADMX Info:
 **ADMX_Desktop/NoInternetIcon**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
@@ -763,38 +548,14 @@ ADMX Info:
 **ADMX_Desktop/NoMyComputerIcon**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
@@ -838,37 +599,14 @@ ADMX Info:
 **ADMX_Desktop/NoMyDocumentsIcon**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
@@ -911,38 +649,14 @@ ADMX Info:
 **ADMX_Desktop/NoNetHood**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
@@ -982,38 +696,14 @@ ADMX Info:
 **ADMX_Desktop/NoPropertiesMyComputer**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
@@ -1052,38 +742,14 @@ ADMX Info:
 **ADMX_Desktop/NoPropertiesMyDocuments**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
@@ -1126,38 +792,14 @@ ADMX Info:
 **ADMX_Desktop/NoRecentDocsNetHood**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
@@ -1196,38 +838,14 @@ ADMX Info:
 **ADMX_Desktop/NoRecycleBinIcon**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
@@ -1268,38 +886,14 @@ ADMX Info:
 **ADMX_Desktop/NoRecycleBinProperties**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
@@ -1338,38 +932,14 @@ ADMX Info:
 **ADMX_Desktop/NoSaveSettings**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
@@ -1406,38 +976,14 @@ ADMX Info:
 **ADMX_Desktop/NoWindowMinimizingShortcuts**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
@@ -1475,38 +1021,14 @@ ADMX Info:
 **ADMX_Desktop/Wallpaper**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
@@ -1551,38 +1073,14 @@ ADMX Info:
 **ADMX_Desktop/sz_ATC_DisableAdd**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
@@ -1620,38 +1118,14 @@ ADMX Info:
 **ADMX_Desktop/sz_ATC_DisableClose**  
 
 
-
-
-    
-     
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
@@ -1693,38 +1167,14 @@ ADMX Info:
 **ADMX_Desktop/sz_ATC_DisableDel**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
@@ -1765,38 +1215,14 @@ ADMX Info:
 **ADMX_Desktop/sz_ATC_DisableEdit**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
@@ -1833,38 +1259,14 @@ ADMX Info:
 **ADMX_Desktop/sz_ATC_NoComponents**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
@@ -1904,38 +1306,14 @@ ADMX Info:
 **ADMX_Desktop/sz_AdminComponents_Title**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
@@ -1980,38 +1358,14 @@ ADMX Info:
 **ADMX_Desktop/sz_DB_DragDropClose**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
@@ -2056,38 +1410,14 @@ ADMX Info:
 **ADMX_Desktop/sz_DB_Moving**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
@@ -2129,38 +1459,14 @@ ADMX Info:
 **ADMX_Desktop/sz_DWP_NoHTMLPaper**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
diff --git a/windows/client-management/mdm/policy-csp-admx-devicecompat.md b/windows/client-management/mdm/policy-csp-admx-devicecompat.md
index 88df6490ae..b1ccc54155 100644
--- a/windows/client-management/mdm/policy-csp-admx-devicecompat.md
+++ b/windows/client-management/mdm/policy-csp-admx-devicecompat.md
@@ -41,37 +41,14 @@ manager: dansimp
 **ADMX_DeviceCompat/DeviceFlags**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
@@ -105,37 +82,14 @@ ADMX Info:
 **ADMX_DeviceCompat/DriverShims**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
diff --git a/windows/client-management/mdm/policy-csp-admx-deviceguard.md b/windows/client-management/mdm/policy-csp-admx-deviceguard.md
index f8f4ce600e..4740213341 100644
--- a/windows/client-management/mdm/policy-csp-admx-deviceguard.md
+++ b/windows/client-management/mdm/policy-csp-admx-deviceguard.md
@@ -39,39 +39,14 @@ manager: dansimp
 **ADMX_DeviceGuard/ConfigCIPolicy**  
 
 
-
-
-    
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
diff --git a/windows/client-management/mdm/policy-csp-admx-deviceinstallation.md b/windows/client-management/mdm/policy-csp-admx-deviceinstallation.md
index b8b64ce774..ff64f14635 100644
--- a/windows/client-management/mdm/policy-csp-admx-deviceinstallation.md
+++ b/windows/client-management/mdm/policy-csp-admx-deviceinstallation.md
@@ -60,38 +60,14 @@ manager: dansimp
 **ADMX_DeviceInstallation/DeviceInstall_AllowAdminInstall**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
@@ -130,38 +106,14 @@ ADMX Info:
 **ADMX_DeviceInstallation/DeviceInstall_DeniedPolicy_DetailText**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
@@ -200,38 +152,14 @@ ADMX Info:
 **ADMX_DeviceInstallation/DeviceInstall_DeniedPolicy_SimpleText**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
@@ -270,38 +198,14 @@ ADMX Info:
 **ADMX_DeviceInstallation/DeviceInstall_InstallTimeout**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
@@ -340,38 +244,14 @@ ADMX Info:
 **ADMX_DeviceInstallation/DeviceInstall_Policy_RebootTime**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
@@ -412,38 +292,14 @@ ADMX Info:
 **ADMX_DeviceInstallation/DeviceInstall_Removable_Deny**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
@@ -481,38 +337,14 @@ ADMX Info:
 **ADMX_DeviceInstallation/DeviceInstall_SystemRestore**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
@@ -551,38 +383,14 @@ ADMX Info:
 **ADMX_DeviceInstallation/DriverInstall_Classes_AllowUser**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
diff --git a/windows/client-management/mdm/policy-csp-admx-devicesetup.md b/windows/client-management/mdm/policy-csp-admx-devicesetup.md
index 17ee9b18a7..512dd58e38 100644
--- a/windows/client-management/mdm/policy-csp-admx-devicesetup.md
+++ b/windows/client-management/mdm/policy-csp-admx-devicesetup.md
@@ -42,38 +42,14 @@ manager: dansimp
 **ADMX_DeviceSetup/DeviceInstall_BalloonTips**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
@@ -112,38 +88,14 @@ ADMX Info:
 **ADMX_DeviceSetup/DriverSearchPlaces_SearchOrderConfiguration**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
diff --git a/windows/client-management/mdm/policy-csp-admx-dfs.md b/windows/client-management/mdm/policy-csp-admx-dfs.md
index c025b09145..49774e691d 100644
--- a/windows/client-management/mdm/policy-csp-admx-dfs.md
+++ b/windows/client-management/mdm/policy-csp-admx-dfs.md
@@ -38,38 +38,14 @@ manager: dansimp
 **ADMX_DFS/DFSDiscoverDC**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
diff --git a/windows/client-management/mdm/policy-csp-admx-digitallocker.md b/windows/client-management/mdm/policy-csp-admx-digitallocker.md
index e9379aa5be..4c11d25bbd 100644
--- a/windows/client-management/mdm/policy-csp-admx-digitallocker.md
+++ b/windows/client-management/mdm/policy-csp-admx-digitallocker.md
@@ -42,38 +42,14 @@ manager: dansimp
 **ADMX_DigitalLocker/Digitalx_DiableApplication_TitleText_1**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
@@ -114,38 +90,14 @@ ADMX Info:
 **ADMX_DigitalLocker/Digitalx_DiableApplication_TitleText_2**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
                    Editionwindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
diff --git a/windows/client-management/mdm/policy-csp-admx-diskdiagnostic.md b/windows/client-management/mdm/policy-csp-admx-diskdiagnostic.md
index 7efb339a88..312e6550d5 100644
--- a/windows/client-management/mdm/policy-csp-admx-diskdiagnostic.md
+++ b/windows/client-management/mdm/policy-csp-admx-diskdiagnostic.md
@@ -42,37 +42,14 @@ manager: dansimp
 **ADMX_DiskDiagnostic/DfdAlertPolicy**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
@@ -118,37 +95,14 @@ ADMX Info:
 **ADMX_DiskDiagnostic/WdiScenarioExecutionPolicy**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
diff --git a/windows/client-management/mdm/policy-csp-admx-disknvcache.md b/windows/client-management/mdm/policy-csp-admx-disknvcache.md
index 2c19a0ace8..9870b6aebc 100644
--- a/windows/client-management/mdm/policy-csp-admx-disknvcache.md
+++ b/windows/client-management/mdm/policy-csp-admx-disknvcache.md
@@ -45,38 +45,14 @@ manager: dansimp
 
 **ADMX_DiskNVCache/BootResumePolicy**  
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
@@ -117,38 +93,14 @@ ADMX Info:
 
 **ADMX_DiskNVCache/FeatureOffPolicy**  
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
@@ -192,38 +144,14 @@ ADMX Info:
 
 **ADMX_DiskNVCache/SolidStatePolicy**  
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
diff --git a/windows/client-management/mdm/policy-csp-admx-diskquota.md b/windows/client-management/mdm/policy-csp-admx-diskquota.md
index 16ccbf1dce..1d103968db 100644
--- a/windows/client-management/mdm/policy-csp-admx-diskquota.md
+++ b/windows/client-management/mdm/policy-csp-admx-diskquota.md
@@ -55,38 +55,14 @@ manager: dansimp
 
 **ADMX_DiskQuota/DQ_RemovableMedia**  
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
@@ -124,38 +100,14 @@ ADMX Info:
 
 **ADMX_DiskQuota/DQ_Enable**  
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
@@ -202,38 +154,14 @@ ADMX Info:
 
 **ADMX_DiskQuota/DQ_Enforce**  
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
@@ -278,38 +206,14 @@ ADMX Info:
 
 **ADMX_DiskQuota/DQ_LogEventOverLimit**  
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
@@ -352,38 +256,14 @@ ADMX Info:
 
 **ADMX_DiskQuota/DQ_LogEventOverThreshold**  
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
@@ -426,38 +306,14 @@ ADMX Info:
 
 **ADMX_DiskQuota/DQ_Limit**  
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
diff --git a/windows/client-management/mdm/policy-csp-admx-distributedlinktracking.md b/windows/client-management/mdm/policy-csp-admx-distributedlinktracking.md
index ed55f58aa5..89280b4e3d 100644
--- a/windows/client-management/mdm/policy-csp-admx-distributedlinktracking.md
+++ b/windows/client-management/mdm/policy-csp-admx-distributedlinktracking.md
@@ -39,38 +39,14 @@ manager: dansimp
 **ADMX_DistributedLinkTracking/DLT_AllowDomainMode**  
 
 
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
-    
-    
-    
-
-
                    EditionWindows 10Windows 11
                    HomeNoNo
                    ProNoNo
                    BusinessNoNo
                    EnterpriseYesYes
                    EducationYesYes
                    
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 
 
                    
diff --git a/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md b/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md
index e5b1bcf653..281f374dc7 100644
--- a/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md
+++ b/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md
@@ -507,10 +507,10 @@ ADMX Info:
 Allows an administrator to specify if Automatic Exclusions feature for Server SKUs should be turned off.
 
 Disabled (Default):
-Microsoft Defender will exclude pre-defined list of paths from the scan to improve performance.
+Microsoft Defender Antivirus will exclude pre-defined list of paths from the scan to improve performance.
 
 Enabled:
-Microsoft Defender will not exclude pre-defined list of paths from scans. This can impact machine performance in some scenarios.
+Microsoft Defender Antivirus will not exclude pre-defined list of paths from scans. This can impact machine performance in some scenarios.
 
 Not configured:
 Same as Disabled.
@@ -1415,7 +1415,7 @@ ADMX Info:
 Enable or disable file hash computation feature.
 
 Enabled:
-When this feature is enabled Microsoft Defender will compute hash value for files it scans.
+When this feature is enabled Microsoft Defender Antivirus will compute hash value for files it scans.
 
 Disabled:
 File hash value is not computed
diff --git a/windows/client-management/mdm/policy-csp-experience.md b/windows/client-management/mdm/policy-csp-experience.md
index 79a75e5fb3..bbbcfee611 100644
--- a/windows/client-management/mdm/policy-csp-experience.md
+++ b/windows/client-management/mdm/policy-csp-experience.md
@@ -1188,12 +1188,12 @@ The following list shows the supported values:
 
     Home
     No
-    No
+    Yes
 
 
     Pro
     No
-    No
+    Yes
 
 
     Business
@@ -1234,6 +1234,9 @@ The values for this policy are 0, 1, 2, and 3. This policy defaults to 0 if not
 -   2 - Hide: The Chat icon will be hidden by default. Users can show or hide it in Settings.
 -   3 - Disabled: The Chat icon will not be displayed, and users cannot show or hide it in Settings.
 
+> [!NOTE]
+> Option 1 (Show) and Option 2 (Hide) only work on the first sign-in attempt. Option 3 (Disabled) works on all attempts.
+
 
 
 
diff --git a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md
index c14e27b61c..3be3903b4b 100644
--- a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md
+++ b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md
@@ -3564,7 +3564,7 @@ The options are:
 - 0 - Disabled: Admin Approval Mode and all related UAC policy settings are disabled.
 
   > [!NOTE]
-  > If this policy setting is disabled, the Security Center notifies you that the overall security of the operating system has been reduced.
+  > If this policy setting is disabled, Windows Security notifies you that the overall security of the operating system has been reduced.
 
 - 1 - Enabled: (Default) Admin Approval Mode is enabled. This policy must be enabled and related UAC policy settings must also be set appropriately to allow the built-in Administrator account and all other users who are members of the Administrators group to run in Admin Approval Mode. 
 
diff --git a/windows/client-management/mdm/policy-csp-update.md b/windows/client-management/mdm/policy-csp-update.md
index 91ba6acd2b..c38caf5830 100644
--- a/windows/client-management/mdm/policy-csp-update.md
+++ b/windows/client-management/mdm/policy-csp-update.md
@@ -2141,7 +2141,7 @@ Do not allow update deferral policies to cause scans against Windows Update. If
 
 For more information about dual scan, see [Demystifying "Dual Scan"](/archive/blogs/wsus/demystifying-dual-scan) and [Improving Dual Scan on 1607](/archive/blogs/wsus/improving-dual-scan-on-1607).
 
-This is the same as the Group Policy in Windows Components > Window Update "Do not allow update deferral policies to cause scans against Windows Update."
+This is the same as the Group Policy in Windows Components > Windows Update "Do not allow update deferral policies to cause scans against Windows Update."
 
 Value type is integer. Supported operations are Add, Get, Replace, and Delete.
 
diff --git a/windows/client-management/mdm/policy-csp-userrights.md b/windows/client-management/mdm/policy-csp-userrights.md
index 65fb6facfd..be84a95bca 100644
--- a/windows/client-management/mdm/policy-csp-userrights.md
+++ b/windows/client-management/mdm/policy-csp-userrights.md
@@ -7,7 +7,7 @@ ms.prod: w10
 ms.technology: windows
 author: manikadhiman
 ms.localizationpriority: medium
-ms.date: 09/27/2019
+ms.date: 11/11/2021
 ms.reviewer: 
 manager: dansimp
 ---
@@ -1080,9 +1080,10 @@ GP Info:
 
 
 
-This security setting determines which service accounts are prevented from registering a process as a service.
+This security setting determines which users are prevented from logging on to the computer. This policy setting supersedes the **Allow log on locally** policy setting if an account is subject to both policies.
+
 > [!NOTE]
-> This security setting does not apply to the System, Local Service, or Network Service accounts.
+> If you apply this security policy to the **Everyone** group, no one will be able to log on locally.
 
 
 
diff --git a/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md b/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md
index 6b2e339e43..1236c6edd8 100644
--- a/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md
+++ b/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md
@@ -210,7 +210,7 @@ ADMX Info:
 
 
 
-Use this policy setting to specify if to display the Account protection area in Windows Defender Security Center. If you disable or do not configure this setting, Windows defender Security Center will display this area.
+Use this policy setting to specify if to display the Account protection area in Windows Defender Security Center. If you disable or do not configure this setting, Windows Defender Security Center will display this area.
 
 
 
@@ -282,7 +282,7 @@ Valid values:
 
 
 
-Use this policy setting if you want to disable the display of the app and browser protection area in Windows Defender Security Center. If you disable or do not configure this setting, Windows defender Security Center will display this area.
+Use this policy setting if you want to disable the display of the app and browser protection area in Windows Defender Security Center. If you disable or do not configure this setting, Windows Defender Security Center will display this area.
 
 Value type is integer. Supported operations are Add, Get, Replace and Delete.
 
@@ -444,7 +444,7 @@ ADMX Info:
 
 
 
-Use this policy setting if you want to disable the display of the Device security area in the Windows Defender Security Center. If you disable or do not configure this setting, Windows defender Security Center will display this area.
+Use this policy setting if you want to disable the display of the Device security area in the Windows Defender Security Center. If you disable or do not configure this setting, Windows Defender Security Center will display this area.
 
 
 
@@ -593,7 +593,7 @@ The following list shows the supported values:
 
 
 
-Use this policy setting if you want to disable the display of the family options area in Windows Defender Security Center. If you disable or do not configure this setting, Windows defender Security Center will display this area.
+Use this policy setting if you want to disable the display of the family options area in Windows Defender Security Center. If you disable or do not configure this setting, Windows Defender Security Center will display this area.
 
 Value type is integer. Supported operations are Add, Get, Replace and Delete.
 
@@ -667,7 +667,7 @@ The following list shows the supported values:
 
 
 
-Use this policy setting if you want to disable the display of the device performance and health area in Windows Defender Security Center. If you disable or do not configure this setting, Windows defender Security Center will display this area.
+Use this policy setting if you want to disable the display of the device performance and health area in Windows Defender Security Center. If you disable or do not configure this setting, Windows Defender Security Center will display this area.
 
 Value type is integer. Supported operations are Add, Get, Replace and Delete.
 
@@ -741,7 +741,7 @@ The following list shows the supported values:
 
 
 
-Use this policy setting if you want to disable the display of the firewall and network protection area in Windows Defender Security Center. If you disable or do not configure this setting, Windows defender Security Center will display this area.
+Use this policy setting if you want to disable the display of the firewall and network protection area in Windows Defender Security Center. If you disable or do not configure this setting, Windows Defender Security Center will display this area.
 
 Value type is integer. Supported operations are Add, Get, Replace and Delete.
 
@@ -977,7 +977,7 @@ ADMX Info:
 
 
 
-Use this policy setting if you want to disable the display of the virus and threat protection area in Windows Defender Security Center. If you disable or do not configure this setting, Windows defender Security Center will display this area.
+Use this policy setting if you want to disable the display of the virus and threat protection area in Windows Defender Security Center. If you disable or do not configure this setting, Windows Defender Security Center will display this area.
 
 Value type is integer. Supported operations are Add, Get, Replace and Delete.
 
@@ -1733,4 +1733,3 @@ ADMX Info:
 
                    
 
 
-
diff --git a/windows/client-management/mdm/surfacehub-csp.md b/windows/client-management/mdm/surfacehub-csp.md
index ad67b668bb..147c460f3b 100644
--- a/windows/client-management/mdm/surfacehub-csp.md
+++ b/windows/client-management/mdm/surfacehub-csp.md
@@ -295,7 +295,7 @@ SurfaceHub
 
                    The data type is boolean. Supported operation is Get and Replace.
 
 **InBoxApps/Welcome/CurrentBackgroundPath**
-
                    Download location for image to be used as the background during user sessions and on the welcome screen. To set this, specify an https URL to a PNG file (only PNGs are supported for security reasons). If any certificate authorities need to be trusted in order to access the URL, please ensure they are valid and installed on the Hub, otherwise it may not be able to load the image.
+
                    Download location for image to be used as the background during user sessions and on the welcome screen. To set this, specify an https URL to a 32-bit PNG file (only PNGs are supported for security reasons). If any certificate authorities need to be trusted in order to access the URL, please ensure they are valid and installed on the Hub, otherwise it may not be able to load the image.
 
 
                    The data type is string. Supported operation is Get and Replace.
 
diff --git a/windows/client-management/mdm/understanding-admx-backed-policies.md b/windows/client-management/mdm/understanding-admx-backed-policies.md
index 4550b1717b..a0be6b4e19 100644
--- a/windows/client-management/mdm/understanding-admx-backed-policies.md
+++ b/windows/client-management/mdm/understanding-admx-backed-policies.md
@@ -19,7 +19,7 @@ Starting in Windows 10 version 1703, Mobile Device Management (MDM) policy confi
 
 ## Background
 
-In addition to standard MDM policies, the Policy CSP can also handle selected set of ADMX policies. In an ADMX policy, an administrative template contains the metadata of a Window Group Policy and can be edited in the Local Group Policy Editor on a PC. Each administrative template specifies the registry keys (and their values) that are associated with a Group Policy and defines the policy settings that can be managed. Administrative templates organize Group Policies in a hierarchy in which each segment in the hierarchical path is defined as a category. Each setting in a Group Policy administrative template corresponds to a specific registry value. These Group Policy settings are defined in a standards-based, XML file format known as an ADMX file. For more information, see [Group Policy ADMX Syntax Reference Guide](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc753471(v=ws.10)). 
+In addition to standard MDM policies, the Policy CSP can also handle selected set of ADMX policies. In an ADMX policy, an administrative template contains the metadata of a Windows Group Policy and can be edited in the Local Group Policy Editor on a PC. Each administrative template specifies the registry keys (and their values) that are associated with a Group Policy and defines the policy settings that can be managed. Administrative templates organize Group Policies in a hierarchy in which each segment in the hierarchical path is defined as a category. Each setting in a Group Policy administrative template corresponds to a specific registry value. These Group Policy settings are defined in a standards-based, XML file format known as an ADMX file. For more information, see [Group Policy ADMX Syntax Reference Guide](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc753471(v=ws.10)).
 
 ADMX files can either describe operating system (OS) Group Policies that are shipped with Windows or they can describe settings of applications, which are separate from the OS and can usually be downloaded and installed on a PC.
 Depending on the specific category of the settings that they control (OS or application), the administrative template settings are found in the following two locations in the Local Group Policy Editor:
diff --git a/windows/configuration/provisioning-packages/provisioning-script-to-install-app.md b/windows/configuration/provisioning-packages/provisioning-script-to-install-app.md
index a894ed2312..1fc466b83d 100644
--- a/windows/configuration/provisioning-packages/provisioning-script-to-install-app.md
+++ b/windows/configuration/provisioning-packages/provisioning-script-to-install-app.md
@@ -171,12 +171,11 @@ Here’s a table describing this relationship, using the PowerShell example from
 | ProvisioningCommands/DeviceContext/CommandFiles | PowerShell_Example.bat | The single orchestrator script referenced by the command line that handles calling into the required installers or performing any other actions such as expanding cab files. This script must do the required logging. |
 | ProvisioningCommands/DeviceContext/CommandFiles | my_powershell_script.ps1 | Other assets referenced by the orchestrator script. In this example, there is only one, but there could be many assets referenced here. One common use case is using the orchestrator to call a series of install.exe or setup.exe installers to install several applications. Each of those installers must be included as an asset here. |
 
- 
 ### Add script to provisioning package
- 
-When you have the batch file written and the referenced assets ready to include, you can add them to a provisioning package in the Window Configuration Designer. 
 
-Using Windows Configuration Designer, specify the full details of how the script should be run in the CommandLine setting in the provisioning package. This includes flags or any other parameters that you would normally type on the command line. So for example if the package contained an app installer called install.exe and a script used to automate the install called InstallMyApp.bat, the `ProvisioningCommands/DeviceContext/CommandLine` setting should be configured to: 
+When you have the batch file written and the referenced assets ready to include, you can add them to a provisioning package in the Windows Configuration Designer.
+
+Using Windows Configuration Designer, specify the full details of how the script should be run in the CommandLine setting in the provisioning package. This includes flags or any other parameters that you would normally type on the command line. So for example if the package contained an app installer called install.exe and a script used to automate the install called InstallMyApp.bat, the `ProvisioningCommands/DeviceContext/CommandLine` setting should be configured to:
 
 ```bat
 cmd /c InstallMyApp.bat
diff --git a/windows/configuration/wcd/wcd-accountmanagement.md b/windows/configuration/wcd/wcd-accountmanagement.md
index b565989431..8d4bfbfc06 100644
--- a/windows/configuration/wcd/wcd-accountmanagement.md
+++ b/windows/configuration/wcd/wcd-accountmanagement.md
@@ -19,13 +19,13 @@ Use these settings to configure the Account Manager service.
 
 ## Applies to
 
-| Settings | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
-| --- | :---: | :---: | :---: | :---: | :---: |
-| [DeletionPolicy](#deletionpolicy) |  |  |  | ✔️ |  |
-| [EnableProfileManager](#enableprofilemanager) |  |  |  | ✔️ |  |
-| [ProfileInactivityThreshold](#profileinactivitythreshold) |  |  |  | ✔️ |  |
-| [StorageCapacityStartDeletion](#storagecapacitystartdeletion) |  |  |  | ✔️ |  |
-| [StorageCapacityStopDeletion](#storagecapacitystopdeletion) |  |  |  | ✔️ |  |
+| Settings | Windows client | Surface Hub | HoloLens | IoT Core |
+| --- | :---: | :---: | :---: | :---: |
+| [DeletionPolicy](#deletionpolicy) |  |  | ✔️ |  |
+| [EnableProfileManager](#enableprofilemanager) |  |  | ✔️ |  |
+| [ProfileInactivityThreshold](#profileinactivitythreshold) |  |  | ✔️ |  |
+| [StorageCapacityStartDeletion](#storagecapacitystartdeletion) |  |  | ✔️ |  |
+| [StorageCapacityStopDeletion](#storagecapacitystopdeletion) |  |  | ✔️ |  |
 
 >[!NOTE]
 >Although the AccountManagement settings are available in advanced provisioning for other editions, you should only use them for HoloLens devices.
diff --git a/windows/configuration/wcd/wcd-accounts.md b/windows/configuration/wcd/wcd-accounts.md
index f5ef92247d..a6462788e1 100644
--- a/windows/configuration/wcd/wcd-accounts.md
+++ b/windows/configuration/wcd/wcd-accounts.md
@@ -19,7 +19,7 @@ Use these settings to join a device to an Active Directory domain or an Azure Ac
 
 ## Applies to
 
-| Setting groups | Desktop editions | Surface Hub | HoloLens | IoT Core |
+| Setting groups | Windows client | Surface Hub | HoloLens | IoT Core |
 | --- | :---: | :---: | :---: | :---: | 
 | [Azure](#azure) | ✔️ | ✔️ | ✔️ |  |
 | [ComputerAccount](#computeraccount) | ✔️ | ✔️ |   |  ✔️ |
diff --git a/windows/configuration/wcd/wcd-admxingestion.md b/windows/configuration/wcd/wcd-admxingestion.md
index 4f78a97183..1116a54650 100644
--- a/windows/configuration/wcd/wcd-admxingestion.md
+++ b/windows/configuration/wcd/wcd-admxingestion.md
@@ -26,10 +26,10 @@ Starting in Windows 10, version 1703, you can import (*ingest*) select Group Pol
 
 ## Applies to
 
-| Setting groups | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
-| --- | :---: | :---: | :---: | :---: | :---: |
-| [ConfigADMXInstalledPolicy](#configadmxinstalledpolicy)  | ✔️ |  |  |  |  |
-| [ConfigOperations](#configoperations)  | ✔️ |   |  |   |   |
+| Setting groups | Windows client | Surface Hub | HoloLens | IoT Core |
+| --- | :---: | :---: | :---: | :---: |
+| [ConfigADMXInstalledPolicy](#configadmxinstalledpolicy)  | ✔️ |  |  |  |
+| [ConfigOperations](#configoperations)  | ✔️ |  |   |   |
 
 ## ConfigADMXInstalledPolicy
 
diff --git a/windows/configuration/wcd/wcd-assignedaccess.md b/windows/configuration/wcd/wcd-assignedaccess.md
index af094faef4..36eb055038 100644
--- a/windows/configuration/wcd/wcd-assignedaccess.md
+++ b/windows/configuration/wcd/wcd-assignedaccess.md
@@ -19,10 +19,10 @@ Use this setting to configure single use (kiosk) devices.
 
 ## Applies to
 
-| Setting | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
-| --- | :---: | :---: | :---: | :---: | :---: |
-| [AssignedAccessSettings](#assignedaccesssettings)  | ✔️ |  |  | ✔️ |  |
-| [MultiAppAssignedAccessSettings](#multiappassignedaccesssettings) | ✔️ |  |  | ✔️ |  |
+| Setting | Windows client | Surface Hub | HoloLens | IoT Core |
+| --- | :---: | :---: | :---: | :---: |
+| [AssignedAccessSettings](#assignedaccesssettings)  | ✔️ |  | ✔️ |  |
+| [MultiAppAssignedAccessSettings](#multiappassignedaccesssettings) | ✔️ |  | ✔️ |  |
 
 
 ## AssignedAccessSettings
diff --git a/windows/configuration/wcd/wcd-browser.md b/windows/configuration/wcd/wcd-browser.md
index f9b61ff048..3b57376dae 100644
--- a/windows/configuration/wcd/wcd-browser.md
+++ b/windows/configuration/wcd/wcd-browser.md
@@ -19,13 +19,13 @@ Use to configure browser settings that should only be set by OEMs who are part o
 
 ## Applies to
 
-| Setting groups | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
-| --- | :---: | :---: | :---: | :---: | :---: |
-| [AllowPrelaunch](#allowprelaunch) |  |    | ✔️ |  |  |
-| [FavoriteBarItems](#favoritebaritems) | ✔️ |    |  |  |  |
-| [Favorites](#favorites) |  |  ✔️  |  |  |  |
-| [PartnerSearchCode](#partnersearchcode)  | ✔️ | ✔️ | ✔️ |  |  |
-| [SearchProviders](#searchproviders) |   |  ✔️  |  |  |  |
+| Setting groups | Windows client | Surface Hub | HoloLens | IoT Core |
+| --- | :---: | :---: | :---: | :---: |
+| [AllowPrelaunch](#allowprelaunch) |  | ✔️ |  |  |
+| [FavoriteBarItems](#favoritebaritems) | ✔️ |  |  |  |
+| [Favorites](#favorites) |  |  |  |  |
+| [PartnerSearchCode](#partnersearchcode)  | ✔️ | ✔️ |  |  |
+| [SearchProviders](#searchproviders) |   |   |  |  |
 
 
 ## AllowPrelaunch
diff --git a/windows/configuration/wcd/wcd-cellcore.md b/windows/configuration/wcd/wcd-cellcore.md
index e7c8301aa9..56d5c63695 100644
--- a/windows/configuration/wcd/wcd-cellcore.md
+++ b/windows/configuration/wcd/wcd-cellcore.md
@@ -24,26 +24,26 @@ Use to configure settings for cellular data.
 
 ## Applies to
 
- Setting groups | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core 
- --- | :---: | :---: | :---: | :---: | :---: 
- PerDevice: [CellConfigurations](#cellconfigurations) |  | ✔️ |  |  |  |
- PerDevice: [CellData](#celldata)  | ✔️ | ✔️ | ✔️  |  |   
- PerDevice: [CellUX](#cellux)  | ✔️ | ✔️ | ✔️ |  | 
- PerDevice: [CGDual](#cgdual)  |  | ✔️ |  |  | 
- PerDevice: [eSim](#esim) | ✔️ | ✔️ | ✔️  |  | 
- PerDevice: [External](#external)  |  | ✔️ |  |  | 
- PerDevice: [General](#general)  |  | ✔️ |  |  | 
- PerDevice: [RCS](#rcs)  |  | ✔️ |  |  | 
- PerDevice: [SMS](#sms)  | ✔️ | ✔️ | ✔️  |  |  
- PerDevice: [UIX](#uix)  |  | ✔️ |  |  | 
- PerDevice: [UTK](#utk)  |  | ✔️ |  |  |
- PerlMSI: [CellData](#celldata2) |  | ✔️ |  |  |
- PerIMSI: [CellUX](#cellux2) |  | ✔️ |  |  |
- PerIMSI: [General](#general2) |  | ✔️ |  |  |
- PerIMSI: [RCS](#rcs2) |  | ✔️ |  |  |
- PerIMSI: [SMS](#sms2) | ✔️ | ✔️ | ✔️  |  | 
- PerIMSI: [UTK](#utk2) |  | ✔️ |  |  |
- PerIMSI: [VoLTE](#volte) |  | ✔️ |  |  |
+ Setting groups | Windows client | Surface Hub | HoloLens | IoT Core 
+ --- | :---: | :---: | :---: | :---: 
+ PerDevice: [CellConfigurations](#cellconfigurations) |  |  |  |  |
+ PerDevice: [CellData](#celldata)  | ✔️ | ✔️  |  |   
+ PerDevice: [CellUX](#cellux)  | ✔️ | ✔️ |  | 
+ PerDevice: [CGDual](#cgdual)  |  |  |  | 
+ PerDevice: [eSim](#esim) | ✔️ |  ✔️  |  | 
+ PerDevice: [External](#external)  |  |   |  | 
+ PerDevice: [General](#general)  |  |  |  | 
+ PerDevice: [RCS](#rcs)  |  |  |  | 
+ PerDevice: [SMS](#sms)  | ✔️ | ✔️  |  |  
+ PerDevice: [UIX](#uix)  |  |  |  | 
+ PerDevice: [UTK](#utk)  |  |  |  |
+ PerlMSI: [CellData](#celldata2) |  |  |  |
+ PerIMSI: [CellUX](#cellux2) |  |  |  |
+ PerIMSI: [General](#general2) |  |  |  |
+ PerIMSI: [RCS](#rcs2) |  |  |  |
+ PerIMSI: [SMS](#sms2) | ✔️ | ✔️  |  | 
+ PerIMSI: [UTK](#utk2) |  |   |  |
+ PerIMSI: [VoLTE](#volte) |  |  |  |
 
 
 ## PerDevice
diff --git a/windows/configuration/wcd/wcd-cellular.md b/windows/configuration/wcd/wcd-cellular.md
index 323e7faf03..825f43c4c2 100644
--- a/windows/configuration/wcd/wcd-cellular.md
+++ b/windows/configuration/wcd/wcd-cellular.md
@@ -21,9 +21,9 @@ Use to configure settings for cellular connections.
 
 ## Applies to
 
-| Setting groups | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
-| --- | :---: | :---: | :---: | :---: | :---: |
-| All settings | ✔️ |    |  |  |  |
+| Setting groups | Windows client | Surface Hub | HoloLens | IoT Core |
+| --- | :---: | :---: | :---: | :---: |
+| All settings | ✔️ |  |  |  |
 
 ## PerDevice
 
diff --git a/windows/configuration/wcd/wcd-certificates.md b/windows/configuration/wcd/wcd-certificates.md
index a30bcdeadc..ca41ffe27e 100644
--- a/windows/configuration/wcd/wcd-certificates.md
+++ b/windows/configuration/wcd/wcd-certificates.md
@@ -25,9 +25,9 @@ Use to deploy Root Certificate Authority (CA) certificates to devices. The follo
 
 ## Applies to
 
-| Setting groups | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
-| --- | :---: | :---: | :---: | :---: | :---: |
-| All setting groups | ✔️ |  ✔️ | ✔️ | ✔️ | ✔️ |
+| Setting groups | Windows client | Surface Hub | HoloLens | IoT Core |
+| --- | :---: | :---: | :---: | :---: |
+| All setting groups | ✔️ |  ✔️ | ✔️ | ✔️ |
 
 
 ## CACertificates
diff --git a/windows/configuration/wcd/wcd-cleanpc.md b/windows/configuration/wcd/wcd-cleanpc.md
index 0f31ecac6f..32bdc154b2 100644
--- a/windows/configuration/wcd/wcd-cleanpc.md
+++ b/windows/configuration/wcd/wcd-cleanpc.md
@@ -19,10 +19,10 @@ Use to remove user-installed and pre-installed applications, with the option to
 
 ## Applies to
 
-| Settings  | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
-| --- | :---: | :---: | :---: | :---: | :---: |
-| CleanPCRetainingUserData | ✔️ |    |  |  |  |
-| CleanPCWithoutRetainingUserData | ✔️ |    |  |  |  |
+| Settings  | Windows client | Surface Hub | HoloLens | IoT Core |
+| --- | :---: | :---: | :---: | :---: |
+| CleanPCRetainingUserData | ✔️ |  |  |  |
+| CleanPCWithoutRetainingUserData | ✔️ |  |  |  |
 
 For each setting, the options are **Enable** and **Not configured**. 
 
diff --git a/windows/configuration/wcd/wcd-connections.md b/windows/configuration/wcd/wcd-connections.md
index 8dc2911a9b..5c59173b68 100644
--- a/windows/configuration/wcd/wcd-connections.md
+++ b/windows/configuration/wcd/wcd-connections.md
@@ -19,9 +19,9 @@ Use to configure settings related to various types of phone connections.
 
 ## Applies to
 
-| Setting groups  | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
-| --- | :---: | :---: | :---: | :---: | :---: |
-| All settings  | ✔️ |  ✔️  | ✔️ |  |  |
+| Setting groups  | Windows client | Surface Hub | HoloLens | IoT Core |
+| --- | :---: | :---: | :---: | :---: | 
+| All settings  | ✔️ | ✔️ |  |  |
 
 
 For each setting group:
diff --git a/windows/configuration/wcd/wcd-connectivityprofiles.md b/windows/configuration/wcd/wcd-connectivityprofiles.md
index 2fdfe8372f..33b7de451b 100644
--- a/windows/configuration/wcd/wcd-connectivityprofiles.md
+++ b/windows/configuration/wcd/wcd-connectivityprofiles.md
@@ -19,14 +19,14 @@ Use to configure profiles that a user will connect with, such as an email accoun
 
 ## Applies to
 
-| Setting groups  | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
-| --- | :---: | :---: | :---: | :---: | :---: |
-| [Email](#email)  | ✔️ |  ✔️  | ✔️ |  |  |
-| [Exchange](#exchange) | ✔️ |  ✔️  | ✔️ |  |  |
-| [KnownAccounts](#knownaccounts) | ✔️ |  ✔️  | ✔️ |  |  |
-| [VPN](#vpn) | ✔️ |  ✔️  | ✔️ | ✔️ |  |
-| [WiFiSense](#wifisense) | ✔️ |  ✔️  | ✔️ |  |  |
-| [WLAN](#wlan) | ✔️ |  ✔️  | ✔️ | ✔️ |  |
+| Setting groups  | Windows client | Surface Hub | HoloLens | IoT Core |
+| --- | :---: | :---: | :---: | :---: |
+| [Email](#email)  | ✔️ |  ✔️ |  |  |
+| [Exchange](#exchange) | ✔️ |  ✔️ |  |  |
+| [KnownAccounts](#knownaccounts) | ✔️ |  ✔️ |  |  |
+| [VPN](#vpn) | ✔️ |  ✔️ | ✔️ |  |
+| [WiFiSense](#wifisense) | ✔️ | ✔️ |  |  |
+| [WLAN](#wlan) | ✔️ | ✔️ | ✔️ |  |
 
 ## Email
 
diff --git a/windows/configuration/wcd/wcd-countryandregion.md b/windows/configuration/wcd/wcd-countryandregion.md
index e8cf5a0b37..81597e49d4 100644
--- a/windows/configuration/wcd/wcd-countryandregion.md
+++ b/windows/configuration/wcd/wcd-countryandregion.md
@@ -19,8 +19,8 @@ Use to configure a setting that partners must customize to ship Windows devices
 
 ## Applies to
 
-| Setting groups  | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
-| --- | :---: | :---: | :---: | :---: | :---: |
-| CountryCodeForExtendedCapabilityPrompts | ✔️  | ✔️ | ✔️ |  |  |
+| Setting groups  | Windows client | Surface Hub | HoloLens | IoT Core |
+| --- | :---: | :---: | :---: | :---: |
+| CountryCodeForExtendedCapabilityPrompts | ✔️  | ✔️ |  |  |
 
 You can set the **CountryCodeForExtendedCapabilityPrompts** setting for **China** to enable additional capability prompts when apps use privacy-sensitive features (such as Contacts or Microphone). 
diff --git a/windows/configuration/wcd/wcd-desktopbackgroundandcolors.md b/windows/configuration/wcd/wcd-desktopbackgroundandcolors.md
index 464d3c8163..e18abe6ad1 100644
--- a/windows/configuration/wcd/wcd-desktopbackgroundandcolors.md
+++ b/windows/configuration/wcd/wcd-desktopbackgroundandcolors.md
@@ -19,7 +19,7 @@ Do not use. Instead, use the [Personalization settings](wcd-personalization.md).
 
 ## Applies to
 
-| Setting groups  | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
-| --- | :---: | :---: | :---: | :---: | :---: |
-| All settings | ✔️  |  |  |  |  |
+| Setting groups  | Windows client | Surface Hub | HoloLens | IoT Core |
+| --- | :---: | :---: | :---: | :---: |
+| All settings | ✔️  |  |  |  |
 
diff --git a/windows/configuration/wcd/wcd-developersetup.md b/windows/configuration/wcd/wcd-developersetup.md
index 666109a375..eee860859f 100644
--- a/windows/configuration/wcd/wcd-developersetup.md
+++ b/windows/configuration/wcd/wcd-developersetup.md
@@ -19,22 +19,20 @@ Use to unlock developer mode on HoloLens devices and configure authentication to
 
 ## Applies to
 
-| Setting groups  | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
-| --- | :---: | :---: | :---: | :---: | :---: |
-| [EnableDeveloperMode](#enabledevelopermode) |   |  |  | ✔️ |  |
-| [AuthenticationMode](#authenticationmode) |   |  |  | ✔️ |  |
+| Setting groups  | Windows client | Surface Hub | HoloLens | IoT Core |
+| --- | :---: | :---: | :---: | :---: |
+| [EnableDeveloperMode](#developersetupsettings-enabledevelopermode) |   |  | ✔️ |  |
+| [AuthenticationMode](#windowsdeviceportalsettings-authentication-mode) |   |  | ✔️ |  |
 
 
-
 ## DeveloperSetupSettings: EnableDeveloperMode
 
 When this setting is configured as **True**, the device is unlocked for developer functionality.
 
-
 ## WindowsDevicePortalSettings: Authentication Mode
 
 When AuthenticationMode is set to **Basic Auth**, enter a user name and password to enable the device to connect to and authenticate with the Windows Device Portal.
 
 ## Related topics
 
-- [Device Portal for HoloLens](/windows/uwp/debug-test-perf/device-portal-hololens)
\ No newline at end of file
+- [Device Portal for HoloLens](/windows/uwp/debug-test-perf/device-portal-hololens)
diff --git a/windows/configuration/wcd/wcd-deviceformfactor.md b/windows/configuration/wcd/wcd-deviceformfactor.md
index fc86909bc1..b233406d79 100644
--- a/windows/configuration/wcd/wcd-deviceformfactor.md
+++ b/windows/configuration/wcd/wcd-deviceformfactor.md
@@ -19,9 +19,9 @@ Use to identify the form factor of the device.
 
 ## Applies to
 
-| Setting   | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
-| --- | :---: | :---: | :---: | :---: | :---: |
-| DeviceForm | ✔️  | ✔️ | ✔️ |  |  |
+| Setting   | Windows client | Surface Hub | HoloLens | IoT Core |
+| --- | :---: | :---: | :---: | :---: |
+| DeviceForm | ✔️  | ✔️ |  |  |
 
 Specifies the device form factor running Windows 10. Generally, the device form is set by the original equipment manufacturer (OEM), however you might want to change the device form based on its usage in your organization.
 
diff --git a/windows/configuration/wcd/wcd-devicemanagement.md b/windows/configuration/wcd/wcd-devicemanagement.md
index 236416cf96..bb1692d17e 100644
--- a/windows/configuration/wcd/wcd-devicemanagement.md
+++ b/windows/configuration/wcd/wcd-devicemanagement.md
@@ -19,12 +19,12 @@ Use to configure device management settings.
 
 ## Applies to
 
-| Setting   | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
-| --- | :---: | :---: | :---: | :---: | :---: |
-| [Accounts](#accounts) | ✔️  | ✔️ | ✔️ |  |  |
-| [PGList](#pglist) | ✔️  | ✔️ | ✔️ |  |  |
-| [Policies](#policies) | ✔️  | ✔️ | ✔️ |  |  |
-| [TrustedProvisioningSource](#trustedprovisioningsource) | ✔️  | ✔️ | ✔️ |  |  |
+| Setting   | Windows client | Surface Hub | HoloLens | IoT Core |
+| --- | :---: | :---: | :---: | :---: |
+| [Accounts](#accounts) | ✔️  | ✔️ |  |  |
+| [PGList](#pglist) | ✔️  | ✔️ |  |  |
+| [Policies](#policies) | ✔️  | ✔️ |  |  |
+| [TrustedProvisioningSource](#trustedprovisioningsource) | ✔️  | ✔️ |  |  |
 
 ## Accounts
 
diff --git a/windows/configuration/wcd/wcd-deviceupdatecenter.md b/windows/configuration/wcd/wcd-deviceupdatecenter.md
index 3dfa2d7fe2..e72df83e2d 100644
--- a/windows/configuration/wcd/wcd-deviceupdatecenter.md
+++ b/windows/configuration/wcd/wcd-deviceupdatecenter.md
@@ -17,7 +17,7 @@ Do not use **DeviceUpdateCenter** settings at this time.
 
 ## Applies to
 
-| Setting   | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
-| --- | :---: | :---: | :---: | :---: | :---: |
-| All settings | ✔️  |  |  |  |  |
+| Setting   | Windows client | Surface Hub | HoloLens | IoT Core |
+| --- | :---: | :---: | :---: | :---: |
+| All settings | ✔️  |  |  |  |
 
diff --git a/windows/configuration/wcd/wcd-dmclient.md b/windows/configuration/wcd/wcd-dmclient.md
index 39949ed4c4..31d0ed7b8c 100644
--- a/windows/configuration/wcd/wcd-dmclient.md
+++ b/windows/configuration/wcd/wcd-dmclient.md
@@ -19,9 +19,9 @@ Use to specify enterprise-specific mobile device management configuration settin
 
 ## Applies to
 
-| Setting   | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
-| --- | :---: | :---: | :---: | :---: | :---: |
-| UpdateManagementServiceAddress | ✔️  | ✔️ | ✔️ |  | ✔️ |
+| Setting   | Windows client | Surface Hub | HoloLens | IoT Core |
+| --- | :---: | :---: | :---: | :---: |
+| UpdateManagementServiceAddress | ✔️  | ✔️ |  | ✔️ |
 
 For the **UpdateManagementServiceAddress** setting, enter a list of servers. The first server in the semi-colon delimited list is the server that will be used to instantiate MDM sessions. 
 
diff --git a/windows/configuration/wcd/wcd-editionupgrade.md b/windows/configuration/wcd/wcd-editionupgrade.md
index 79e2667cb2..aaa3c9a10e 100644
--- a/windows/configuration/wcd/wcd-editionupgrade.md
+++ b/windows/configuration/wcd/wcd-editionupgrade.md
@@ -19,11 +19,11 @@ Use to upgrade the edition of Windows 10 on the device. [Learn about Windows 10
 
 ## Applies to
 
-| Setting  | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
-| --- | :---: | :---: | :---: | :---: | :---: |
-| [ChangeProductKey](#changeproductkey) | ✔️  | ✔️ |  |  |  |
-| [UpgradeEditionWithLicense](#upgradeeditionwithlicense) | ✔️  | ✔️ |  | ✔️ |  |
-| [UpgradeEditionWithProductKey](#upgradeeditionwithproductkey) | ✔️  | ✔️ |  |  |  |
+| Setting  | Windows client | Surface Hub | HoloLens | IoT Core |
+| --- | :---: | :---: | :---: | :---: |
+| [ChangeProductKey](#changeproductkey) | ✔️  |  |  |  |
+| [UpgradeEditionWithLicense](#upgradeeditionwithlicense) | ✔️  |  | ✔️ |  |
+| [UpgradeEditionWithProductKey](#upgradeeditionwithproductkey) | ✔️  |  |  |  |
 
 
 ## ChangeProductKey
diff --git a/windows/configuration/wcd/wcd-firewallconfiguration.md b/windows/configuration/wcd/wcd-firewallconfiguration.md
index 4bc834f3ac..cd505cda87 100644
--- a/windows/configuration/wcd/wcd-firewallconfiguration.md
+++ b/windows/configuration/wcd/wcd-firewallconfiguration.md
@@ -19,9 +19,9 @@ Use to enable AllJoyn router to work on public networks.
 
 ## Applies to
 
-| Setting   | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
-| --- | :---: | :---: | :---: | :---: | :---: |
-| EnableAllJoynOnPublicNetwork |   |  |  |  | ✔️ |
+| Setting   | Windows client | Surface Hub | HoloLens | IoT Core |
+| --- | :---: | :---: | :---: | :---: |
+| EnableAllJoynOnPublicNetwork |   |  |  | ✔️ |
 
 Set to **True** or **False**.
 
diff --git a/windows/configuration/wcd/wcd-firstexperience.md b/windows/configuration/wcd/wcd-firstexperience.md
index 0561b8d3f4..a854a53a49 100644
--- a/windows/configuration/wcd/wcd-firstexperience.md
+++ b/windows/configuration/wcd/wcd-firstexperience.md
@@ -19,9 +19,9 @@ Use these settings to configure the out-of-box experience (OOBE) to set up HoloL
 
 ## Applies to
 
-| Setting   | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
-| --- | :---: | :---: | :---: | :---: | :---: |
-| All settings |   |  |  | ✔️ |  |
+| Setting   | Windows client | Surface Hub | HoloLens | IoT Core |
+| --- | :---: | :---: | :---: | :---: |
+| All settings |   |  | ✔️ |  |
 
 Setting | Description
 --- | ---
diff --git a/windows/configuration/wcd/wcd-folders.md b/windows/configuration/wcd/wcd-folders.md
index cc594611bc..1eab5f086b 100644
--- a/windows/configuration/wcd/wcd-folders.md
+++ b/windows/configuration/wcd/wcd-folders.md
@@ -19,8 +19,8 @@ Use to add files to the device.
 
 ## Applies to
 
-| Setting   | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
-| --- | :---: | :---: | :---: | :---: | :---: |
-| PublicDocuments | ✔️  | ✔️ | ✔️ |  |  |
+| Setting   | Windows client | Surface Hub | HoloLens | IoT Core |
+| --- | :---: | :---: | :---: | :---: |
+| PublicDocuments | ✔️  | ✔️ |  |  |
 
 Browse to and select a file or files that will be included in the provisioning package and added to the public profile documents folder on the target device. You can use the **Relative path to directory on target device** field to create a new folder within the public profile documents folder.
diff --git a/windows/configuration/wcd/wcd-kioskbrowser.md b/windows/configuration/wcd/wcd-kioskbrowser.md
index 0db1c60a59..b8dc34d1e1 100644
--- a/windows/configuration/wcd/wcd-kioskbrowser.md
+++ b/windows/configuration/wcd/wcd-kioskbrowser.md
@@ -19,12 +19,12 @@ Use KioskBrowser settings to configure Internet sharing.
 
 ## Applies to
 
-| Setting groups | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
-| --- | :---: | :---: | :---: | :---: | :---: |
-| All settings |  |    |  |  | ✔️ |
+| Setting groups | Windows client | Surface Hub | HoloLens | IoT Core |
+| --- | :---: | :---: | :---: | :---: |
+| All settings |  |  |  | ✔️ |
 
 >[!NOTE]
->To configure Kiosk Browser settings for desktop editions, go to [Policies > KioskBrowser](wcd-policies.md#kioskbrowser).
+>To configure Kiosk Browser settings for Windows client, go to [Policies > KioskBrowser](wcd-policies.md#kioskbrowser).
 
 Kiosk Browser settings | Use this setting to
 --- | ---
diff --git a/windows/configuration/wcd/wcd-licensing.md b/windows/configuration/wcd/wcd-licensing.md
index 98ebd963b2..82adee0181 100644
--- a/windows/configuration/wcd/wcd-licensing.md
+++ b/windows/configuration/wcd/wcd-licensing.md
@@ -19,10 +19,10 @@ Use for settings related to Microsoft licensing programs.
 
 ## Applies to
 
-| Setting   | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
-| --- | :---: | :---: | :---: | :---: | :---: |
-| [AllowWindowsEntitlementReactivation](#allowwindowsentitlementreactivation) | ✔️  |  |  |  |  |
-| [DisallowKMSClientOnlineAVSValidation](#disallowkmsclientonlineavsvalidation) | ✔️  |  |  |  |  |
+| Setting   | Windows client | Surface Hub | HoloLens | IoT Core |
+| --- | :---: | :---: | :---: | :---: |
+| [AllowWindowsEntitlementReactivation](#allowwindowsentitlementreactivation) | ✔️  |  |  |  |
+| [DisallowKMSClientOnlineAVSValidation](#disallowkmsclientonlineavsvalidation) | ✔️  |  |  |  |
 
 ## AllowWindowsEntitlementReactivation
 
diff --git a/windows/configuration/wcd/wcd-location.md b/windows/configuration/wcd/wcd-location.md
index c0617f9b4a..a2989cead5 100644
--- a/windows/configuration/wcd/wcd-location.md
+++ b/windows/configuration/wcd/wcd-location.md
@@ -18,9 +18,9 @@ Use Location settings to configure location services.
 
 ## Applies to
 
-| Setting groups | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
-| --- | :---: | :---: | :---: | :---: | :---: |
-| [EnableLocation](#enablelocation) |  |    |  |  | ✔️ |
+| Setting groups | Windows client | Surface Hub | HoloLens | IoT Core |
+| --- | :---: | :---: | :---: | :---: |
+| [EnableLocation](#enablelocation) |  |  |  | ✔️ |
 
 ## EnableLocation
 
diff --git a/windows/configuration/wcd/wcd-maps.md b/windows/configuration/wcd/wcd-maps.md
index b92e27c14e..51aacf0da3 100644
--- a/windows/configuration/wcd/wcd-maps.md
+++ b/windows/configuration/wcd/wcd-maps.md
@@ -18,11 +18,11 @@ Use for settings related to Maps.
 
 ## Applies to
 
-| Setting   | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
-| --- | :---: | :---: | :---: | :---: | :---: |
-| [ChinaVariantWin10](#chinavariantwin10) | ✔️  | ✔️ | ✔️ |  |  |
-| [UseExternalStorage](#useexternalstorage) | ✔️  | ✔️ | ✔️ |  |  |
-| [UseSmallerCache](#usesmallercache) | ✔️  | ✔️ | ✔️ |  |  |
+| Setting   | Windows client | Surface Hub | HoloLens | IoT Core |
+| --- | :---: | :---: | :---: | :---: |
+| [ChinaVariantWin10](#chinavariantwin10) | ✔️  | ✔️ |  |  |
+| [UseExternalStorage](#useexternalstorage) | ✔️  | ✔️ |  |  |
+| [UseSmallerCache](#usesmallercache) | ✔️  | ✔️ |  |  |
 
 
 ## ChinaVariantWin10
diff --git a/windows/configuration/wcd/wcd-networkproxy.md b/windows/configuration/wcd/wcd-networkproxy.md
index e19c13f19c..957bc2abd1 100644
--- a/windows/configuration/wcd/wcd-networkproxy.md
+++ b/windows/configuration/wcd/wcd-networkproxy.md
@@ -18,9 +18,9 @@ Use for settings related to NetworkProxy.
 
 ## Applies to
 
-| Setting   | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
-| --- | :---: | :---: | :---: | :---: | :---: |
-| All settings |   |  | ✔️ |  |  |
+| Setting   | Windows client | Surface Hub | HoloLens | IoT Core |
+| --- | :---: | :---: | :---: | :---: |
+| All settings |   | ✔️ |  |  |
 
 
 ## AutoDetect
diff --git a/windows/configuration/wcd/wcd-networkqospolicy.md b/windows/configuration/wcd/wcd-networkqospolicy.md
index 80e515c380..177a49d274 100644
--- a/windows/configuration/wcd/wcd-networkqospolicy.md
+++ b/windows/configuration/wcd/wcd-networkqospolicy.md
@@ -18,9 +18,9 @@ Use to create network Quality of Service (QoS) policies. A QoS policy performs a
 
 ## Applies to
 
-| Setting   | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
-| --- | :---: | :---: | :---: | :---: | :---: |
-| All settings |   |  | ✔️ |  |  |
+| Setting   | Windows client | Surface Hub | HoloLens | IoT Core |
+| --- | :---: | :---: | :---: | :---: |
+| All settings |   | ✔️ |  |  |
 
 1. In **Available customizations**, select **NetworkQ0SPolicy**, enter a friendly name for the account, and then click **Add**.
 2. In **Available customizations**, select the name that you just created. The following table describes the settings you can configure. 
diff --git a/windows/configuration/wcd/wcd-oobe.md b/windows/configuration/wcd/wcd-oobe.md
index 4245590994..9110aeec1d 100644
--- a/windows/configuration/wcd/wcd-oobe.md
+++ b/windows/configuration/wcd/wcd-oobe.md
@@ -18,35 +18,21 @@ Use to configure settings for the [Out Of Box Experience (OOBE)](/windows-hardwa
 
 ## Applies to
 
-| Setting   | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
-| --- | :---: | :---: | :---: | :---: | :---: |
-| [Desktop > EnableCortanaVoice](#enablecortanavoice) | ✔️  |  |  |  |  |
-| [Desktop > HideOobe](#hided) | ✔️  |  |  |  |  |
-| [Mobile > EnforceEnterpriseProvisioning](#nforce) |   | ✔️ |  |  |  |
-| [Mobile > HideOobe](#hidem) |   | ✔️ |  |  |  |
-
-
-
+| Setting   | Windows client | Surface Hub | HoloLens | IoT Core |
+| --- | :---: | :---: | :---: | :---: | 
+| [Desktop > EnableCortanaVoice](#enablecortanavoice) | ✔️  |  |  |  |
+| [Desktop > HideOobe](#hideoobe-for-desktop) | ✔️  |  |  |  |
 
 ## EnableCortanaVoice
 
 Use this setting to control whether Cortana voice-over is enabled during OOBE. The voice-over is disabled by default on Windows 10 Pro, Education, and Enterprise. The voice-over is enabled by default on Windows 10 Home. Select **True** to enable voice-over during OOBE, or **False** to disable voice-over during OOBE.
 
-
 ## HideOobe for desktop
 
 When set to **True**, it hides the interactive OOBE flow for Windows 10.
 
->[!NOTE]
->You must create a user account if you set the value to true or the device will not be usable.
+> [!NOTE]
+> You must create a user account if you set the value to true or the device will not be usable.
 
 When set to **False**, the OOBE screens are displayed.
 
-
-## EnforceEnterpriseProvisioning
-
-When set to **True**, it forces the OOBE flow into using the enterprise provisioning page without making the user interact with the Windows button. This is the default setting.
-
-When set to **False**, it does not force the OOBE flow to the enterprise provisioning page.
-
-
diff --git a/windows/configuration/wcd/wcd-personalization.md b/windows/configuration/wcd/wcd-personalization.md
index 08af869bd0..18b6259bdc 100644
--- a/windows/configuration/wcd/wcd-personalization.md
+++ b/windows/configuration/wcd/wcd-personalization.md
@@ -18,12 +18,12 @@ Use to configure settings to personalize a PC.
 
 ## Applies to
 
-| Setting   | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
-| --- | :---: | :---: | :---: | :---: | :---: |
-| [DeployDesktopImage](#deploydesktopimage) | ✔️  |  |  |  |  |
-| [DeployLockScreenImage](#deploylockscreenimage) | ✔️  |  |  |  |  |
-| [DesktopImageUrl](#desktopimageurl) | ✔️  |  |  |  |  |
-| [LockScreenImageUrl](#lockscreenimageurl) | ✔️  |  |  |  |  |
+| Setting   | Windows client | Surface Hub | HoloLens | IoT Core |
+| --- | :---: | :---: | :---: | :---: |
+| [DeployDesktopImage](#deploydesktopimage) | ✔️  |  |  |  |
+| [DeployLockScreenImage](#deploylockscreenimage) | ✔️  |  |  |  |
+| [DesktopImageUrl](#desktopimageurl) | ✔️  |  |  |  |
+| [LockScreenImageUrl](#lockscreenimageurl) | ✔️  |  |  |  |
 
 ## DeployDesktopImage
 
diff --git a/windows/configuration/wcd/wcd-policies.md b/windows/configuration/wcd/wcd-policies.md
index 1d9c4d1eee..f7629487bb 100644
--- a/windows/configuration/wcd/wcd-policies.md
+++ b/windows/configuration/wcd/wcd-policies.md
@@ -18,315 +18,316 @@ This section describes the **Policies** settings that you can configure in [prov
 
 ## AboveLock
 
-| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
-| --- | --- | :---: | :---: | :---: | :---: | :---: |
-| [AllowActionCenterNotifications](/windows/client-management/mdm/policy-configuration-service-provider#abovelock-allowactioncenternotifications)  | Allow Action Center notifications above the device lock screen. |  | ✔️ |  |  |  |
-| [AllowToasts](/windows/client-management/mdm/policy-configuration-service-provider#abovelock-allowtoasts)  | Allow toast notifications above the device lock screen.  | ✔️  | ✔️ |   |   |  |
+| Setting | Description | Windows client |  Surface Hub | HoloLens | IoT Core |
+| --- | --- | :---: |  :---: | :---: | :---: |
+| [AllowActionCenterNotifications](/windows/client-management/mdm/policy-configuration-service-provider#abovelock-allowactioncenternotifications)  | Allow Action Center notifications above the device lock screen. |  |   |  |  |
+| [AllowToasts](/windows/client-management/mdm/policy-configuration-service-provider#abovelock-allowtoasts)  | Allow toast notifications above the device lock screen.  | ✔️  |   |   |  |
 
 ## Accounts
 
-| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
-| --- | --- | :---: | :---: | :---: | :---: | :---: |
-| [AllowAddingNonMicrosoftAccountManually](/windows/client-management/mdm/policy-configuration-service-provider#accounts-allowaddingnonmicrosoftaccountsmanually) | Whether users can add non-Microsoft email accounts  | ✔️ | ✔️ |  |  |  |
-| [AllowMicrosoftAccountConnection](/windows/client-management/mdm/policy-configuration-service-provider#accounts-allowmicrosoftaccountconnection) | Whether users can use a Microsoft account for non-email-related connection authentication and services  | ✔️ | ✔️ |  | ✔️ |  |
-| [AllowMicrosoftAccountSigninAssistant](/windows/client-management/mdm/policy-configuration-service-provider#accounts-allowmicrosoftaccountsigninassistant) | Disable the **Microsoft Account Sign-In Assistant** (wlidsvc) NT service | ✔️ | ✔️ |  |  |  |
-| [DomainNamesForEmailSync](/windows/client-management/mdm/policy-configuration-service-provider#accounts-domainnamesforemailsync) | List of domains that are allowed to sync email on the devices | ✔️ | ✔️ |  |  |  |
+| Setting | Description | Windows client |  Surface Hub | HoloLens | IoT Core |
+| --- | --- | :---: | :---: | :---: | :---: | 
+| [AllowAddingNonMicrosoftAccountManually](/windows/client-management/mdm/policy-configuration-service-provider#accounts-allowaddingnonmicrosoftaccountsmanually) | Whether users can add non-Microsoft email accounts  | ✔️ |   |  |  |
+| [AllowMicrosoftAccountConnection](/windows/client-management/mdm/policy-configuration-service-provider#accounts-allowmicrosoftaccountconnection) | Whether users can use a Microsoft account for non-email-related connection authentication and services  | ✔️ |   | ✔️ |  |
+| [AllowMicrosoftAccountSigninAssistant](/windows/client-management/mdm/policy-configuration-service-provider#accounts-allowmicrosoftaccountsigninassistant) | Disable the **Microsoft Account Sign-In Assistant** (wlidsvc) NT service | ✔️ |  |  |  |
+| [DomainNamesForEmailSync](/windows/client-management/mdm/policy-configuration-service-provider#accounts-domainnamesforemailsync) | List of domains that are allowed to sync email on the devices | ✔️ |  |  |  |
 
 
 ## ApplicationDefaults
 
-| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
-| --- | --- | :---: | :---: | :---: | :---: | :---: |
-| [DefaultAssociationsConfiguration](/windows/client-management/mdm/policy-configuration-service-provider#applicationdefaults-defaultassociationsconfiguration) | Set default file type and protocol associations  | ✔️ |  |  |  |  |
+| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
+| --- | --- | :---: | :---: | :---: | :---: | 
+| [DefaultAssociationsConfiguration](/windows/client-management/mdm/policy-configuration-service-provider#applicationdefaults-defaultassociationsconfiguration) | Set default file type and protocol associations  | ✔️ |  |  |  |
 
 
 ## ApplicationManagement
 
 
-| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
-| --- | --- | :---: | :---: | :---: | :---: | :---: |
-| [AllowAllTrustedApps](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-allowalltrustedapps) | Whether non-Microsoft Store apps are allowed | ✔️ | ✔️ |  |  | ✔️ |
-| [AllowAppStoreAutoUpdate](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-allowappstoreautoupdate)  | Whether automatic update of apps from Microsoft Store is allowed  | ✔️  | ✔️ |   |   | ✔️ |
-| [AllowDeveloperUnlock](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-allowdeveloperunlock)  | Whether developer unlock of device is allowed  | ✔️  | ✔️ | ✔️  | ✔️  | ✔️ |
-| [AllowGameDVR](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-allowgamedvr)  |Whether DVR and broadcasting is allowed   | ✔️  |  |   |   |  |
-| [AllowSharedUserAppData](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-allowshareduserappdata)  | Whether multiple users of the same app can share data  | ✔️  | ✔️ |   |   |  |
-| [AllowStore](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-allowstore)  | Whether app store is allowed at device  |   | ✔️ |   |   |  |
-| [ApplicationRestrictions](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-applicationrestrictions)  | An XML blob that specifies app restrictions, such as an allow list, disallow list, etc.  |   | ✔️ |   |   |  |
-| [LaunchAppAfterLogOn](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-launchappafterlogon)  |Whether to launch an app or apps when the user signs in.   | ✔️  |  |   |   |  |
-| [RestrictAppDataToSystemVolume](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-restrictappdatatosystemvolume)  | Whether app data is restricted to the system drive  | ✔️  | ✔️ |   |   | ✔️ |
-| [RestrictAppToSystemVolume](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-restrictapptosystemvolume)  | Whether the installation of apps is restricted to the system drive   | ✔️  | ✔️ |   |   | ✔️ |
+| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
+| --- | --- | :---: | :---: | :---: | :---: | 
+| [AllowAllTrustedApps](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-allowalltrustedapps) | Whether non-Microsoft Store apps are allowed | ✔️ |   |  | ✔️ |
+| [AllowAppStoreAutoUpdate](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-allowappstoreautoupdate)  | Whether automatic update of apps from Microsoft Store is allowed  | ✔️  |   |   | ✔️ |
+| [AllowDeveloperUnlock](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-allowdeveloperunlock)  | Whether developer unlock of device is allowed  | ✔️  | ✔️  | ✔️  | ✔️ |
+| [AllowGameDVR](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-allowgamedvr)  |Whether DVR and broadcasting is allowed   | ✔️  |  |   |   |  
+| [AllowSharedUserAppData](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-allowshareduserappdata)  | Whether multiple users of the same app can share data  | ✔️  |   |   |  |
+| [AllowStore](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-allowstore)  | Whether app store is allowed at device  |   |    |   |  |
+| [ApplicationRestrictions](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-applicationrestrictions)  | An XML blob that specifies app restrictions, such as an allow list, disallow list, etc.  |   |   |  |  |
+| [LaunchAppAfterLogOn](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-launchappafterlogon)  |Whether to launch an app or apps when the user signs in.   | ✔️  |   |   |  |
+| [RestrictAppDataToSystemVolume](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-restrictappdatatosystemvolume)  | Whether app data is restricted to the system drive  | ✔️  |   |   | ✔️ |
+| [RestrictAppToSystemVolume](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-restrictapptosystemvolume)  | Whether the installation of apps is restricted to the system drive   | ✔️  |   |   | ✔️ |
 
 
 
 
 ## Authentication
 
-| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
-| --- | --- | :---: | :---: | :---: | :---: | :---: |
-| [AllowFastReconnect](/windows/client-management/mdm/policy-csp-authentication#authentication-allowfastreconnect) | Allows EAP Fast Reconnect from being attempted for EAP Method TLS. | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ |
-| [EnableFastFirstSignin](/windows/client-management/mdm/policy-csp-authentication#authentication-enablefastfirstsignin) | Enables a quick first sign-in experience for a user by automatically connecting new non-admin Azure AD accounts to the pre-configured candidate local accounts. | ✔️ | ✔️ | ✔️ |  | ✔️ |
-| [EnableWebSignin](/windows/client-management/mdm/policy-csp-authentication#authentication-enablewebsignin) | Enables Windows logon support for non-ADFS federated providers (e.g. SAML). | ✔️ | ✔️ | ✔️ |  | ✔️ |
-| [PreferredAadTenantDomainName](/windows/client-management/mdm/policy-csp-authentication#authentication-preferredaadtenantdomainname) | Specifies the preferred domain among available domains in the Azure AD tenant. | ✔️ | ✔️ | ✔️ |  | ✔️ |
+| Setting | Description | Windows client |  Surface Hub | HoloLens | IoT Core |
+| --- | --- | :---: |  :---: | :---: | :---: |
+| [AllowFastReconnect](/windows/client-management/mdm/policy-csp-authentication#authentication-allowfastreconnect) | Allows EAP Fast Reconnect from being attempted for EAP Method TLS. | ✔️ | ✔️ | ✔️ | ✔️ |
+| [EnableFastFirstSignin](/windows/client-management/mdm/policy-csp-authentication#authentication-enablefastfirstsignin) | Enables a quick first sign-in experience for a user by automatically connecting new non-admin Azure AD accounts to the pre-configured candidate local accounts. | ✔️ | ✔️ |  | ✔️ |
+| [EnableWebSignin](/windows/client-management/mdm/policy-csp-authentication#authentication-enablewebsignin) | Enables Windows logon support for non-ADFS federated providers (e.g. SAML). | ✔️ |  ✔️ |  | ✔️ |
+| [PreferredAadTenantDomainName](/windows/client-management/mdm/policy-csp-authentication#authentication-preferredaadtenantdomainname) | Specifies the preferred domain among available domains in the Azure AD tenant. | ✔️ |  ✔️ |  | ✔️ |
 
 
 ## BitLocker
 
-| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
-| --- | --- | :---: | :---: | :---: | :---: | :---: |
-| [EncryptionMethod](/windows/client-management/mdm/policy-configuration-service-provider#bitlocker-encryptionmethod)  | Specify BitLocker drive encryption method and cipher strength | ✔️ | ✔️ |  |  |  |
+| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
+| --- | --- | :---: | :---: | :---: | :---: |
+| [EncryptionMethod](/windows/client-management/mdm/policy-configuration-service-provider#bitlocker-encryptionmethod)  | Specify BitLocker drive encryption method and cipher strength | ✔️ |  |  |  |
 
 
 ## Bluetooth
 
-| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
-| --- | --- | :---: | :---: | :---: | :---: | :---: |
-| [AllowAdvertising](/windows/client-management/mdm/policy-configuration-service-provider#bluetooth-allowadvertising)  | Whether the device can send out Bluetooth advertisements | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ |
-| [AllowDiscoverableMode](/windows/client-management/mdm/policy-configuration-service-provider#bluetooth-allowdiscoverablemode)  | Whether other Bluetooth-enabled devices can discover the device  | ✔️  | ✔️ |  ✔️ | ✔️ | ✔️ |
-| [AllowPrepairing](/windows/client-management/mdm/policy-configuration-service-provider#bluetooth-allowprepairing)  | Whether to allow specific bundled Bluetooth peripherals to automatically pair with the host device  | ✔️  | ✔️ | ✔️ | ✔️ | ✔️ |
-| AllowPromptedProximalConnections | Whether Windows will prompt users when Bluetooth devices that are connectable are in range of the user's device  | ✔️  | ✔️ | ✔️ | ✔️ | ✔️ |
-| [LocalDeviceName](/windows/client-management/mdm/policy-configuration-service-provider#bluetooth-localdevicename)  | Set the local Bluetooth device name  | ✔️  | ✔️ | ✔️ | ✔️ | ✔️ |
-| [ServicesAllowedList](/windows/client-management/mdm/policy-configuration-service-provider#bluetooth-servicesallowedlist)  | Set a list of allowable services and profiles  | ✔️  | ✔️ | ✔️  | ✔️  | ✔️ |
+| Setting | Description | Windows client |  Surface Hub | HoloLens | IoT Core |
+| --- | --- | :---: | :---: | :---: | :---: |
+| [AllowAdvertising](/windows/client-management/mdm/policy-configuration-service-provider#bluetooth-allowadvertising)  | Whether the device can send out Bluetooth advertisements | ✔️ | ✔️ | ✔️ | ✔️ |
+| [AllowDiscoverableMode](/windows/client-management/mdm/policy-configuration-service-provider#bluetooth-allowdiscoverablemode)  | Whether other Bluetooth-enabled devices can discover the device  | ✔️  |  ✔️ | ✔️ | ✔️ |
+| [AllowPrepairing](/windows/client-management/mdm/policy-configuration-service-provider#bluetooth-allowprepairing)  | Whether to allow specific bundled Bluetooth peripherals to automatically pair with the host device  | ✔️  | ✔️ | ✔️ | ✔️ |
+| AllowPromptedProximalConnections | Whether Windows will prompt users when Bluetooth devices that are connectable are in range of the user's device  | ✔️  |  ✔️ | ✔️ | ✔️ |
+| [LocalDeviceName](/windows/client-management/mdm/policy-configuration-service-provider#bluetooth-localdevicename)  | Set the local Bluetooth device name  | ✔️  |  ✔️ | ✔️ | ✔️ |
+| [ServicesAllowedList](/windows/client-management/mdm/policy-configuration-service-provider#bluetooth-servicesallowedlist)  | Set a list of allowable services and profiles  | ✔️  |  ✔️  | ✔️  | ✔️ |
 
 ## Browser
 
-| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
-| --- | --- | :---: | :---: | :---: | :---: | :---: |
-| [AllowAddressBarDropdown](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowaddressbardropdown) | Specify whether to allow the address bar drop-down functionality in Microsoft Edge. If you want to minimize network connections from Microsoft Edge to Microsoft services, we recommend disabling this functionality.  | ✔️ |  |  |  |  |
-| [AllowAutofill](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowautofill)  | Specify whether autofill on websites is allowed.  | ✔️  | ✔️ | ✔️  |   | ✔️ |
-| [AllowBrowser](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowbrowser) | Specify whether the browser is allowed on the device (for Windows 10, version 1803 and earlier only). | ✔️ | ✔️ |  |  |  |
-[AllowConfigurationUpdateForBooksLibrary](/windows/client-management/mdm/policy-csp-browser#browser-allowconfigurationupdateforbookslibrary) | Specify whether Microsoft Edge can automatically update the configuration data for the Books Library. | ✔️ | ✔️ |  |  |  |
-| [AllowCookies](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowcookies)  | Specify whether cookies are allowed.  | ✔️  | ✔️ | ✔️  |   | ✔️ |
-| [AllowDeveloperTools](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowdevelopertools) | Specify whether employees can use F12 Developer Tools on Microsoft Edge. | ✔️ |  |  |  |  |
-| [AllowDoNotTrack](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowdonottrack)  | Specify whether Do Not Track headers are allowed.  | ✔️  | ✔️ | ✔️  |   | ✔️ |
-| [AllowExtensions](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowextensions) | Specify whether Microsoft Edge extensions are allowed. | ✔️ |  |  |  |  |
-| [AllowFlash](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowflash)  | Specify whether Adobe Flash can run in Microsoft Edge.  |  ✔️ |  |   |   |  |
-| [AllowFlashClickToRun](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowflashclicktorun) | Specify whether users must take an action, such as clicking the content or a Click-to-Run button, before seeing content in Adobe Flash. | ✔️ |  |  |  |  |
-| [AllowFullScreenMode](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowfullscreenmode)  | Specify whether full-screen mode is allowed.  | ✔️  | ✔️ | ✔️  |   | ✔️ |
-| [AllowInPrivate](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowinprivate)  | Specify whether InPrivate browsing is allowed on corporate networks.  | ✔️  | ✔️ | ✔️  |   | ✔️ |
-| [AllowMicrosoftCompatibilityList](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowmicrosoftcompatibilitylist) | Specify whether to use the Microsoft compatibility list in Microsoft Edge. | ✔️ | ✔️ | ✔️ |  | ✔️ |
-| [AllowPasswordManager](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowpasswordmanager)  | Specify whether saving and managing passwords locally on the device is allowed.  | ✔️  | ✔️ | ✔️  |   | ✔️ |
-| [AllowPopups](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowpopups) | Specify whether pop-up blocker is allowed or enabled. | ✔️ |  |  | ✔️ |  |
-| [AllowPrelaunch](/windows/client-management/mdm/policy-csp-browser#browser-allowprelaunch)  | Specify whether Microsoft Edge can pre-launch as a background process during Windows startup when the system is idle waiting to be launched by the user.   | ✔️  |  |   |   |  |
-| [AllowPrinting](/windows/client-management/mdm/policy-csp-browser#browser-allowprinting)  | Specify whether users can print web content in Microsoft Edge.   | ✔️  | ✔️ |  ✔️ |   | ✔️ |
-| [AllowSavingHistory](/windows/client-management/mdm/policy-csp-browser#browser-allowsavinghistory)  | Specify whether Microsoft Edge saves the browsing history.   | ✔️  |  |   |   |  |
-| [AllowSearchEngineCustomization](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowsearchenginecustomization)  | Allow search engine customization for MDM-enrolled devices.  | ✔️  | ✔️ | ✔️  |   | ✔️ |
-| [AllowSearchSuggestionsinAddressBar](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowsearchsuggestionsinaddressbar) | Specify whether search suggestions are allowed in the address bar. | ✔️ | ✔️ | ✔️ |  | ✔️ |
-| [AllowSideloadingOfExtensions](/windows/client-management/mdm/policy-csp-browser#browser-allowsideloadingofextensions)  | Specify whether extensions can be sideloaded in Microsoft Edge.   | ✔️  |  |   |   |  |
-| [AllowSmartScreen](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowsmartscreen)  | Specify whether Windows Defender SmartScreen is allowed.  | ✔️  | ✔️ | ✔️  | ✔️  | ✔️ |
-| [AllowTabPreloading](/windows/client-management/mdm/policy-csp-browser#browser-allowtabpreloading)  | Specify whether preloading the Start and New tab pages during Windows sign-in is allowed.   | ✔️  |  |   |   |  |
-| [AllowWebContentOnNewTabPage](/windows/client-management/mdm/policy-csp-browser#browser-allowwebcontentonnewtabpage)  | Specify whether a New tab page opens with the default content or a blank page.   | ✔️  | ✔️ | ✔️  |   | ✔️ |
-[AlwaysEnableBooksLibrary](/windows/client-management/mdm/policy-csp-browser#browser-alwaysenablebookslibrary) | Always show the Books Library in Microsoft Edge. | ✔️ | ✔️ |  |  |  |
-| [ClearBrowsingDataOnExit](/windows/client-management/mdm/policy-configuration-service-provider#browser-clearbrowsingdataonexit) | Specify whether to clear browsing data when exiting Microsoft Edge. | ✔️ |  |  |  |  |
-| [ConfigureAdditionalSearchEngines](/windows/client-management/mdm/policy-configuration-service-provider#browser-configureadditionalsearchengines)  | Allows you to add up to 5 additional search engines for MDM-enrolled devices.  | ✔️  | ✔️ | ✔️  |   | ✔️ |
-| [ConfigureFavoritesBar](/windows/client-management/mdm/policy-csp-browser#browser-configurefavoritesbar)  | Specify whether the Favorites bar is shown or hidden on all pages.   | ✔️  |  |   |   |  |
-| [ConfigureHomeButton](/windows/client-management/mdm/policy-csp-browser#browser-configurehomebutton)  | Configure whether the Home button will be shown, and what should happen when it is selected. You should also configure the [SetHomeButtonURL](/windows/client-management/mdm/policy-csp-browser#browser-sethomebuttonurl) setting. To configure this setting and also allow users to make changes to the Home button, see the [UnlockHomeButton](/windows/client-management/mdm/policy-csp-browser#browser-unlockhomebutton) setting.  | ✔️  |  |   |   |  |
-| [ConfigureKioskMode](/windows/client-management/mdm/policy-csp-browser#browser-configurekioskmode)  | Configure how Microsoft Edge operates when it's running in kiosk mode, either as a single-app kiosk or as one of multiple apps running on the kiosk device.  | ✔️  |  |   |   |  |
-| [ConfigureKioskResetAfterIdleTimeout](/windows/client-management/mdm/policy-csp-browser#browser-configurekioskresetafteridletimeout)  | Specify the time, in minutes, after which Microsoft Edge running in kiosk mode resets to the default kiosk configuration.  | ✔️  |  |   |   |  |
-| [ConfigureOpenMicrosoftEdgeWith](/windows/client-management/mdm/policy-csp-browser#browser-configureopenmicrosoftedgewith)  | Specify which pages should load when Microsoft Edge opens. You should also configure the [ConfigureStartPages](/windows/client-management/mdm/policy-csp-browser#browser-configurestartpages) setting and [DisableLockdownOfStartPages](/windows/client-management/mdm/policy-configuration-service-provider#browser-disablelockdownofstartpages) setting.  | ✔️  |  |   |   |  |
-| [ConfigureTelemetryForMicrosoft365Analytics](/windows/client-management/mdm/policy-csp-browser#browser-configuretelemetryformicrosoft365analytics)  | Specify whether to send Microsoft Edge browsing history data to Microsoft 365 Analytics.  | ✔️  |  |   |   |  |
-| [DisableLockdownOfStartPages](/windows/client-management/mdm/policy-configuration-service-provider#browser-disablelockdownofstartpages) | Specify whether the lockdown on the Start pages is disabled. | ✔️ |  |  |  |  |
-[EnableExtendedBooksTelemetry](/windows/client-management/mdm/policy-csp-browser#browser-enableextendedbookstelemetry) | Enable this setting to send additional diagnostic data, on top of the basic diagnostic data, from the Books tab.  | ✔️ | ✔️ |  |  |  |
-| [EnterpriseModeSiteList](/windows/client-management/mdm/policy-configuration-service-provider#browser-enterprisemodesitelist)  | Allow the user to specify a URL of an enterprise site list.  | ✔️  |  |   |   |  |
-| [EnterpriseSiteListServiceUrl](/windows/client-management/mdm/policy-csp-browser#browser-enterprisesitelistserviceurl) | This policy (introduced in Windows 10, version 1507) was deprecated in Windows 10, version 1511 by [Browser/EnterpriseModeSiteList](/windows/client-management/mdm/policy-configuration-service-provider#browser-enterprisemodesitelist). | ✔️ |  |  |  |  |
-| [FirstRunURL](/windows/client-management/mdm/policy-configuration-service-provider#browser-firstrunurl)  | Specify the URL that Microsoft Edge will use when it is opened for the first time.  | ✔️  | ✔️ |   |   |  |
-| [HomePages](/windows/client-management/mdm/policy-configuration-service-provider#browser-homepages) | Specify your Start pages for MDM-enrolled devices. | ✔️ |  |  |  |  |
-[LockdownFavorites](/windows/client-management/mdm/policy-csp-browser#browser-lockdownfavorites) | Configure whether employees can add, import, sort, or edit the Favorites list in Microsoft Edge.  | ✔️ | ✔️ |  |  |  |
-| [PreventAccessToAboutFlagsInMicrosoftEdge](/windows/client-management/mdm/policy-configuration-service-provider#browser-preventaccesstoaboutflagsinmicrosoftedge)  | Specify whether users can access the **about:flags** page, which is used to change developer settings and to enable experimental features.  | ✔️  | ✔️ | ✔️  |   | ✔️ |
-| [PreventCertErrorOverrides](/windows/client-management/mdm/policy-csp-browser#browser-preventcerterroroverrides)  | Specify whether to override security warnings about sites that have SSL errors.  | ✔️  | ✔️ |  ✔️ |   | ✔️ |
-| [PreventFirstRunPage](/windows/client-management/mdm/policy-configuration-service-provider#browser-preventfirstrunpage) | Specify whether to enable or disable the First Run webpage. | ✔️ |  |  |  |  |
-| [PreventLiveTileDataCollection](/windows/client-management/mdm/policy-configuration-service-provider#browser-preventlivetiledatacollection)  | Specify whether Microsoft can collect information to create a Live Tile when pinning a site to Start from Microsoft Edge.  | ✔️  | ✔️ | ✔️  |   | ✔️ |
-| [PreventSmartScreenPromptOverride](/windows/client-management/mdm/policy-configuration-service-provider#browser-preventsmartscreenpromptoverride)  | Specify whether users can override the Windows Defender SmartScreen warnings about potentially malicious websites.  | ✔️  | ✔️ | ✔️  |   | ✔️ |
-| [PreventSmartScreenPromptOverrideForFiles](/windows/client-management/mdm/policy-configuration-service-provider#browser-preventsmartscreenpromptoverrideforfiles) | Specify whether users can override the Windows Defender SmartScreen warnings about downloading unverified files. | ✔️ | ✔️ | ✔️ |  | ✔️ |
-PreventTabPreloading | Prevent Microsoft Edge from starting and loading the Start and New Tab page at Windows startup and each time Microsoft Edge is closed. Applies to Windows 10, version 1803 and earlier only. | ✔️ |  |  |  |  |
-| [PreventTurningOffRequiredExtensions](/windows/client-management/mdm/policy-configuration-service-provider#browser-forceenabledextensions)  | Enter a list of extensions in Microsoft Edge that users cannot turn off, using a semi-colon delimited list of extension package family names.  | ✔️  |  |   |   |  |
-| [PreventUsingLocalHostIPAddressForWebRTC](/windows/client-management/mdm/policy-configuration-service-provider#browser-preventusinglocalhostipaddressforwebrtc)  | Specify whether a user's localhost IP address is displayed while making phone calls using the WebRTC protocol.  | ✔️  | ✔️ | ✔️  |   | ✔️ |
-[ProvisionFavorites](/windows/client-management/mdm/policy-csp-browser#browser-provisionfavorites) | Configure a default set of favorites which will appear for employees. | ✔️ | ✔️ |  |  |  |
-| [SendIntranetTraffictoInternetExplorer](/windows/client-management/mdm/policy-configuration-service-provider#browser-sendintranettraffictointernetexplorer) | Specify whether to send intranet traffic to Internet Explorer. | ✔️ |  |  |  |  |
-| [SetDefaultSearchEngine](/windows/client-management/mdm/policy-configuration-service-provider#browser-setdefaultsearchengine) | Configure the default search engine for your employees.  | ✔️  | ✔️ | ✔️  |   | ✔️ |
-| [SetHomeButtonURL](/windows/client-management/mdm/policy-csp-browser#browser-sethomebuttonurl)  | Specify a custom URL for the Home button. You should also enable the [ConfigureHomeButton](/windows/client-management/mdm/policy-csp-browser#browser-configurehomebutton) setting and select the **Show the home button; clicking the home button loads a specific URL** option.  | ✔️  |  |   |   |  |
-| [SetNewTabPageURL](/windows/client-management/mdm/policy-csp-browser#browser-setnewtabpageurl)  | Specify a custom URL for a New tab page.  | ✔️  |  |   |   |  |
-| [ShowMessageWhenOpeningSitesInInternetExplorer](/windows/client-management/mdm/policy-configuration-service-provider#browser-showmessagewhenopeningsitesininternetexplorer) | Specify whether users should see a full interstitial page in Microsoft Edge when opening sites that are configured to open in Internet Explorer using the Enterprise Site list. | ✔️ |  |  |  |  |
-| [SyncFavoritesBetweenIEAndMicrosoftEdge](/windows/client-management/mdm/policy-configuration-service-provider#browser-syncfavoritesbetweenieandmicrosoftedge)  | Specify whether favorites are kept in sync between Internet Explorer and Microsoft Edge.  | ✔️  |  |   |   |  |
-| [UnlockHomeButton](/windows/client-management/mdm/policy-csp-browser#browser-unlockhomebutton)  | Specify whether users can make changes to the Home button.  | ✔️  |  |   |   |  |
-[UseSharedFolderForBooks](/windows/client-management/mdm/policy-csp-browser#browser-usesharedfolderforbooks) | Specify whether organizations should use a folder shared across users to store books from the Books Library. | ✔️  | ✔️ |   |   |  |
+| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
+| --- | --- | :---: | :---: | :---: | :---: |
+| [AllowAddressBarDropdown](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowaddressbardropdown) | Specify whether to allow the address bar drop-down functionality in Microsoft Edge. If you want to minimize network connections from Microsoft Edge to Microsoft services, we recommend disabling this functionality.  | ✔️ |  |  |  |
+| [AllowAutofill](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowautofill)  | Specify whether autofill on websites is allowed.  | ✔️  |  ✔️  |   | ✔️ |
+| [AllowBrowser](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowbrowser) | Specify whether the browser is allowed on the device (for Windows 10, version 1803 and earlier only). | ✔️ |   |  |  |
+[AllowConfigurationUpdateForBooksLibrary](/windows/client-management/mdm/policy-csp-browser#browser-allowconfigurationupdateforbookslibrary) | Specify whether Microsoft Edge can automatically update the configuration data for the Books Library. | ✔️ |   |  |  |
+| [AllowCookies](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowcookies)  | Specify whether cookies are allowed.  | ✔️  |  ✔️  |   | ✔️ |
+| [AllowDeveloperTools](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowdevelopertools) | Specify whether employees can use F12 Developer Tools on Microsoft Edge. | ✔️ |  |  |  |
+| [AllowDoNotTrack](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowdonottrack)  | Specify whether Do Not Track headers are allowed.  | ✔️  |  ✔️  |   | ✔️ |
+| [AllowExtensions](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowextensions) | Specify whether Microsoft Edge extensions are allowed. | ✔️ |  |  |  |
+| [AllowFlash](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowflash)  | Specify whether Adobe Flash can run in Microsoft Edge.  |  ✔️ |   |   |  |
+| [AllowFlashClickToRun](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowflashclicktorun) | Specify whether users must take an action, such as clicking the content or a Click-to-Run button, before seeing content in Adobe Flash. | ✔️ |  |  |  |
+| [AllowFullScreenMode](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowfullscreenmode)  | Specify whether full-screen mode is allowed.  | ✔️  |  ✔️  |   | ✔️ |
+| [AllowInPrivate](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowinprivate)  | Specify whether InPrivate browsing is allowed on corporate networks.  | ✔️  |  ✔️  |   | ✔️ |
+| [AllowMicrosoftCompatibilityList](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowmicrosoftcompatibilitylist) | Specify whether to use the Microsoft compatibility list in Microsoft Edge. | ✔️ |  ✔️ |  | ✔️ |
+| [AllowPasswordManager](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowpasswordmanager)  | Specify whether saving and managing passwords locally on the device is allowed.  | ✔️  |  ✔️  |   | ✔️ |
+| [AllowPopups](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowpopups) | Specify whether pop-up blocker is allowed or enabled. | ✔️ |  | ✔️ |  |
+| [AllowPrelaunch](/windows/client-management/mdm/policy-csp-browser#browser-allowprelaunch)  | Specify whether Microsoft Edge can pre-launch as a background process during Windows startup when the system is idle waiting to be launched by the user.   | ✔️  |    |   |  |
+| [AllowPrinting](/windows/client-management/mdm/policy-csp-browser#browser-allowprinting)  | Specify whether users can print web content in Microsoft Edge.   | ✔️  |   ✔️ |   | ✔️ |
+| [AllowSavingHistory](/windows/client-management/mdm/policy-csp-browser#browser-allowsavinghistory)  | Specify whether Microsoft Edge saves the browsing history.   | ✔️  |   |   |  |
+| [AllowSearchEngineCustomization](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowsearchenginecustomization)  | Allow search engine customization for MDM-enrolled devices.  | ✔️  |  ✔️  |   | ✔️ |
+| [AllowSearchSuggestionsinAddressBar](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowsearchsuggestionsinaddressbar) | Specify whether search suggestions are allowed in the address bar. | ✔️ | ✔️ |  | ✔️ |
+| [AllowSideloadingOfExtensions](/windows/client-management/mdm/policy-csp-browser#browser-allowsideloadingofextensions)  | Specify whether extensions can be sideloaded in Microsoft Edge.   | ✔️  |   |   |  |
+| [AllowSmartScreen](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowsmartscreen)  | Specify whether Windows Defender SmartScreen is allowed.  | ✔️  | ✔️  | ✔️  | ✔️ |
+| [AllowTabPreloading](/windows/client-management/mdm/policy-csp-browser#browser-allowtabpreloading)  | Specify whether preloading the Start and New tab pages during Windows sign-in is allowed.   | ✔️  |    |   |  |
+| [AllowWebContentOnNewTabPage](/windows/client-management/mdm/policy-csp-browser#browser-allowwebcontentonnewtabpage)  | Specify whether a New tab page opens with the default content or a blank page.   | ✔️  |  ✔️  |   | ✔️ |
+[AlwaysEnableBooksLibrary](/windows/client-management/mdm/policy-csp-browser#browser-alwaysenablebookslibrary) | Always show the Books Library in Microsoft Edge. | ✔️ |   |  |  |
+| [ClearBrowsingDataOnExit](/windows/client-management/mdm/policy-configuration-service-provider#browser-clearbrowsingdataonexit) | Specify whether to clear browsing data when exiting Microsoft Edge. | ✔️ |   |  |  |
+| [ConfigureAdditionalSearchEngines](/windows/client-management/mdm/policy-configuration-service-provider#browser-configureadditionalsearchengines)  | Allows you to add up to 5 additional search engines for MDM-enrolled devices.  | ✔️  |  ✔️  |   | ✔️ |
+| [ConfigureFavoritesBar](/windows/client-management/mdm/policy-csp-browser#browser-configurefavoritesbar)  | Specify whether the Favorites bar is shown or hidden on all pages.   | ✔️  |   |   |  |
+| [ConfigureHomeButton](/windows/client-management/mdm/policy-csp-browser#browser-configurehomebutton)  | Configure whether the Home button will be shown, and what should happen when it is selected. You should also configure the [SetHomeButtonURL](/windows/client-management/mdm/policy-csp-browser#browser-sethomebuttonurl) setting. To configure this setting and also allow users to make changes to the Home button, see the [UnlockHomeButton](/windows/client-management/mdm/policy-csp-browser#browser-unlockhomebutton) setting.  | ✔️  |   |   |  |
+| [ConfigureKioskMode](/windows/client-management/mdm/policy-csp-browser#browser-configurekioskmode)  | Configure how Microsoft Edge operates when it's running in kiosk mode, either as a single-app kiosk or as one of multiple apps running on the kiosk device.  | ✔️  |   |   |  |
+| [ConfigureKioskResetAfterIdleTimeout](/windows/client-management/mdm/policy-csp-browser#browser-configurekioskresetafteridletimeout)  | Specify the time, in minutes, after which Microsoft Edge running in kiosk mode resets to the default kiosk configuration.  | ✔️  |   |   |  |
+| [ConfigureOpenMicrosoftEdgeWith](/windows/client-management/mdm/policy-csp-browser#browser-configureopenmicrosoftedgewith)  | Specify which pages should load when Microsoft Edge opens. You should also configure the [ConfigureStartPages](/windows/client-management/mdm/policy-csp-browser#browser-configurestartpages) setting and [DisableLockdownOfStartPages](/windows/client-management/mdm/policy-configuration-service-provider#browser-disablelockdownofstartpages) setting.  | ✔️  |   |   |  |
+| [ConfigureTelemetryForMicrosoft365Analytics](/windows/client-management/mdm/policy-csp-browser#browser-configuretelemetryformicrosoft365analytics)  | Specify whether to send Microsoft Edge browsing history data to Microsoft 365 Analytics.  | ✔️  |    |   |  |
+| [DisableLockdownOfStartPages](/windows/client-management/mdm/policy-configuration-service-provider#browser-disablelockdownofstartpages) | Specify whether the lockdown on the Start pages is disabled. | ✔️ |  |  |  |
+[EnableExtendedBooksTelemetry](/windows/client-management/mdm/policy-csp-browser#browser-enableextendedbookstelemetry) | Enable this setting to send additional diagnostic data, on top of the basic diagnostic data, from the Books tab.  | ✔️ | ✔️ |  |  |
+| [EnterpriseModeSiteList](/windows/client-management/mdm/policy-configuration-service-provider#browser-enterprisemodesitelist)  | Allow the user to specify a URL of an enterprise site list.  | ✔️  |    |   |  |
+| [EnterpriseSiteListServiceUrl](/windows/client-management/mdm/policy-csp-browser#browser-enterprisesitelistserviceurl) | This policy (introduced in Windows 10, version 1507) was deprecated in Windows 10, version 1511 by [Browser/EnterpriseModeSiteList](/windows/client-management/mdm/policy-configuration-service-provider#browser-enterprisemodesitelist). | ✔️ |  |  |  |
+| [FirstRunURL](/windows/client-management/mdm/policy-configuration-service-provider#browser-firstrunurl)  | Specify the URL that Microsoft Edge will use when it is opened for the first time.  | ✔️  |   |   |  |
+| [HomePages](/windows/client-management/mdm/policy-configuration-service-provider#browser-homepages) | Specify your Start pages for MDM-enrolled devices. | ✔️ |   |  |  |
+[LockdownFavorites](/windows/client-management/mdm/policy-csp-browser#browser-lockdownfavorites) | Configure whether employees can add, import, sort, or edit the Favorites list in Microsoft Edge.  | ✔️ |   |  |  |
+| [PreventAccessToAboutFlagsInMicrosoftEdge](/windows/client-management/mdm/policy-configuration-service-provider#browser-preventaccesstoaboutflagsinmicrosoftedge)  | Specify whether users can access the **about:flags** page, which is used to change developer settings and to enable experimental features.  | ✔️  |  ✔️  |   | ✔️ |
+| [PreventCertErrorOverrides](/windows/client-management/mdm/policy-csp-browser#browser-preventcerterroroverrides)  | Specify whether to override security warnings about sites that have SSL errors.  | ✔️  |   ✔️ |   | ✔️ |
+| [PreventFirstRunPage](/windows/client-management/mdm/policy-configuration-service-provider#browser-preventfirstrunpage) | Specify whether to enable or disable the First Run webpage. | ✔️ |  |  |  |
+| [PreventLiveTileDataCollection](/windows/client-management/mdm/policy-configuration-service-provider#browser-preventlivetiledatacollection)  | Specify whether Microsoft can collect information to create a Live Tile when pinning a site to Start from Microsoft Edge.  | ✔️  |  ✔️  |   | ✔️ |
+| [PreventSmartScreenPromptOverride](/windows/client-management/mdm/policy-configuration-service-provider#browser-preventsmartscreenpromptoverride)  | Specify whether users can override the Windows Defender SmartScreen warnings about potentially malicious websites.  | ✔️  |  ✔️  |   | ✔️ |
+| [PreventSmartScreenPromptOverrideForFiles](/windows/client-management/mdm/policy-configuration-service-provider#browser-preventsmartscreenpromptoverrideforfiles) | Specify whether users can override the Windows Defender SmartScreen warnings about downloading unverified files. | ✔️ |  ✔️ |  | ✔️ |
+PreventTabPreloading | Prevent Microsoft Edge from starting and loading the Start and New Tab page at Windows startup and each time Microsoft Edge is closed. Applies to Windows 10, version 1803 and earlier only. | ✔️ |  |  |  |
+| [PreventTurningOffRequiredExtensions](/windows/client-management/mdm/policy-configuration-service-provider#browser-forceenabledextensions)  | Enter a list of extensions in Microsoft Edge that users cannot turn off, using a semi-colon delimited list of extension package family names.  | ✔️  |   |   |  |
+| [PreventUsingLocalHostIPAddressForWebRTC](/windows/client-management/mdm/policy-configuration-service-provider#browser-preventusinglocalhostipaddressforwebrtc)  | Specify whether a user's localhost IP address is displayed while making phone calls using the WebRTC protocol.  | ✔️  |  ✔️  |   | ✔️ |
+[ProvisionFavorites](/windows/client-management/mdm/policy-csp-browser#browser-provisionfavorites) | Configure a default set of favorites which will appear for employees. | ✔️ |   |  |  |
+| [SendIntranetTraffictoInternetExplorer](/windows/client-management/mdm/policy-configuration-service-provider#browser-sendintranettraffictointernetexplorer) | Specify whether to send intranet traffic to Internet Explorer. | ✔️ |   |  |  |
+| [SetDefaultSearchEngine](/windows/client-management/mdm/policy-configuration-service-provider#browser-setdefaultsearchengine) | Configure the default search engine for your employees.  | ✔️  |  ✔️  |   | ✔️ |
+| [SetHomeButtonURL](/windows/client-management/mdm/policy-csp-browser#browser-sethomebuttonurl)  | Specify a custom URL for the Home button. You should also enable the [ConfigureHomeButton](/windows/client-management/mdm/policy-csp-browser#browser-configurehomebutton) setting and select the **Show the home button; clicking the home button loads a specific URL** option.  | ✔️  |   |   |  |
+| [SetNewTabPageURL](/windows/client-management/mdm/policy-csp-browser#browser-setnewtabpageurl)  | Specify a custom URL for a New tab page.  | ✔️  |   |   |  |
+| [ShowMessageWhenOpeningSitesInInternetExplorer](/windows/client-management/mdm/policy-configuration-service-provider#browser-showmessagewhenopeningsitesininternetexplorer) | Specify whether users should see a full interstitial page in Microsoft Edge when opening sites that are configured to open in Internet Explorer using the Enterprise Site list. | ✔️ |   |  |  |
+| [SyncFavoritesBetweenIEAndMicrosoftEdge](/windows/client-management/mdm/policy-configuration-service-provider#browser-syncfavoritesbetweenieandmicrosoftedge)  | Specify whether favorites are kept in sync between Internet Explorer and Microsoft Edge.  | ✔️  |    |   |  |
+| [UnlockHomeButton](/windows/client-management/mdm/policy-csp-browser#browser-unlockhomebutton)  | Specify whether users can make changes to the Home button.  | ✔️  |    |   |  |
+[UseSharedFolderForBooks](/windows/client-management/mdm/policy-csp-browser#browser-usesharedfolderforbooks) | Specify whether organizations should use a folder shared across users to store books from the Books Library. | ✔️  |   |   |  |
 
 
 ## Camera
 
-| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
-| --- | --- | :---: | :---: | :---: | :---: | :---: |
-| [AllowCamera](/windows/client-management/mdm/policy-configuration-service-provider#camera-allowcamera) | Disable or enable the camera. | ✔️ | ✔️ | ✔️ |  |  |
+| Setting | Description | Windows client |  Surface Hub | HoloLens | IoT Core |
+| --- | --- | :---: | :---: | :---: | :---: | 
+| [AllowCamera](/windows/client-management/mdm/policy-configuration-service-provider#camera-allowcamera) | Disable or enable the camera. | ✔️ |  ✔️ |  |  |
 
 
 ## Connectivity
 
-| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
-| --- | --- | :---: | :---: | :---: | :---: | :---: |
-| [AllowBluetooth](/windows/client-management/mdm/policy-configuration-service-provider#connectivity-allowbluetooth) | Allow the user to enable Bluetooth or restrict access. | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ |
-| [AllowCellularData](/windows/client-management/mdm/policy-configuration-service-provider#connectivity-allowcellulardata) | Allow the cellular data channel on the device. | ✔️ | ✔️ | ✔️ |  | ✔️ |
-| [AllowCellularDataRoaming](/windows/client-management/mdm/policy-configuration-service-provider#connectivity-allowcellulardataroaming) | Allow or disallow cellular data roaming on the device. | ✔️ | ✔️ | ✔️ |  | ✔️ |
-| [AllowConnectedDevices](/windows/client-management/mdm/policy-configuration-service-provider#connectivity-allowconnecteddevices) | Allows IT admins the ability to disable the Connected Devices Platform component. | ✔️ | ✔️ | ✔️ |  | ✔️ |
-| [AllowNFC](/windows/client-management/mdm/policy-configuration-service-provider#connectivity-allownfc) | Allow or disallow near field communication (NFC) on the device. |  | ✔️ |  |  | ✔️ |
-| [AllowUSBConnection](/windows/client-management/mdm/policy-configuration-service-provider#connectivity-allowusbconnection) | Enable USB connection between the device and a computer to sync files with the device or to use developer tools or to deploy or debug applications. |  | ✔️ |  |  | ✔️ |
-| [AllowVPNOverCellular](/windows/client-management/mdm/policy-configuration-service-provider#connectivity-allowvpnovercellular) | Specify what type of underlyinng connections VPN is allowed to use. |✔️ | ✔️ | ✔️ |  | ✔️ |
-| [AllowVPNRoamingOverCellular](/windows/client-management/mdm/policy-configuration-service-provider#connectivity-allowvpnroamingovercellular) | Prevent the device from connecting to VPN when the device roams over cellular networks. | ✔️ | ✔️ | ✔️ |  | ✔️ |
-| HideCellularConnectionMode | Hide the checkbox that lets the user change the connection mode. | ✔️ | ✔️ | ✔️ |  | ✔️ |
-| HideCellularRoamingOption | Hide the dropdown menu that lets the user change the roaming preferences.  | ✔️ | ✔️ | ✔️ |  | ✔️ |
+| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
+| --- | --- | :---: | :---: | :---: | :---: |
+| [AllowBluetooth](/windows/client-management/mdm/policy-configuration-service-provider#connectivity-allowbluetooth) | Allow the user to enable Bluetooth or restrict access. | ✔️ |  ✔️ | ✔️ | ✔️ |
+| [AllowCellularData](/windows/client-management/mdm/policy-configuration-service-provider#connectivity-allowcellulardata) | Allow the cellular data channel on the device. | ✔️ | ✔️ |  | ✔️ |
+| [AllowCellularDataRoaming](/windows/client-management/mdm/policy-configuration-service-provider#connectivity-allowcellulardataroaming) | Allow or disallow cellular data roaming on the device. | ✔️ | ✔️ |  | ✔️ |
+| [AllowConnectedDevices](/windows/client-management/mdm/policy-configuration-service-provider#connectivity-allowconnecteddevices) | Allows IT admins the ability to disable the Connected Devices Platform component. | ✔️ | ✔️ |  | ✔️ |
+| [AllowNFC](/windows/client-management/mdm/policy-configuration-service-provider#connectivity-allownfc) | Allow or disallow near field communication (NFC) on the device. |  |   |  | ✔️ |
+| [AllowUSBConnection](/windows/client-management/mdm/policy-configuration-service-provider#connectivity-allowusbconnection) | Enable USB connection between the device and a computer to sync files with the device or to use developer tools or to deploy or debug applications. |  |   |  | ✔️ |
+| [AllowVPNOverCellular](/windows/client-management/mdm/policy-configuration-service-provider#connectivity-allowvpnovercellular) | Specify what type of underlying connections VPN is allowed to use. |✔️ |  ✔️ |  | ✔️ |
+| [AllowVPNRoamingOverCellular](/windows/client-management/mdm/policy-configuration-service-provider#connectivity-allowvpnroamingovercellular) | Prevent the device from connecting to VPN when the device roams over cellular networks. | ✔️ | ✔️ |  | ✔️ |
+| HideCellularConnectionMode | Hide the checkbox that lets the user change the connection mode. | ✔️ | ✔️ |  | ✔️ |
+| HideCellularRoamingOption | Hide the dropdown menu that lets the user change the roaming preferences.  | ✔️ |  ✔️ |  | ✔️ |
 
 ## CredentialProviders
 
-| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
-| --- | --- | :---: | :---: | :---: | :---: | :---: |
-[DisableAutomaticReDeploymentCredentials](/windows/client-management/mdm/policy-csp-credentialproviders) | This setting disables the visibility of the credential provider that triggers the PC refresh on a device. This policy does not actually trigger the refresh. The admin user is required to authenticate to trigger the refresh on the target device. The Windows 10 Autopilot Reset feature allows admin to reset devices to a known good managed state while preserving the management enrollment. After the automatic redeployment is triggered the devices are for ready for use by information workers or students. | ✔️ |  |  |  |  |
+| Setting | Description | Windows client |  Surface Hub | HoloLens | IoT Core |
+| --- | --- | :---: |  :---: | :---: | :---: |
+[DisableAutomaticReDeploymentCredentials](/windows/client-management/mdm/policy-csp-credentialproviders) | This setting disables the visibility of the credential provider that triggers the PC refresh on a device. This policy does not actually trigger the refresh. The admin user is required to authenticate to trigger the refresh on the target device. The Windows 10 Autopilot Reset feature allows admin to reset devices to a known good managed state while preserving the management enrollment. After the automatic redeployment is triggered the devices are for ready for use by information workers or students. | ✔️ |  |  |  |
 
 ## Cryptography
 
-| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
-| --- | --- | :---: | :---: | :---: | :---: | :---: |
-| [AllowFipsAlgorithmPolicy](/windows/client-management/mdm/policy-configuration-service-provider#cryptography-allowfipsalgorithmpolicy) | Allow or disallow the Federal Information Processing Standard (FIPS) policy. | ✔️ | ✔️ |  |  |  |
-| [TLSCiperSuites](/windows/client-management/mdm/policy-configuration-service-provider#cryptography-tlsciphersuites)  | List the Cryptographic Cipher Algorithms allowed for SSL connections. Format is a semicolon delimited list. Last write win.  | ✔️  | ✔️ |   |   |  |
+| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
+| --- | --- | :---: | :---: | :---: | :---: | 
+| [AllowFipsAlgorithmPolicy](/windows/client-management/mdm/policy-configuration-service-provider#cryptography-allowfipsalgorithmpolicy) | Allow or disallow the Federal Information Processing Standard (FIPS) policy. | ✔️ |   |  |  |
+| [TLSCiperSuites](/windows/client-management/mdm/policy-configuration-service-provider#cryptography-tlsciphersuites)  | List the Cryptographic Cipher Algorithms allowed for SSL connections. Format is a semicolon delimited list. Last write win.  | ✔️  |   |   |  |
 
 ## Defender
 
-| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
-| --- | --- | :---: | :---: | :---: | :---: | :---: |
-| [AllowArchiveScanning](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowarchivescanning) | Allow or disallow scanning of archives. | ✔️ |  |  |  |  |
-| [AllowBehaviorMonitoring](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowbehaviormonitoring)  | Allow or disallow Windows Defender Behavior Monitoring functionality.  |  ✔️ |  |   |   |  |
-| [AllowCloudProtection](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowcloudprotection) | To best protect your PC, Windows Defender will send information to Microsoft about any problems it finds. Microsoft will analyze that information, learn more about problems affecting you and other customers, and offer improved solutions. | ✔️ |  |  |  |  |
-| [AllowEmailScanning](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowemailscanning)  | Allow or disallow scanning of email.  |  ✔️ |  |   |   |  |
-| [AllowFullScanOnMappedNetworkDrives](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowfullscanonmappednetworkdrives) | Allow or disallow a full scan of mapped network drives. | ✔️ |  |  |  |  |
-| [AllowFullScanRemovableDriveScanning](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowfullscanremovabledrivescanning)  | Allow or disallow a full scan of removable drives.  |  ✔️ |  |   |   |  |
-| [AllowIOAVProtection](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowioavprotection)  | Allow or disallow Windows Defender IOAVP Protection functionality.  |  ✔️ |  |   |   |  |
-| [AllowOnAccessProtection](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowonaccessprotection) | Allow or disallow Windows Defender On Access Protection functionality. | ✔️ |  |  |  |  |
-| [AllowRealtimeMonitoring](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowrealtimemonitoring)  | Allow or disallow Windows Defender Realtime Monitoring functionality.  |  ✔️ |  |   |   |  |
-| [AllowScanningNetworkFiles](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowscanningnetworkfiles) | Allow or disallow scanning of network files.  | ✔️ |  |  |  |  |
-| [AllowScriptScanning](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowscriptscanning) | Allow or disallow Windows Defender Script Scanning functionality. | ✔️ |  |  |  |  |
-| [AllowUserUIAccess](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowuseruiaccess)  | Allow or disallow user access to the Windows Defender UI.  |  ✔️ |  |   |   |  |
-| [AvgCPULoadFactor](/windows/client-management/mdm/policy-configuration-service-provider#defender-avgcpuloadfactor) | Represents the average CPU load factor for the Windows Defeder scan (in percent). | ✔️ |  |  |  |  |
-| [DaysToRetainCleanedMalware](/windows/client-management/mdm/policy-configuration-service-provider#defender-daystoretaincleanedmalware)  | Specify time period (in days) that quarantine items will be stored on the system.  |  ✔️ |  |   |   |  |
-| [ExcludedExtensions](/windows/client-management/mdm/policy-configuration-service-provider#defender-excludedextensions) | Specify a list of file type extensions to ignore durinng a scan. Separate each file type in the list by using \|. | ✔️ |  |  |  |  |
-| [ExcludedPaths](/windows/client-management/mdm/policy-configuration-service-provider#defender-excludedpaths)  | Specify a list of directory paths to ignore during a scan. Separate each path in the list by using \|.  |  ✔️ |  |   |   |  |
-| [ExcludedProcesses](/windows/client-management/mdm/policy-configuration-service-provider#defender-excludedprocesses) | Specify a list of files opened by processes to ignore durinng a scan. Separate each file type in the list by using \|. The process itself is not excluded from the scan, but can be excluded by using the [Defender/ExcludedPaths](/windows/client-management/mdm/policy-configuration-service-provider#defender-excludedpaths) policy to exclude its path. | ✔️ |  |  |  |  |
-| [RealTimeScanDirection](/windows/client-management/mdm/policy-configuration-service-provider#defender-realtimescandirection)  | Control which sets of files should be monitored.  |  ✔️ |  |   |   |  |
-| [ScanParameter](/windows/client-management/mdm/policy-configuration-service-provider#defender-scanparameter) | Select whether to perform a quick scan or full scan. | ✔️ |  |  |  |  |
-| [ScheduleQuickScanTime](/windows/client-management/mdm/policy-configuration-service-provider#defender-schedulequickscantime)  | Specify the time of day that Windows Defender quick scan should run.  |  ✔️ |  |   |   |  |
-| [ScheduleScanDay](/windows/client-management/mdm/policy-configuration-service-provider#defender-schedulescanday) | Select the day that Windows Defender scan should run. | ✔️ |  |  |  |  |
-| [ScheduleScanTime](/windows/client-management/mdm/policy-configuration-service-provider#defender-schedulescantime)  | Select the time of day that the Windows Defender scan should run.  |  ✔️ |  |   |   |  |
-| [SignatureUpdateInterval](/windows/client-management/mdm/policy-configuration-service-provider#defender-signatureupdateinterval) | Specify the interval (in hours) that will be used to check for signatures, so instead of using the ScheduleDay and ScheduleTime the check for new signatures will be set according to the interval. | ✔️ |  |  |  |  |
-| [SubmitSamplesConsent](/windows/client-management/mdm/policy-configuration-service-provider#defender-submitsamplesconsent) | Checks for the user consent level in Windows Defender to send data. | ✔️ |  |  |  |  |
-| [ThreatSeverityDefaultAction](/windows/client-management/mdm/policy-configuration-service-provider#defender-threatseveritydefaultaction)  | Specify any valid threat severity levels and the corresponding default action ID to take.  |  ✔️ |  |   |   |  |
+| Setting | Description | Windows client |  Surface Hub | HoloLens | IoT Core |
+| --- | --- | :---: | :---: | :---: | :---: |
+| [AllowArchiveScanning](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowarchivescanning) | Allow or disallow scanning of archives. | ✔️ |  |  |  |
+| [AllowBehaviorMonitoring](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowbehaviormonitoring)  | Allow or disallow Windows Defender Behavior Monitoring functionality.  |  ✔️ |   |   |  |
+| [AllowCloudProtection](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowcloudprotection) | To best protect your PC, Windows Defender will send information to Microsoft about any problems it finds. Microsoft will analyze that information, learn more about problems affecting you and other customers, and offer improved solutions. | ✔️ |   |  |  |
+| [AllowEmailScanning](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowemailscanning)  | Allow or disallow scanning of email.  |  ✔️ |    |   |  |
+| [AllowFullScanOnMappedNetworkDrives](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowfullscanonmappednetworkdrives) | Allow or disallow a full scan of mapped network drives. | ✔️ |  |  |  |
+| [AllowFullScanRemovableDriveScanning](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowfullscanremovabledrivescanning)  | Allow or disallow a full scan of removable drives.  |  ✔️ |   |   |  |
+| [AllowIntrusionPreventionSystem](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowintrusionpreventionsystem) | Allow or disallow Windows Defender Intrusion Prevention functionality. | ✔️ |  |  |  |
+| [AllowIOAVProtection](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowioavprotection)  | Allow or disallow Windows Defender IOAVP Protection functionality.  |  ✔️ |   |   |  |
+| [AllowOnAccessProtection](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowonaccessprotection) | Allow or disallow Windows Defender On Access Protection functionality. | ✔️ |  |  |  |
+| [AllowRealtimeMonitoring](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowrealtimemonitoring)  | Allow or disallow Windows Defender Realtime Monitoring functionality.  |  ✔️ |   |   |  |
+| [AllowScanningNetworkFiles](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowscanningnetworkfiles) | Allow or disallow scanning of network files.  | ✔️ |   |  |  |
+| [AllowScriptScanning](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowscriptscanning) | Allow or disallow Windows Defender Script Scanning functionality. | ✔️ |   |  |  |
+| [AllowUserUIAccess](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowuseruiaccess)  | Allow or disallow user access to the Windows Defender UI.  |  ✔️ |   |   |  |
+| [AvgCPULoadFactor](/windows/client-management/mdm/policy-configuration-service-provider#defender-avgcpuloadfactor) | Represents the average CPU load factor for the Windows Defender scan (in percent). | ✔️ |  |  |  |
+| [DaysToRetainCleanedMalware](/windows/client-management/mdm/policy-configuration-service-provider#defender-daystoretaincleanedmalware)  | Specify time period (in days) that quarantine items will be stored on the system.  |  ✔️ |   |   |  |
+| [ExcludedExtensions](/windows/client-management/mdm/policy-configuration-service-provider#defender-excludedextensions) | Specify a list of file type extensions to ignore during a scan. Separate each file type in the list by using \|. | ✔️ |  |  |  |
+| [ExcludedPaths](/windows/client-management/mdm/policy-configuration-service-provider#defender-excludedpaths)  | Specify a list of directory paths to ignore during a scan. Separate each path in the list by using \|.  |  ✔️ |   |   |  |
+| [ExcludedProcesses](/windows/client-management/mdm/policy-configuration-service-provider#defender-excludedprocesses) | Specify a list of files opened by processes to ignore during a scan. Separate each file type in the list by using \|. The process itself is not excluded from the scan, but can be excluded by using the [Defender/ExcludedPaths](/windows/client-management/mdm/policy-configuration-service-provider#defender-excludedpaths) policy to exclude its path. | ✔️ |  |  |  |
+| [RealTimeScanDirection](/windows/client-management/mdm/policy-configuration-service-provider#defender-realtimescandirection)  | Control which sets of files should be monitored.  |  ✔️ |   |   |  |
+| [ScanParameter](/windows/client-management/mdm/policy-configuration-service-provider#defender-scanparameter) | Select whether to perform a quick scan or full scan. | ✔️ |  |  |  |
+| [ScheduleQuickScanTime](/windows/client-management/mdm/policy-configuration-service-provider#defender-schedulequickscantime)  | Specify the time of day that Windows Defender quick scan should run.  |  ✔️ |   |   |  |
+| [ScheduleScanDay](/windows/client-management/mdm/policy-configuration-service-provider#defender-schedulescanday) | Select the day that Windows Defender scan should run. | ✔️ |  |  |  |
+| [ScheduleScanTime](/windows/client-management/mdm/policy-configuration-service-provider#defender-schedulescantime)  | Select the time of day that the Windows Defender scan should run.  |  ✔️ |   |   |  |
+| [SignatureUpdateInterval](/windows/client-management/mdm/policy-configuration-service-provider#defender-signatureupdateinterval) | Specify the interval (in hours) that will be used to check for signatures, so instead of using the ScheduleDay and ScheduleTime the check for new signatures will be set according to the interval. | ✔️ |  |  |  |
+| [SubmitSamplesConsent](/windows/client-management/mdm/policy-configuration-service-provider#defender-submitsamplesconsent) | Checks for the user consent level in Windows Defender to send data. | ✔️ |  |  |  |
+| [ThreatSeverityDefaultAction](/windows/client-management/mdm/policy-configuration-service-provider#defender-threatseveritydefaultaction)  | Specify any valid threat severity levels and the corresponding default action ID to take.  |  ✔️ |   |   |  |
 
 ## DeliveryOptimization
 
-| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
-| --- | --- | :---: | :---: | :---: | :---: | :---: |
-| [DOAbsoluteMaxCacheSize](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-doabsolutemaxcachesize) | Specify the maximum size in GB of Delivery Optimization cache. | ✔️ |  |  |  |  |
-| [DOAllowVPNPeerCaching](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-doallowvpnpeercaching) | Specify whether the device is allowed to participate in Peer Caching while connected via VPN to the domain network. | ✔️ |  |  |  |  |
-| [DODelayBackgroundDownloadFromHttp](/windows/client-management/mdm/policy-csp-deliveryoptimization#deliveryoptimization-dodelaybackgrounddownloadfromhttp) | Allows you to delay the use of an HTTP source in a background download that is allowed to use peer-to-peer. | ✔️ |  |  |  |  |
-| [DODelayForegroundDownloadFromHttp](/windows/client-management/mdm/policy-csp-deliveryoptimization#deliveryoptimization-dodelayforegrounddownloadfromhttp) | Allows you to delay the use of an HTTP source in a foreground (interactive) download that is allowed to use peer-to-peer. | ✔️ |  |  |  |  |
-| [DODownloadMode](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dodownloadmode) | Specify the download method that Delivery Optimization can use in downloads of Windows Updates, apps, and app updates. | ✔️ |  |  |  |  |
-| [DOGroupId](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dogroupid) | Specify an arbitrary group ID that the device belongs to. | ✔️ |  |  |  |  |
-| [DOGroupIdSource](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dogroupidsource) | Set this policy to restrict peer selection to a specific source | ✔️ |  |  |  |  |
-| [DOMaxCacheAge](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-domaxcacheage) | Specify the maximum time in seconds that each file is held in the Delivery Optimization cache after downloading successfully. | ✔️ |  |  |  |  |
-| [DOMaxCacheSize](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-domaxcachesize) | Specify the maximum cache size that Delivery Optimization can utilize, as a percentage of disk size (1-100). | ✔️ |  |  |  |  |
-| [DOMaxDownloadBandwidth](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-domaxdownloadbandwidth) | Specify the maximum download bandwidth in kilobytes/second that the device can use across all concurrent download activities using Delivery Optimization. | ✔️ |  |  |  |  |
-| [DOMaxUploadBandwidth](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-domaxuploadbandwidth) | Specify the maximum upload bandwidth in kilobytes/second that a device will use across all concurrent upload activity usinng Delivery Optimization.  | ✔️ |  |  |  |  |
-| [DOMinBackgroundQos](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dominbackgroundqos) | Specify the minimum download QoS (Quality of Service or speed) i kilobytes/second for background downloads. | ✔️ |  |  |  |  |
-| [DOMinBatteryPercentageAllowedToUpload](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dominbatterypercentageallowedtoupload) | Specify any value between 1 and 100 (in percentage) to allow the device to upload data to LAN and group peers while on battery power. | ✔️ |  |  |  |  |
-| [DOMinDiskSizeAllowedToPeer](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-domindisksizeallowedtopeer) | Specify the required minimum disk size (capabity in GB) for the device to use Peer Caching. | ✔️ |  |  |  |  |
-| [DOMinFileSizeToCache](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dominfilesizetocache) | Specify the minimum content file size in MB enabled to use Peer Caching. | ✔️ |  |  |  |  |
-| [DOMinRAMAllowedToPeer](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dominramallowedtopeer) | Specify the minimum RAM size in GB requried to use Peer Caching. | ✔️ |  |  |  |  |
-| [DOModifyCacheDrive](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-domodifycachedrive) | Specify the drive that Delivery Optimization should use for its cache. | ✔️ |  |  |  |  |
-| [DOMonthlyUploadDataCap](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-domonthlyuploaddatacap) | Specify the maximum total bytes in GB that Delivery Optimization is allowed to upload to Internet peers in each calendar month. | ✔️ |  |  |  |  |
-| [DOPercentageMaxBackDownloadBandwidth](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dopercentagemaxbackgroundbandwidth) | Specify the maximum background download bandwidth that Delivery Optimization uses across all concurrent download activities as a percentage of available download bandwidth. | ✔️ |  |  |  |  |
-| [DOPercentageMaxDownloadBandwidth](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dopercentagemaxdownloadbandwidth) | Specify the maximum download bandwidth that Delivery Optimization uses across all concurrent download activities as a percentage of available download bandwidth. | ✔️ |  |  |  |  |
-| [DOPercentageMaxForeDownloadBandwidth](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dopercentagemaxforegroundbandwidth) | Specify the maximum foreground download bandwidth that Delivery Optimization uses across all concurrent download activities as a percentage of available download bandwidth. | ✔️ |  |  |  |  |
-| [DORestrictPeerSelectionBy](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dorestrictpeerselectionby) | Set this policy to restrict peer selection by the selected option. | ✔️ |  |  |  |  |
-| [DOSetHoursToLimitBackgroundDownloadBandwidth](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dosethourstolimitbackgrounddownloadbandwidth) | Specify the maximum background download bandwidth that Delivery Optimization uses during and outside business hours across all concurrent download activities as a percentage of available download bandwidth.  | ✔️ |  |  |  |  |
-| [DOSetHoursToLimitForegroundDownloadBandwidth](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dosethourstolimitforegrounddownloadbandwidth) | Specify the maximum foreground download bandwidth that Delivery Optimization uses during and outside business hours across all concurrent download activities as a percentage of available download bandwidth. | ✔️ |  |  |  |  |
+| Setting | Description | Windows client |  Surface Hub | HoloLens | IoT Core |
+| --- | --- | :---: | :---: | :---: | :---: |
+| [DOAbsoluteMaxCacheSize](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-doabsolutemaxcachesize) | Specify the maximum size in GB of Delivery Optimization cache. | ✔️ |  |  |  |
+| [DOAllowVPNPeerCaching](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-doallowvpnpeercaching) | Specify whether the device is allowed to participate in Peer Caching while connected via VPN to the domain network. | ✔️ |  |  |  |
+| [DODelayBackgroundDownloadFromHttp](/windows/client-management/mdm/policy-csp-deliveryoptimization#deliveryoptimization-dodelaybackgrounddownloadfromhttp) | Allows you to delay the use of an HTTP source in a background download that is allowed to use peer-to-peer. | ✔️ |  |  |  |
+| [DODelayForegroundDownloadFromHttp](/windows/client-management/mdm/policy-csp-deliveryoptimization#deliveryoptimization-dodelayforegrounddownloadfromhttp) | Allows you to delay the use of an HTTP source in a foreground (interactive) download that is allowed to use peer-to-peer. | ✔️ |  |  |  |
+| [DODownloadMode](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dodownloadmode) | Specify the download method that Delivery Optimization can use in downloads of Windows Updates, apps, and app updates. | ✔️ |   |  |  |
+| [DOGroupId](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dogroupid) | Specify an arbitrary group ID that the device belongs to. | ✔️ |  |  |  |
+| [DOGroupIdSource](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dogroupidsource) | Set this policy to restrict peer selection to a specific source | ✔️ |  |  |  |
+| [DOMaxCacheAge](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-domaxcacheage) | Specify the maximum time in seconds that each file is held in the Delivery Optimization cache after downloading successfully. | ✔️ |   |  |  |
+| [DOMaxCacheSize](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-domaxcachesize) | Specify the maximum cache size that Delivery Optimization can utilize, as a percentage of disk size (1-100). | ✔️ |   |  |  |
+| [DOMaxDownloadBandwidth](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-domaxdownloadbandwidth) | Specify the maximum download bandwidth in kilobytes/second that the device can use across all concurrent download activities using Delivery Optimization. | ✔️ |  |  |  |
+| [DOMaxUploadBandwidth](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-domaxuploadbandwidth) | Specify the maximum upload bandwidth in kilobytes/second that a device will use across all concurrent upload activity using Delivery Optimization.  | ✔️ |  |  |  |
+| [DOMinBackgroundQos](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dominbackgroundqos) | Specify the minimum download QoS (Quality of Service or speed) i kilobytes/second for background downloads. | ✔️ |  |  |  |
+| [DOMinBatteryPercentageAllowedToUpload](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dominbatterypercentageallowedtoupload) | Specify any value between 1 and 100 (in percentage) to allow the device to upload data to LAN and group peers while on battery power. | ✔️ |  |  |  |
+| [DOMinDiskSizeAllowedToPeer](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-domindisksizeallowedtopeer) | Specify the required minimum disk size (capacity in GB) for the device to use Peer Caching. | ✔️ |  |  |  |
+| [DOMinFileSizeToCache](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dominfilesizetocache) | Specify the minimum content file size in MB enabled to use Peer Caching. | ✔️ |  |  |  |
+| [DOMinRAMAllowedToPeer](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dominramallowedtopeer) | Specify the minimum RAM size in GB required to use Peer Caching. | ✔️ |  |  |  |
+| [DOModifyCacheDrive](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-domodifycachedrive) | Specify the drive that Delivery Optimization should use for its cache. | ✔️ |  |  |  |
+| [DOMonthlyUploadDataCap](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-domonthlyuploaddatacap) | Specify the maximum total bytes in GB that Delivery Optimization is allowed to upload to Internet peers in each calendar month. | ✔️ |   |  |  |
+| [DOPercentageMaxBackDownloadBandwidth](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dopercentagemaxbackgroundbandwidth) | Specify the maximum background download bandwidth that Delivery Optimization uses across all concurrent download activities as a percentage of available download bandwidth. | ✔️ |   |  |  |
+| [DOPercentageMaxDownloadBandwidth](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dopercentagemaxdownloadbandwidth) | Specify the maximum download bandwidth that Delivery Optimization uses across all concurrent download activities as a percentage of available download bandwidth. | ✔️ |  |  |  |
+| [DOPercentageMaxForeDownloadBandwidth](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dopercentagemaxforegroundbandwidth) | Specify the maximum foreground download bandwidth that Delivery Optimization uses across all concurrent download activities as a percentage of available download bandwidth. | ✔️ |  |  |  |
+| [DORestrictPeerSelectionBy](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dorestrictpeerselectionby) | Set this policy to restrict peer selection by the selected option. | ✔️ |  |  |  |
+| [DOSetHoursToLimitBackgroundDownloadBandwidth](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dosethourstolimitbackgrounddownloadbandwidth) | Specify the maximum background download bandwidth that Delivery Optimization uses during and outside business hours across all concurrent download activities as a percentage of available download bandwidth.  | ✔️ |  |  |  |
+| [DOSetHoursToLimitForegroundDownloadBandwidth](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dosethourstolimitforegrounddownloadbandwidth) | Specify the maximum foreground download bandwidth that Delivery Optimization uses during and outside business hours across all concurrent download activities as a percentage of available download bandwidth. | ✔️ |  |  |  |
 
 ## DeviceGuard
 
-| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
-| --- | --- | :---: | :---: | :---: | :---: | :---: |
-[EnableVirtualizationBasedSecurity](/windows/client-management/mdm/policy-csp-deviceguard) | Turns on virtualization based security(VBS) at the next reboot. virtualization based security uses the Windows Hypervisor to provide support for security services.  | ✔️ |  |  |  |  |
+| Setting | Description | Windows client |  Surface Hub | HoloLens | IoT Core |
+| --- | --- | :---: |  :---: | :---: | :---: |
+[EnableVirtualizationBasedSecurity](/windows/client-management/mdm/policy-csp-deviceguard) | Turns on virtualization based security(VBS) at the next reboot. virtualization based security uses the Windows Hypervisor to provide support for security services.  | ✔️ |  |  |  |
 
 ## DeviceLock
 
-| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
-| --- | --- | :---: | :---: | :---: | :---: | :---: |
-| [AllowIdleReturnWithoutPassword](/windows/client-management/mdm/policy-configuration-service-provider#devicelock-allowidlereturnwithoutpassword) | Specify whether the user must input a PIN or password when the device resumes from an idle state. |  | ✔️ |  |  |  |
-| [AllowScreenTimeoutWhileLockedUserConfig](/windows/client-management/mdm/policy-configuration-service-provider#devicelock-allowscreentimeoutwhilelockeduserconfig) | Specify whether to show a user-configurable setting to control the screen timeout while on the lock screen. |  | ✔️ |  |  |  |
-| [AllowSimpleDevicePassword](/windows/client-management/mdm/policy-configuration-service-provider#devicelock-allowsimpledevicepassword) | Specify whether PINs or passwords such as "1111" or "1234" are allowed. For the desktop, it also controls the use of picture passwords. | ✔️ | ✔️ |  | ✔️ |  |
-|[AlphanumericDevicePasswordRequired](/windows/client-management/mdm/policy-configuration-service-provider#devicelock-alphanumericdevicepasswordrequired)  | Select the type of PIN or password required.  | ✔️ | ✔️ |  | ✔️ |  |
-| [DevicePasswordEnabled](/windows/client-management/mdm/policy-configuration-service-provider#devicelock-devicepasswordenabled) | Specify whether device password is enabled. | ✔️ | ✔️ |  | ✔️ |  |
-| [DevicePasswordExpiration](/windows/client-management/mdm/policy-configuration-service-provider#devicelock-devicepasswordexpiration) | Specify when the password expires (in days). | ✔️ | ✔️ |  | ✔️ |  |
-| [DevicePasswordHistory](/windows/client-management/mdm/policy-configuration-service-provider#devicelock-devicepasswordhistory) | Specify how many passwords can be stored in the history that can't be reused. | ✔️ | ✔️ |  | ✔️ |  |
-| [MaxDevicePasswordFailedAttempts](/windows/client-management/mdm/policy-configuration-service-provider#devicelock-maxdevicepasswordfailedattempts) | Specify the number of authentication failures allowed before the device will be wiped. | ✔️ | ✔️ |  | ✔️ |  |
-| [MaxInactivityTimeDeviceLock](/windows/client-management/mdm/policy-configuration-service-provider#devicelock-maxinactivitytimedevicelock) |Specify the maximum amount of time (in minutes) allowed after the device is idle that will cause the device to become PIN or password locked.  | ✔️ | ✔️ |  | ✔️ |  |
-| [MinDevicePasswordComplexCharacters](/windows/client-management/mdm/policy-configuration-service-provider#devicelock-mindevicepasswordcomplexcharacters) | Specify the number of complex element types (uppercase and lowercase letters, numbers, and punctuation) required for a strong PIN or password. | ✔️ | ✔️ |  | ✔️ |  |
-| [MinDevicePasswordLength](/windows/client-management/mdm/policy-configuration-service-provider#devicelock-mindevicepasswordlength) | Specify the minimum number or characters required in the PIN or password. | ✔️ | ✔️ |  | ✔️ |  |
-| [ScreenTimeoutWhileLocked](/windows/client-management/mdm/policy-configuration-service-provider#devicelock-screentimeoutwhilelocked) | Specify the duration in seconds for the screen timeout while on the lock screen. |  | ✔️ |  |  |  |
+| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
+| --- | --- | :---: | :---: | :---: | :---: | 
+| [AllowIdleReturnWithoutPassword](/windows/client-management/mdm/policy-configuration-service-provider#devicelock-allowidlereturnwithoutpassword) | Specify whether the user must input a PIN or password when the device resumes from an idle state. |  |   |  |  |
+| [AllowScreenTimeoutWhileLockedUserConfig](/windows/client-management/mdm/policy-configuration-service-provider#devicelock-allowscreentimeoutwhilelockeduserconfig) | Specify whether to show a user-configurable setting to control the screen timeout while on the lock screen. |  |   |  |  |
+| [AllowSimpleDevicePassword](/windows/client-management/mdm/policy-configuration-service-provider#devicelock-allowsimpledevicepassword) | Specify whether PINs or passwords such as "1111" or "1234" are allowed. For the desktop, it also controls the use of picture passwords. | ✔️ |  | ✔️ |  |
+|[AlphanumericDevicePasswordRequired](/windows/client-management/mdm/policy-configuration-service-provider#devicelock-alphanumericdevicepasswordrequired)  | Select the type of PIN or password required.  | ✔️ |   | ✔️ |  |
+| [DevicePasswordEnabled](/windows/client-management/mdm/policy-configuration-service-provider#devicelock-devicepasswordenabled) | Specify whether device password is enabled. | ✔️ |   | ✔️ |  |
+| [DevicePasswordExpiration](/windows/client-management/mdm/policy-configuration-service-provider#devicelock-devicepasswordexpiration) | Specify when the password expires (in days). | ✔️ |   | ✔️ |  |
+| [DevicePasswordHistory](/windows/client-management/mdm/policy-configuration-service-provider#devicelock-devicepasswordhistory) | Specify how many passwords can be stored in the history that can't be reused. | ✔️ |   | ✔️ |  |
+| [MaxDevicePasswordFailedAttempts](/windows/client-management/mdm/policy-configuration-service-provider#devicelock-maxdevicepasswordfailedattempts) | Specify the number of authentication failures allowed before the device will be wiped. | ✔️ |   | ✔️ |  |
+| [MaxInactivityTimeDeviceLock](/windows/client-management/mdm/policy-configuration-service-provider#devicelock-maxinactivitytimedevicelock) |Specify the maximum amount of time (in minutes) allowed after the device is idle that will cause the device to become PIN or password locked.  | ✔️ |   | ✔️ |  |
+| [MinDevicePasswordComplexCharacters](/windows/client-management/mdm/policy-configuration-service-provider#devicelock-mindevicepasswordcomplexcharacters) | Specify the number of complex element types (uppercase and lowercase letters, numbers, and punctuation) required for a strong PIN or password. | ✔️ |   | ✔️ |  |
+| [MinDevicePasswordLength](/windows/client-management/mdm/policy-configuration-service-provider#devicelock-mindevicepasswordlength) | Specify the minimum number or characters required in the PIN or password. | ✔️ |   | ✔️ |  |
+| [ScreenTimeoutWhileLocked](/windows/client-management/mdm/policy-configuration-service-provider#devicelock-screentimeoutwhilelocked) | Specify the duration in seconds for the screen timeout while on the lock screen. |  |   |  |  |
 
 
 ## DeviceManagement
 
-| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
-| --- | --- | :---: | :---: | :---: | :---: | :---: |
-| DisableMDMEnrollment | Use this setting to prevent the device from enrolling in MDM. | ✔️ |  |  |  |  |
+| Setting | Description | Windows client |  Surface Hub | HoloLens | IoT Core |
+| --- | --- | :---: |  :---: | :---: | :---: |
+| DisableMDMEnrollment | Use this setting to prevent the device from enrolling in MDM. | ✔️ |   |  |  |
 
 
 
 ## Experience
 
-| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
-| --- | --- | :---: | :---: | :---: | :---: | :---: |
-| [AllowCopyPaste](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowcopypaste) | Specify whether copy and paste is allowed. |  | ✔️ |  |  |  |
-| [AllowCortana](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowcortana) | Specify whether Cortana is allowed on the device. | ✔️ | ✔️ |  | ✔️ |  |
-| [AllowDeviceDiscovery](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowdevicediscovery) | Allow users to turn device discovery on or off in the UI.  | ✔️ | ✔️ |  |  |  |
-| [AllowFindMyDevice](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowfindmydevice) | Turn on **Find my device** feature. | ✔️ | ✔️ |  |  |  |
-| [AllowManualMDMUnenrollment](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowmanualmdmunenrollment) | Specify whether the user is allowed to delete the workplace account.  | ✔️ | ✔️ |  | ✔️ |  |
-| [AllowScreenCapture](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowscreencapture) | Specify whether screen capture is allowed. |  | ✔️ |  |  |  |
-| [AllowSIMErrorDialogPromptWhenNoSIM](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowsimerrordialogpromptwhennosim) | Specify whether to display a dialog prompt when no SIM card is detected. |  | ✔️ |  |  |  |
-| [AllowSyncMySettings](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowsyncmysettings) | Allow or disallow all Windows sync settings on the device. | ✔️ | ✔️ |  |  |  |
-| [AllowTailoredExperiencesWithDiagnosticData](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowtailoredexperienceswithdiagnosticdata) | Prevent Windows from using diagnostic data to provide customized experiences to the user. | ✔️ |  |  |  |  |
-| [AllowTaskSwitcher](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowtaskswitcher) | Allow or disallow task switching on the device. |  | ✔️ |  |  |  |
-| [AllowThirdPartySuggestionsInWindowsSpotlight](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowthirdpartysuggestionsinwindowsspotlight) | Specify whether to allow app and content suggestions from third-party software publishers in Windows Spotlight. | ✔️ |  |  |  |  |
-| [AllowVoiceRecording](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowvoicerecording) | Specify whether voice recording is allowed for apps. |  | ✔️ |  |  |  |
-| [AllowWindowsConsumerFeatures](/windows/client-management/mdm/policy-csp-experience#experience-allowwindowsconsumerfeatures) | Turn on experiences that are typically for consumers only, such as Start suggetions, membership notifications, post-OOBE app install, and redirect tiles. | ✔️ |  |  |  |  |
-| [AllowWindowsSpotlight](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowwindowsspotlight) |Specify whether to turn off all Windows Spotlight features at once.  | ✔️ |  |  |  |  |
-| [AllowWindowsSpotlightOnActionCenter](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowwindowsspotlightonactioncenter) | Prevent Windows Spotlight notifications from being displayed in the Action Center. | ✔️ |  |  |  |  |
-| [AllowWindowsSpotlightWindowsWelcomeExperience](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowwindowsspotlightwindowswelcomeexperience) | Turn off the Windows Spotlight Windows welcome experience feature. | ✔️ |  |  |  |  |
-| [AllowWindowsTips](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowwindowstips) | Enable or disable Windows Tips. | ✔️ |  |  |  |  |
-| [ConfigureWindowsSpotlightOnLockScreen](/windows/client-management/mdm/policy-configuration-service-provider#experience-configurewindowsspotlightonlockscreen) | Specify whether Spotlight should be used on the user's lock screen. | ✔️ |  |  |  |  |
+| Setting | Description | Windows client |  Surface Hub | HoloLens | IoT Core |
+| --- | --- | :---: | :---: | :---: | :---: |
+| [AllowCopyPaste](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowcopypaste) | Specify whether copy and paste is allowed. |  |  |  |  |
+| [AllowCortana](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowcortana) | Specify whether Cortana is allowed on the device. | ✔️ |   | ✔️ |  |
+| [AllowDeviceDiscovery](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowdevicediscovery) | Allow users to turn device discovery on or off in the UI.  | ✔️ |   |  |  |
+| [AllowFindMyDevice](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowfindmydevice) | Turn on **Find my device** feature. | ✔️ |   |  |  |
+| [AllowManualMDMUnenrollment](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowmanualmdmunenrollment) | Specify whether the user is allowed to delete the workplace account.  | ✔️ |   | ✔️ |  |
+| [AllowScreenCapture](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowscreencapture) | Specify whether screen capture is allowed. |  |   |  |  |
+| [AllowSIMErrorDialogPromptWhenNoSIM](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowsimerrordialogpromptwhennosim) | Specify whether to display a dialog prompt when no SIM card is detected. |  |   |  |  |
+| [AllowSyncMySettings](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowsyncmysettings) | Allow or disallow all Windows sync settings on the device. | ✔️ |   |  |  |
+| [AllowTailoredExperiencesWithDiagnosticData](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowtailoredexperienceswithdiagnosticdata) | Prevent Windows from using diagnostic data to provide customized experiences to the user. | ✔️ |  |  |  |
+| [AllowTaskSwitcher](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowtaskswitcher) | Allow or disallow task switching on the device. |  |   |  |  |
+| [AllowThirdPartySuggestionsInWindowsSpotlight](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowthirdpartysuggestionsinwindowsspotlight) | Specify whether to allow app and content suggestions from third-party software publishers in Windows Spotlight. | ✔️ |  |  |  |
+| [AllowVoiceRecording](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowvoicerecording) | Specify whether voice recording is allowed for apps. |  |   |  |  |
+| [AllowWindowsConsumerFeatures](/windows/client-management/mdm/policy-csp-experience#experience-allowwindowsconsumerfeatures) | Turn on experiences that are typically for consumers only, such as Start suggestions, membership notifications, post-OOBE app install, and redirect tiles. | ✔️ |  |  |  |
+| [AllowWindowsSpotlight](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowwindowsspotlight) |Specify whether to turn off all Windows Spotlight features at once.  | ✔️ |  |  |  |
+| [AllowWindowsSpotlightOnActionCenter](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowwindowsspotlightonactioncenter) | Prevent Windows Spotlight notifications from being displayed in the Action Center. | ✔️ | |  |  |
+| [AllowWindowsSpotlightWindowsWelcomeExperience](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowwindowsspotlightwindowswelcomeexperience) | Turn off the Windows Spotlight Windows welcome experience feature. | ✔️ |  |  |  |
+| [AllowWindowsTips](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowwindowstips) | Enable or disable Windows Tips. | ✔️ |  |  |  |
+| [ConfigureWindowsSpotlightOnLockScreen](/windows/client-management/mdm/policy-configuration-service-provider#experience-configurewindowsspotlightonlockscreen) | Specify whether Spotlight should be used on the user's lock screen. | ✔️ |  |  |  |
 
 ## ExploitGuard
 
-| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
-| --- | --- | :---: | :---: | :---: | :---: | :---: |
-| [ExploitProtectionSettings](/windows/client-management/mdm/policy-csp-exploitguard) | See the [explanation of ExploitProtectionSettings](/windows/client-management/mdm/policy-csp-exploitguard) in the Policy CSP for instructions. In the **ExploitProtectionSettings** field, you can enter a path (local, UNC, or URI) to the mitigation options config, or you can enter the XML for the config. | ✔️ | ✔️ |  |  |  |
+| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
+| --- | --- | :---: | :---: | :---: | :---: | 
+| [ExploitProtectionSettings](/windows/client-management/mdm/policy-csp-exploitguard) | See the [explanation of ExploitProtectionSettings](/windows/client-management/mdm/policy-csp-exploitguard) in the Policy CSP for instructions. In the **ExploitProtectionSettings** field, you can enter a path (local, UNC, or URI) to the mitigation options config, or you can enter the XML for the config. | ✔️ |   |  |  |
 
 
 ## Games
 
-| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
-| --- | --- | :---: | :---: | :---: | :---: | :---: |
-| [AllowAdvancedGamingServices](/windows/client-management/mdm/policy-configuration-service-provider#games-allowadvancedgamingservices) | Currently not supported. | ✔️ |  |  |  |  |
+| Setting | Description | Windows client |  Surface Hub | HoloLens | IoT Core |
+| --- | --- | :---: |  :---: | :---: | :---: |
+| [AllowAdvancedGamingServices](/windows/client-management/mdm/policy-configuration-service-provider#games-allowadvancedgamingservices) | Currently not supported. | ✔️ |  |  |  |
 
 
 ## KioskBrowser
 
 These settings apply to the **Kiosk Browser** app available in Microsoft Store. For more information, see [Guidelines for web browsers](../guidelines-for-assigned-access-app.md#guidelines-for-web-browsers).
 
-| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
-| --- | --- | :---: | :---: | :---: | :---: | :---: |
-[BlockedUrlExceptions](/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-blockedurlexceptions) | List of exceptions to the blocked website URLs (with wildcard support). This is used to configure URLs kiosk browsers are allowed to navigate to, which are a subset of the blocked URLs. | ✔️ |  |  |  |  |
-[BlockedUrls](/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-blockedurls) | List of blocked website URLs (with wildcard support). This is used to configure blocked URLs kiosk browsers cannot navigate to. | ✔️ |  |  |  |  |
-[DefaultURL](/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-defaulturl) | Configures the default URL kiosk browsers to navigate on launch and restart.  | ✔️ |  |  |  |  |
-[EnableEndSessionButton](/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-enableendsessionbutton) | Enable/disable kiosk browser's end session button.  | ✔️ |  |  |  |  |
-[EnableHomeButton](/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-enablehomebutton) | Enable/disable kiosk browser's home button.  | ✔️ |  |  |  |  |
-[EnableNavigationButtons](/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-enablenavigationbuttons) | Enable/disable kiosk browser's navigation buttons (forward/back). | ✔️ |  |  |  |  |
-[RestartOnIdleTime](/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-restartonidletime) | Amount of time in minutes the session is idle until the kiosk browser restarts in a fresh state.  The value is an int 1-1440 that specifies the amount of minutes the session is idle until the kiosk browser restarts in a fresh state. The default value is empty which means there is no idle timeout within the kiosk browser. | ✔️ |  |  |  |  |
+| Setting | Description | Windows client |  Surface Hub | HoloLens | IoT Core |
+| --- | --- | :---: | :---: | :---: | :---: | 
+|[BlockedUrlExceptions](/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-blockedurlexceptions) | List of exceptions to the blocked website URLs (with wildcard support). This is used to configure URLs kiosk browsers are allowed to navigate to, which are a subset of the blocked URLs. | ✔️ |  |  |  |
+|[BlockedUrls](/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-blockedurls) | List of blocked website URLs (with wildcard support). This is used to configure blocked URLs kiosk browsers cannot navigate to. | ✔️ |  |  |  |
+|[DefaultURL](/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-defaulturl) | Configures the default URL kiosk browsers to navigate on launch and restart.  | ✔️ |  |  |  |
+|[EnableEndSessionButton](/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-enableendsessionbutton) | Enable/disable kiosk browser's end session button.  | ✔️ |  |  |  |
+|[EnableHomeButton](/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-enablehomebutton) | Enable/disable kiosk browser's home button.  | ✔️ |  |  |  |
+|[EnableNavigationButtons](/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-enablenavigationbuttons) | Enable/disable kiosk browser's navigation buttons (forward/back). | ✔️ |  |  |  |
+|[RestartOnIdleTime](/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-restartonidletime) | Amount of time in minutes the session is idle until the kiosk browser restarts in a fresh state.  The value is an int 1-1440 that specifies the amount of minutes the session is idle until the kiosk browser restarts in a fresh state. The default value is empty which means there is no idle timeout within the kiosk browser. | ✔️ |  |  |  |
 
 To configure multiple URLs for **Blocked URL Exceptions** or **Blocked URLs** in Windows Configuration Designer:
 
@@ -339,252 +340,253 @@ To configure multiple URLs for **Blocked URL Exceptions** or **Blocked URLs** in
 
 ## LocalPoliciesSecurityOptions
 
-| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
-| --- | --- | :---: | :---: | :---: | :---: | :---: |
-| [InteractiveLogon_DoNotDisplayLastSignedIn](/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions#localpoliciessecurityoptions-interactivelogon-donotdisplaylastsignedin) | Specify whether the Windows sign-in screen will show the username of the last person who signed in. | ✔️ |  |  |  |  |
-| [Shutdown_AllowSystemtobeShutDownWithoutHavingToLogOn](/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions#localpoliciessecurityoptions-shutdown-allowsystemtobeshutdownwithouthavingtologon) | Specify whether a computer can be shut down without signing in. | ✔️ |  |  |  |  |
-| [UserAccountControl_BehaviorOfTheElevationPromptForStandardUsers](/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions#localpoliciessecurityoptions-useraccountcontrol-behavioroftheelevationpromptforstandardusers) | Configure how an elevation prompt should behave for standard users. | ✔️ |  |  |  |  |
+| Setting | Description | Windows client |  Surface Hub | HoloLens | IoT Core |
+| --- | --- | :---: | :---: | :---: | :---: |
+| [InteractiveLogon_DoNotDisplayLastSignedIn](/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions#localpoliciessecurityoptions-interactivelogon-donotdisplaylastsignedin) | Specify whether the Windows sign-in screen will show the username of the last person who signed in. | ✔️ |  |  |  |
+| [Shutdown_AllowSystemtobeShutDownWithoutHavingToLogOn](/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions#localpoliciessecurityoptions-shutdown-allowsystemtobeshutdownwithouthavingtologon) | Specify whether a computer can be shut down without signing in. | ✔️ |   |  |  |
+| [UserAccountControl_BehaviorOfTheElevationPromptForStandardUsers](/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions#localpoliciessecurityoptions-useraccountcontrol-behavioroftheelevationpromptforstandardusers) | Configure how an elevation prompt should behave for standard users. | ✔️ |  |  |  |
 
 ## Location
 
-| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
-| --- | --- | :---: | :---: | :---: | :---: | :---: |
-| [EnableLocation](/windows/client-management/mdm/policy-configuration-service-provider#location-enablelocation) | Do not use. |  |  |  |  |  |
+| Setting | Description | Windows client |  Surface Hub | HoloLens | IoT Core |
+| --- | --- | :---: |  :---: | :---: | :---: |
+| [EnableLocation](/windows/client-management/mdm/policy-configuration-service-provider#location-enablelocation) | Do not use. |  |  |  |  |
 
 ## Power
 
-| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
-| --- | --- | :---: | :---: | :---: | :---: | :---: |
-| [AllowStandbyStatesWhenSleepingOnBattery](/windows/client-management/mdm/policy-csp-power#allowstandbystateswhensleepingonbattery) | Specify whether Windows can use standby states when putting the computer in a sleep state while on battery. | ✔️ |  |  |  |  |
-| [AllowStandbyWhenSleepingPluggedIn](/windows/client-management/mdm/policy-csp-power#allowstandbystateswhensleepingpluggedin) | Specify whether Windows can use standby states when putting the computer in a sleep state while plugged in. | ✔️ |  |  |  |  |
-| [DisplayOffTimeoutOnBattery](/windows/client-management/mdm/policy-csp-power#displayofftimeoutonbattery) | Specify the period of inactivity before Windows turns off the display while on battery. | ✔️ |  |  |  |  |
-| [DisplayOffTimeoutPluggedIn](/windows/client-management/mdm/policy-csp-power#displayofftimeoutpluggedin) | Specify the period of inactivity before Windows turns off the display while plugged in. | ✔️ |  |  |  |  |
-| [EnergySaverBatteryThresholdOnBattery](/windows/client-management/mdm/policy-csp-power#energysaverbatterythresholdonbattery) | Specify the battery charge level at which Energy Saver is turned on while on battery.  | ✔️ |  |  |  |  |
-| [EnergySaverBatteryThresholdPluggedIn](/windows/client-management/mdm/policy-csp-power#EnergySaverBatteryThresholdPluggedIn) | Specify the battery charge level at which Energy Saver is turned on while plugged in. | ✔️ |  |  |  |  |
-| [HibernateTimeoutOnBattery](/windows/client-management/mdm/policy-csp-power#hibernatetimeoutonbattery) | Specify the period of inactivity before Windows transitions the system to hibernate while on battery. | ✔️ |  |  |  |  |
-| [HibernateTimeoutPluggedIn](/windows/client-management/mdm/policy-csp-power#hibernatetimeoutpluggedin) | Specify the period of inactivity before Windows transitions the system to hibernate while plugged in.   | ✔️ |  |  |  |  |
-| [RequirePasswordWhenComputerWakesOnBattery](/windows/client-management/mdm/policy-csp-power#requirepasswordwhencomputerwakesonbattery) | Specify whether the user is prompted for a password when the system resumes from sleep while on battery. | ✔️ |  |  |  |  |
-| [RequirePasswordWhenComputerWakesPluggedIn](/windows/client-management/mdm/policy-csp-power#requirepasswordwhencomputerwakespluggedin) | Specify whether the user is prompted for a password when the system resumes from sleep while plugged in. | ✔️ |  |  |  |  |
-| [SelectLidCloseActionBattery](/windows/client-management/mdm/policy-csp-power#selectlidcloseactionpluggedin) | Select the action to be taken when a user closes the lid on a mobile device while on battery. | ✔️ |  |  |  |  |
-| [SelectLidCloseActionPluggedIn](/windows/client-management/mdm/policy-csp-power#selectlidcloseactionpluggedin) | Select the action to be taken when a user closes the lid on a mobile device while on plugged in. | ✔️ |  |  |  |  |
-| [SelectPowerButtonActionOnBattery](/windows/client-management/mdm/policy-csp-power#selectpowerbuttonactiononbattery) | Select the action to be taken when the user presses the power button while on battery.  | ✔️ |  |  |  |  |
-| [SelectPowerButtonActionPluggedIn](/windows/client-management/mdm/policy-csp-power#selectpowerbuttonactionpluggedin) | Select the action to be taken when the user presses the power button while on plugged in. | ✔️ |  |  |  |  |
-| [SelectSleepButtonActionOnBattery](/windows/client-management/mdm/policy-csp-power#selectsleepbuttonactiononbattery) | Select the action to be taken when the user presses the sleep button while on battery. | ✔️ |  |  |  |  |
-| [SelectSleepButtonActionPluggedIn](/windows/client-management/mdm/policy-csp-power#selectsleepbuttonactionpluggedin) | Select the action to be taken when the user presses the sleep button while plugged in. | ✔️ |  |  |  |  |
-| [StandbyTimeoutOnBattery](/windows/client-management/mdm/policy-csp-power#StandbyTimeoutOnBattery) | Specify the period of inactivity before Windows transitions the system to sleep while on battery. | ✔️ |  |  |  |  |
-| [StandbyTimeoutPluggedIn](/windows/client-management/mdm/policy-csp-power#standbytimeoutpluggedin) | Specify the period of inactivity before Windows transitions the system to sleep while plugged in. | ✔️ |  |  |  |  |
-| [TurnOffHybridSleepOnBattery](/windows/client-management/mdm/policy-csp-power#turnoffhybridsleeponbattery) | Turn off hybrid sleep while on battery. | ✔️ |  |  |  |  |
-| [TurnOffHybridSleepPluggedIn](/windows/client-management/mdm/policy-csp-power#turnoffhybridsleeppluggedin) | Turn off hybrid sleep while plugged in. | ✔️ |  |  |  |  |
-| [UnattendedSleepTimeoutOnBattery](/windows/client-management/mdm/policy-csp-power#unattendedsleeptimeoutonbattery) | Specify the period of inactivity before Windows transitions the system to sleep automatically when a user is not present while on battery. | ✔️ |  |  |  |  |
-| [UnattendedSleepTimeoutPluggedIn](/windows/client-management/mdm/policy-csp-power#unattendedsleeptimeoutpluggedin) | Specify the period of inactivity before Windows transitions the system to sleep automatically when a user is not present while plugged in.  | ✔️ |  |  |  |  |
+| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
+| --- | --- | :---: | :---: | :---: | :---: | 
+| [AllowStandbyStatesWhenSleepingOnBattery](/windows/client-management/mdm/policy-csp-power#allowstandbystateswhensleepingonbattery) | Specify whether Windows can use standby states when putting the computer in a sleep state while on battery. | ✔️ |  |  |  |
+| [AllowStandbyWhenSleepingPluggedIn](/windows/client-management/mdm/policy-csp-power#allowstandbystateswhensleepingpluggedin) | Specify whether Windows can use standby states when putting the computer in a sleep state while plugged in. | ✔️ |  |  |  |
+| [DisplayOffTimeoutOnBattery](/windows/client-management/mdm/policy-csp-power#displayofftimeoutonbattery) | Specify the period of inactivity before Windows turns off the display while on battery. | ✔️ |  |  |  |
+| [DisplayOffTimeoutPluggedIn](/windows/client-management/mdm/policy-csp-power#displayofftimeoutpluggedin) | Specify the period of inactivity before Windows turns off the display while plugged in. | ✔️ |  |  |  |
+| [EnergySaverBatteryThresholdOnBattery](/windows/client-management/mdm/policy-csp-power#energysaverbatterythresholdonbattery) | Specify the battery charge level at which Energy Saver is turned on while on battery.  | ✔️ |  |  |  |
+| [EnergySaverBatteryThresholdPluggedIn](/windows/client-management/mdm/policy-csp-power#EnergySaverBatteryThresholdPluggedIn) | Specify the battery charge level at which Energy Saver is turned on while plugged in. | ✔️ |  |  |  |
+| [HibernateTimeoutOnBattery](/windows/client-management/mdm/policy-csp-power#hibernatetimeoutonbattery) | Specify the period of inactivity before Windows transitions the system to hibernate while on battery. | ✔️ |  |  |  |
+| [HibernateTimeoutPluggedIn](/windows/client-management/mdm/policy-csp-power#hibernatetimeoutpluggedin) | Specify the period of inactivity before Windows transitions the system to hibernate while plugged in.   | ✔️ |  |  |  |
+| [RequirePasswordWhenComputerWakesOnBattery](/windows/client-management/mdm/policy-csp-power#requirepasswordwhencomputerwakesonbattery) | Specify whether the user is prompted for a password when the system resumes from sleep while on battery. | ✔️ |  |  |  |
+| [RequirePasswordWhenComputerWakesPluggedIn](/windows/client-management/mdm/policy-csp-power#requirepasswordwhencomputerwakespluggedin) | Specify whether the user is prompted for a password when the system resumes from sleep while plugged in. | ✔️ |  |  |  |
+| [SelectLidCloseActionBattery](/windows/client-management/mdm/policy-csp-power#selectlidcloseactionpluggedin) | Select the action to be taken when a user closes the lid on a mobile device while on battery. | ✔️ |  |  |  |
+| [SelectLidCloseActionPluggedIn](/windows/client-management/mdm/policy-csp-power#selectlidcloseactionpluggedin) | Select the action to be taken when a user closes the lid on a mobile device while on plugged in. | ✔️ |  |  |  |
+| [SelectPowerButtonActionOnBattery](/windows/client-management/mdm/policy-csp-power#selectpowerbuttonactiononbattery) | Select the action to be taken when the user presses the power button while on battery.  | ✔️ |  |  |  |
+| [SelectPowerButtonActionPluggedIn](/windows/client-management/mdm/policy-csp-power#selectpowerbuttonactionpluggedin) | Select the action to be taken when the user presses the power button while on plugged in. | ✔️ |  |  |  |
+| [SelectSleepButtonActionOnBattery](/windows/client-management/mdm/policy-csp-power#selectsleepbuttonactiononbattery) | Select the action to be taken when the user presses the sleep button while on battery. | ✔️ |   |  |  |
+| [SelectSleepButtonActionPluggedIn](/windows/client-management/mdm/policy-csp-power#selectsleepbuttonactionpluggedin) | Select the action to be taken when the user presses the sleep button while plugged in. | ✔️ |  |  |  |
+| [StandbyTimeoutOnBattery](/windows/client-management/mdm/policy-csp-power#StandbyTimeoutOnBattery) | Specify the period of inactivity before Windows transitions the system to sleep while on battery. | ✔️ |  |  |  |
+| [StandbyTimeoutPluggedIn](/windows/client-management/mdm/policy-csp-power#standbytimeoutpluggedin) | Specify the period of inactivity before Windows transitions the system to sleep while plugged in. | ✔️ |   |  |  |
+| [TurnOffHybridSleepOnBattery](/windows/client-management/mdm/policy-csp-power#turnoffhybridsleeponbattery) | Turn off hybrid sleep while on battery. | ✔️ |   |  |  |
+| [TurnOffHybridSleepPluggedIn](/windows/client-management/mdm/policy-csp-power#turnoffhybridsleeppluggedin) | Turn off hybrid sleep while plugged in. | ✔️ |  |  |  |
+| [UnattendedSleepTimeoutOnBattery](/windows/client-management/mdm/policy-csp-power#unattendedsleeptimeoutonbattery) | Specify the period of inactivity before Windows transitions the system to sleep automatically when a user is not present while on battery. | ✔️ |  |  |  |
+| [UnattendedSleepTimeoutPluggedIn](/windows/client-management/mdm/policy-csp-power#unattendedsleeptimeoutpluggedin) | Specify the period of inactivity before Windows transitions the system to sleep automatically when a user is not present while plugged in.  | ✔️ |  |  |  |
 
 ## Privacy
 
-| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
-| --- | --- | :---: | :---: | :---: | :---: | :---: |
-| [AllowAutoAcceptPairingAndPrivacyConsentPrompts](/windows/client-management/mdm/policy-configuration-service-provider#privacy-allowautoacceptpairingandprivacyconsentprompts) | Allow or disallow the automatic acceptance of the pairing and privacy user consent dialog boxes when launching apps. |  | ✔️ |  |  |  |
-| [AllowInputPersonalization](/windows/client-management/mdm/policy-configuration-service-provider#privacy-allowinputpersonalization) | Allow the use of cloud-based speech services for Cortana, dictation, or Store apps. | ✔️ | ✔️ |  | ✔️ |  |
+| Setting | Description | Windows client |  Surface Hub | HoloLens | IoT Core |
+| --- | --- | :---: | :---: | :---: | :---: |
+| [AllowAutoAcceptPairingAndPrivacyConsentPrompts](/windows/client-management/mdm/policy-configuration-service-provider#privacy-allowautoacceptpairingandprivacyconsentprompts) | Allow or disallow the automatic acceptance of the pairing and privacy user consent dialog boxes when launching apps. |  |   |  |  |
+| [AllowInputPersonalization](/windows/client-management/mdm/policy-configuration-service-provider#privacy-allowinputpersonalization) | Allow the use of cloud-based speech services for Cortana, dictation, or Store apps. | ✔️ |   | ✔️ |  |
 
 
 ## Search
 
-| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
-| --- | --- | :---: | :---: | :---: | :---: | :---: |
-[AllowCloudSearch](/windows/client-management/mdm/policy-csp-search#search-allowcloudsearch) | Allow search and Cortana to search cloud sources like OneDrive and SharePoint. T   | ✔️ | ✔️ |  |  |  |
-[AllowCortanaInAAD](/windows/client-management/mdm/policy-csp-search#search-allowcortanainaad) | This specifies whether the Cortana consent page can appear in the Azure Active Directory (AAD) device out-of-box-experience (OOBE) flow.    | ✔️ |  |  |  |  |
-| [AllowIndexingEncryptedStoresOrItems](/windows/client-management/mdm/policy-configuration-service-provider#search-allowindexingencryptedstoresoritems) | Allow or disallow the indexing of items. | ✔️ | ✔️ |  |  |  |
-| [AllowSearchToUseLocation](/windows/client-management/mdm/policy-configuration-service-provider#search-allowsearchtouselocation) | Specify whether search can use location information. | ✔️ | ✔️ |  | ✔️ |  |
-| [AllowUsingDiacritics](/windows/client-management/mdm/policy-configuration-service-provider#search-allowusingdiacritics) | Allow the use of diacritics. | ✔️ | ✔️ |  |  |  |
-| [AllowWindowsIndexer](/windows/client-management/mdm/policy-csp-search#search-allowwindowsindexer) | The indexer provides fast file, email, and web history search for apps and system components including Cortana, Outlook, file explorer, and Edge. To do this, it requires access to the file system and app data stores such as Outlook OST files.

                    - **Off** setting disables Windows indexer
                    - **EnterpriseSecure** setting stops the indexer from indexing encrypted files or stores, and is recommended for enterprises using Windows Information Protection (WIP)
                    - **Enterprise** setting reduces potential network loads for enterprises
                    - **Standard** setting is appropriate for consuemrs | ✔️ | ✔️ |  |  |  |
-| [AlwaysUseAutoLangDetection](/windows/client-management/mdm/policy-configuration-service-provider#search-alwaysuseautolangdetection) | Specify whether to always use automatic language detection when indexing content and properties. | ✔️ | ✔️ |  |  |  |
-| [DoNotUseWebResults](/windows/client-management/mdm/policy-configuration-service-provider#search-donotusewebresults) | Specify whether to allow Search to perform queries on the web. | ✔️ | ✔️ |  |  |  |
-| [DisableBackoff](/windows/client-management/mdm/policy-configuration-service-provider#search-disablebackoff) | If enabled, the search indexer backoff feature will be disabled. | ✔️ | ✔️ |  |  |  |
-| [DisableRemovableDriveIndexing](/windows/client-management/mdm/policy-configuration-service-provider#search-disableremovabledriveindexing) | Configure whether locations on removable drives can be added to libraries. | ✔️ | ✔️ |  |  |  |
-| [PreventIndexingLowDiskSpaceMB](/windows/client-management/mdm/policy-configuration-service-provider#search-preventindexinglowdiskspacemb) | Prevent indexing from continuing after less than the specified amount of hard drive space is left on the same drive as the index location. | ✔️ | ✔️ |  |  |  |
-| [PreventRemoteQueries](/windows/client-management/mdm/policy-configuration-service-provider#search-preventremotequeries) | If enabled, clients will be unable to query this device's index remotely. | ✔️ | ✔️ |  |  |  |
-| [SafeSearchPermissions](/windows/client-management/mdm/policy-configuration-service-provider#search-safesearchpermissions) | Specify the level of safe search (filtering adult content) required. |  | ✔️ |  |  |  |
+| Setting | Description | Windows client |  Surface Hub | HoloLens | IoT Core |
+| --- | --- | :---: | :---: | :---: | :---: | 
+[AllowCloudSearch](/windows/client-management/mdm/policy-csp-search#search-allowcloudsearch) | Allow search and Cortana to search cloud sources like OneDrive and SharePoint. T   | ✔️ |   |  |  |
+[AllowCortanaInAAD](/windows/client-management/mdm/policy-csp-search#search-allowcortanainaad) | This specifies whether the Cortana consent page can appear in the Azure Active Directory (AAD) device out-of-box-experience (OOBE) flow.    | ✔️ |   |  |  |
+| [AllowIndexingEncryptedStoresOrItems](/windows/client-management/mdm/policy-configuration-service-provider#search-allowindexingencryptedstoresoritems) | Allow or disallow the indexing of items. | ✔️ |   |  |  |
+| [AllowSearchToUseLocation](/windows/client-management/mdm/policy-configuration-service-provider#search-allowsearchtouselocation) | Specify whether search can use location information. | ✔️ |   | ✔️ |  |
+| [AllowUsingDiacritics](/windows/client-management/mdm/policy-configuration-service-provider#search-allowusingdiacritics) | Allow the use of diacritics. | ✔️ |   |  |  |
+| [AllowWindowsIndexer](/windows/client-management/mdm/policy-csp-search#search-allowwindowsindexer) | The indexer provides fast file, email, and web history search for apps and system components including Cortana, Outlook, file explorer, and Edge. To do this, it requires access to the file system and app data stores such as Outlook OST files.

                    - **Off** setting disables Windows indexer
                    - **EnterpriseSecure** setting stops the indexer from indexing encrypted files or stores, and is recommended for enterprises using Windows Information Protection (WIP)
                    - **Enterprise** setting reduces potential network loads for enterprises
                    - **Standard** setting is appropriate for consumers | ✔️ |   |  |  |
+| [AlwaysUseAutoLangDetection](/windows/client-management/mdm/policy-configuration-service-provider#search-alwaysuseautolangdetection) | Specify whether to always use automatic language detection when indexing content and properties. | ✔️ |  |  |  |
+| [DoNotUseWebResults](/windows/client-management/mdm/policy-configuration-service-provider#search-donotusewebresults) | Specify whether to allow Search to perform queries on the web. | ✔️ |   |  |  |
+| [DisableBackoff](/windows/client-management/mdm/policy-configuration-service-provider#search-disablebackoff) | If enabled, the search indexer backoff feature will be disabled. | ✔️ |   |  |  |
+| [DisableRemovableDriveIndexing](/windows/client-management/mdm/policy-configuration-service-provider#search-disableremovabledriveindexing) | Configure whether locations on removable drives can be added to libraries. | ✔️ |   |  |  |
+| [PreventIndexingLowDiskSpaceMB](/windows/client-management/mdm/policy-configuration-service-provider#search-preventindexinglowdiskspacemb) | Prevent indexing from continuing after less than the specified amount of hard drive space is left on the same drive as the index location. | ✔️ |   |  |  |
+| [PreventRemoteQueries](/windows/client-management/mdm/policy-configuration-service-provider#search-preventremotequeries) | If enabled, clients will be unable to query this device's index remotely. | ✔️ |   |  |  |
+| [SafeSearchPermissions](/windows/client-management/mdm/policy-configuration-service-provider#search-safesearchpermissions) | Specify the level of safe search (filtering adult content) required. |  |   |  |  |
 
 
 
 ## Security
 
-| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
-| --- | --- | :---: | :---: | :---: | :---: | :---: |
-| [AllowAddProvisioningPackage](/windows/client-management/mdm/policy-configuration-service-provider#security-allowaddprovisioningpackage) | Specify whether to allow installation of provisioning packages. | ✔️ | ✔️ | ✔️ |  | ✔️ |
-| [AllowManualRootCertificateInstallation](/windows/client-management/mdm/policy-configuration-service-provider#security-allowmanualrootcertificateinstallation) | Specify whether the user is allowed to manually install root and intermediate CA certificates. |  | ✔️ |  |  |  |
-| [AllowRemoveProvisioningPackage](/windows/client-management/mdm/policy-configuration-service-provider#security-allowremoveprovisioningpackage) | Specify whether removal of provisioning packages is allowed. | ✔️ | ✔️ | ✔️ |  | ✔️ |
-| [AntiTheftMode](/windows/client-management/mdm/policy-configuration-service-provider#security-antitheftmode) | Allow or disallow Anti Theft Mode on the device. |  | ✔️ |  |  |  |
-| [RequireDeviceEncryption](/windows/client-management/mdm/policy-configuration-service-provider#security-requiredeviceencryption) | Specify whether encryption is required. | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ |
-| [RequireProvisioningPackageSignature](/windows/client-management/mdm/policy-configuration-service-provider#security-requireprovisioningpackagesignature) | Specify whether provisioning packages must have a certificate signed by a device-trusted authority. | ✔️ | ✔️ | ✔️ |  | ✔️ |
-| [RequireRetrieveHealthCertificateOnBoot](/windows/client-management/mdm/policy-configuration-service-provider#security-requireretrievehealthcertificateonboot) | Specify whether to retrieve and post TCG Boot logs, and get or cache an encrypted or signed Health Attestation Report from the Microsoft Health Attestation Service when a device boots or reboots. | ✔️ | ✔️ |  |  |  |
+| Setting | Description | Windows client |  Surface Hub | HoloLens | IoT Core |
+| --- | --- | :---: | :---: | :---: | :---: |
+| [AllowAddProvisioningPackage](/windows/client-management/mdm/policy-configuration-service-provider#security-allowaddprovisioningpackage) | Specify whether to allow installation of provisioning packages. | ✔️ |  ✔️ |  | ✔️ |
+| [AllowManualRootCertificateInstallation](/windows/client-management/mdm/policy-configuration-service-provider#security-allowmanualrootcertificateinstallation) | Specify whether the user is allowed to manually install root and intermediate CA certificates. |  |   |  |  |
+| [AllowRemoveProvisioningPackage](/windows/client-management/mdm/policy-configuration-service-provider#security-allowremoveprovisioningpackage) | Specify whether removal of provisioning packages is allowed. | ✔️ |  ✔️ |  | ✔️ |
+| [AntiTheftMode](/windows/client-management/mdm/policy-configuration-service-provider#security-antitheftmode) | Allow or disallow Anti Theft Mode on the device. |  |   |  |  |
+| [RequireDeviceEncryption](/windows/client-management/mdm/policy-configuration-service-provider#security-requiredeviceencryption) | Specify whether encryption is required. | ✔️ |  ✔️ | ✔️ | ✔️ |
+| [RequireProvisioningPackageSignature](/windows/client-management/mdm/policy-configuration-service-provider#security-requireprovisioningpackagesignature) | Specify whether provisioning packages must have a certificate signed by a device-trusted authority. | ✔️ |  ✔️ |  | ✔️ |
+| [RequireRetrieveHealthCertificateOnBoot](/windows/client-management/mdm/policy-configuration-service-provider#security-requireretrievehealthcertificateonboot) | Specify whether to retrieve and post TCG Boot logs, and get or cache an encrypted or signed Health Attestation Report from the Microsoft Health Attestation Service when a device boots or reboots. | ✔️ |   |  |  |
 
 ## Settings
 
-| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
-| --- | --- | :---: | :---: | :---: | :---: | :---: |
-| [AllowAutoPlay](/windows/client-management/mdm/policy-configuration-service-provider#settings-allowautoplay) | Allow the user to change AutoPlay settings. |  | ✔️ |  |  |  |
-| [AllowDataSense](/windows/client-management/mdm/policy-configuration-service-provider#settings-allowdatasense) | Allow the user to change Data Sense settings. |  | ✔️ |  |  |  |
-| [AllowVPN](/windows/client-management/mdm/policy-configuration-service-provider#settings-allowvpn) | Allow the user to change VPN settings. |  | ✔️ |  | ✔️ |  |
-| [ConfigureTaskbarCalendar](/windows/client-management/mdm/policy-configuration-service-provider#settings-configuretaskbarcalendar) | Configure the default setting for showing additional calendars (besides the default calendar for the locale) in the taskbar clock and calendar flyout. | ✔️ |  |  |  |  |
-[PageVisiblityList](/windows/client-management/mdm/policy-csp-settings#settings-pagevisibilitylist) | Allows IT admins to prevent specific pages in the System Settings app from being visible or accessible. Pages are identified by a shortened version of their already [published URIs](/windows/uwp/launch-resume/launch-settings-app#ms-settings-uri-scheme-reference), which is the URI minus the "ms-settings:" prefix. For example, if the URI for a settings page is "ms-settings:foo", the page identifier used in the policy will be just "foo". Multiple page identifiers are separated by semicolons.  | ✔️ |  |  |  |  |
+| Setting | Description | Windows client |  Surface Hub | HoloLens | IoT Core |
+| --- | --- | :---: |  :---: | :---: | :---: |
+| [AllowAutoPlay](/windows/client-management/mdm/policy-configuration-service-provider#settings-allowautoplay) | Allow the user to change AutoPlay settings. |  |   |  |  |
+| [AllowDataSense](/windows/client-management/mdm/policy-configuration-service-provider#settings-allowdatasense) | Allow the user to change Data Sense settings. |  |   |  |  |
+| [AllowVPN](/windows/client-management/mdm/policy-configuration-service-provider#settings-allowvpn) | Allow the user to change VPN settings. |  |   | ✔️ |  |
+| [ConfigureTaskbarCalendar](/windows/client-management/mdm/policy-configuration-service-provider#settings-configuretaskbarcalendar) | Configure the default setting for showing additional calendars (besides the default calendar for the locale) in the taskbar clock and calendar flyout. | ✔️ |   |  |  |
+[PageVisiblityList](/windows/client-management/mdm/policy-csp-settings#settings-pagevisibilitylist) | Allows IT admins to prevent specific pages in the System Settings app from being visible or accessible. Pages are identified by a shortened version of their already [published URIs](/windows/uwp/launch-resume/launch-settings-app#ms-settings-uri-scheme-reference), which is the URI minus the "ms-settings:" prefix. For example, if the URI for a settings page is "ms-settings:foo", the page identifier used in the policy will be just "foo". Multiple page identifiers are separated by semicolons.  | ✔️ |   |  |  |
 
 ## Start
 
-| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
-| --- | --- | :---: | :---: | :---: | :---: | :---: |
-| [AllowPinnedFolderDocuments](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfolderdocuments) | Control the visibility of the Documents shortcut on the Start menu. | ✔️ |  |  |  |  |
-| [AllowPinnedFolderDownloads](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfolderdownloads) | Control the visibility of the Downloadds shortcut on the Start menu.  | ✔️ |  |  |  |  |
-| [AllowPinnedFolderFileExplorer](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfolderfileexplorer) | Control the visibility of the File Explorer shortcut on the Start menu.  | ✔️ |  |  |  |  |
-| [AllowPinnedFolderHomeGroup](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfolderhomegroup) | Control the visibility of the Home Group shortcut on the Start menu.  | ✔️ |  |  |  |  |
-| [AllowPinnedFolderMusic](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfoldermusic) | Control the visibility of the Music shortcut on the Start menu.  | ✔️ |  |  |  |  |
-| [AllowPinnedFolderNetwork](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfoldernetwork) | Control the visibility of the Network shortcut on the Start menu.  | ✔️ |  |  |  |  |
-| [AllowPinnedFolderPersonalFolder](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfolderpersonalfolder) | Control the visibility of the Personal Folder shortcut on the Start menu.  | ✔️ |  |  |  |  |
-| [AllowPinnedFolderPictures](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfolderpictures) | Control the visibility of the Pictures shortcut on the Start menu.  | ✔️ |  |  |  |  |
-| [AllowPinnedFolderSettings](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfoldersettings) | Control the visibility of the Settings shortcut on the Start menu.  | ✔️ |  |  |  |  |
-| [AllowPinnedFolderVideos](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfoldervideos)  |Control the visibility of the Videos shortcut on the Start menu.   | ✔️ |  |  |  |  |
-DisableContextMenus | Prevent context menus from being invoked in the Start menu.  | ✔️ |  |  |  |  |
-| [ForceStartSize](/windows/client-management/mdm/policy-configuration-service-provider#start-forcestartsize) | Force the size of the Start screen. | ✔️ |  |  |  |  |
-| [HideAppList](/windows/client-management/mdm/policy-configuration-service-provider#start-hideapplist) | Collapse or remove the all apps list. | ✔️ |  |  |  |  |
-| [HideChangeAccountSettings](/windows/client-management/mdm/policy-configuration-service-provider#start-hidechangeaccountsettings) | Hide **Change account settings** from appearing in the user tile. | ✔️ |  |  |  |  |
-| [HideFrequentlyUsedApps](/windows/client-management/mdm/policy-configuration-service-provider#start-hidefrequentlyusedapps) | Hide **Most used** section of Start.  | ✔️ |  |  |  |  |
-| [HideHibernate](/windows/client-management/mdm/policy-configuration-service-provider#start-hidehibernate) | Prevent **Hibernate** option from appearing in the Power button. | ✔️ |  |  |  |  |
-| [HideLock](/windows/client-management/mdm/policy-configuration-service-provider#start-hidelock) | Prevent **Lock** from appearing in the user tile. | ✔️ |  |  |  |  |
-| HidePeopleBar | Remove the people icon from the taskbar, as well as the corresponding settings toggle. It also prevents users from pinning people to the taskbar. | ✔️ |  |  |  |  |
-| [HidePowerButton](/windows/client-management/mdm/policy-configuration-service-provider#start-hidepowerbutton) | Hide the **Power** button. | ✔️ |  |  |  |  |
-| [HideRecentJumplists](/windows/client-management/mdm/policy-configuration-service-provider#start-hiderecentjumplists) | Hide jumplists of recently opened items. | ✔️ |  |  |  |  |
-| [HideRecentlyAddedApps](/windows/client-management/mdm/policy-configuration-service-provider#start-hiderecentlyaddedapps) | Hide **Recently added** section of Start. | ✔️ |  |  |  |  |
-| [HideRestart](/windows/client-management/mdm/policy-configuration-service-provider#start-hiderestart) | Prevent **Restart** and **Update and restart** from appearing in the Power button. | ✔️ |  |  |  |  |
-| [HideShutDown](/windows/client-management/mdm/policy-configuration-service-provider#start-hideshutdown) | Prevent **Shut down** and **Update and shut down** from appearing in the Power button.  | ✔️ |  |  |  |  |
-| [HideSignOut](/windows/client-management/mdm/policy-configuration-service-provider#start-hidesignout) | Prevent **Sign out** from appearing in the user tile. | ✔️ |  |  |  |  |
-| [HideSleep](/windows/client-management/mdm/policy-configuration-service-provider#start-hidesleep) | Prevent **Sleep** from appearing in the Power button. | ✔️ |  |  |  |  |
-| [HideSwitchAccount](/windows/client-management/mdm/policy-configuration-service-provider#start-hideswitchaccount) | Prevent **Switch account** from appearing in the user tile. | ✔️ |  |  |  |  |
-| [HideUserTile](/windows/client-management/mdm/policy-configuration-service-provider#start-hideusertile)  |  Hide the user tile. | ✔️ |  |  |  |  |
-| [ImportEdgeAssets](/windows/client-management/mdm/policy-configuration-service-provider#start-importedgeassets) | Import Edge assets for secondary tiles. For more information, see [Add image for secondary Microsoft Edge tiles](../start-secondary-tiles.md).  | ✔️ |  |  |  |  |
-| [NoPinningToTaskbar](/windows/client-management/mdm/policy-configuration-service-provider#start-nopinningtotaskbar) | Prevent users from pinning and unpinning apps on the taskbar. | ✔️ |  |  |  |  |
-| [StartLayout](/windows/client-management/mdm/policy-configuration-service-provider#start-startlayout) | Apply a custom Start layout. For more information, see [Customize Windows 10 Start and taskbar with provisioning packages](../customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md) | ✔️ |  |  |  |  |
+| Setting | Description | Windows client |  Surface Hub | HoloLens | IoT Core |
+| --- | --- | :---: |  :---: | :---: | :---: |
+| [AllowPinnedFolderDocuments](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfolderdocuments) | Control the visibility of the Documents shortcut on the Start menu. | ✔️ |  |  |  |
+| [AllowPinnedFolderDownloads](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfolderdownloads) | Control the visibility of the Downloads shortcut on the Start menu.  | ✔️ |  |  |  |
+| [AllowPinnedFolderFileExplorer](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfolderfileexplorer) | Control the visibility of the File Explorer shortcut on the Start menu.  | ✔️ |   |  |  |
+| [AllowPinnedFolderHomeGroup](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfolderhomegroup) | Control the visibility of the Home Group shortcut on the Start menu.  | ✔️ |  |  |  |
+| [AllowPinnedFolderMusic](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfoldermusic) | Control the visibility of the Music shortcut on the Start menu.  | ✔️ |  |  |  |
+| [AllowPinnedFolderNetwork](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfoldernetwork) | Control the visibility of the Network shortcut on the Start menu.  | ✔️ |  |  |  |
+| [AllowPinnedFolderPersonalFolder](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfolderpersonalfolder) | Control the visibility of the Personal Folder shortcut on the Start menu.  | ✔️ |  |  |  |  
+| [AllowPinnedFolderPictures](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfolderpictures) | Control the visibility of the Pictures shortcut on the Start menu.  | ✔️ |  |  |  |
+| [AllowPinnedFolderSettings](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfoldersettings) | Control the visibility of the Settings shortcut on the Start menu.  | ✔️ |  |  |  |  
+| [AllowPinnedFolderVideos](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfoldervideos)  |Control the visibility of the Videos shortcut on the Start menu.   | ✔️ |  |  |  |
+| DisableContextMenus | Prevent context menus from being invoked in the Start menu.  | ✔️ |  |  |  |
+| [ForceStartSize](/windows/client-management/mdm/policy-configuration-service-provider#start-forcestartsize) | Force the size of the Start screen. | ✔️ |  |  |  |
+| [HideAppList](/windows/client-management/mdm/policy-configuration-service-provider#start-hideapplist) | Collapse or remove the all apps list. | ✔️ |   |  |  |
+| [HideChangeAccountSettings](/windows/client-management/mdm/policy-configuration-service-provider#start-hidechangeaccountsettings) | Hide **Change account settings** from appearing in the user tile. | ✔️ |   |  |  |
+| [HideFrequentlyUsedApps](/windows/client-management/mdm/policy-configuration-service-provider#start-hidefrequentlyusedapps) | Hide **Most used** section of Start.  | ✔️ |  |  |  |
+| [HideHibernate](/windows/client-management/mdm/policy-configuration-service-provider#start-hidehibernate) | Prevent **Hibernate** option from appearing in the Power button. | ✔️ |  |  |  |
+| [HideLock](/windows/client-management/mdm/policy-configuration-service-provider#start-hidelock) | Prevent **Lock** from appearing in the user tile. | ✔️ |  |  |  |
+| HidePeopleBar | Remove the people icon from the taskbar, as well as the corresponding settings toggle. It also prevents users from pinning people to the taskbar. | ✔️ |  |  |  |
+| [HidePowerButton](/windows/client-management/mdm/policy-configuration-service-provider#start-hidepowerbutton) | Hide the **Power** button. | ✔️ |  |  |  |
+| [HideRecentJumplists](/windows/client-management/mdm/policy-configuration-service-provider#start-hiderecentjumplists) | Hide jumplists of recently opened items. | ✔️ |  |  |  |
+| [HideRecentlyAddedApps](/windows/client-management/mdm/policy-configuration-service-provider#start-hiderecentlyaddedapps) | Hide **Recently added** section of Start. | ✔️ |  |  |  |
+| [HideRestart](/windows/client-management/mdm/policy-configuration-service-provider#start-hiderestart) | Prevent **Restart** and **Update and restart** from appearing in the Power button. | ✔️ |   |  |  |
+| [HideShutDown](/windows/client-management/mdm/policy-configuration-service-provider#start-hideshutdown) | Prevent **Shut down** and **Update and shut down** from appearing in the Power button.  | ✔️ |  |  |  |
+| [HideSignOut](/windows/client-management/mdm/policy-configuration-service-provider#start-hidesignout) | Prevent **Sign out** from appearing in the user tile. | ✔️ |  |  |  |
+| [HideSleep](/windows/client-management/mdm/policy-configuration-service-provider#start-hidesleep) | Prevent **Sleep** from appearing in the Power button. | ✔️ |  |  |  |
+| [HideSwitchAccount](/windows/client-management/mdm/policy-configuration-service-provider#start-hideswitchaccount) | Prevent **Switch account** from appearing in the user tile. | ✔️ |  |  |  |
+| [HideUserTile](/windows/client-management/mdm/policy-configuration-service-provider#start-hideusertile)  |  Hide the user tile. | ✔️ |  |   |  |
+| [ImportEdgeAssets](/windows/client-management/mdm/policy-configuration-service-provider#start-importedgeassets) | Import Edge assets for secondary tiles. For more information, see [Add image for secondary Microsoft Edge tiles](../start-secondary-tiles.md).  | ✔️ |  |  |  |
+| [NoPinningToTaskbar](/windows/client-management/mdm/policy-configuration-service-provider#start-nopinningtotaskbar) | Prevent users from pinning and unpinning apps on the taskbar. | ✔️ |  |  |  |
+| [StartLayout](/windows/client-management/mdm/policy-configuration-service-provider#start-startlayout) | Apply a custom Start layout. For more information, see [Customize Windows 10 Start and taskbar with provisioning packages](../customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md) | ✔️ |  |  |  |
 
 ## System
 
-| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
-| --- | --- | :---: | :---: | :---: | :---: | :---: |
-| [AllowBuildPreview](/windows/client-management/mdm/policy-configuration-service-provider#system-allowbuildpreview) | Specify whether users can access the Insider build controls in the **Advanced Options** for Windows Update. | ✔️ | ✔️ |  |  |  |
-| [AllowEmbeddedMode](/windows/client-management/mdm/policy-configuration-service-provider#system-allowembeddedmode) | Specify whether to set general purpose device to be in embedded mode. | ✔️ | ✔️ | ✔️ |  | ✔️ |
-| [AllowExperimentation](/windows/client-management/mdm/policy-configuration-service-provider#system-allowexperimentation) | Determine the level that Microsoft can experiment with the product to study user preferences or device behavior. | ✔️ | ✔️ |  |  |  |
-| [AllowLocation](/windows/client-management/mdm/policy-configuration-service-provider#system-allowlocation) | Specify whether to allow app access to the Location service. | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ |
-| [AllowStorageCard](/windows/client-management/mdm/policy-configuration-service-provider#system-allowstoragecard) | Specify whether the user is allowed to use the storage card for device storage. | ✔️ | ✔️ | ✔️ |  | ✔️ |
-| [AllowTelemetry](/windows/client-management/mdm/policy-configuration-service-provider#system-allowtelemetry) | Allow the device to send diagnostic and usage data. | ✔️ | ✔️ |  | ✔️ |  |
-| [AllowUserToResetPhone](/windows/client-management/mdm/policy-configuration-service-provider#system-allowusertoresetphone) | Allow the user to factory reset the phone. | ✔️ | ✔️ |  |  |  |
-ConfigureTelemetryOptInChangeNotification | This policy setting determines whether a device shows notifications about telemetry levels to people on first sign-in or when changes occur in Settings.  | ✔️ | ✔️ |  |  |  |
-ConfigureTelemetryOptInSettingsUx | This policy setting determines whether people can change their own telemetry levels in Settings  | ✔️ | ✔️ |  |  |  |
-| DisableDeviceDelete | Specify whether the delete diagnostic data is enabled in the Diagnostic & Feedback Settings page. | ✔️ | ✔️ |  |  |  |
-| DisableDataDiagnosticViewer | Configure whether users can enable and launch the Diagnostic Data Viewer from the Diagnostic & Feedback Settings page. | ✔️ | ✔️ |  |  |  |
-| [DisableOneDriveFileSync](/windows/client-management/mdm/policy-configuration-service-provider#system-disableonedrivefilesync) | Prevent apps and features from working with files on OneDrive. | ✔️ |  |  |  |  |
-| [LimitEnhancedDiagnosticDataWindowsAnalytics](/windows/client-management/mdm/policy-csp-system#system-limitenhanceddiagnosticdatawindowsanalytics) | This policy setting, in combination with the System/AllowTelemetry policy setting, enables organizations to send Microsoft a specific set of diagnostic data for IT insights via Windows Analytics services. To enable this behavior you must enable this policy setting, and set Allow Telemetry to level 2 (Enhanced). When you configure these policy settings, a basic level of diagnostic data plus additional events that are required for Windows Analytics are sent to Microsoft. These events are documented in [Windows 10, version 1703 basic level Windows diagnostic events and fields](/windows/privacy/enhanced-diagnostic-data-windows-analytics-events-and-fields). Enabling enhanced diagnostic data in the System/AllowTelemetry policy in combination with not configuring this policy will also send the required events for Windows Analytics, plus additional enhanced level diagnostic data. This setting has no effect on computers configured to send full, basic or security level diagnostic data to Microsoft. If you disable or do not configure this policy setting, then the level of diagnostic data sent to Microsoft is determined by the System/AllowTelemetry policy.  | ✔️ | ✔️ |  |  |  |
+| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
+| --- | --- | :---: | :---: | :---: | :---: | 
+| [AllowBuildPreview](/windows/client-management/mdm/policy-configuration-service-provider#system-allowbuildpreview) | Specify whether users can access the Insider build controls in the **Advanced Options** for Windows Update. | ✔️ |  |  |  |
+| [AllowEmbeddedMode](/windows/client-management/mdm/policy-configuration-service-provider#system-allowembeddedmode) | Specify whether to set general purpose device to be in embedded mode. | ✔️ |  ✔️ |  | ✔️ |
+| [AllowExperimentation](/windows/client-management/mdm/policy-configuration-service-provider#system-allowexperimentation) | Determine the level that Microsoft can experiment with the product to study user preferences or device behavior. | ✔️ |  |  | |
+| [AllowLocation](/windows/client-management/mdm/policy-configuration-service-provider#system-allowlocation) | Specify whether to allow app access to the Location service. | ✔️ |   ✔️ | ✔️ |  ✔️ |
+| [AllowStorageCard](/windows/client-management/mdm/policy-configuration-service-provider#system-allowstoragecard) | Specify whether the user is allowed to use the storage card for device storage. | ✔️ |  ✔️ |  | ✔️ |
+| [AllowTelemetry](/windows/client-management/mdm/policy-configuration-service-provider#system-allowtelemetry) | Allow the device to send diagnostic and usage data. | ✔️ | | ✔️ |  |
+| [AllowUserToResetPhone](/windows/client-management/mdm/policy-configuration-service-provider#system-allowusertoresetphone) | Allow the user to factory reset the phone. | ✔️ |  | |  |
+ConfigureTelemetryOptInChangeNotification | This policy setting determines whether a device shows notifications about telemetry levels to people on first sign-in or when changes occur in Settings.  | ✔️ |  |  |  |
+ConfigureTelemetryOptInSettingsUx | This policy setting determines whether people can change their own telemetry levels in Settings  | ✔️ |  |  |  |
+| DisableDeviceDelete | Specify whether the delete diagnostic data is enabled in the Diagnostic & Feedback Settings page. | ✔️ |  |  |  |
+| DisableDataDiagnosticViewer | Configure whether users can enable and launch the Diagnostic Data Viewer from the Diagnostic & Feedback Settings page. | ✔️ |  |  |  |
+| [DisableOneDriveFileSync](/windows/client-management/mdm/policy-configuration-service-provider#system-disableonedrivefilesync) | Prevent apps and features from working with files on OneDrive. | ✔️ | |  |  |
+| [LimitEnhancedDiagnosticDataWindowsAnalytics](/windows/client-management/mdm/policy-csp-system#system-limitenhanceddiagnosticdatawindowsanalytics) | This policy setting, in combination with the System/AllowTelemetry policy setting, enables organizations to send Microsoft a specific set of diagnostic data for IT insights via Windows Analytics services. To enable this behavior you must enable this policy setting, and set Allow Telemetry to level 2 (Enhanced). When you configure these policy settings, a basic level of diagnostic data plus additional events that are required for Windows Analytics are sent to Microsoft. These events are documented in [Windows 10, version 1703 basic level Windows diagnostic events and fields](/windows/privacy/enhanced-diagnostic-data-windows-analytics-events-and-fields). Enabling enhanced diagnostic data in the System/AllowTelemetry policy in combination with not configuring this policy will also send the required events for Windows Analytics, plus additional enhanced level diagnostic data. This setting has no effect on computers configured to send full, basic or security level diagnostic data to Microsoft. If you disable or do not configure this policy setting, then the level of diagnostic data sent to Microsoft is determined by the System/AllowTelemetry policy.  | ✔️ |  |  |  |
 
 
 ## TextInput
 
-| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
-| --- | --- | :---: | :---: | :---: | :---: | :---: |
-| [AllowIMELogging](/windows/client-management/mdm/policy-configuration-service-provider#textinput-allowimelogging) | Allow the user to turn on and off the logging for incorrect conversion and saving auto-tuning result to a file and history-based predictive input. | ✔️ |  |  |  |  |
-| [AllowIMENetworkAccess](/windows/client-management/mdm/policy-configuration-service-provider#textinput-allowimenetworkaccess) | Allow the user to turn on Open Extended Dictionary, Internet search integration, or cloud candidate features to provide input suggestions that do not exist in the device's local dictionary. | ✔️ |  |  |  |  |
-| [AllowInputPanel](/windows/client-management/mdm/policy-configuration-service-provider#textinput-allowinputpanel) | Disable the touch/handwriting keyboard. | ✔️ |  |  |  |  |
-| [AllowJapaneseIMESurrogatePairCharacters](/windows/client-management/mdm/policy-configuration-service-provider#textinput-allowjapaneseimesurrogatepaircharacters) | Allow the Japanese IME surrogate pair characters. | ✔️ |  |  |  |  |
-| [AllowJapaneseIVSCharacters](/windows/client-management/mdm/policy-configuration-service-provider#textinput-allowjapaneseivscharacters) | Allow Japanese Ideographic Variation Sequence (IVS) characters. | ✔️ |  |  |  |  |
-| [AllJapaneseNonPublishingStandardGlyph](/windows/client-management/mdm/policy-configuration-service-provider#textinput-allowjapanesenonpublishingstandardglyph) | All the Japanese non-publishing standard glyph. | ✔️ |  |  |  |  |
-| [AllowJapaneseUserDictionary](/windows/client-management/mdm/policy-configuration-service-provider#textinput-allowjapaneseuserdictionary) | Allow the Japanese user dictionary. | ✔️ |  |  |  |  |
-| [AllowKeyboardTextSuggestions](/windows/client-management/mdm/policy-configuration-service-provider#textinput-allowkeyboardtextsuggestions) | Specify whether text prediction is enabled or disabled for the on-screen keyboard, touch keyboard, and handwriting recognition tool. | ✔️ |  |  |  |  |
-| [AllowLanguageFeaturesUninstall](/windows/client-management/mdm/policy-configuration-service-provider#textinput-allowlanguagefeaturesuninstall) | All language features to be uninstalled. | ✔️ |  |  |  |  |
-| AllowUserInputsFromMiracastRecevier | Do not use. Instead, use [WirelessDisplay](#wirelessdisplay)/[AllowUserInputFromWirelessDisplayReceiver](/windows/client-management/mdm/policy-configuration-service-provider#wirelessdisplay-allowuserinputfromwirelessdisplayreceiver)  |  |  |  |  |  |
-| [ExcludeJapaneseIMEExceptISO208](/windows/client-management/mdm/policy-configuration-service-provider#textinput-excludejapaneseimeexceptjis0208) | Allow users to restrict character code range of conversion by setting the character filter.  | ✔️ |  |  |  |  |
-| [ExcludeJapaneseIMEExceptISO208andEUDC](/windows/client-management/mdm/policy-configuration-service-provider#textinput-excludejapaneseimeexceptjis0208andeudc) | Allow users to restrict character code range of conversion by setting the character filter.  | ✔️ |  |  |  |  |
-| [ExcludeJapaneseIMEExceptShiftJIS](/windows/client-management/mdm/policy-configuration-service-provider#textinput-excludejapaneseimeexceptshiftjis) | Allow users to restrict character code range of conversion by setting the character filter. | ✔️ |  |  |  |  |
+| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
+| --- | --- | :---: |  :---: | :---: | :---: |
+| [AllowIMELogging](/windows/client-management/mdm/policy-configuration-service-provider#textinput-allowimelogging) | Allow the user to turn on and off the logging for incorrect conversion and saving auto-tuning result to a file and history-based predictive input. | ✔️ |  |  |  |
+| [AllowIMENetworkAccess](/windows/client-management/mdm/policy-configuration-service-provider#textinput-allowimenetworkaccess) | Allow the user to turn on Open Extended Dictionary, Internet search integration, or cloud candidate features to provide input suggestions that do not exist in the device's local dictionary. | ✔️ |  |  |  |
+| [AllowInputPanel](/windows/client-management/mdm/policy-configuration-service-provider#textinput-allowinputpanel) | Disable the touch/handwriting keyboard. | ✔️ |  |  |  |
+| [AllowJapaneseIMESurrogatePairCharacters](/windows/client-management/mdm/policy-configuration-service-provider#textinput-allowjapaneseimesurrogatepaircharacters) | Allow the Japanese IME surrogate pair characters. | ✔️ |  |  |  |
+| [AllowJapaneseIVSCharacters](/windows/client-management/mdm/policy-configuration-service-provider#textinput-allowjapaneseivscharacters) | Allow Japanese Ideographic Variation Sequence (IVS) characters. | ✔️ |  |  |  |
+| [AllJapaneseNonPublishingStandardGlyph](/windows/client-management/mdm/policy-configuration-service-provider#textinput-allowjapanesenonpublishingstandardglyph) | All the Japanese non-publishing standard glyph. | ✔️ |   |  |  |
+| [AllowJapaneseUserDictionary](/windows/client-management/mdm/policy-configuration-service-provider#textinput-allowjapaneseuserdictionary) | Allow the Japanese user dictionary. | ✔️ |  |  |  |
+| [AllowKeyboardTextSuggestions](/windows/client-management/mdm/policy-configuration-service-provider#textinput-allowkeyboardtextsuggestions) | Specify whether text prediction is enabled or disabled for the on-screen keyboard, touch keyboard, and handwriting recognition tool. | ✔️ |  |  |  |
+| [AllowLanguageFeaturesUninstall](/windows/client-management/mdm/policy-configuration-service-provider#textinput-allowlanguagefeaturesuninstall) | All language features to be uninstalled. | ✔️ |  |  |  |
+| AllowUserInputsFromMiracastRecevier | Do not use. Instead, use [WirelessDisplay](#wirelessdisplay)/[AllowUserInputFromWirelessDisplayReceiver](/windows/client-management/mdm/policy-configuration-service-provider#wirelessdisplay-allowuserinputfromwirelessdisplayreceiver)  |  |  |  |  |  
+| [ExcludeJapaneseIMEExceptISO208](/windows/client-management/mdm/policy-configuration-service-provider#textinput-excludejapaneseimeexceptjis0208) | Allow users to restrict character code range of conversion by setting the character filter.  | ✔️ |  |  |  |
+| [ExcludeJapaneseIMEExceptISO208andEUDC](/windows/client-management/mdm/policy-configuration-service-provider#textinput-excludejapaneseimeexceptjis0208andeudc) | Allow users to restrict character code range of conversion by setting the character filter.  | ✔️ |  |  |  |
+| [ExcludeJapaneseIMEExceptShiftJIS](/windows/client-management/mdm/policy-configuration-service-provider#textinput-excludejapaneseimeexceptshiftjis) | Allow users to restrict character code range of conversion by setting the character filter. | ✔️ |  |  |  |
 
 
 ## TimeLanguageSettings
 
-| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
-| --- | --- | :---: | :---: | :---: | :---: | :---: |
-| [AllowSet24HourClock](/windows/client-management/mdm/policy-configuration-service-provider#timelanguagesettings-allowset24hourclock) | Configure the default clock setting to be the 24 hour format. |  | ✔️ |  |  |  |
+| Setting | Description | Windows client |  Surface Hub | HoloLens | IoT Core |
+| --- | --- | :---: | :---: | :---: | :---: | 
+| [AllowSet24HourClock](/windows/client-management/mdm/policy-configuration-service-provider#timelanguagesettings-allowset24hourclock) | Configure the default clock setting to be the 24 hour format. |  |  |  |  |
 
 
 ## Update
 
-|                                                                                                   Setting                                                                                                    |                                                                      Description                                                                      | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
-|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------|:----------------:|:---------------:|:-----------:|:--------:|:--------:|
-|                                    [ActiveHoursEnd](/windows/client-management/mdm/policy-configuration-service-provider#update-activehoursend)                                    |                    Use with **Update/ActiveHoursStart** to manage the range of active hours where update rboots are not scheduled.                    |        ✔️         |        ✔️        |      ✔️      |          |    ✔️     |
-|                               [ActiveHoursMaxRange](/windows/client-management/mdm/policy-configuration-service-provider#update-activehoursmaxrange)                               |                                                        Specify the maximum active hours range.                                                        |        ✔️         |        ✔️        |      ✔️      |          |    ✔️     |
-|                                  [ActiveHoursStart](/windows/client-management/mdm/policy-configuration-service-provider#update-activehoursstart)                                  |                    Use with **Update/ActiveHoursEnd** to manage the range of active hours where update reboots are not scheduled.                     |        ✔️         |        ✔️        |      ✔️      |          |    ✔️     |
-|                                   [AllowAutoUpdate](/windows/client-management/mdm/policy-configuration-service-provider#update-allowautoupdate)                                   |                                      Configure automatic update behavior to scan, download, and install updates.                                      |        ✔️         |        ✔️        |      ✔️      |    ✔️     |    ✔️     |
-|            [AllowAutoWindowsUpdateDownloadOverMeteredNetwork](/windows/client-management/mdm/policy-csp-update#update-allowautowindowsupdatedownloadovermeterednetwork)            |          Option to download updates automatically over metered connections (off by default). Enter `0` for not allowed, or `1` for allowed.           |        ✔️         |        ✔️        |      ✔️      |          |    ✔️     |
-|                              [AllowMUUpdateService](/windows/client-management/mdm/policy-configuration-service-provider#update-allowmuupdateservice)                              |                                             Manage whether to scan for app updates from Microsoft Update.                                             |        ✔️         |        ✔️        |      ✔️      |    ✔️     |    ✔️     |
-|                     [AllowNonMicrosoftSignedUpdate](/windows/client-management/mdm/policy-configuration-service-provider#update-allownonmicrosoftsignedupdate)                     |  Manage whether Automatic Updates accepts updates signed by entities other than Microsoft when the update is found at the UpdateServiceUrl location.  |        ✔️         |        ✔️        |      ✔️      |          |    ✔️     |
-|                                [AllowUpdateService](/windows/client-management/mdm/policy-configuration-service-provider#update-allowupdateservice)                                |                    Specify whether the device can use Microsoft Update, Windows Server Update Services (WSUS), or Microsoft Store.                    |        ✔️         |        ✔️        |      ✔️      |    ✔️     |    ✔️     |
-|                             [AutoRestartDeadlinePeriodInDays](/windows/client-management/mdm/policy-csp-update#update-autorestartdeadlineperiodindays)                             |          Specify number of days (between 2 and 30) after which a forced restart will occur outside of active hours when restart is pending.           |        ✔️         |        ✔️        |      ✔️      |          |    ✔️     |
-|            [AutoRestartDeadlinePeriodInDaysForFeatureUpdates](/windows/client-management/mdm/policy-csp-update#update-autorestartdeadlineperiodindaysforfeatureupdates)            |          Specify number of days (between 2 and 30) after which a forced restart will occur outside of active hours when restart is pending.           |        ✔️         |        ✔️        |      ✔️      |          |    ✔️     |
-|                   [AutoRestartNotificationSchedule](/windows/client-management/mdm/policy-configuration-service-provider#update-autorestartnotificationschedule)                   |                                              Specify the period for auto-restart reminder notifications.                                              |        ✔️         |        ✔️        |      ✔️      |          |    ✔️     |
-|          [AutoRestartRequiredNotificationDismissal](/windows/client-management/mdm/policy-configuration-service-provider#update-autorestartrequirednotificationdismissal)          |                                   Specify the method by which the auto-restart required notification is dismissed.                                    |        ✔️         |        ✔️        |      ✔️      |          |    ✔️     |
-|                              [BranchReadinessLevel](/windows/client-management/mdm/policy-configuration-service-provider#update-branchreadinesslevel)                              |                                               Select which branch a device receives their updates from.                                               |        ✔️         |        ✔️        |      ✔️      |    ✔️     |    ✔️     |
-|                   [DeferFeatureUpdatesPeriodInDays](/windows/client-management/mdm/policy-configuration-service-provider#update-deferfeatureupdatesperiodindays)                   |                                                Defer Feature Updates for the specified number of days.                                                |        ✔️         |        ✔️        |      ✔️      |          |    ✔️     |
-|                   [DeferQualityUpdatesPeriodInDays](/windows/client-management/mdm/policy-configuration-service-provider#update-deferqualityupdatesperiodindays)                   |                                                Defer Quality Updates for the specified number of days.                                                |        ✔️         |        ✔️        |      ✔️      |          |    ✔️     |
-|                                           [DeferUpdatePeriod](/windows/client-management/mdm/policy-csp-update#update-deferupdateperiod)                                           |                                                       Specify update delays for up to 4 weeks.                                                        |        ✔️         |        ✔️        |      ✔️      |    ✔️     |    ✔️     |
-|                                          [DeferUpgradePeriod](/windows/client-management/mdm/policy-csp-update#update-deferupgradeperiod)                                          |                                                      Specify upgrade delays for up to 8 months.                                                       |        ✔️         |        ✔️        |      ✔️      |    ✔️     |    ✔️     |
-|                                [DetectionFrequency](/windows/client-management/mdm/policy-configuration-service-provider#update-detectionfrequency)                                |                                           Specify the frequency to scan for updates, from every 1-22 hours.                                           |        ✔️         |        ✔️        |      ✔️      |    ✔️     |    ✔️     |
-|                                             [DisableDualScan](/windows/client-management/mdm/policy-csp-update#update-disabledualscan)                                             |                                     Do not allow update deferral policies to cause scans against Windows Update.                                      |        ✔️         |        ✔️        |      ✔️      |          |    ✔️     |
-|                            [EngagedRestartDeadline](/windows/client-management/mdm/policy-configuration-service-provider#update-engagedrestartdeadline)                            |                 Specify the deadline in days before automatically scheduling and executing a pending restart outside of active hours.                 |        ✔️         |        ✔️        |      ✔️      |          |    ✔️     |
-|           [EngagedRestartDeadlineForFeatureUpdates](/windows/client-management/mdm/policy-configuration-service-provider#update-engagedrestartdeadlineforfeatureupdates)           |                 Specify the deadline in days before automatically scheduling and executing a pending restart outside of active hours.                 |        ✔️         |        ✔️        |      ✔️      |          |    ✔️     |
-|                      [EngagedRestartSnoozeSchedule](/windows/client-management/mdm/policy-configuration-service-provider#update-engagedrestartsnoozeschedule)                      |                                 Specify the number of days a user can snooze Engaged restart reminder notifications.                                  |        ✔️         |        ✔️        |      ✔️      |          |    ✔️     |
-|     [EngagedRestartSnoozeScheduleForFeatureUpdates](/windows/client-management/mdm/policy-configuration-service-provider#update-engagedrestartsnoozescheduleforfeatureupdates)     |                                 Specify the number of days a user can snooze Engaged restart reminder notifications.                                  |        ✔️         |        ✔️        |      ✔️      |          |    ✔️     |
-|                  [EngagedRestartTransitionSchedule](/windows/client-management/mdm/policy-configuration-service-provider#update-engagedrestarttransitionschedule)                  | Specify the timing before transitioning from Auto restarts scheduled outside of active hours to Engaged restart, which requires the user to schedule. |        ✔️         |        ✔️        |      ✔️      |          |    ✔️     |
-| [EngagedRestartTransitionScheduleForFeatureUpdates](/windows/client-management/mdm/policy-configuration-service-provider#update-engagedrestarttransitionscheduleforfeatureupdates) | Specify the timing before transitioning from Auto restarts scheduled outside of active hours to Engaged restart, which requires the user to schedule. |        ✔️         |        ✔️        |      ✔️      |          |    ✔️     |
-|                   [ExcludeWUDriversInQualityUpdate](/windows/client-management/mdm/policy-configuration-service-provider#update-excludewudriversinqualityupdate)                   |                                              Exclude Windws Update (WU) drivers during quality updates.                                               |        ✔️         |                 |      ✔️      |          |    ✔️     |
-|                              [FillEmptyContentUrls](/windows/client-management/mdm/policy-configuration-service-provider#update-fillemptycontenturls)                              |                            Allow Windows Update Agent to determine the download URL when it is missing from the metadata.                             |        ✔️         |        ✔️        |      ✔️      |          |    ✔️     |
-|                                                                                             ManagePreviewBuilds                                                                                              |                                                       Use to enable or disable preview builds.                                                        |        ✔️         |        ✔️        |      ✔️      |    ✔️     |    ✔️     |
-|                                                                                           PhoneUpdateRestrictions                                                                                            |                                                                      Deprecated                                                                       |                  |        ✔️        |             |          |          |
-|                               [RequireDeferUpgrade](/windows/client-management/mdm/policy-configuration-service-provider#update-requiredeferupgrade)                               |                                      Configure device to receive updates from Current Branch for Business (CBB).                                      |        ✔️         |        ✔️        |      ✔️      |    ✔️     |    ✔️     |
-|                               [ScheduledInstallDay](/windows/client-management/mdm/policy-configuration-service-provider#update-scheduledinstallday)                               |                                                       Schedule the day for update installation.                                                       |        ✔️         |        ✔️        |      ✔️      |    ✔️     |    ✔️     |
-|                                   [ScheduledInstallEveryWeek](/windows/client-management/mdm/policy-csp-update#update-scheduledinstalleveryweek)                                   |                                           To schedule update installation every week, set the value as `1`.                                           |        ✔️         |        ✔️        |      ✔️      |    ✔️     |    ✔️     |
-|                                   [ScheduledInstallFirstWeek](/windows/client-management/mdm/policy-csp-update#update-scheduledinstallfirstweek)                                   |                                  To schedule update installation the first week of the month, see the value as `1`.                                   |        ✔️         |        ✔️        |      ✔️      |    ✔️     |    ✔️     |
-|                                  [ScheduledInstallFourthWeek](/windows/client-management/mdm/policy-csp-update#update-scheduledinstallfourthweek)                                  |                                  To schedule update installation the fourth week of the month, see the value as `1`.                                  |        ✔️         |        ✔️        |      ✔️      |    ✔️     |    ✔️     |
-|                                  [ScheduledInstallSecondWeek](/windows/client-management/mdm/policy-csp-update#update-scheduledinstallsecondweek)                                  |                                  To schedule update installation the second week of the month, see the value as `1`.                                  |        ✔️         |        ✔️        |      ✔️      |    ✔️     |    ✔️     |
-|                                   [ScheduledInstallThirdWeek](/windows/client-management/mdm/policy-csp-update#update-scheduledinstallthirdweek)                                   |                                  To schedule update installation the third week of the month, see the value as `1`.                                   |        ✔️         |        ✔️        |      ✔️      |    ✔️     |    ✔️     |
-|                              [ScheduledInstallTime](/windows/client-management/mdm/policy-configuration-service-provider#update-scheduledinstalltime)                              |                                                      Schedule the time for update installation.                                                       |        ✔️         |        ✔️        |      ✔️      |    ✔️     |    ✔️     |
-|                    [ScheduleImminentRestartWarning](/windows/client-management/mdm/policy-configuration-service-provider#update-scheduleimminentrestartwarning)                    |                                          Specify the period for auto-restart imminent warning notifications.                                          |        ✔️         |        ✔️        |      ✔️      |          |    ✔️     |
-|                            [ScheduleRestartWarning](/windows/client-management/mdm/policy-configuration-service-provider#update-schedulerestartwarning)                            |                                          Specify the period for auto-restart warning reminder notifications.                                          |        ✔️         |        ✔️        |      ✔️      |          |    ✔️     |
-|                 [SetAutoRestartNotificationDisable](/windows/client-management/mdm/policy-configuration-service-provider#update-setautorestartnotificationdisable)                 |                                             Disable auto-restart notifications for update installations.                                              |        ✔️         |        ✔️        |      ✔️      |          |    ✔️     |
-|                           [SetDisablePauseUXAccess](/windows/client-management/mdm/policy-configuration-service-provider#update-setdisablepauseuxaccess)                           |                                                        Disable access to scan Windows Update.                                                         |        ✔️         |        ✔️        |      ✔️      |          |    ✔️     |
-|                              [SetDisableUXWUAccess](/windows/client-management/mdm/policy-configuration-service-provider#update-setdisableuxwuaccess)                              |                                                        Disable the **Pause updates** feature.                                                         |        ✔️         |        ✔️        |      ✔️      |          |    ✔️     |
-|                                     [SetEDURestart](/windows/client-management/mdm/policy-configuration-service-provider#update-setedurestart)                                     |                            Skip the check for battery level to ensure that the reboot will happen at ScheduledInstallTime.                            |        ✔️         |        ✔️        |      ✔️      |          |    ✔️     |
-|                                                                                           UpdateNotificationLevel                                                                                            |                            Specify whether to enable or disable Windows Update notifications, including restart warnings.                             |        ✔️         |        ✔️        |      ✔️      |          |    ✔️     |
-|                                  [UpdateServiceUrl](/windows/client-management/mdm/policy-configuration-service-provider#update-updateserviceurl)                                  |                               Configure the device to check for updates from a WSUS server instead of Microsoft Update.                               |        ✔️         |        ✔️        |      ✔️      |    ✔️     |    ✔️     |
-|                         [UpdateServiceUrlAlternate](/windows/client-management/mdm/policy-configuration-service-provider#update-updateserviceurlalternate)                         |                                      Specify an alternate intranet server to host updates from Microsoft Update.                                      |        ✔️         |        ✔️        |      ✔️      |    ✔️     |    ✔️     |
+| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
+|---------|-------------|:--------------:|:-----------:|:--------:|:--------:|
+| [ActiveHoursEnd](/windows/client-management/mdm/policy-configuration-service-provider#update-activehoursend) | Use with **Update/ActiveHoursStart** to manage the range of active hours where update reboots are not scheduled. | ✔️ | ✔️ | | ✔️ |
+| [ActiveHoursMaxRange](/windows/client-management/mdm/policy-configuration-service-provider#update-activehoursmaxrange) | Specify the maximum active hours range. | ✔️ | ✔️ | | ✔️ |
+| [ActiveHoursStart](/windows/client-management/mdm/policy-configuration-service-provider#update-activehoursstart) | Use with **Update/ActiveHoursEnd** to manage the range of active hours where update reboots are not scheduled. | ✔️ | ✔️ | | ✔️ |
+| [AllowAutoUpdate](/windows/client-management/mdm/policy-configuration-service-provider#update-allowautoupdate) | Configure automatic update behavior to scan, download, and install updates. | ✔️ | ✔️ | ✔️ | ✔️ |
+| [AllowAutoWindowsUpdateDownloadOverMeteredNetwork](/windows/client-management/mdm/policy-csp-update#update-allowautowindowsupdatedownloadovermeterednetwork) | Option to download updates automatically over metered connections (off by default). Enter `0` for not allowed, or `1` for allowed. | ✔️ | ✔️ | | ✔️ |
+| [AllowMUUpdateService](/windows/client-management/mdm/policy-configuration-service-provider#update-allowmuupdateservice) | Manage whether to scan for app updates from Microsoft Update. | ✔️ | ✔️ | ✔️ | ✔️ |
+| [AllowNonMicrosoftSignedUpdate](/windows/client-management/mdm/policy-configuration-service-provider#update-allownonmicrosoftsignedupdate) | Manage whether Automatic Updates accepts updates signed by entities other than Microsoft when the update is found at the UpdateServiceUrl location. | ✔️ | ✔️ | | ✔️ |
+| [AllowUpdateService](/windows/client-management/mdm/policy-configuration-service-provider#update-allowupdateservice) | Specify whether the device can use Microsoft Update, Windows Server Update Services (WSUS), or Microsoft Store. | ✔️ | ✔️ | ✔️ | ✔️ |
+| [AutoRestartDeadlinePeriodInDays](/windows/client-management/mdm/policy-csp-update#update-autorestartdeadlineperiodindays) | Specify number of days (between 2 and 30) after which a forced restart will occur outside of active hours when restart is pending. | ✔️ | ✔️ | | ✔️ |
+| [AutoRestartDeadlinePeriodInDaysForFeatureUpdates](/windows/client-management/mdm/policy-csp-update#update-autorestartdeadlineperiodindaysforfeatureupdates) | Specify number of days (between 2 and 30) after which a forced restart will occur outside of active hours when restart is pending. | ✔️ | ✔️ | | ✔️ |
+| [AutoRestartNotificationSchedule](/windows/client-management/mdm/policy-configuration-service-provider#update-autorestartnotificationschedule) | Specify the period for auto-restart reminder notifications. | ✔️ | ✔️ | | ✔️ |
+| [AutoRestartRequiredNotificationDismissal](/windows/client-management/mdm/policy-configuration-service-provider#update-autorestartrequirednotificationdismissal) | Specify the method by which the auto-restart required notification is dismissed. | ✔️ | ✔️ | | ✔️ |
+| [BranchReadinessLevel](/windows/client-management/mdm/policy-configuration-service-provider#update-branchreadinesslevel) | Select which branch a device receives their updates from. | ✔️ | ✔️ | ✔️ | ✔️ |
+| [DeferFeatureUpdatesPeriodInDays](/windows/client-management/mdm/policy-configuration-service-provider#update-deferfeatureupdatesperiodindays) | Defer Feature Updates for the specified number of days. | ✔️ | ✔️ | | ✔️ |
+| [DeferQualityUpdatesPeriodInDays](/windows/client-management/mdm/policy-configuration-service-provider#update-deferqualityupdatesperiodindays) | Defer Quality Updates for the specified number of days. | ✔️ | ✔️ | | ✔️ |
+| [DeferUpdatePeriod](/windows/client-management/mdm/policy-csp-update#update-deferupdateperiod) | Specify update delays for up to 4 weeks. | ✔️ | ✔️ | ✔️ | ✔️ |
+| [DeferUpgradePeriod](/windows/client-management/mdm/policy-csp-update#update-deferupgradeperiod) | Specify upgrade delays for up to 8 months. | ✔️ | ✔️ | ✔️ | ✔️ |
+| [DetectionFrequency](/windows/client-management/mdm/policy-configuration-service-provider#update-detectionfrequency) | Specify the frequency to scan for updates, from every 1-22 hours. | ✔️ | ✔️ | ✔️ | ✔️ |
+| [DisableDualScan](/windows/client-management/mdm/policy-csp-update#update-disabledualscan) | Do not allow update deferral policies to cause scans against Windows Update. | ✔️ | ✔️ | | ✔️ |
+| [EngagedRestartDeadline](/windows/client-management/mdm/policy-configuration-service-provider#update-engagedrestartdeadline) | Specify the deadline in days before automatically scheduling and executing a pending restart outside of active hours. | ✔️ | ✔️ | | ✔️ |
+| [EngagedRestartDeadlineForFeatureUpdates](/windows/client-management/mdm/policy-configuration-service-provider#update-engagedrestartdeadlineforfeatureupdates) | Specify the deadline in days before automatically scheduling and executing a pending restart outside of active hours. | ✔️ | ✔️ | | ✔️ |
+| [EngagedRestartSnoozeSchedule](/windows/client-management/mdm/policy-configuration-service-provider#update-engagedrestartsnoozeschedule) | Specify the number of days a user can snooze Engaged restart reminder notifications. | ✔️ | ✔️ | | ✔️ |
+| [EngagedRestartSnoozeScheduleForFeatureUpdates](/windows/client-management/mdm/policy-configuration-service-provider#update-engagedrestartsnoozescheduleforfeatureupdates) | Specify the number of days a user can snooze Engaged restart reminder notifications. | ✔️ | ✔️ | | ✔️ |
+| [EngagedRestartTransitionSchedule](/windows/client-management/mdm/policy-configuration-service-provider#update-engagedrestarttransitionschedule) | Specify the timing before transitioning from Auto restarts scheduled outside of active hours to Engaged restart, which requires the user to schedule. | ✔️ | ✔️ | | ✔️ |
+| [EngagedRestartTransitionScheduleForFeatureUpdates](/windows/client-management/mdm/policy-configuration-service-provider#update-engagedrestarttransitionscheduleforfeatureupdates) | Specify the timing before transitioning from Auto restarts scheduled outside of active hours to Engaged restart, which requires the user to schedule. | ✔️ | ✔️ | | ✔️ |
+| [ExcludeWUDriversInQualityUpdate](/windows/client-management/mdm/policy-configuration-service-provider#update-excludewudriversinqualityupdate) | Exclude Windows Update (WU) drivers during quality updates. | ✔️ | ✔️ | | ✔️ |
+| [FillEmptyContentUrls](/windows/client-management/mdm/policy-configuration-service-provider#update-fillemptycontenturls) | Allow Windows Update Agent to determine the download URL when it is missing from the metadata. | ✔️ | ✔️ | | ✔️ |
+| ManagePreviewBuilds | Use to enable or disable preview builds. | ✔️ | ✔️ | ✔️ | ✔️ |
+| PhoneUpdateRestrictions | Deprecated | | ✔️ | | |
+| [RequireDeferUpgrade](/windows/client-management/mdm/policy-configuration-service-provider#update-requiredeferupgrade) | Configure device to receive updates from Current Branch for Business (CBB). | ✔️ | ✔️ | ✔️ | ✔️ |
+| [ScheduledInstallDay](/windows/client-management/mdm/policy-configuration-service-provider#update-scheduledinstallday) | Schedule the day for update installation. | ✔️ | ✔️ | ✔️ | ✔️ |
+| [ScheduledInstallEveryWeek](/windows/client-management/mdm/policy-csp-update#update-scheduledinstalleveryweek) | To schedule update installation every week, set the value as `1`. | ✔️ | ✔️ | ✔️ | ✔️ |
+| [ScheduledInstallFirstWeek](/windows/client-management/mdm/policy-csp-update#update-scheduledinstallfirstweek) | To schedule update installation the first week of the month, see the value as `1`. | ✔️ | ✔️ | ✔️ | ✔️ |
+| [ScheduledInstallFourthWeek](/windows/client-management/mdm/policy-csp-update#update-scheduledinstallfourthweek) | To schedule update installation the fourth week of the month, see the value as `1`. | ✔️ | ✔️ | ✔️ | ✔️ |
+| [ScheduledInstallSecondWeek](/windows/client-management/mdm/policy-csp-update#update-scheduledinstallsecondweek) | To schedule update installation the second week of the month, see the value as `1`. | ✔️ | ✔️ | ✔️ | ✔️ |
+| [ScheduledInstallThirdWeek](/windows/client-management/mdm/policy-csp-update#update-scheduledinstallthirdweek) | To schedule update installation the third week of the month, see the value as `1`. | ✔️ | ✔️ | ✔️ | ✔️ |
+| [ScheduledInstallTime](/windows/client-management/mdm/policy-configuration-service-provider#update-scheduledinstalltime) | Schedule the time for update installation. | ✔️ | ✔️ | ✔️ | ✔️ |
+| [ScheduleImminentRestartWarning](/windows/client-management/mdm/policy-configuration-service-provider#update-scheduleimminentrestartwarning) | Specify the period for auto-restart imminent warning notifications. | ✔️ | ✔️ | | ✔️ |
+| [ScheduleRestartWarning](/windows/client-management/mdm/policy-configuration-service-provider#update-schedulerestartwarning) | Specify the period for auto-restart warning reminder notifications. | ✔️ | ✔️ | | ✔️ |
+| [SetAutoRestartNotificationDisable](/windows/client-management/mdm/policy-configuration-service-provider#update-setautorestartnotificationdisable) | Disable auto-restart notifications for update installations. | ✔️ | ✔️ | | ✔️ |
+| [SetDisablePauseUXAccess](/windows/client-management/mdm/policy-configuration-service-provider#update-setdisablepauseuxaccess) | Disable access to scan Windows Update. | ✔️ | ✔️ | | ✔️ |
+| [SetDisableUXWUAccess](/windows/client-management/mdm/policy-configuration-service-provider#update-setdisableuxwuaccess) | Disable the **Pause updates** feature. | ✔️ | ✔️ | | ✔️ |
+| [SetEDURestart](/windows/client-management/mdm/policy-configuration-service-provider#update-setedurestart) | Skip the check for battery level to ensure that the reboot will happen at ScheduledInstallTime. | ✔️ | ✔️ | | ✔️ |
+| UpdateNotificationLevel | Specify whether to enable or disable Windows Update notifications, including restart warnings. | ✔️ | ✔️ | | ✔️ |
+| [UpdateServiceUrl](/windows/client-management/mdm/policy-configuration-service-provider#update-updateserviceurl) | Configure the device to check for updates from a WSUS server instead of Microsoft Update. | ✔️ | ✔️ | ✔️ | ✔️ |
+| [UpdateServiceUrlAlternate](/windows/client-management/mdm/policy-configuration-service-provider#update-updateserviceurlalternate) | Specify an alternate intranet server to host updates from Microsoft Update. | ✔️ | ✔️ | ✔️ | ✔️ |
 
 ## WiFi
 
-| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
-| --- | --- | :---: | :---: | :---: | :---: | :---: |
-| [AllowAutoConnectToWiFiSenseHotspots](/windows/client-management/mdm/policy-configuration-service-provider#wifi-allowautoconnecttowifisensehotspots) | Allow the device to connect automatically to Wi-Fi hotspots. | ✔️ | ✔️ |  |  |  |
-| [AllowInternetSharing](/windows/client-management/mdm/policy-configuration-service-provider#wifi-allowinternetsharing) | Allow Internet sharing. | ✔️ | ✔️ |  |  |  |
-| [AllowManualWiFiConfiguration](/windows/client-management/mdm/policy-configuration-service-provider#wifi-allowmanualwificonfiguration) | Allow connecting to Wi-Fi outside of MDM server-installed networks. |  | ✔️ |  |  |  |
-| [AllowWiFi](/windows/client-management/mdm/policy-configuration-service-provider#wifi-allowwifi) | Allow Wi-Fi connections. |  | ✔️ |  |  |  |
-| [WLANScanMode](/windows/client-management/mdm/policy-configuration-service-provider#wifi-wlanscanmode) | Configure the WLAN scanning behavior and how aggressively devices should be actively scanning for Wi-Fi networks to get devices connected. | ✔️ | ✔️ | ✔️ |  | ✔️ |
+| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
+| --- | --- | :---: | :---: | :---: | :---: |
+| [AllowAutoConnectToWiFiSenseHotspots](/windows/client-management/mdm/policy-configuration-service-provider#wifi-allowautoconnecttowifisensehotspots) | Allow the device to connect automatically to Wi-Fi hotspots. | ✔️ |  |  |  |
+| [AllowInternetSharing](/windows/client-management/mdm/policy-configuration-service-provider#wifi-allowinternetsharing) | Allow Internet sharing. | ✔️ |   |  |  |
+| [AllowManualWiFiConfiguration](/windows/client-management/mdm/policy-configuration-service-provider#wifi-allowmanualwificonfiguration) | Allow connecting to Wi-Fi outside of MDM server-installed networks. |  |   |  |  |
+| [AllowWiFi](/windows/client-management/mdm/policy-configuration-service-provider#wifi-allowwifi) | Allow Wi-Fi connections. |  |   |  |  |
+| [WLANScanMode](/windows/client-management/mdm/policy-configuration-service-provider#wifi-wlanscanmode) | Configure the WLAN scanning behavior and how aggressively devices should be actively scanning for Wi-Fi networks to get devices connected. | ✔️ | ✔️ |  | ✔️ |
 
 ## WindowsInkWorkspace
 
-| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
-| --- | --- | :---: | :---: | :---: | :---: | :---: |
-| [AllowSuggestedAppsInWindowsInkWorkspace](/windows/client-management/mdm/policy-configuration-service-provider#windowsinkworkspace-allowsuggestedappsinwindowsinkworkspace) | Show recommended app suggestions in the ink workspace. | ✔️ |  |  |  |  |
-| [AllowWindowsInkWorkspace](/windows/client-management/mdm/policy-configuration-service-provider#windowsinkworkspace-allowwindowsinkworkspace) | Specify whether to allow the user to access the ink workspace. | ✔️ |  |  |  |  |
+| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
+| --- | --- | :---: | :---: | :---: | :---: |
+| [AllowSuggestedAppsInWindowsInkWorkspace](/windows/client-management/mdm/policy-configuration-service-provider#windowsinkworkspace-allowsuggestedappsinwindowsinkworkspace) | Show recommended app suggestions in the ink workspace. | ✔️ |  |  |  |
+| [AllowWindowsInkWorkspace](/windows/client-management/mdm/policy-configuration-service-provider#windowsinkworkspace-allowwindowsinkworkspace) | Specify whether to allow the user to access the ink workspace. | ✔️ |  |  |  |
 
 
 ## WindowsLogon
 
-| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
-| --- | --- | :---: | :---: | :---: | :---: | :---: |
-| [HideFastUserSwitching](/windows/client-management/mdm/policy-configuration-service-provider#windowslogon-hidefastuserswitching) | Hide the **Switch account** button on the sign-in screen, Start, and the Task Manager. | ✔️ |  |  |  |  |
+
+| Setting | Description | Windows client |  Surface Hub | HoloLens | IoT Core |
+| --- | --- | :---: | :---: | :---: | :---: | 
+| [HideFastUserSwitching](/windows/client-management/mdm/policy-configuration-service-provider#windowslogon-hidefastuserswitching) | Hide the **Switch account** button on the sign-in screen, Start, and the Task Manager. | ✔️ |  |  |  |
 
 ## WirelessDisplay
 
-| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
-| --- | --- | :---: | :---: | :---: | :---: | :---: |
-| [AllowUserInputFromWirelessDisplayReceiver](/windows/client-management/mdm/policy-configuration-service-provider#wirelessdisplay-allowuserinputfromwirelessdisplayreceiver) | This policy controls whether or not the wireless display can send input (keyboard, mouse, pen, and touch, dependent upon display support) back to the source device. For example, a Surface Laptop is projecting wirelessly to a Surface Hub. If input from the wireless display receiver is allowed, users can draw with a pen on the Surface Hub.  | ✔️ | ✔️ |  |  |  |
+| Setting | Description | Windows client |  Surface Hub | HoloLens | IoT Core |
+| --- | --- | :---: |  :---: | :---: | :---: |
+| [AllowUserInputFromWirelessDisplayReceiver](/windows/client-management/mdm/policy-configuration-service-provider#wirelessdisplay-allowuserinputfromwirelessdisplayreceiver) | This policy controls whether or not the wireless display can send input (keyboard, mouse, pen, and touch, dependent upon display support) back to the source device. For example, a Surface Laptop is projecting wirelessly to a Surface Hub. If input from the wireless display receiver is allowed, users can draw with a pen on the Surface Hub.  | ✔️ |   |  |  |
diff --git a/windows/configuration/wcd/wcd-privacy.md b/windows/configuration/wcd/wcd-privacy.md
index 5904abff0c..867728c6b3 100644
--- a/windows/configuration/wcd/wcd-privacy.md
+++ b/windows/configuration/wcd/wcd-privacy.md
@@ -17,9 +17,9 @@ Use **Privacy** to configure settings for app activation with voice.
 
 ## Applies to
 
-| Setting   | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
-| --- | :---: | :---: | :---: | :---: | :---: |
-| All settings | ✔️  | ✔️ | ✔️ |  | ✔️ |
+| Setting   | Windows client |  Surface Hub | HoloLens | IoT Core |
+| --- | :---: | :---: | :---: | :---: |
+| All settings | ✔️  |  ✔️ |  | ✔️ |
 
 ## LetAppsActivateWithVoice
 
@@ -27,4 +27,4 @@ Select between **User is in control**, **Force allow**, or **Force deny**.
 
 ## LetAppsActivateWithVoiceAboveLock
 
-Select between **User is in control**, **Force allow**, or **Force deny**.
\ No newline at end of file
+Select between **User is in control**, **Force allow**, or **Force deny**.
diff --git a/windows/configuration/wcd/wcd-provisioningcommands.md b/windows/configuration/wcd/wcd-provisioningcommands.md
index 51ca4daddb..dab5b939b7 100644
--- a/windows/configuration/wcd/wcd-provisioningcommands.md
+++ b/windows/configuration/wcd/wcd-provisioningcommands.md
@@ -19,9 +19,9 @@ Use ProvisioningCommands settings to install Windows desktop applications using
 
 ## Applies to
 
-| Setting   | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
-| --- | :---: | :---: | :---: | :---: | :---: |
-| All settings | ✔️  |  |  |  |  |
+| Setting   | Windows client | Surface Hub | HoloLens | IoT Core |
+| --- | :---: | :---: | :---: | :---: | 
+| All settings | ✔️  |  |  |  |  
 
 For instructions on adding apps to provisioning packages, see [Provision PCs with apps](../provisioning-packages/provision-pcs-with-apps.md).
 
diff --git a/windows/configuration/wcd/wcd-sharedpc.md b/windows/configuration/wcd/wcd-sharedpc.md
index 2cee7eec84..3dd25e3954 100644
--- a/windows/configuration/wcd/wcd-sharedpc.md
+++ b/windows/configuration/wcd/wcd-sharedpc.md
@@ -20,9 +20,9 @@ Use SharedPC settings to optimize Windows 10 for shared use scenarios, such as t
 
 ## Applies to
 
-| Setting   | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
-| --- | :---: | :---: | :---: | :---: | :---: |
-| All settings | ✔️  |  |  |  |  |
+| Setting   | Windows client | Surface Hub | HoloLens | IoT Core |
+| --- | :---: | :---: | :---: | :---: | 
+| All settings | ✔️  |  |  |  |
 
 ## AccountManagement
 
diff --git a/windows/configuration/wcd/wcd-smisettings.md b/windows/configuration/wcd/wcd-smisettings.md
index f378d5f114..ed3dbc5df6 100644
--- a/windows/configuration/wcd/wcd-smisettings.md
+++ b/windows/configuration/wcd/wcd-smisettings.md
@@ -19,9 +19,9 @@ Use SMISettings settings to customize the device with custom shell, suppress Win
 
 ## Applies to
 
-| Setting   | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
-| --- | :---: | :---: | :---: | :---: | :---: |
-| All settings | ✔️  |  |  |  |  |
+| Setting   | Windows client | Surface Hub | HoloLens | IoT Core |
+| --- | :---: | :---: | :---: | :---: | 
+| All settings | ✔️  |  |  |  |
 
 ## All settings in SMISettings
 
diff --git a/windows/configuration/wcd/wcd-start.md b/windows/configuration/wcd/wcd-start.md
index cd1ddd0c36..b5e9674a75 100644
--- a/windows/configuration/wcd/wcd-start.md
+++ b/windows/configuration/wcd/wcd-start.md
@@ -19,12 +19,12 @@ Use Start settings to apply a customized Start screen to devices.
 
 ## Applies to
 
-| Setting   | Desktop editions | Surface Hub | HoloLens | IoT Core |
+| Setting   | Windows client | Surface Hub | HoloLens | IoT Core |
 | --- | :---: | :---: | :---: | :---: | 
 | StartLayout | ✔️  | |  |  |
 
 >[!IMPORTANT]
->The StartLayout setting is available in the advanced provisioning for Windows 10 desktop editions, but shouldn't be used. For desktop editions, use [Policies > StartLayout](wcd-policies.md#start).
+>The StartLayout setting is available in the advanced provisioning for Windows 10, but shouldn't be used. For Windows client, use [Policies > StartLayout](wcd-policies.md#start).
 
 ## StartLayout
 
diff --git a/windows/configuration/wcd/wcd-startupapp.md b/windows/configuration/wcd/wcd-startupapp.md
index 84b5fbc1cd..49815cf169 100644
--- a/windows/configuration/wcd/wcd-startupapp.md
+++ b/windows/configuration/wcd/wcd-startupapp.md
@@ -19,8 +19,8 @@ Use StartupApp settings to configure the default app that will run on start for
 
 ## Applies to
 
-| Setting   | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
-| --- | :---: | :---: | :---: | :---: | :---: |
-| Default |  |  |  |  |  ✔️ |
+| Setting   | Windows client | Surface Hub | HoloLens | IoT Core |
+| --- | :---: | :---: | :---: | :---: | 
+| Default |  |  |  |  ✔️ |
 
 Enter the [Application User Model ID (AUMID)](/windows-hardware/customize/enterprise/find-the-application-user-model-id-of-an-installed-app) for the default app.
\ No newline at end of file
diff --git a/windows/configuration/wcd/wcd-startupbackgroundtasks.md b/windows/configuration/wcd/wcd-startupbackgroundtasks.md
index 375b29173c..7d169c131d 100644
--- a/windows/configuration/wcd/wcd-startupbackgroundtasks.md
+++ b/windows/configuration/wcd/wcd-startupbackgroundtasks.md
@@ -19,7 +19,7 @@ Documentation not available at this time.
 
 ## Applies to
 
-| Setting   | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
-| --- | :---: | :---: | :---: | :---: | :---: |
-| All settings |  |  |  |  |  ✔️ |
+| Setting   | Windows client | Surface Hub | HoloLens | IoT Core |
+| --- | :---: | :---: | :---: | :---: |
+| All settings |  |  |  |  ✔️ |
 
diff --git a/windows/configuration/wcd/wcd-storaged3inmodernstandby.md b/windows/configuration/wcd/wcd-storaged3inmodernstandby.md
index bf25d4dfd0..d48b954521 100644
--- a/windows/configuration/wcd/wcd-storaged3inmodernstandby.md
+++ b/windows/configuration/wcd/wcd-storaged3inmodernstandby.md
@@ -22,6 +22,6 @@ Use **StorageD3InModernStandby** to enable or disable low-power state (D3) durin
 
 ## Applies to
 
-| Setting   | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
-| --- | :---: | :---: | :---: | :---: | :---: |
-| All settings | ✔️  | ✔️ | ✔️ |  | ✔️ |
\ No newline at end of file
+| Setting   | Windows client | Surface Hub | HoloLens | IoT Core |
+| --- | :---: | :---: | :---: | :---: | 
+| All settings | ✔️  | ✔️ |  | ✔️ |
\ No newline at end of file
diff --git a/windows/configuration/wcd/wcd-surfacehubmanagement.md b/windows/configuration/wcd/wcd-surfacehubmanagement.md
index d0492b9ac5..edf2a819ed 100644
--- a/windows/configuration/wcd/wcd-surfacehubmanagement.md
+++ b/windows/configuration/wcd/wcd-surfacehubmanagement.md
@@ -24,9 +24,9 @@ Use SurfaceHubManagement settings to set the administrator group that will manag
 
 ## Applies to
 
-| Setting   | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
-| --- | :---: | :---: | :---: | :---: | :---: |
-| All settings |  |  | ✔️ |  |   |
+| Setting   | Windows client | Surface Hub | HoloLens | IoT Core |
+| --- | :---: | :---: | :---: | :---: | 
+| All settings |   | ✔️ |  |   |
 
 
 ## GroupName
diff --git a/windows/configuration/wcd/wcd-tabletmode.md b/windows/configuration/wcd/wcd-tabletmode.md
index 6f1c67bfb8..e97c3ebf6e 100644
--- a/windows/configuration/wcd/wcd-tabletmode.md
+++ b/windows/configuration/wcd/wcd-tabletmode.md
@@ -19,9 +19,9 @@ Use TabletMode to configure settings related to tablet mode.
 
 ## Applies to
 
-| Setting   | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
-| --- | :---: | :---: | :---: | :---: | :---: |
-| All settings | ✔️ | ✔️ | ✔️ |  |  |
+| Setting   | Windows client | Surface Hub | HoloLens | IoT Core |
+| --- | :---: | :---: | :---: | :---: |
+| All settings | ✔️ | ✔️ |  |  |
 
 ## ConvertibleSlateModePromptPreference
 
diff --git a/windows/configuration/wcd/wcd-takeatest.md b/windows/configuration/wcd/wcd-takeatest.md
index 0f3d22d642..f9f3708a13 100644
--- a/windows/configuration/wcd/wcd-takeatest.md
+++ b/windows/configuration/wcd/wcd-takeatest.md
@@ -19,9 +19,9 @@ Use TakeATest to configure the Take A Test app, a secure browser for test-taking
 
 ## Applies to
 
-| Setting   | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
-| --- | :---: | :---: | :---: | :---: | :---: |
-| All settings | ✔️ |  |  |  |   |
+| Setting   | Windows client | Surface Hub | HoloLens | IoT Core |
+| --- | :---: | :---: | :---: | :---: |
+| All settings | ✔️ |  |  |   |
 
 ## AllowScreenMonitoring
 
diff --git a/windows/configuration/wcd/wcd-time.md b/windows/configuration/wcd/wcd-time.md
index 1efcbc613a..259df9fdd1 100644
--- a/windows/configuration/wcd/wcd-time.md
+++ b/windows/configuration/wcd/wcd-time.md
@@ -17,9 +17,9 @@ Use **Time** to configure settings for time zone setup for Windows 10, version (
 
 ## Applies to
 
-| Setting   | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
-| --- | :---: | :---: | :---: | :---: | :---: |
-| [ProvisionSetTimeZone](#provisionsettimezone) | ✔️  |  |  |  |  |
+| Setting   | Windows client | Surface Hub | HoloLens | IoT Core |
+| --- | :---: | :---: | :---: | :---: |
+| [ProvisionSetTimeZone](#provisionsettimezone) | ✔️ |  |  |  |
 
 ## ProvisionSetTimeZone
 
diff --git a/windows/configuration/wcd/wcd-unifiedwritefilter.md b/windows/configuration/wcd/wcd-unifiedwritefilter.md
index 2463513137..c5586d1c3a 100644
--- a/windows/configuration/wcd/wcd-unifiedwritefilter.md
+++ b/windows/configuration/wcd/wcd-unifiedwritefilter.md
@@ -40,9 +40,9 @@ The overlay doesn't mirror the entire volume. It dynamically grows to keep track
 
 ## Applies to
 
-| Setting   | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
-| --- | :---: | :---: | :---: | :---: | :---: |
-| All settings | ✔️ |  |  |  |  ✔️ |
+| Setting   | Windows client | Surface Hub | HoloLens | IoT Core |
+| --- | :---: | :---: | :---: | :---: |
+| All settings | ✔️ |  |  |  ✔️ |
 
 ## FilterEnabled
 
diff --git a/windows/configuration/wcd/wcd-universalappinstall.md b/windows/configuration/wcd/wcd-universalappinstall.md
index 2085c5e99a..0822937da4 100644
--- a/windows/configuration/wcd/wcd-universalappinstall.md
+++ b/windows/configuration/wcd/wcd-universalappinstall.md
@@ -22,13 +22,13 @@ Use UniversalAppInstall settings to install Windows apps from the Microsoft Stor
 
 ## Applies to
 
-| Setting   | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
-| --- | :---: | :---: | :---: | :---: | :---: |
-| [DeviceContextApp](#devicecontextapp) | ✔️ |  | ✔️ |  |   |
-| [DeviceContextAppLicense](#devicecontextapplicense) | ✔️ |  | ✔️ |  |   |
-| [StoreInstall](#storeinstall) | ✔️ | ✔️ | ✔️ |  | ✔️  |
-| [UserContextApp](#usercontextapp) | ✔️ | ✔️ | ✔️ |  | ✔️  |
-| [UserContextAppLicense](#usercontextapplicense) | ✔️ | ✔️ | ✔️ |  | ✔️  |
+| Setting   | Windows client | Surface Hub | HoloLens | IoT Core |
+| --- | :---: | :---: | :---: | :---: | 
+| [DeviceContextApp](#devicecontextapp) | ✔️ | ✔️ |  |   |
+| [DeviceContextAppLicense](#devicecontextapplicense) | ✔️ | ✔️ |  |   |
+| [StoreInstall](#storeinstall) | ✔️ |  ✔️ |  | ✔️  |
+| [UserContextApp](#usercontextapp) | ✔️ |  ✔️ |  | ✔️  |
+| [UserContextAppLicense](#usercontextapplicense) | ✔️ | ✔️ |  | ✔️  |
 
 ## DeviceContextApp
 
diff --git a/windows/configuration/wcd/wcd-universalappuninstall.md b/windows/configuration/wcd/wcd-universalappuninstall.md
index 0ae1ade853..625891ae05 100644
--- a/windows/configuration/wcd/wcd-universalappuninstall.md
+++ b/windows/configuration/wcd/wcd-universalappuninstall.md
@@ -20,10 +20,10 @@ Use UniversalAppUninstall settings to uninstall or remove Windows apps.
 
 ## Applies to
 
-| Setting   | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
-| --- | :---: | :---: | :---: | :---: | :---: |
-| [RemoveProvisionedApp](#removeprovisionedapp) | ✔️ |  |  |  |   |
-| [Uninstall](#uninstall) | ✔️ | ✔️ | ✔️ |  | ✔️  |
+| Setting   | Windows client | Surface Hub | HoloLens | IoT Core |
+| --- | :---: | :---: | :---: | :---: | 
+| [RemoveProvisionedApp](#removeprovisionedapp) | ✔️ |  |  |   |
+| [Uninstall](#uninstall) | ✔️ | ✔️ |  | ✔️  |
 
 ## RemoveProvisionedApp
 
diff --git a/windows/configuration/wcd/wcd-usberrorsoemoverride.md b/windows/configuration/wcd/wcd-usberrorsoemoverride.md
index 9b4fc26665..3eb9975d01 100644
--- a/windows/configuration/wcd/wcd-usberrorsoemoverride.md
+++ b/windows/configuration/wcd/wcd-usberrorsoemoverride.md
@@ -20,9 +20,9 @@ Allows an OEM to hide the USB option UI in Settings and all USB device errors.
 
 ## Applies to
 
-| Setting   | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
-| --- | :---: | :---: | :---: | :---: | :---: |
-| [HideUsbErrorNotifyOptionUI](#hideusberrornotifyoptionui) | ✔️ | ✔️ | ✔️ | ✔️ |   |
+| Setting   | Windows client | Surface Hub | HoloLens | IoT Core |
+| --- | :---: | :---: | :---: | :---: | 
+| [HideUsbErrorNotifyOptionUI](#hideusberrornotifyoptionui) | ✔️ | ✔️ | ✔️ |   |
 
 ## HideUsbErrorNotifyOptionUI
 
diff --git a/windows/configuration/wcd/wcd-weakcharger.md b/windows/configuration/wcd/wcd-weakcharger.md
index 0f57e581fd..ce9f3ab265 100644
--- a/windows/configuration/wcd/wcd-weakcharger.md
+++ b/windows/configuration/wcd/wcd-weakcharger.md
@@ -20,10 +20,10 @@ Use WeakCharger settings to configure the charger notification UI.
 
 ## Applies to
 
-| Setting   | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
-| --- | :---: | :---: | :---: | :---: | :---: |
-| [HideWeakChargerNotifyOptionUI](#hideweakchargernotifyoptionui) | ✔️ | ✔️ | ✔️ |  |   |
-| [NotifyOnWeakCharger](#notifyonweakcharger) | ✔️ | ✔️ | ✔️ |  |   |
+| Setting   | Windows client | Surface Hub | HoloLens | IoT Core |
+| --- | :---: | :---: | :---: | :---: | 
+| [HideWeakChargerNotifyOptionUI](#hideweakchargernotifyoptionui) | ✔️ | ✔️ |  |   |
+| [NotifyOnWeakCharger](#notifyonweakcharger) | ✔️ | ✔️ |  |   |
 
 
 ## HideWeakChargerNotifyOptionUI
diff --git a/windows/configuration/wcd/wcd-windowshelloforbusiness.md b/windows/configuration/wcd/wcd-windowshelloforbusiness.md
index d000b9facc..fc0d8fbd54 100644
--- a/windows/configuration/wcd/wcd-windowshelloforbusiness.md
+++ b/windows/configuration/wcd/wcd-windowshelloforbusiness.md
@@ -19,9 +19,9 @@ Use WindowsHelloForBusiness settings to specify whether [FIDO2 security keys for
 
 ## Applies to
 
-| Setting groups | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
-| --- | :---: | :---: | :---: | :---: | :---: |
-| [SecurityKeys](#securitykeys) | ✔️ |    |  |  |  |
+| Setting groups | Windows client | Surface Hub | HoloLens | IoT Core |
+| --- | :---: | :---: | :---: | :---: | 
+| [SecurityKeys](#securitykeys) | ✔️ |  |  |  |
 
 ## SecurityKeys
 
diff --git a/windows/configuration/wcd/wcd-windowsteamsettings.md b/windows/configuration/wcd/wcd-windowsteamsettings.md
index a4e82b4a0e..9307518bf1 100644
--- a/windows/configuration/wcd/wcd-windowsteamsettings.md
+++ b/windows/configuration/wcd/wcd-windowsteamsettings.md
@@ -20,9 +20,9 @@ Use WindowsTeamSettings settings to configure Surface Hub.
 
 ## Applies to
 
-| Setting   | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
-| --- | :---: | :---: | :---: | :---: | :---: |
-| All settings |  |  | ✔️ |  |   |
+| Setting   | Windows client | Surface Hub | HoloLens | IoT Core |
+| --- | :---: | :---: | :---: | :---: | 
+| All settings |  | ✔️ |  |   |
 
 ## Connect
 
diff --git a/windows/configuration/wcd/wcd-wlan.md b/windows/configuration/wcd/wcd-wlan.md
index 2a746063eb..8b931bc90a 100644
--- a/windows/configuration/wcd/wcd-wlan.md
+++ b/windows/configuration/wcd/wcd-wlan.md
@@ -20,7 +20,7 @@ Do not use at this time. Instead, use [ConnectivityProfiles > WLAN](wcd-connecti
 
 ## Applies to
 
-| Setting   | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
-| --- | :---: | :---: | :---: | :---: | :---: |
-| All settings |  |  |  |  |   |
+| Setting   | Windows client | Surface Hub | HoloLens | IoT Core |
+| --- | :---: | :---: | :---: | :---: |
+| All settings |  |  |  |   |
 
diff --git a/windows/configuration/wcd/wcd-workplace.md b/windows/configuration/wcd/wcd-workplace.md
index 48f7826dc9..e810f28679 100644
--- a/windows/configuration/wcd/wcd-workplace.md
+++ b/windows/configuration/wcd/wcd-workplace.md
@@ -20,9 +20,9 @@ Use Workplace settings to configure bulk user enrollment to a mobile device mana
 
 ## Applies to
 
-| Setting   | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
-| --- | :---: | :---: | :---: | :---: | :---: |
-| [Enrollments](#enrollments) | ✔️ | ✔️ | ✔️ |  | ✔️  |
+| Setting   | Windows client | Surface Hub | HoloLens | IoT Core |
+| --- | :---: | :---: | :---: | :---: | 
+| [Enrollments](#enrollments) | ✔️ | ✔️ |  | ✔️  |
 
 ## Enrollments
 
diff --git a/windows/configuration/wcd/wcd.md b/windows/configuration/wcd/wcd.md
index 0d09e59143..952a247ff3 100644
--- a/windows/configuration/wcd/wcd.md
+++ b/windows/configuration/wcd/wcd.md
@@ -18,7 +18,7 @@ This section describes the settings that you can configure in [provisioning pack
 
 ## Edition that each group of settings applies to
 
-| Setting group | Desktop editions | Surface Hub | HoloLens | IoT Core |
+| Setting group | Windows client | Surface Hub | HoloLens | IoT Core |
 | --- | :---: | :---: | :---: | :---: | 
 | [AccountManagement](wcd-accountmanagement.md) |  |  | ✔️ |  |
 | [Accounts](wcd-accounts.md) | ✔️ | ✔️ | ✔️ | ✔️ |
diff --git a/windows/deployment/deploy-windows-mdt/TOC.yml b/windows/deployment/deploy-windows-mdt/TOC.yml
index 3f4a5f1d0d..51493a1083 100644
--- a/windows/deployment/deploy-windows-mdt/TOC.yml
+++ b/windows/deployment/deploy-windows-mdt/TOC.yml
@@ -1,23 +1,23 @@
-- name: Deploy Windows 11 with the Microsoft Deployment Toolkit (MDT)
+- name: Deploy Windows 10 with the Microsoft Deployment Toolkit (MDT)
   items: 
     - name: Get started with MDT
       href: get-started-with-the-microsoft-deployment-toolkit.md
-    - name: Deploy Windows 11 with MDT
+    - name: Deploy Windows 10 with MDT
       items: 
         - name: Prepare for deployment with MDT
           href: prepare-for-windows-deployment-with-mdt.md
-        - name: Create a Windows 11 reference image
-          href: create-a-windows-11-reference-image.md
-        - name: Deploy a Windows 11 image using MDT
-          href: deploy-a-windows-11-image-using-mdt.md
-        - name: Build a distributed environment for Windows 11 deployment
-          href: build-a-distributed-environment-for-windows-deployment.md
-        - name: Refresh a Windows 10 computer with Windows 11
-          href: refresh-a-windows-10-computer-with-windows-11.md
-        - name: Replace a Windows 10 computer with a Windows 11 computer
-          href: replace-a-windows-10-computer-with-a-windows-11-computer.md
-        - name: Perform an in-place upgrade to Windows 11 with MDT
-          href: upgrade-to-windows-11-with-the-microsoft-deployment-toolkit.md
+        - name: Create a Windows 10 reference image
+          href: create-a-windows-10-reference-image.md
+        - name: Deploy a Windows 10 image using MDT
+          href: deploy-a-windows-10-image-using-mdt.md
+        - name: Build a distributed environment for Windows 10 deployment
+          href: build-a-distributed-environment-for-windows-10-deployment.md
+        - name: Refresh a Windows 7 computer with Windows 10
+          href: refresh-a-windows-7-computer-with-windows-10.md
+        - name: Replace a Windows 7 computer with a Windows 10 computer
+          href: replace-a-windows-7-computer-with-a-windows-10-computer.md
+        - name: Perform an in-place upgrade to Windows 10 with MDT
+          href: upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md
     - name: Customize MDT
       items: 
         - name: Configure MDT settings
@@ -28,10 +28,10 @@
           href: configure-mdt-deployment-share-rules.md
         - name: Configure MDT for UserExit scripts
           href: configure-mdt-for-userexit-scripts.md
-        - name: Simulate a Windows 11 deployment in a test environment
-          href: simulate-a-windows-11-deployment-in-a-test-environment.md
-        - name: Use the MDT database to stage Windows deployment information
-          href: use-the-mdt-database-to-stage-windows-deployment-information.md
+        - name: Simulate a Windows 10 deployment in a test environment
+          href: simulate-a-windows-10-deployment-in-a-test-environment.md
+        - name: Use the MDT database to stage Windows 10 deployment information
+          href: use-the-mdt-database-to-stage-windows-10-deployment-information.md
         - name: Assign applications using roles in MDT
           href: assign-applications-using-roles-in-mdt.md
         - name: Use web services in MDT
diff --git a/windows/deployment/deploy-windows-mdt/assign-applications-using-roles-in-mdt.md b/windows/deployment/deploy-windows-mdt/assign-applications-using-roles-in-mdt.md
index 21bf379b8e..453515a466 100644
--- a/windows/deployment/deploy-windows-mdt/assign-applications-using-roles-in-mdt.md
+++ b/windows/deployment/deploy-windows-mdt/assign-applications-using-roles-in-mdt.md
@@ -18,10 +18,6 @@ ms.topic: article
 
 # Assign applications using roles in MDT
 
-**Applies to**
-- Windows 10
-- Windows 11
-
 This topic will show you how to add applications to a role in the MDT database and then assign that role to a computer. For the purposes of this topic, the application we are adding is Adobe Reader XI. In addition to using computer-specific entries in the database, you can use roles in MDT to group settings together.
 
 ## Create and assign a role entry in the database
diff --git a/windows/deployment/deploy-windows-mdt/build-a-distributed-environment-for-windows-deployment.md b/windows/deployment/deploy-windows-mdt/build-a-distributed-environment-for-windows-10-deployment.md
similarity index 85%
rename from windows/deployment/deploy-windows-mdt/build-a-distributed-environment-for-windows-deployment.md
rename to windows/deployment/deploy-windows-mdt/build-a-distributed-environment-for-windows-10-deployment.md
index b47530ab45..c05e2b7c67 100644
--- a/windows/deployment/deploy-windows-mdt/build-a-distributed-environment-for-windows-deployment.md
+++ b/windows/deployment/deploy-windows-mdt/build-a-distributed-environment-for-windows-10-deployment.md
@@ -1,12 +1,12 @@
 ---
-title: Build a distributed environment for Windows 11 deployment (Windows 11)
-description: In this topic, you will learn how to replicate your Windows 11 deployment shares to facilitate the deployment of Windows 11 in remote or branch locations.
+title: Build a distributed environment for Windows 10 deployment (Windows 10)
+description: In this topic, you will learn how to replicate your Windows 10 deployment shares to facilitate the deployment of Windows 10 in remote or branch locations.
 ms.assetid: a6cd5657-6a16-4fff-bfb4-44760902d00c
 ms.reviewer: 
 manager: dougeby
 ms.author: greglin
 keywords: replication, replicate, deploy, configure, remote
-ms.prod: w11
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.localizationpriority: medium
 ms.sitesec: library
@@ -16,13 +16,12 @@ author: greg-lindsay
 ms.topic: article
 ---
 
-# Build a distributed environment for Windows 11 deployment
+# Build a distributed environment for Windows 10 deployment
 
 **Applies to**
-- Windows 10
-- Windows 11
+-   Windows 10
 
-Perform the steps in this article to build a distributed environment for Windows 11 deployment. A distributed environment for deployment is useful when you have a segmented network, for example one that is segmented geographically into two branch locations. If you work in a distributed environment, replicating the deployment shares is an important part of a deployment solution because images of 5 GB or more in size can present bandwidth issues when deployed over the wire. Replicating this content enables clients to do local deployments.
+Perform the steps in this article to build a distributed environment for Windows 10 deployment. A distributed environment for deployment is useful when you have a segmented network, for example one that is segmented geographically into two branch locations. If you work in a distributed environment, replicating the deployment shares is an important part of a deployment solution because images of 5 GB or more in size can present bandwidth issues when deployed over the wire. Replicating this content enables clients to do local deployments.
 
 Four computers are used in this topic: DC01, MDT01, MDT02, and PC0006. DC01 is a domain controller, MDT01 and MDT02 are domain member computers running Windows Server 2019, and PC0006 is a blank device where we will deploy Windows 10. The second deployment server (MDT02) will be configured for a remote site (Stockholm) by replicating the deployment share on MDT01 at the original site (New York). All devices are members of the domain contoso.com for the fictitious Contoso Corporation. 
 
@@ -32,7 +31,7 @@ For the purposes of this article, we assume that MDT02 is prepared with the same
 
 Computers used in this topic.
 
-> HV01 is also used in this topic to host the PC0006 virtual machine.
+>HV01 is also used in this topic to host the PC0006 virtual machine.
 
 ## Replicate deployment shares
 
@@ -63,7 +62,7 @@ On **MDT01**:
 Install-WindowsFeature -Name FS-DFS-Replication -IncludeManagementTools
 ```
 
-2. Wait for installation to comlete, and then verify that the installation was successful. See the following output:
+2. Wait for installation to complete, and then verify that the installation was successful. See the following output:
 
 ```output
 PS C:\> Install-WindowsFeature -Name FS-DFS-Replication -IncludeManagementTools
@@ -83,7 +82,7 @@ On **MDT02**:
 Install-WindowsFeature -Name FS-DFS-Replication -IncludeManagementTools
 ```
 
-2. Wait for installation to comlete, and then verify that the installation was successful. See the following  output:
+2. Wait for installation to complete, and then verify that the installation was successful. See the following  output:
 
 ```output
 PS C:\> Install-WindowsFeature -Name FS-DFS-Replication -IncludeManagementTools
@@ -120,7 +119,7 @@ When you have multiple deployment servers sharing the same content, you need to
 
 On **MDT01**:
 
-1. Using Notepad, navigate to the **D:\\MDTProduction\\Control** folder and modify the Boostrap.ini file as follows. Under [DefaultGateway] enter the IP addresses for the default gateway of client devices in your locations (replace 10.10.10.1 and 10.10.20.1 with your default gateways). The default gateway setting is what tells the client which deployment share (i.e. server) to use. 
+1. Using Notepad, navigate to the **D:\\MDTProduction\\Control** folder and modify the Boostrap.ini file as follows. Under [DefaultGateway] enter the IP addresses for the client's default gateway in New York and Stockholm, respectively (replace 10.10.10.1 and 10.10.20.1 with your default gateways). The default gateway setting is what tells the client which deployment share (i.e. server) to use. 
 
    ```ini
    [Settings]
@@ -142,8 +141,8 @@ On **MDT01**:
    UserPassword=pass@word1
    SkipBDDWelcome=YES
    ```
-   > [!NOTE]
-   > The DeployRoot value needs to go into the Bootstrap.ini file, but you can use the same logic in the CustomSettings.ini file. For example, you can redirect the logs to the local deployment server (SLSHARE), or have the User State Migration Tool (USMT) migration store (UDDIR) local. To learn more about USMT, see [Refresh a Windows 10 computer with Windows 11](refresh-a-windows-10-computer-with-windows-11.md) and [Replace a Windows 10 computer with a Windows 11 computer](replace-a-windows-10-computer-with-a-windows-11-computer.md).
+   >[!NOTE]
+   >The DeployRoot value needs to go into the Bootstrap.ini file, but you can use the same logic in the CustomSettings.ini file. For example, you can redirect the logs to the local deployment server (SLSHARE), or have the User State Migration Tool (USMT) migration store (UDDIR) local. To learn more about USMT, see [Refresh a Windows 7 computer with Windows 10](refresh-a-windows-7-computer-with-windows-10.md) and [Replace a Windows 7 computer with a Windows 10 computer](replace-a-windows-7-computer-with-a-windows-10-computer.md).
      
 2. Save the Bootstrap.ini file.
 3. Using the Deployment Workbench, right-click the **MDT Production** deployment share and select **Update Deployment Share**. Use the default settings for the Update Deployment Share Wizard. This process will take a few minutes.
@@ -154,8 +153,8 @@ On **MDT01**:
 
    Replacing the updated boot image in WDS.
 
- > [!TIP]
- > If you modify bootstrap.ini again later, be sure to repeat the process of updating the deployment share in the Deployment Workbench and replacing the boot image in the WDS console.
+ >[!TIP]
+ >If you modify bootstrap.ini again later, be sure to repeat the process of updating the deployment share in the Deployment Workbench and replacing the boot image in the WDS console.
 
    ## Replicate the content
 
@@ -228,7 +227,7 @@ On **MDT02**:
 
 The DFS Replication Health Report.
 
-> If there are replication errors you can review the DFS event log in Event Viewer under **Applications and Services Logs**.
+>If there are replication errors you can review the DFS event log in Event Viewer under **Applications and Services Logs**.
 
 ## Configure Windows Deployment Services (WDS) in a remote site
 
@@ -251,19 +250,21 @@ Now you should have a solution ready for deploying the Windows 10 client to the
     6. Install an operating system from a network-based installation server
 2.  Start the PC0006 virtual machine, and press **Enter** to start the Pre-Boot Execution Environment (PXE) boot. The VM will now load the Windows PE boot image from the WDS server.
 3.  After Windows Preinstallation Environment (Windows PE) has booted, complete the Windows Deployment Wizard using the following settings:
-    1.  Select a task sequence to execute on this computer: Windows 11 Enterprise x64 Custom Image 
+    1.  Select a task sequence to execute on this computer: Windows 10 Enterprise x64 RTM Custom Image 
     2.  Computer Name: PC0006
     3.  Applications: Select the Install - Adobe Reader
 4.  Setup will now start and perform the following:
-    1.  Install the Windows 11 Enterprise operating system.
+    1.  Install the Windows 10 Enterprise operating system.
     2.  Install applications.
     3.  Update the operating system using your local Windows Server Update Services (WSUS) server.
 
+![pc0001.](../images/pc0006.png)
+
 ## Related topics
 
 [Get started with the Microsoft Deployment Toolkit (MDT)](get-started-with-the-microsoft-deployment-toolkit.md)
                    
-[Create a Windows 11 reference image](create-a-windows-11-reference-image.md)
                    
-[Deploy a Windows 11 image using MDT](deploy-a-windows-11-image-using-mdt.md)
                    
-[Refresh a Windows 10 computer with Windows 11](refresh-a-windows-10-computer-with-windows-11.md)
                    
-[Replace a Windows 10 computer with a Windows 11 computer](replace-a-windows-10-computer-with-a-windows-11-computer.md)
                    
+[Create a Windows 10 reference image](create-a-windows-10-reference-image.md)
                    
+[Deploy a Windows 10 image using MDT](deploy-a-windows-10-image-using-mdt.md)
                    
+[Refresh a Windows 7 computer with Windows 10](refresh-a-windows-7-computer-with-windows-10.md)
                    
+[Replace a Windows 7 computer with a Windows 10 computer](replace-a-windows-7-computer-with-a-windows-10-computer.md)
                    
 [Configure MDT settings](configure-mdt-settings.md)
\ No newline at end of file
diff --git a/windows/deployment/deploy-windows-mdt/configure-mdt-deployment-share-rules.md b/windows/deployment/deploy-windows-mdt/configure-mdt-deployment-share-rules.md
index 187f8fb4cc..0fb4725b6b 100644
--- a/windows/deployment/deploy-windows-mdt/configure-mdt-deployment-share-rules.md
+++ b/windows/deployment/deploy-windows-mdt/configure-mdt-deployment-share-rules.md
@@ -18,10 +18,6 @@ ms.topic: article
 
 # Configure MDT deployment share rules
 
-**Applies to**
-- Windows 10
-- Windows 11
-
 In this topic, you will learn how to configure the MDT rules engine to reach out to other resources, including external scripts, databases, and web services, for additional information instead of storing settings directly in the rules engine. The rules engine in MDT is powerful: most of the settings used for operating system deployments are retrieved and assigned via the rules engine. In its simplest form, the rules engine is the CustomSettings.ini text file.
 
 ## Assign settings
diff --git a/windows/deployment/deploy-windows-mdt/configure-mdt-for-userexit-scripts.md b/windows/deployment/deploy-windows-mdt/configure-mdt-for-userexit-scripts.md
index 22a7921c84..342cec9742 100644
--- a/windows/deployment/deploy-windows-mdt/configure-mdt-for-userexit-scripts.md
+++ b/windows/deployment/deploy-windows-mdt/configure-mdt-for-userexit-scripts.md
@@ -18,10 +18,6 @@ ms.topic: article
 
 # Configure MDT for UserExit scripts
 
-**Applies to**
-- Windows 10
-- Windows 11
-
 In this topic, you will learn how to configure the MDT rules engine to use a UserExit script to generate computer names based on a prefix and the computer MAC Address. MDT supports calling external VBScripts as part of the Gather process; these scripts are referred to as UserExit scripts. The script also removes the colons in the MAC Address.
 
 ## Configure the rules to call a UserExit script
diff --git a/windows/deployment/deploy-windows-mdt/configure-mdt-settings.md b/windows/deployment/deploy-windows-mdt/configure-mdt-settings.md
index 05f03ea220..731550645c 100644
--- a/windows/deployment/deploy-windows-mdt/configure-mdt-settings.md
+++ b/windows/deployment/deploy-windows-mdt/configure-mdt-settings.md
@@ -18,10 +18,6 @@ ms.topic: article
 
 # Configure MDT settings
 
-**Applies to**
-- Windows 10
-- Windows 11
-
 One of the most powerful features in Microsoft Deployment Toolkit (MDT) is its extension capabilities; there is virtually no limitation to what you can do in terms of customization. In this topic, you learn about configuring customizations for your environment.
 For the purposes of this topic, we will use four machines: DC01, MDT01, HV01, and PC0001. DC01 is a domain controller, MDT01 is a Windows Server 2012 R2 Standard server, and PC0001 is a Windows 10 Enterprise x64 client used for the MDT simulation environment. OR01 has Microsoft System Center 2012 R2 Orchestrator installed. MDT01, OR01, and PC0001 are members of the domain contoso.com for the fictitious Contoso Corporation. For more details on the setup for this topic, please see [Deploy Windows 10 with the Microsoft Deployment Toolkit](./prepare-for-windows-deployment-with-mdt.md).
 
diff --git a/windows/deployment/deploy-windows-mdt/create-a-windows-11-reference-image.md b/windows/deployment/deploy-windows-mdt/create-a-windows-10-reference-image.md
similarity index 81%
rename from windows/deployment/deploy-windows-mdt/create-a-windows-11-reference-image.md
rename to windows/deployment/deploy-windows-mdt/create-a-windows-10-reference-image.md
index a548b5c748..9dd26e0e66 100644
--- a/windows/deployment/deploy-windows-mdt/create-a-windows-11-reference-image.md
+++ b/windows/deployment/deploy-windows-mdt/create-a-windows-10-reference-image.md
@@ -1,12 +1,12 @@
 ---
-title: Create a Windows 11 reference image (Windows 11)
+title: Create a Windows 10 reference image (Windows 10)
 description: Creating a reference image is important because that image serves as the foundation for the devices in your organization.
 ms.assetid: 9da2fb57-f2ff-4fce-a858-4ae4c237b5aa
 ms.reviewer: 
 manager: dougeby
 ms.author: greglin
 keywords: deploy, deployment, configure, customize, install, installation
-ms.prod: w11
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.localizationpriority: medium
 ms.sitesec: library
@@ -16,25 +16,22 @@ author: greg-lindsay
 ms.topic: article
 ---
 
-# Create a Windows 11 reference image
+# Create a Windows 10 reference image
 
 **Applies to**
 - Windows 10
-- Windows 11
 
-In this topic, you will learn how to create a Windows 11 reference image using the Microsoft Deployment Toolkit (MDT). You will create a deployment share, configure rules and settings, and import all the applications and operating system files required to build a Windows 11 reference image. After completing the steps outlined in this topic, you will have a Windows 11 reference image that can be used in your deployment solution.
+Creating a reference image is important because that image serves as the foundation for the devices in your organization. In this topic, you will learn how to create a Windows 10 reference image using the Microsoft Deployment Toolkit (MDT). You will create a deployment share, configure rules and settings, and import all the applications and operating system files required to build a Windows 10 reference image. After completing the steps outlined in this topic, you will have a Windows 10 reference image that can be used in your deployment solution.
 
-All procedures in this article can also be used to create a Windows 10 reference image by using Windows 10 media instead of Windows 11 media in the [Add setup files](#add-setup-files) section below.
-
-> [!NOTE]
-> This guide assumes that you have already installed and configured deployment tools. See [Prepare for deployment with MDT](prepare-for-windows-deployment-with-mdt.md) for more information.  
+>[!NOTE]
+>See [Prepare for deployment with MDT](prepare-for-windows-deployment-with-mdt.md) for more information about the server, client, and network infrastructure used in this guide.
 
 For the purposes of this topic, we will use three computers: DC01, MDT01, and HV01.
    - DC01 is a domain controller for the contoso.com domain.
    - MDT01 is a contoso.com domain member server.
    - HV01 is a Hyper-V server that will be used to build the reference image.
  
-  ![devices.](../images/mdt-08-fig01.png)
+   ![devices.](../images/mdt-08-fig01.png)
 
    Computers used in this topic.
 
@@ -48,20 +45,19 @@ The reference image described in this guide is designed primarily for deployment
 
 ## Set up the MDT build lab deployment share
 
-With Windows 10 and Windows 11, there is no hard requirement to create reference images. However, to reduce the time needed for deployment, you might want to create a reference image that contains a few base applications as well as all of the latest updates. This section will show you how to create and configure the MDT Build Lab deployment share to create a Windows 11 reference image. Because reference images will be deployed only to virtual machines during the creation process and have specific settings (rules), you should always create a separate deployment share specifically for this process.
+With Windows 10, there is no hard requirement to create reference images. However, to reduce the time needed for deployment, you might want to create a reference image that contains a few base applications as well as all of the latest updates. This section will show you how to create and configure the MDT Build Lab deployment share to create a Windows 10 reference image. Because reference images will be deployed only to virtual machines during the creation process and have specific settings (rules), you should always create a separate deployment share specifically for this process.
 
 ### Create the MDT build lab deployment share
 
 On **MDT01**:
 
 - Sign in as contoso\\administrator using a password of pass@word1 (credentials from the [prepare for deployment](prepare-for-windows-deployment-with-mdt.md) topic).
-- Start the MDT deployment workbench, and pin the console to the taskbar for easy access.
-  - If it is your first time starting the console, search for **Deployment Workbench**. 
+- Start the MDT deployment workbench, and pin this to the taskbar for easy access.
 - Using the Deployment Workbench, right-click **Deployment Shares** and select **New Deployment Share**.
 - Use the following settings for the New Deployment Share Wizard:
   - Deployment share path: **D:\\MDTBuildLab**
   - Share name: **MDTBuildLab$**
-  - Descriptive name: **MDT Build Lab**
+  - Deployment share description: **MDT Build Lab**
 - Accept the default selections on the Options page and click **Next**.
 - Review the Summary page, click **Next**, wait for the deployment share to be created, then click **Finish**.
 - Verify that you can access the \\\\MDT01\\MDTBuildLab$ share.
@@ -72,7 +68,7 @@ On **MDT01**:
 
 ### Enable monitoring
 
-To monitor the task sequence as it happens, right-click the **MDT Build Lab** deployment share in the Deployment Workbench, click **Properties**, click the **Monitoring** tab, and select **Enable monitoring for this deployment share**.  This step is optional.
+To monitor the task sequence as it happens, right-click the **MDT Build Lab** deployment share, click **Properties**, click the **Monitoring** tab, and select **Enable monitoring for this deployment share**.  This step is optional.
 
 ### Configure permissions for the deployment share
 
@@ -90,41 +86,34 @@ On **MDT01**:
 
 ## Add setup files
 
-This section will show you how to populate the MDT deployment share with the Windows 11 operating system source files, commonly referred to as setup files, which will be used to create a reference image. Setup files are used during the reference image creation process and are the foundation for the reference image.
+This section will show you how to populate the MDT deployment share with the Windows 10 operating system source files, commonly referred to as setup files, which will be used to create a reference image. Setup files are used during the reference image creation process and are the foundation for the reference image.
 
-### Add the Windows 11 installation files
+### Add the Windows 10 installation files
 
-MDT supports adding both full source Windows 11 DVDs (ISOs) and custom images that you have created. In this case, you create a reference image, so you add the full source setup files from Microsoft.
+MDT supports adding both full source Windows 10 DVDs (ISOs) and custom images that you have created. In this case, you create a reference image, so you add the full source setup files from Microsoft.
 
-> [!NOTE]
-> Windows 11 media is pre-release as of the date this article was last updated. To obtain Windows 11 pre-release media, join the Windows Insider program and visit [Windows Insider Preview Downloads](https://www.microsoft.com/software-download/windowsinsiderpreviewiso).
                    
-> The build selected in this example is **Windows 11 Insider Preview Enterprise (Dev Channel) - Build 22454**. 
+>[!NOTE]
+>Due to the Windows limits on path length, we are purposely keeping the operating system destination directory short, using the folder name W10EX64RTM rather than a more descriptive name like Windows 10 Enterprise x64 RTM.
  
-### Add Windows 11 Enterprise x64 (full source)
+### Add Windows 10 Enterprise x64 (full source)
 
 On **MDT01**:
 
-1. Sign in as **contoso\\administrator** and copy the content of a Windows 11 Enterprise x64 DVD/ISO to the **D:\\Downloads\\Windows 11 Enterprise x64** folder on MDT01, or just insert the DVD or mount an ISO on MDT01. The following example shows the files copied to the D:\\Downloads folder, but you can also choose to import the OS directly from an ISO or DVD.
+1. Sign in as **contoso\\administrator** and copy the content of a Windows 10 Enterprise x64 DVD/ISO to the **D:\\Downloads\\Windows 10 Enterprise x64** folder on MDT01, or just insert the DVD or mount an ISO on MDT01. The following example shows the files copied to the D:\\Downloads folder, but you can also choose to import the OS directly from an ISO or DVD.
 
     ![ISO.](../images/iso-data.png)
 
 2. Using the Deployment Workbench, expand the **Deployment Shares** node, and then expand **MDT Build Lab**.
-3. Right-click the **Operating Systems** node, and create a new folder named **Windows 11**.
-4. Expand the **Operating Systems** node, right-click the **Windows 11** folder, and select **Import Operating System**. Use the following settings for the Import Operating System Wizard:
+3. Right-click the **Operating Systems** node, and create a new folder named **Windows 10**.
+4. Expand the **Operating Systems** node, right-click the **Windows 10** folder, and select **Import Operating System**. Use the following settings for the Import Operating System Wizard:
     - Full set of source files
     - Source directory: (location of your source files)
-    - Destination directory name: W11EX64
-
- > [!NOTE]
- > Due to the Windows limits on path length, we are purposely keeping the operating system destination directory short, using the folder name W11EX64 rather than a more descriptive name like Windows 11 Enterprise x64.

                    
- > Depending on the DVD or ISO you used, there might be multiple editions added by the import process. For the purposes of this guide, we are using the Windows 11 Enterprise image, but other images will also work. In the example shown, editions that will not be used are deleted from the list.
-
-5. After adding the operating system, in the **Operating Systems / Windows 11** folder, double-click it and change the name to: **Windows 11 Enterprise x64 Default Image**. See the following example.
+    - Destination directory name: W10EX64RTM
+5. After adding the operating system, in the **Operating Systems / Windows 10** folder, double-click it and change the name to: **Windows 10 Enterprise x64 RTM Default Image**. See the following example.
 
     ![Default image.](../images/deployment-workbench01.png)
 
- > [!NOTE]
- > The pre-release version of Windows 11 used here has "Windows 10" in the description. You can ignore this.  
+>Depending on the DVD you used, there might be multiple editions available. For the purposes of this guide, we are using the Windows 10 Enterprise image, but other images will also work.
 
 ## Add applications
 
@@ -308,7 +297,7 @@ On **MDT01**:
 
 ## Create the reference image task sequence
 
-In order to build and capture your Windows 11 reference image for deployment using MDT, you will create a task sequence. The task sequence will reference the operating system and applications that you previously imported into the MDT Build Lab deployment share to build a Windows 11 reference image.
+In order to build and capture your Windows 10 reference image for deployment using MDT, you will create a task sequence. The task sequence will reference the operating system and applications that you previously imported into the MDT Build Lab deployment share to build a Windows 10 reference image.
 After creating the task sequence, you configure it to enable patching against the Windows Server Update Services (WSUS) server. The Task Sequence Windows Update action supports getting updates directly from Microsoft Update, but you get more stable patching if you use a local WSUS server. WSUS also allows for an easy process of approving the patches that you are deploying.
 
 ### Drivers and the reference image
@@ -317,31 +306,31 @@ Because we use modern virtual platforms for creating our reference images, we do
 
 ### Create a task sequence for Windows 10 Enterprise
 
-To create a Windows 11 reference image task sequence, the process is as follows:
+To create a Windows 10 reference image task sequence, the process is as follows:
 
 On **MDT01**:
 
-1. Using the Deployment Workbench, under **Deployment Shares > MDT Build Lab** right-click **Task Sequences**, and create a **New Folder** named **Windows 11**.
-2. Right-click the new **Windows 11** folder and select **New Task Sequence**. Use the following settings for the New Task Sequence Wizard:
-   1. Task sequence ID: REFW11X64-001
-   2. Task sequence name: Windows 11 Enterprise x64 Default Image
+1. Using the Deployment Workbench, under **Deployment Shares > MDT Build Lab** right-click **Task Sequences**, and create a **New Folder** named **Windows 10**.
+2. Right-click the new **Windows 10** folder and select **New Task Sequence**. Use the following settings for the New Task Sequence Wizard:
+   1. Task sequence ID: REFW10X64-001
+   2. Task sequence name: Windows 10 Enterprise x64 RTM Default Image
    3. Task sequence comments: Reference Build
    4. Template: Standard Client Task Sequence
-   5. Select OS: Windows 11 Enterprise x64 Default Image
+   5. Select OS: Windows 10 Enterprise x64 RTM Default Image
    6. Specify Product Key: Do not specify a product key at this time
    7. Full Name: Contoso
    8. Organization: Contoso
-   9. Internet Explorer home page: https://www.contoso.com
+   9. Internet Explorer home page: http://www.contoso.com
    10. Admin Password: Do not specify an Administrator Password at this time
 
-### Edit the Windows 11 task sequence
+### Edit the Windows 10 task sequence
 
 The steps below walk you through the process of editing the Windows 10 reference image task sequence to include the actions required to update the reference image with the latest updates from WSUS, install roles and features, and utilities, and install Microsoft Office365 ProPlus x64.
 
 On **MDT01**:
 
-1. In the **Task Sequences / Windows 11** folder, right-click the **Windows 11 Enterprise x64 Default Image** task sequence, and select **Properties**.
-2. On the **Task Sequence** tab, configure the Windows 11 Enterprise x64 Default Image task sequence with the following settings:
+1. In the **Task Sequences / Windows 10** folder, right-click the **Windows 10 Enterprise x64 RTM Default Image** task sequence, and select **Properties**.
+2. On the **Task Sequence** tab, configure the Windows 10 Enterprise x64 RTM Default Image task sequence with the following settings:
     1. **State Restore > Windows Update (Pre-Application Installation)** action: Enable this action by clicking the **Options** tab and clearing the **Disable this step** check box.
          
     2. **State Restore > Windows Update (Post-Application Installation)** action: Also enable this action.
@@ -351,7 +340,7 @@ On **MDT01**:
         - **Note**: The reason for adding the applications after the Tattoo action but before running Windows Update is simply to save time during the deployment. This way we can add all applications that will upgrade some of the built-in components and avoid unnecessary updating.
     5. **State Restore > Custom Tasks (Pre-Windows Update)**: Add a new **Install Roles and Features** action with the following settings:
         1. Name: Install - Microsoft NET Framework 3.5.1
-        2. Select the operating system for which roles are to be installed: Windows 10 (this also works for Windows 11)
+        2. Select the operating system for which roles are to be installed: Windows 10
         3. Select the roles and features that should be installed: .NET Framework 3.5 (includes .NET 2.0 and 3.0)
         
         >[!IMPORTANT]
@@ -364,7 +353,7 @@ On **MDT01**:
     6. **State Restore > Custom Tasks (Pre-Windows Update)**: After the **Install - Microsoft NET Framework 3.5.1** action, add a new **Install Application** action (selected from the **General** group) with the following settings:
         1. Name: Microsoft Visual C++ Redistributable 2019 - x86
         2. Install a Single Application: browse to **Install - MSVC 2019 - x86**
-    7.  Repeat these steps (add a new **Install Application**) to add Microsoft Visual C++ Redistributable 2019 - x64 and Office 365 ProPlus - x64 as well.
+    7.  Repeat these steps (add a new **Install Application**) to add Microsoft Visual C++ Redistributable 2019 - x64 and Microsoft 365 Apps for enterprise as well.
 3. Click **OK**.
 
  ![apps.](../images/mdt-apps.png) 
@@ -396,18 +385,26 @@ Follow these steps to configure Internet Explorer settings in Unattend.xml for t
 
 On **MDT01**:
 
-1. Using the Deployment Workbench, under **Deployment Shares > MDT Build Lab > Task Sequences** right-click the **Windows 11 Enterprise x64 Default Image** task sequence and select **Properties**.
+1. Using the Deployment Workbench, under **Deployment Shares > MDT Build Lab > Task Sequences** right-click the **Windows 10 Enterprise x64 RTM Default Image** task sequence and select **Properties**.
 2. In the **OS Info** tab, click **Edit Unattend.xml**. MDT now generates a catalog file. This will take a few minutes, and then Windows System Image Manager (Windows SIM) will start.
+
+ > [!IMPORTANT]
+ > The ADK version 1903 has a [known issue](/windows-hardware/get-started/what-s-new-in-kits-and-tools#whats-new-in-the-windows-adk-for-windows-10-version-1903) generating a catalog file for Windows 10, version 1903 or 1909 X64 install.wim. You might see the error "Could not load file or assembly" in in the console output. To avoid this issue, [install the ADK, version 2004 or a later version](/windows-hardware/get-started/adk-install). A workaround is also available for the ADK version 1903:
+ > - Close the Deployment Workbench and install the [WSIM 1903 update](https://go.microsoft.com/fwlink/?linkid=2095334). This will update imagecat.exe and imgmgr.exe to version 10.0.18362.144.
+ > - Manually run imgmgr.exe (C:\Program Files (x86)\\Windows Kits\\10\\Assessment and Deployment Kit\\Deployment Tools\\WSIM\\imgmgr.exe).
+ > - Generate a catalog (Tools/Create Catalog) for the selected install.wim (ex: D:\\MDTBuildLab\\Operating Systems\\W10EX64RTM\\sources\\install.wim). 
+ > - After manually creating the catalog file (ex: D:\\MDTBuildLab\\Operating Systems\\W10EX64RTM\\sources\\install_Windows 10 Enterprise.clg), open the Deployment Workbench and proceed to edit unattend.xml.
+
 3. In Windows SIM, expand the **4 specialize** node in the **Answer File** pane and select the amd64\_Microsoft-Windows-IE-InternetExplorer\_neutral entry.
 4. In the **amd64\_Microsoft-Windows-IE-InternetExplorer\_neutral properties** window (right-hand window), set the following values:
   - DisableDevTools: true
-5. Save the Answer File, and close Windows SIM.
-     - Note: If validation errors are reported that certain display values are incorrect, you can ignore this or browse to **7oobeSystem\\amd64_Microsoft-Windows-Shell-Setup__neutral\\Display** and enter the following: ColorDepth 32, HorizontalResolution 1, RefreshRate 60, VerticalResolution 1.
-6. On the Windows 11 Enterprise x64 Default Image Properties, click **OK**.
+5. Save the Unattend.xml file, and close Windows SIM.
+     - Note: If errors are reported that certain display values are incorrect, you can ignore this or browse to **7oobeSystem\\amd64_Microsoft-Windows-Shell-Setup__neutral\\Display** and enter the following: ColorDepth 32, HorizontalResolution 1, RefreshRate 60, VerticalResolution 1.
+6. On the Windows 10 Enterprise x64 RTM Default Image Properties, click **OK**.
 
     ![figure 10.](../images/fig10-unattend.png)
 
-    Windows System Image Manager with the Windows 11 Unattend.xml.
+    Windows System Image Manager with the Windows 10 Unattend.xml.
 
 ## Configure the MDT deployment share rules
 
@@ -478,7 +475,7 @@ On **MDT01**:
     ```
 
     >[!NOTE]
-    >For security reasons, you normally don't add the password to the Bootstrap.ini file; however, because this deployment share is for creating reference image builds only, and should not be published to the production network, it is acceptable to do so in this situation. Obviously if you are not using the same password (pass@word1) that is provided in this lab, you must enter your own custom password on the Rules tab and in Bootstrap.ini.
+    >For security reasons, you normally don't add the password to the Bootstrap.ini file; however, because this deployment share is for creating reference image builds only, and should not be published to the production network, it is acceptable to do so in this situation. Obviously if you are not using the same password (pass@word3) that is provided in this lab, you must enter your own custom password on the Rules tab and in Bootstrap.ini.
      
 4. On the **Windows PE** tab, in the **Platform** drop-down list, select **x86**.
 5. In the **Lite Touch Boot Image Settings** area, configure the following settings:
@@ -609,11 +606,11 @@ SkipFinalSummary=YES
 - **SkipCapture.** Skips the Capture pane.
 - **SkipFinalSummary.** Skips the final Windows Deployment Wizard summary. Because you use FinishAction=Shutdown, you don't want the wizard to stop in the end so that you need to click OK before the machine shuts down.
 
-## Build the Windows 11 reference image
+## Build the Windows 10 reference image
 
 As previously described, this section requires a Hyper-V host. See [Hyper-V requirements](prepare-for-windows-deployment-with-mdt.md#hyper-v-requirements) for more information.
 
-Once you have created your task sequence, you are ready to create the Windows 11 reference image. This will be performed by launching the task sequence from a virtual machine which will then automatically perform the reference image creation and capture process. 
+Once you have created your task sequence, you are ready to create the Windows 10 reference image. This will be performed by launching the task sequence from a virtual machine which will then automatically perform the reference image creation and capture process. 
 
 The steps below outline the process used to boot a virtual machine using an ISO boot image created by MDT, and then run the reference image task sequence image to create and capture the Windows 10 reference image.
 
@@ -624,67 +621,56 @@ The steps below outline the process used to boot a virtual machine using an ISO
 On **HV01**:
      
 2. Create a new virtual machine with the following settings:
-   1. Name: REFW11X64-001
+   1. Name: REFW10X64-001
    2. Store the virtual machine in a different location: C:\VM
    3. Generation 1
    4. Memory: 1024 MB
    5. Network: Must be able to connect to \\MDT01\MDTBuildLab$
    7. Hard disk: 60 GB (dynamic disk)
    8. Install OS with image file: C:\\ISO\\MDT Build Lab x86.iso
-1. Before you start the VM, add a checkpoint for REFW11X64-001, and name it **Clean with MDT Build Lab x86 ISO**.
+1. Before you start the VM, add a checkpoint for REFW10X64-001, and name it **Clean with MDT Build Lab x86 ISO**.
 
     **Note**: Checkpoints are useful if you need to restart the process and want to make sure you can start clean.
      
-4. Start the REFW11X64-001 virtual machine and connect to it.
+4. Start the REFW10X64-001 virtual machine and connect to it.
 
- > [!IMPORTANT]
- > Up to this point we have not discussed IP addressing or DHCP. In the initial setup for this guide, DC01 was provisioned as a DHCP server to provide IP address leases to client computers.  You might have a different DHCP server on your network that you wish to use. The REFW11X64-001 virtual machine requires an IP address lease that provides it with connectivity to MDT01 so that it can connect to the \\MDT01\MDTBuildLab$ share, and optionally the WSUS server on your network. A connection to the Internet is also used to download and updates during the image creation process. In the current scenario, this is accomplished with a DHCP scope that provides IP addresses in the 10.10.10.100 - 10.10.10.200 range, with a 10.10.10.1 gateway, as part of a /24 subnet so that the client can connect to MDT01 at 10.10.10.11, and also connect to external networks.

                    
- > If you receive a message that "A connection to the deployment share could not be made, check that the DHCP service is available to the REFW11X64-001 VM, and it has been issued a valid IP address lease (check your DHCP server).
+    **Note**: Up to this point we have not discussed IP addressing or DHCP. In the initial setup for this guide, DC01 was provisioned as a DHCP server to provide IP address leases to client computers.  You might have a different DHCP server on your network that you wish to use. The REFW10X64-001 virtual machine requires an IP address lease that provides it with connectivity to MDT01 so that it can connect to the \\MDT01\MDTBuildLab$ share. In the current scenario this is accomplished with a DHCP scope that provides IP addresses in the 10.10.10.100 - 10.10.10.200 range, as part of a /24 subnet so that the client can connect to MDT01 at 10.10.10.11.
 
-5. After booting into Windows PE, complete the Windows Deployment Wizard with the following settings:
- - Select a task sequence to execute on this computer: Windows 11 Enterprise x64 Default Image
- - Specify whether to capture an image: Capture an image of this reference computer
-    -   Location: \\\\MDT01\\MDTBuildLab$\\Captures
- -  File name: REFW11X64-001.wim
+    After booting into Windows PE, complete the Windows Deployment Wizard with the following settings:
+    1. Select a task sequence to execute on this computer: Windows 10 Enterprise x64 RTM Default Image
+    2. Specify whether to capture an image: Capture an image of this reference computer
+       -   Location: \\\\MDT01\\MDTBuildLab$\\Captures
+    3. File name: REFW10X64-001.wim
 
-  ![capture image.](../images/captureimage.png)
+        ![capture image.](../images/captureimage.png)
 
-  The Windows Deployment Wizard for the Windows 11 reference image.
+        The Windows Deployment Wizard for the Windows 10 reference image.
 
-The image creation process starts and does the following:
- 1. Installs the Windows 11 Enterprise operating system.
- 2. Installs the added applications, roles, and features.
- 3. Updates the operating system via your local Windows Server Update Services (WSUS) server (if provisioned).
- 4. Stages Windows PE on the local disk.
- 5. Runs System Preparation (Sysprep) and reboots into Windows PE.
- 6. Captures the installation to a Windows Imaging (WIM) file.
- 7. Turns off the virtual machine.
+5. The setup now starts and does the following:
+    1. Installs the Windows 10 Enterprise operating system.
+    2. Installs the added applications, roles, and features.
+    3. Updates the operating system via your local Windows Server Update Services (WSUS) server.
+    4. Stages Windows PE on the local disk.
+    5. Runs System Preparation (Sysprep) and reboots into Windows PE.
+    6. Captures the installation to a Windows Imaging (WIM) file.
+    7. Turns off the virtual machine.
 
-After some time (30-90 minutes depending on resources available), you will have a Windows 11 Enterprise x64 image that is fully patched and has run through Sysprep, located in the D:\\MDTBuildLab\\Captures folder on your deployment server. The file name is **REFW11X64-001.wim**.
+After some time, you will have a Windows 10 Enterprise x64 image that is fully patched and has run through Sysprep, located in the D:\\MDTBuildLab\\Captures folder on your deployment server. The file name is REFW10X64-001.wim.
 
    ![image.](../images/image-captured.png)
 
 ## Troubleshooting
 
+> [!IMPORTANT]
+> If you encounter errors applying the image when using a BIOS firmware type, see [Windows 10 deployments fail with Microsoft Deployment Toolkit on computers with BIOS type firmware](https://support.microsoft.com/topic/windows-10-deployments-fail-with-microsoft-deployment-toolkit-on-computers-with-bios-type-firmware-70557b0b-6be3-81d2-556f-b313e29e2cb7). This 
+
 If you [enabled monitoring](#enable-monitoring), you can check the progress of the task sequence.
 
    ![monitoring.](../images/mdt-monitoring.png)
 
-If monitoring is not working, check that http://localhost:9801/MDTMonitorData/ loads on MDT01, and try turning monitoring off and on again.
+If there are problems with your task sequence, you can troubleshoot in Windows PE by pressing F8 to open a command prompt. There are several [MDT log files](/configmgr/mdt/troubleshooting-reference#mdt-logs) created that can be helpful determining the origin of an error, such as BDD.log.  From the command line in Windows PE you can copy these logs from the client to your MDT server for viewing with CMTrace. For example: copy BDD.log \\\\mdt01\\logs$.
 
-If there are problems with your task sequence, you can troubleshoot in Windows PE by pressing F8 to open a command prompt. There are several [MDT log files](/configmgr/mdt/troubleshooting-reference#mdt-logs) created that can be helpful determining the origin of an error, such as BDD.log.  From the command line in Windows PE you can copy these logs from the client to your MDT server for viewing with CMTrace. For example: copy BDD.log \\\\mdt01\\logs$. An example is shown below.
-
-```cmd
-X:\>net use G: \\mdt01\c$\tmp /user:contoso\administrator pass@word1
-The command completed successfully.
-
-X:\>copy X:\MININT\SMSOSD\OSDLOGS\*.log G:
-        6 files copied.
-X:\>copp X:\Windows\Temp\SMSTSLog\smsts.log G:
-        1 file copied.
-```
-
-If you have trouble connecting to the deployment share, verify that your DHCP server (DC01 in this lab) has issued a lease to the VM. The DHCP client name will be something like minint-p1st75s.contoso.com.
+After some time, you will have a Windows 10 Enterprise x64 image that is fully patched and has run through Sysprep, located in the D:\\MDTBuildLab\\Captures folder on your deployment server. The file name is REFW10X64-001.wim.
 
 ## Related topics
 
diff --git a/windows/deployment/deploy-windows-mdt/deploy-a-windows-11-image-using-mdt.md b/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md
similarity index 88%
rename from windows/deployment/deploy-windows-mdt/deploy-a-windows-11-image-using-mdt.md
rename to windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md
index 435f937e56..9d20892e07 100644
--- a/windows/deployment/deploy-windows-mdt/deploy-a-windows-11-image-using-mdt.md
+++ b/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md
@@ -1,12 +1,12 @@
 ---
-title: Deploy a Windows 11 image using MDT (Windows 11)
-description: This topic will show you how to take your reference image for Windows 11, and deploy that image to your environment using the Microsoft Deployment Toolkit (MDT).
+title: Deploy a Windows 10 image using MDT (Windows 10)
+description: This topic will show you how to take your reference image for Windows 10, and deploy that image to your environment using the Microsoft Deployment Toolkit (MDT).
 ms.assetid: 1d70a3d8-1b1d-4051-b656-c0393a93f83c
 ms.reviewer: 
 manager: dougeby
 ms.author: greglin
 keywords: deployment, automate, tools, configure
-ms.prod: w11
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.localizationpriority: medium
 ms.sitesec: library
@@ -16,13 +16,12 @@ author: greg-lindsay
 ms.topic: article
 ---
 
-# Deploy a Windows 11 image using MDT
+# Deploy a Windows 10 image using MDT
 
 **Applies to**
-- Windows 10
-- Windows 11
+-   Windows 10
 
-This topic will show you how to take your reference image for Windows 11 [that was just created](create-a-windows-11-reference-image.md), and deploy that image to your environment using the Microsoft Deployment Toolkit (MDT). 
+This topic will show you how to take your reference image for Windows 10 (that was just [created](create-a-windows-10-reference-image.md)), and deploy that image to your environment using the Microsoft Deployment Toolkit (MDT). 
 
 We will prepare for this by creating an MDT deployment share that is used solely for image deployment. Separating the processes of creating reference images from the processes used to deploy them in production allows greater control of on both processes. We will configure Active Directory permissions, configure the deployment share, create a new task sequence, and add applications, drivers, and rules.
 
@@ -31,7 +30,7 @@ For the purposes of this topic, we will use four computers: DC01, MDT01, HV01 an
 - DC01 is a domain controller 
 - MDT01 is a domain member server 
 - HV01 is a Hyper-V server 
-- PC0005 is a blank device to which we will deploy Windows 11
+- PC0005 is a blank device to which we will deploy Windows 10
 
 MDT01 and PC0005 are members of the domain contoso.com for the fictitious Contoso Corporation.  HV01 used to test deployment of PC0005 in a virtual environment.
 
@@ -90,8 +89,11 @@ The steps for creating the deployment share for production are the same as when
 1. Ensure you are signed on as: contoso\administrator.
 2. In the Deployment Workbench console, right-click **Deployment Shares** and select **New Deployment Share**.
 3. On the **Path** page, in the **Deployment share path** text box, type **D:\\MDTProduction** and click **Next**.
+
 4. On the **Share** page, in the **Share name** text box, type **MDTProduction$** and click **Next**.
+
 5. On the **Descriptive Name** page, in the **Deployment share description** text box, type **MDT Production** and click **Next**.
+
 6. On the **Options** page, accept the default settings and click **Next** twice, and then click **Finish**.
 7. Using File Explorer, verify that you can access the **\\\\MDT01\\MDTProduction$** share.
 
@@ -111,22 +113,26 @@ On **MDT01**:
 
 ## Step 3: Add a custom image
 
-The next step is to add a reference image into the deployment share with the setup files required to successfully deploy Windows 11. When adding a custom image, you still need to copy setup files (an option in the wizard) because Windows 10/11 stores additional components in the Sources\\SxS folder which is outside the image and may be required when installing components.
+The next step is to add a reference image into the deployment share with the setup files required to successfully deploy Windows 10. When adding a custom image, you still need to copy setup files (an option in the wizard) because Windows 10 stores additional components in the Sources\\SxS folder which is outside the image and may be required when installing components.
 
-### Add the Windows 11 Enterprise x64 custom image
+### Add the Windows 10 Enterprise x64 RTM custom image
 
-In these steps, we assume that you have completed the steps in the [Create a Windows 11 reference image](create-a-windows-11-reference-image.md) topic, so you have a Windows 11 reference image at **D:\\MDTBuildLab\\Captures\REFW11X64-001.wim** on MDT01.
+In these steps, we assume that you have completed the steps in the [Create a Windows 10 reference image](create-a-windows-10-reference-image.md) topic, so you have a Windows 10 reference image at **D:\\MDTBuildLab\\Captures\REFW10X64-001.wim** on MDT01.
 
-1.  Using the Deployment Workbench, expand the **Deployment Shares** node, and then expand **MDT Production**; select the **Operating Systems** node, and create a folder named **Windows 11**.
+1.  Using the Deployment Workbench, expand the **Deployment Shares** node, and then expand **MDT Production**; select the **Operating Systems** node, and create a folder named **Windows 10**.
 2.  Right-click the **Windows 10** folder and select **Import Operating System**.
-3.  On the **OS Type** page, select **Custom image file** and click **Next**.
-4.  On the **Image** page, in the **Source file** text box, browse to **D:\\MDTBuildLab\\Captures\\REFW11X64-001.wim** and click **Next**.
-5.  On the **Setup** page, select the **Copy Windows 7, Windows Server 2008 R2, or later setup files from the specified path** option; in the **Setup source directory** text box, browse to **D:\\MDTBuildLab\\Operating Systems\\W11EX64** and click **Next**.
-6.  On the **Destination** page, in the **Destination directory name** text box, type **W11EX64**, click **Next** twice, and then click **Finish**.
-7.  After adding the operating system, double-click the added operating system name in the **Operating Systems / Windows 11** node and change the name to **Windows 11 Enterprise x64 Custom Image**.
 
-> [!NOTE]
-> The reason for adding the setup files has changed since earlier versions of MDT. MDT 2010 used the setup files to install Windows. MDT now uses DISM to apply the image; however, you still need the setup files because some components in roles and features are stored outside the main image.
+3.  On the **OS Type** page, select **Custom image file** and click **Next**.
+
+4.  On the **Image** page, in the **Source file** text box, browse to **D:\\MDTBuildLab\\Captures\\REFW10X64-001.wim** and click **Next**.
+
+5.  On the **Setup** page, select the **Copy Windows 7, Windows Server 2008 R2, or later setup files from the specified path** option; in the **Setup source directory** text box, browse to **D:\\MDTBuildLab\\Operating Systems\\W10EX64RTM** and click **Next**.
+
+6.  On the **Destination** page, in the **Destination directory name** text box, type **W10EX64RTM**, click **Next** twice, and then click **Finish**.
+7.  After adding the operating system, double-click the added operating system name in the **Operating Systems / Windows 10** node and change the name to **Windows 10 Enterprise x64 RTM Custom Image**.
+
+>[!NOTE]
+>The reason for adding the setup files has changed since earlier versions of MDT. MDT 2010 used the setup files to install Windows. MDT uses DISM to apply the image; however, you still need the setup files because some components in roles and features are stored outside the main image.
  
 
 ![imported OS.](../images/fig2-importedos.png)
@@ -139,15 +145,21 @@ When you configure your MDT Build Lab deployment share, you can also add applica
 
 On **MDT01**:
 
-1. Download the Enterprise distribution version of [Adobe Acrobat Reader DC](https://get.adobe.com/reader/enterprise/) (AcroRdrDC2100720091_en_US.exe) to **D:\\setup\\adobe** on MDT01.
-2. Extract the .exe file that you downloaded to an .msi (ex: .\AcroRdrDC2100720091_en_US.exe -sfx_o"d:\setup\adobe\install\" -sfx_ne).
+1. Download the Enterprise distribution version of [Adobe Acrobat Reader DC](https://get.adobe.com/reader/enterprise/) (AcroRdrDC2100520060_en_US.exe) to **D:\\setup\\adobe** on MDT01.
+2. Extract the .exe file that you downloaded to an .msi (ex: .\AcroRdrDC2100520060_en_US.exe -sfx_o"d:\setup\adobe\install\" -sfx_ne).
 3. In the Deployment Workbench, expand the **MDT Production** node and navigate to the **Applications** node.
 4. Right-click the **Applications** node, and create a new folder named **Adobe**.
+
 5. In the **Applications** node, right-click the **Adobe** folder and select **New Application**.
+
 6. On the **Application Type** page, select the **Application with source files** option and click **Next**.
+
 7. On the **Details** page, in the **Application Name** text box, type **Install - Adobe Reader** and click *Next**.
+
 8. On the **Source** page, in the **Source Directory** text box, browse to **D:\\setup\\adobe\\install** and click **Next**.
+
 9. On the **Destination** page, in the **Specify the name of the directory that should be created** text box, type **Install - Adobe Reader** and click **Next**.
+
 10. On the **Command Details** page, in the **Command Line** text box, type **msiexec /i AcroRead.msi /q**, click **Next** twice, and then click **Finish**.
 
     ![acroread image.](../images/acroread.png)
@@ -156,10 +168,7 @@ On **MDT01**:
 
 ## Step 5: Prepare the drivers repository
 
-> [!IMPORTANT]
-> The section below on preparing the drivers repository uses Windows 10-compatible devices and drivers as examples. These examples do not infer Windows 11 compatibility. Check with your device manufacturer before deploying drivers, and verify that the device meets Windows 11 hardware requirements. For more information, see [Windows 11 requirements](/windows/whats-new/windows-11-requirements).
-
-In order to deploy Windows 10 or Windows 11 with MDT successfully, you need drivers for the boot images and for the actual operating system. This section will show you how to add drivers for the boot image and operating system, using the following hardware models as examples:
+In order to deploy Windows 10 with MDT successfully, you need drivers for the boot images and for the actual operating system. This section will show you how to add drivers for the boot image and operating system, using the following hardware models as examples:
 -   Lenovo ThinkPad T420
 -   Dell Latitude 7390
 -   HP EliteBook 8560w
@@ -167,8 +176,8 @@ In order to deploy Windows 10 or Windows 11 with MDT successfully, you need dri
 
 For boot images, you need to have storage and network drivers; for the operating system, you need to have the full suite of drivers.
 
-> [!NOTE]
-> You should only add drivers to the Windows PE images if the default drivers don't work. Adding drivers that are not necessary will only make the boot image larger and potentially delay the download time.
+>[!NOTE]
+>You should only add drivers to the Windows PE images if the default drivers don't work. Adding drivers that are not necessary will only make the boot image larger and potentially delay the download time.
  
 ### Create the driver source structure in the file system
 
@@ -183,8 +192,8 @@ On **MDT01**:
 2.  In the **D:\\drivers** folder, create the following folder structure:
     1.  WinPE x86
     2.  WinPE x64
-    3.  Windows 11 x64
-3.  In the new Windows 11 x64 folder, create the following folder structure:
+    3.  Windows 10 x64
+3.  In the new Windows 10 x64 folder, create the following folder structure:
     -   Dell Inc.
         -   Latitude E7450
     -   Hewlett-Packard
@@ -204,8 +213,8 @@ When you import drivers to the MDT driver repository, MDT creates a single insta
 2.  In the **Out-Of-Box Drivers** node, create the following folder structure:
     1.  WinPE x86
     2.  WinPE x64
-    3.  Windows 11 x64
-3.  In the **Windows 11 x64** folder, create the following folder structure:
+    3.  Windows 10 x64
+3.  In the **Windows 10 x64** folder, create the following folder structure:
     -   Dell Inc.
         -   Latitude E7450
     -   Hewlett-Packard
@@ -236,28 +245,32 @@ The Out-of-Box Drivers structure in the Deployment Workbench.
 ### Create the selection profiles for boot image drivers
 
 By default, MDT adds any storage and network drivers that you import to the boot images. However, you should add only the drivers that are necessary to the boot image. You can control which drivers are added by using selection profiles.
-The drivers that are used for the boot images (Windows PE) are Windows 11 drivers. If you can’t locate Windows 11 drivers for your device, a Windows 10, Windows 8.1 or Windows 7 driver will most likely work, but Windows 11 drivers should be your first choice.
+The drivers that are used for the boot images (Windows PE) are Windows 10 drivers. If you can’t locate Windows 10 drivers for your device, a Windows 7 or Windows 8.1 driver will most likely work, but Windows 10 drivers should be your first choice.
 
 On **MDT01**:
 
 1.  In the Deployment Workbench, under the **MDT Production** node, expand the **Advanced Configuration** node, right-click the **Selection Profiles** node, and select **New Selection Profile**.
 2.  In the New Selection Profile Wizard, create a selection profile with the following settings:
-    1.  Selection Profile name: **WinPE x86**
+    1.  Selection Profile name: WinPE x86
     2.  Folders: Select the WinPE x86 folder in Out-of-Box Drivers.
     3. Click **Next**, **Next** and **Finish**.
 3.  Right-click the **Selection Profiles** node again, and select **New Selection Profile**.
 4.  In the New Selection Profile Wizard, create a selection profile with the following settings:
-    1.  Selection Profile name: **WinPE x64**
+    1.  Selection Profile name: WinPE x64
     2.  Folders: Select the WinPE x64 folder in Out-of-Box Drivers.
     3.  Click **Next**, **Next** and **Finish**.
 
+    ![figure 5.](../images/fig5-selectprofile.png)
+
+    Creating the WinPE x64 selection profile.
+
 ### Extract and import drivers for the x64 boot image
 
 Windows PE supports all the hardware models that we have, but here you learn to add boot image drivers to accommodate any new hardware that might require additional drivers. In this example, you add the latest Intel network drivers to the x64 boot image.
 
 On **MDT01**:
 
-1. Download **PROWinx64.exe** from Intel.com (ex: [Intel® Network Adapter Driver](https://www.intel.com/content/www/us/en/download/16765/intel-network-adapter-driver-for-windows-8-final-release.html)).
+1. Download **PROWinx64.exe** from Intel.com (ex: [PROWinx64.exe](https://downloadcenter.intel.com/downloads/eula/25016/Intel-Network-Adapter-Driver-for-Windows-10?httpDown=https%3A%2F%2Fdownloadmirror.intel.com%2F25016%2Feng%2FPROWinx64.exe)).
 2.  Extract PROWinx64.exe to a temporary folder - in this example to the **C:\\Tmp\\ProWinx64** folder.
     a. **Note**: Extracting the .exe file manually requires an extraction utility. You can also run the .exe and it will self-extract files to the **%userprofile%\AppData\Local\Temp\RarSFX0** directory. This directory is temporary and will be deleted when the .exe terminates. 
 3.  Using File Explorer, create the **D:\\Drivers\\WinPE x64\\Intel PRO1000** folder.
@@ -279,11 +292,11 @@ In this example, we assume you have downloaded and extracted the drivers using T
 
 On **MDT01**:
 
-1. In the Deployment Workbench, in the **MDT Production** > **Out-Of-Box Drivers** > **Windows 11 x64** node, expand the **Lenovo** node.
+1. In the Deployment Workbench, in the **MDT Production** > **Out-Of-Box Drivers** > **Windows 10 x64** node, expand the **Lenovo** node.
 
 2.  Right-click the **30A6003TUS** folder and select **Import Drivers** and use the following Driver source directory to import drivers: 
 
-    **D:\\Drivers\\Windows 11 x64\\Lenovo\\ThinkStation P500 (30A6003TUS)**
+    **D:\\Drivers\\Windows 10 x64\\Lenovo\\ThinkStation P500 (30A6003TUS)**
 
     The folder you select and all sub-folders will be checked for drivers, expanding any .cab files that are present and searching for drivers.
 
@@ -295,29 +308,29 @@ In these steps, we assume you have downloaded and extracted the CAB file for the
 
 On **MDT01**:
 
-1. In the **Deployment Workbench**, in the **MDT Production** > **Out-Of-Box Drivers** > **Windows 11 x64** node, expand the **Dell Inc.** node.
+1. In the **Deployment Workbench**, in the **MDT Production** > **Out-Of-Box Drivers** > **Windows 10 x64** node, expand the **Dell Inc.** node.
 
 2.  Right-click the **Latitude E7450** folder and select **Import Drivers** and use the following Driver source directory to import drivers: 
 
-    **D:\\Drivers\\Windows 11 x64\\Dell Inc.\\Latitude E7450**
+    **D:\\Drivers\\Windows 10 x64\\Dell Inc.\\Latitude E7450**
 
 ### For the HP EliteBook 8560w
 
 For the HP EliteBook 8560w, you use HP Image Assistant to get the drivers. The HP Image Assistant can be accessed on the [HP Support site](https://ftp.ext.hp.com/pub/caps-softpaq/cmit/HPIA.html).
 
-In these steps, we assume you have downloaded and extracted the drivers for the HP EliteBook 8650w model to the **D:\\Drivers\\Windows 11 x64\\Hewlett-Packard\\HP EliteBook 8560w** folder.
+In these steps, we assume you have downloaded and extracted the drivers for the HP EliteBook 8650w model to the **D:\\Drivers\\Windows 10 x64\\Hewlett-Packard\\HP EliteBook 8560w** folder.
 
 On **MDT01**:
 
-1.  In the **Deployment Workbench**, in the **MDT Production** > **Out-Of-Box Drivers** > **Windows 11 x64** node, expand the **Hewlett-Packard** node.
+1.  In the **Deployment Workbench**, in the **MDT Production** > **Out-Of-Box Drivers** > **Windows 10 x64** node, expand the **Hewlett-Packard** node.
 
 2.  Right-click the **HP EliteBook 8560w** folder and select **Import Drivers** and use the following Driver source directory to import drivers: 
 
-    **D:\\Drivers\\Windows 11 x64\\Hewlett-Packard\\HP EliteBook 8560w**
+    **D:\\Drivers\\Windows 10 x64\\Hewlett-Packard\\HP EliteBook 8560w**
 
 ### For the Microsoft Surface Laptop
 
-For the Microsoft Surface Laptop model, you find the drivers on the Microsoft website. In these steps we assume you have downloaded and extracted the Surface Laptop drivers to the **D:\\Drivers\\Windows 11 x64\\Microsoft\\Surface Laptop** folder.
+For the Microsoft Surface Laptop model, you find the drivers on the Microsoft website. In these steps we assume you have downloaded and extracted the Surface Laptop drivers to the **D:\\Drivers\\Windows 10 x64\\Microsoft\\Surface Laptop** folder.
 
 On **MDT01**:
 
@@ -325,40 +338,40 @@ On **MDT01**:
 
 2.  Right-click the **Surface Laptop** folder and select **Import Drivers**; and use the following Driver source directory to import drivers: 
 
-    **D:\\Drivers\\Windows 11 x64\\Microsoft\\Surface Laptop**
+    **D:\\Drivers\\Windows 10 x64\\Microsoft\\Surface Laptop**
 
 ## Step 6: Create the deployment task sequence
 
-This section will show you how to create the task sequence used to deploy your production Windows 11 reference image. You will then configure the task sequence to enable patching via a Windows Server Update Services (WSUS) server.
+This section will show you how to create the task sequence used to deploy your production Windows 10 reference image. You will then configure the task sequence to enable patching via a Windows Server Update Services (WSUS) server.
 
-### Create a task sequence for Windows 11 Enterprise
+### Create a task sequence for Windows 10 Enterprise
 
 On **MDT01**:
 
-1. In the Deployment Workbench, under the **MDT Production** node, right-click **Task Sequences**, and create a folder named **Windows 11**.
+1. In the Deployment Workbench, under the **MDT Production** node, right-click **Task Sequences**, and create a folder named **Windows 10**.
 
-2. Right-click the new **Windows 11** folder and select **New Task Sequence**. Use the following settings for the New Task Sequence Wizard:
-   - Task sequence ID: W11-X64-001
-   - Task sequence name: Windows 11 Enterprise x64 Custom Image
+2. Right-click the new **Windows 10** folder and select **New Task Sequence**. Use the following settings for the New Task Sequence Wizard:
+   - Task sequence ID: W10-X64-001
+   - Task sequence name: Windows 10 Enterprise x64 RTM Custom Image
    - Task sequence comments: Production Image
    - Template: Standard Client Task Sequence
-   - Select OS: Windows 11 Enterprise x64 Custom Image
+   - Select OS: Windows 10 Enterprise x64 RTM Custom Image
    - Specify Product Key: Do not specify a product key at this time
    - Full Name: Contoso
    - Organization: Contoso
    - Internet Explorer home page: https://www.contoso.com
    - Admin Password: Do not specify an Administrator Password at this time
 
-### Edit the Windows 11 task sequence
+### Edit the Windows 10 task sequence
 
-1. Continuing from the previous procedure, right-click the **Windows 11 Enterprise x64 Custom Image** task sequence, and select **Properties**.
+1. Continuing from the previous procedure, right-click the **Windows 10 Enterprise x64 RTM Custom Image** task sequence, and select **Properties**.
 
-2. On the **Task Sequence** tab, configure the **Windows 11 Enterprise x64 Custom Image** task sequence with the following settings:
+2. On the **Task Sequence** tab, configure the **Windows 10 Enterprise x64 RTM Custom Image** task sequence with the following settings:
 
    1.  Preinstall: After the **Enable BitLocker (Offline)** action, add a **Set Task Sequence Variable** action with the following settings:
        1.  Name: Set DriverGroup001
        2.  Task Sequence Variable: DriverGroup001
-       3.  Value: Windows 11 x64\\%Manufacturer%\\%Model%
+       3.  Value: Windows 10 x64\\%Manufacturer%\\%Model%
 
    2.  Configure the **Inject Drivers** action with the following settings:
        - Choose a selection profile: Nothing
@@ -473,7 +486,7 @@ On **MDT01**:
 11. Click **OK**.
 
     >[!NOTE]
-    >It might take a while for the Deployment Workbench to create the monitoring database and web service.
+    >It will take a while for the Deployment Workbench to create the monitoring database and web service.
  
     ![figure 8.](../images/mdt-07-fig08.png)
 
@@ -604,13 +617,13 @@ Like the MDT Build Lab deployment share, the MDT Production deployment share nee
 >[!NOTE]
 >The update process will take 5 to 10 minutes.
 
-## Step 8: Deploy the Windows 11 client image
+## Step 8: Deploy the Windows 10 client image
 
 These steps will walk you through the process of using task sequences to deploy Windows 10 images through a fully automated process. First, you need to add the boot image to Windows Deployment Services (WDS) and then start the deployment. In contrast with deploying images from the MDT Build Lab deployment share, we recommend using the Pre-Installation Execution Environment (PXE) to start the full deployments in the datacenter, even though you technically can use an ISO/CD or USB to start the process.
 
 ### Configure Windows Deployment Services
 
-You need to add the MDT Production Lite Touch x64 Boot image to WDS in preparation for the deployment. In this procedure, we assume that WDS is already installed and initialized on MDT01 as described in the [Prepare for Windows deployment](prepare-for-windows-deployment-with-mdt.md#install-and-initialize-wds) article. 
+You need to add the MDT Production Lite Touch x64 Boot image to WDS in preparation for the deployment. In this procedure, we assume that WDS is already installed and initialized on MDT01 as described in the [Prepare for Windows deployment](prepare-for-windows-deployment-with-mdt.md#install-and-initialize-windows-deployment-services-wds) article.
 
 On **MDT01**:
 
@@ -624,7 +637,7 @@ On **MDT01**:
 
    The boot image added to the WDS console.
 
-### Deploy the Windows 11 client
+### Deploy the Windows 10 client
 
 At this point, you should have a solution ready for deploying the Windows 10 client. We recommend starting by trying a few deployments at a time until you are confident that your configuration works as expected. We find it useful to try some initial tests on virtual machines before testing on physical hardware. This helps rule out hardware issues when testing or troubleshooting. Here are the steps to deploy your Windows 10 image to a virtual machine:
 
@@ -654,9 +667,9 @@ On **HV01**:
 
 4.  Setup now begins and does the following:
 
-    - Installs the Windows 11 Enterprise operating system.
+    - Installs the Windows 10 Enterprise operating system.
     - Installs the added application.
-    - Updates the operating system via your local Windows Server Update Services (WSUS) server (if configured).
+    - Updates the operating system via your local Windows Server Update Services (WSUS) server.
 
     ![pc0005 image1.](../images/pc0005-vm.png)
 
@@ -714,9 +727,9 @@ On **MDT01**:
 
     The newly created multicast namespace.
 
-## Use offline media to deploy Windows 11
+## Use offline media to deploy Windows 10
 
-In addition to network-based deployments, MDT supports the use of offline media-based deployments of Windows 11. You can very easily generate an offline version of your deployment share - either the full deployment share or a subset of it - through the use of selection profiles. The generated offline media can be burned to a DVD or copied to a USB stick for deployment.
+In addition to network-based deployments, MDT supports the use of offline media-based deployments of Windows 10. You can very easily generate an offline version of your deployment share - either the full deployment share or a subset of it - through the use of selection profiles. The generated offline media can be burned to a DVD or copied to a USB stick for deployment.
 
 Offline media are useful not only when you do not have network connectivity to the deployment share, but also when you have limited connection to the deployment share and do not want to copy 5 GB of data over the wire. Offline media can still join the domain, but you save the transfer of operating system images, drivers, and applications over the wire.
 
@@ -735,10 +748,10 @@ On **MDT01**:
 
     - Folders
       - Applications / Adobe
-      - Operating Systems / Windows 11
+      - Operating Systems / Windows 10
       - Out-Of-Box Drivers / WinPE x64
-      - Out-Of-Box Drivers / Windows 11 x64
-      - Task Sequences / Windows 11
+      - Out-Of-Box Drivers / Windows 10 x64
+      - Task Sequences / Windows 10
 
       ![offline media.](../images/mdt-offline-media.png)
 
@@ -756,7 +769,7 @@ In these steps, you generate offline media from the MDT Production deployment sh
 3.  Use the following settings for the New Media Wizard:
     -   General Settings
         - Media path: **D:\\MDTOfflineMedia**
-        - Selection profile: **Windows 11 Offline Media**
+        - Selection profile: **Windows 10 Offline Media**
 
 ### Configure the offline media
 
@@ -770,7 +783,7 @@ On **MDT01**:
 
 3.  In the **General** tab, configure the following:
     - Clear the Generate x86 boot image check box.
-    - ISO file name: Windows 11 Offline Media.iso
+    - ISO file name: Windows 10 Offline Media.iso
 
 4.  On the **Windows PE** tab, in the **Platform** drop-down list, select **x64**.
 
@@ -803,10 +816,15 @@ The ISO that you got when updating the offline media item can be burned to a DVD
 Follow these steps to create a bootable USB stick from the offline media content:
 
 1.  On a physical machine running Windows 7 or later, insert the USB stick you want to use.
+
 2.  Copy the content of the **MDTOfflineMedia\\Content** folder to the root of the USB stick.
+
 3.  Start an elevated command prompt (run as Administrator), and start the Diskpart utility by typing **Diskpart** and pressing **Enter**.
+
 4.  In the Diskpart utility, you can type **list volume** (or the shorter **list vol**) to list the volumes, but you really only need to remember the drive letter of the USB stick to which you copied the content. In our example, the USB stick had the drive letter F.
+
 5.  In the Diskpart utility, type **select volume F** (replace F with your USB stick drive letter).
+
 6.  In the Diskpart utility, type **active**, and then type **exit**.
 
 ## Unified Extensible Firmware Interface (UEFI)-based deployments
diff --git a/windows/deployment/deploy-windows-mdt/get-started-with-the-microsoft-deployment-toolkit.md b/windows/deployment/deploy-windows-mdt/get-started-with-the-microsoft-deployment-toolkit.md
index 0d0b8199c5..df26acb90f 100644
--- a/windows/deployment/deploy-windows-mdt/get-started-with-the-microsoft-deployment-toolkit.md
+++ b/windows/deployment/deploy-windows-mdt/get-started-with-the-microsoft-deployment-toolkit.md
@@ -1,5 +1,5 @@
 ---
-title: Get started with the Microsoft Deployment Toolkit (MDT) (Windows 10/11)
+title: Get started with the Microsoft Deployment Toolkit (MDT) (Windows 10)
 description: This topic will help you gain a better understanding of how to use the Microsoft Deployment Toolkit (MDT), as part of a Windows operating system deployment.
 ms.assetid: a256442c-be47-4bb9-a105-c831f58ce3ee
 ms.reviewer: 
@@ -20,7 +20,6 @@ ms.topic: article
 
 **Applies to**
 - Windows 10
-- Windows 11
 
 This article provides an overview of the features, components, and capabilities of the [Microsoft Deployment Toolkit (MDT)](/mem/configmgr/mdt/). When you have finished reviewing this information, see [Prepare for deployment with MDT](prepare-for-windows-deployment-with-mdt.md).
 
@@ -30,14 +29,17 @@ MDT is a unified collection of tools, processes, and guidance for automating des
 
 In addition to reducing deployment time and standardizing desktop and server images, MDT enables you to more easily manage security and ongoing configurations. MDT builds on top of the core deployment tools in the [Windows Assessment and Deployment Kit](/windows-hardware/get-started/adk-install) (Windows ADK) with additional guidance and features designed to reduce the complexity and time required for deployment in an enterprise environment.
 
-MDT supports the deployment of Windows 11, as well as Windows 7, Windows 8.1, Windows 10, and Windows Server. It also includes support for zero-touch installation (ZTI) with [Microsoft Endpoint Configuration Manager](/configmgr/).
+MDT supports the deployment of Windows 10, as well as Windows 7, Windows 8.1, and Windows Server. It also includes support for zero-touch installation (ZTI) with [Microsoft Endpoint Configuration Manager](/configmgr/).
+
+> [!IMPORTANT]
+> For more information about MDT supported platforms, see [MDT Release Notes](/mem/configmgr/mdt/release-notes#supported-platforms) and [MDT FAQ](/mem/configmgr/mdt/faq#is-this-release-only-supported-with-version--x--of-windows-client--windows-adk--or-configuration-manager-).
 
 ## Key features in MDT
 
 MDT has been in existence since 2003, when it was first introduced as Business Desktop Deployment (BDD) 1.0. The toolkit has evolved, both in functionality and popularity, and today it is considered fundamental to Windows operating system and enterprise application deployment.
 
 MDT has many useful features, such as:
-- **Windows Client support.** Supports Windows 7, Windows 8.1, Windows 10, and Windows 11.
+- **Windows Client support.** Supports Windows 7, Windows 8.1, and Windows 10.
 - **Windows Server support.** Supports Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, Windows Server 2016, and Windows Server 2019.
 - **Additional operating systems support.** Supports Windows Thin PC and [Windows Embedded POSReady 7](https://www.microsoft.com/en-us/download/details.aspx?id=26558), as well as Windows 8.1 Embedded Industry.
 - **UEFI support.** Supports deployment to machines using Unified Extensible Firmware Interface (UEFI) version 2.3.1.
@@ -69,11 +71,11 @@ MDT has many useful features, such as:
 - **Support for Microsoft Office.** Provides added support for deploying Microsoft Office.
 - **Support for Modern UI app package provisioning.** Provisions applications based on the new Windows app package standard, which is used in Windows 8 and later.
 - **Extensibility.** Provides the capability to extend MDT far beyond the built-in features by adding custom scripts, web services, System Center Orchestrator runbooks, PowerShell scripts, and VBScripts.
-- **Upgrade task sequence.** Provides a new upgrade task sequence template that you can use to upgrade existing Windows 7, Windows 8, Windows 8.1, and Windows 10 systems directly to Windows 11, automatically preserving all data, settings, applications, and drivers. For more information about using this new upgrade task sequence, refer to the [Microsoft Deployment Toolkit resource page](/mem/configmgr/mdt/).
+- **Upgrade task sequence.** Provides a new upgrade task sequence template that you can use to upgrade existing Windows 7, Windows 8, and Windows 8.1 systems directly to Windows 10, automatically preserving all data, settings, applications, and drivers. For more information about using this new upgrade task sequence, refer to the [Microsoft Deployment Toolkit resource page](/mem/configmgr/mdt/).
 
 ## MDT Lite Touch components
 
-Many features in MDT support Lite Touch Installation (LTI) for Windows 11. An LTI deployment strategy requires very little infrastructure or user interaction, and can be used to deploy an operating system from a network share or from a physical media, such as a USB flash drive or disc.
+Many features in MDT support Lite Touch Installation (LTI) for Windows 10. An LTI deployment strategy requires very little infrastructure or user interaction, and can be used to deploy an operating system from a network share or from a physical media, such as a USB flash drive or disc.
 
 When deploying the Windows operating system using MDT, most of the administration and configuration is done through the Deployment Workbench, but you also can perform many of the tasks using Windows PowerShell. The easiest way to find out how to use PowerShell in MDT is to use the Deployment Workbench to perform an operation and at the end of that task, click View Script. That will give you the PowerShell command.
 
diff --git a/windows/deployment/deploy-windows-mdt/prepare-for-windows-deployment-with-mdt.md b/windows/deployment/deploy-windows-mdt/prepare-for-windows-deployment-with-mdt.md
index bd9599c6e4..186a8fe7bd 100644
--- a/windows/deployment/deploy-windows-mdt/prepare-for-windows-deployment-with-mdt.md
+++ b/windows/deployment/deploy-windows-mdt/prepare-for-windows-deployment-with-mdt.md
@@ -1,12 +1,12 @@
 ---
-title: Prepare for deployment with MDT (Windows 11)
-description: This topic will walk you through the steps necessary to create the server structure required to deploy the Windows 11 operating system using the Microsoft Deployment Toolkit (MDT).
+title: Prepare for deployment with MDT (Windows 10)
+description: This topic will walk you through the steps necessary to create the server structure required to deploy the Windows 10 operating system using the Microsoft Deployment Toolkit (MDT).
 ms.assetid: 5103c418-0c61-414b-b93c-a8e8207d1226
 ms.reviewer: 
 manager: dougeby
 ms.author: greglin
 keywords: deploy, system requirements
-ms.prod: w11
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.localizationpriority: medium
 ms.sitesec: library
@@ -19,68 +19,51 @@ ms.topic: article
 # Prepare for deployment with MDT
 
 **Applies to**
-- Windows 10
-- Windows 11
+-   Windows 10
 
+This article will walk you through the steps necessary to prepare your network and server infrastructure to deploy Windows 10 with the Microsoft Deployment Toolkit (MDT). It covers the installation of the necessary system prerequisites, the creation of shared folders and service accounts, and the configuration of security permissions in the file system and in Active Directory.
 
-This article will walk you through the steps necessary to prepare your network and server infrastructure to deploy Windows 11 with the Microsoft Deployment Toolkit (MDT). All procedures in this guide can also be used to deploy Windows 10.  For an overview of the features, components, and capabilities of MDT, see [Get started with MDT](get-started-with-the-microsoft-deployment-toolkit.md).
-
-This article covers installation of necessary system prerequisites, creation of shared folders and service accounts, and configuration of security permissions in the file system and in Active Directory. Steps to complete the following procedures are provided:
-
-1. Install the Windows Assessment and Deployment Kit (ADK)
-2. Install and initialize Windows Deployment Services (WDS)
-3. Install MDT
-4. Create an Active Directory Organizational Unit structure to support deployment
-5. Create the MDT service account
-6. Create and share the logs folder
-
-After completing these steps, you can create a [Windows 11 reference image](create-a-windows-11-reference-image.md) that will be used to deploy Windows 11. If you are installing Windows 10 instead of Windows 11, use [source media](create-a-windows-11-reference-image.md#add-setup-files) for Windows 10 instead of Windows 11 to create your reference image.
-
-> [!IMPORTANT]
-> Before deploying Windows 11, verify that the device meets [requirements](/windows/whats-new/windows-11-requirements).
-
-## Infrastructure and requirements
+## Infrastructure
 
 The procedures in this guide use the following names and infrastructure.
 
-#### Network and servers
+### Network and servers
 
 For the purposes of this topic, we will use three server computers: **DC01**, **MDT01**, and **HV01**.
 - All servers are running Windows Server 2019. 
     - You can use an earlier version of Windows Server with minor modifications to some procedures.
     - Note: Although MDT supports Windows Server 2008 R2, at least Windows Server 2012 R2 or later is required to perform the procedures in this guide.
 - **DC01** is a domain controller, DHCP server, and DNS server for contoso.com, representing the fictitious Contoso Corporation.
-    - The DHCP scope used in this lab is 10.10.10.0/24 with a gateway of 10.10.10.1. but you can adjust the scope settings to your environment.
 - **MDT01** is a domain member server in contoso.com with a data (D:) drive that can store at least 200GB. MDT01 will host deployment shares and run the Windows Deployment Service. Optionally, MDT01 is also a WSUS server.
-    - A second MDT server (**MDT02**) configured identically to MDT01 is optionally used to [build a distributed environment](build-a-distributed-environment-for-windows-deployment.md) for Windows 11 deployment. This server is located on a different subnet than MDT01 and has a different default gateway.
-- **HV01** is a Hyper-V host computer that is used to build a Windows 11 reference image.
+    - A second MDT server (**MDT02**) configured identically to MDT01 is optionally used to [build a distributed environment](build-a-distributed-environment-for-windows-10-deployment.md) for Windows 10 deployment. This server is located on a different subnet than MDT01 and has a different default gateway.
+- **HV01** is a Hyper-V host computer that is used to build a Windows 10 reference image.
     - See [Hyper-V requirements](#hyper-v-requirements) below for more information about HV01.
 
-#### Client computers
+### Client computers
 
 Several client computers are referenced in this guide with hostnames of PC0001 to PC0007.
 
-- **PC0001**: A computer running Windows 11 Enterprise x64, fully patched with the latest security updates, and configured as a member in the contoso.com domain.
+- **PC0001**: A computer running Windows 10 Enterprise x64, fully patched with the latest security updates, and configured as a member in the contoso.com domain.
   - Client name: PC0001
   - IP Address: DHCP
-- **PC0002**: A computer running Windows 10 Enterprise x64, fully patched with the latest security updates, and configured as a member in the contoso.com domain. This computer is referenced during the migration scenarios.
+- **PC0002**: A computer running Windows 7 SP1 Enterprise x64, fully patched with the latest security updates, and configured as a member in the contoso.com domain. This computer is referenced during the migration scenarios.
   - Client name: PC0002
   - IP Address: DHCP
-- **PC0003 - PC0007**: These are other client computers similar to PC0001 and PC0002 that are used in this guide and another guide for various scenarios. The device names are incremented for clarity within each scenario. For example, PC0003 and PC0004 are running Windows 10 just like PC0002, but are used for Configuration Manager refresh and replace scenarios, respectively.
+- **PC0003 - PC0007**: These are other client computers similar to PC0001 and PC0002 that are used in this guide and another guide for various scenarios. The device names are incremented for clarity within each scenario. For example, PC0003 and PC0004 are running Windows 7 just like PC0002, but are used for Configuration Manager refresh and replace scenarios, respectively.
 
-#### Storage requirements
+### Storage requirements
 
 MDT01 and HV01 should have the ability to store up to 200 GB of files on a data drive (D:). If you use a computer with a single system partition (C:), you will need to adjust some procedures in this guide to specify the C: drive instead of the D: drive.
 
-#### Hyper-V requirements
+### Hyper-V requirements
 
-If you do not have access to a Hyper-V server, you can install Hyper-V on a Windows 8.1, Windows 10, or Windows 11 computer temporarily to use for building reference images. For instructions on how to enable Hyper-V on Windows 10, see the [Verify support and install Hyper-V](../windows-10-poc.md#verify-support-and-install-hyper-v) section in the Windows 10 deployment test lab guide. This guide is a proof-of-concept guide that has detailed instructions for installing Hyper-V.
+If you do not have access to a Hyper-V server, you can install Hyper-V on a Windows 10 or Windows 8.1 computer temporarily to use for building reference images. For instructions on how to enable Hyper-V on Windows 10, see the [Verify support and install Hyper-V](../windows-10-poc.md#verify-support-and-install-hyper-v) section in the Windows 10 deployment test lab guide. This guide is a proof-of-concept guide that has detailed instructions for installing Hyper-V.
 
-#### Network requirements
+### Network requirements
 
 All server and client computers referenced in this guide are on the same subnet. This is not required, but each server and client computer must be able to connect to each other to share files, and to resolve all DNS names and Active Directory information for the contoso.com domain.  Internet connectivity is also required to download OS and application updates.
 
-#### Domain credentials
+### Domain credentials
 
 The following generic credentials are used in this guide. You should replace these credentials as they appear in each procedure with your credentials.
 
@@ -88,7 +71,7 @@ The following generic credentials are used in this guide. You should replace the
 **Domain administrator username**: administrator
                    
 **Domain administrator password**: pass@word1
 
-#### Organizational unit structure
+### Organizational unit structure
 
 The following OU structure is used in this guide. Instructions are provided [below](#create-the-ou-structure) to help you create the required OUs.
 
@@ -101,8 +84,11 @@ These steps assume that you have the MDT01 member server running and configured
 On **MDT01**:
 
 Visit the [Download and install the Windows ADK](/windows-hardware/get-started/adk-install) page and download the following items to the **D:\\Downloads\\ADK** folder on MDT01 (you will need to create this folder):
-- [The Windows ADK](https://go.microsoft.com/fwlink/?linkid=2165884)
-- [The Windows PE add-on for the ADK](https://go.microsoft.com/fwlink/?linkid=2166133)
+- [The Windows ADK for Windows 10](https://go.microsoft.com/fwlink/?linkid=2086042)
+- [The Windows PE add-on for the ADK](https://go.microsoft.com/fwlink/?linkid=2087112)
+- [The Windows System Image Manager (WSIM) 1903 update](https://go.microsoft.com/fwlink/?linkid=2095334)
+- (Optional) [The MDT_KB4564442 patch for BIOS firmware](https://download.microsoft.com/download/3/0/6/306AC1B2-59BE-43B8-8C65-E141EF287A5E/KB4564442/MDT_KB4564442.exe)
+  - This patch is needed to resolve a bug that causes detection of BIOS-based machines as UEFI-based machines.  If you have a UEFI deployment, you do not need this patch.
 
 >[!TIP]
 >You might need to temporarily disable IE Enhanced Security Configuration for administrators in order to download files from the Internet to the server. This setting can be disabled by using Server Manager (Local Server/Properties).
@@ -110,9 +96,12 @@ Visit the [Download and install the Windows ADK](/windows-hardware/get-started/a
 1. On **MDT01**, ensure that you are signed in as an administrator in the CONTOSO domain.
     - For the purposes of this guide, we are using a Domain Admin account of **administrator** with a password of pass@word1. You can use your own administrator username and password as long as you properly adjust all steps in this guide that use these login credentials.
 2. Start the **ADK Setup** (D:\\Downloads\\ADK\\adksetup.exe), click **Next** twice to accept the default installation parameters, click **Accept** to accept the license agreement, and then on the **Select the features you want to install** page accept the default list of features by clicking **Install**. This will install deployment tools and the USMT. Verify that the installation completes successfully before moving to the next step.
-3. Start the **WinPE Setup** (D:\\Downloads\\ADK\\adkwinpesetup.exe), click **Next** twice to accept the default installation parameters, click **Accept** to accept the license agreement, and then on the **Select the features you want to install** page click **Install**. This will install Windows PE for x86, AMD64, ARM, and ARM64. Verify that the installation completes successfully.
+3. Start the **WinPE Setup** (D:\\Downloads\\ADK\\adkwinpesetup.exe), click **Next** twice to accept the default installation parameters, click **Accept** to accept the license agreement, and then on the **Select the features you want to install** page click **Install**. This will install Windows PE for x86, AMD64, ARM, and ARM64. Verify that the installation completes successfully before moving to the next step.
+4. Extract the **WSIM 1903 update** (D:\\Downloads\ADK\\WSIM1903.zip) and then run the **UpdateWSIM.bat** file.
+   - You can confirm that the update is applied by viewing properties of the ImageCat.exe and ImgMgr.exe files at **C:\\Program Files (x86)\\Windows Kits\\10\\Assessment and Deployment Kit\\Deployment Tools\\WSIM** and verifying that the **Details** tab displays a **File version** of **10.0.18362.144** or later.
+5. If you downloaded the optional MDT_KB4564442 patch for BIOS based deployment, see [this support article](https://support.microsoft.com/en-us/topic/windows-10-deployments-fail-with-microsoft-deployment-toolkit-on-computers-with-bios-type-firmware-70557b0b-6be3-81d2-556f-b313e29e2cb7) for instructions on how to install the patch.
 
-## Install and initialize WDS
+## Install and initialize Windows Deployment Services (WDS)
 
 On **MDT01**:
 
@@ -141,7 +130,7 @@ To install WSUS on MDT01, enter the following at an elevated Windows PowerShell
 
 >[!NOTE]
 >MDT installation requires the following:
->-   The Windows ADK (installed in the previous procedure)
+>-   The Windows ADK for Windows 10 (installed in the previous procedure)
 >-   Windows PowerShell ([version 5.1](https://www.microsoft.com/download/details.aspx?id=54616) is recommended; type **$host** to check)
 >-   Microsoft .NET Framework
 
@@ -149,10 +138,8 @@ On **MDT01**:
 
 1. Visit the [MDT resource page](/mem/configmgr/mdt/) and click **Download MDT**. 
 2. Save the **MicrosoftDeploymentToolkit_x64.msi** file to the D:\\Downloads\\MDT folder on MDT01. 
-3. Save the [MDT update](https://support.microsoft.com/topic/windows-10-deployments-fail-with-microsoft-deployment-toolkit-on-computers-with-bios-type-firmware-70557b0b-6be3-81d2-556f-b313e29e2cb7) to D:\\Downloads\\MDT folder on MDT01.
     - **Note**: As of the publishing date for this guide, the current version of MDT is 8456 (6.3.8456.1000), but a later version will also work.
-4. Install **MDT** (D:\\Downloads\\MDT\\MicrosoftDeploymentToolkit_x64.exe) with the default settings.
-5. If you are using MDT version 8456, download, extract, and update MDT per the instructions on [Windows 10 deployments fail with Microsoft Deployment Toolkit on computers with BIOS type firmware](https://support.microsoft.com/topic/windows-10-deployments-fail-with-microsoft-deployment-toolkit-on-computers-with-bios-type-firmware-70557b0b-6be3-81d2-556f-b313e29e2cb7).  This will update **Microsoft.BDD.Utility.dll** from version 6.3.8456.1000 to 6.3.8456.1001.
+3. Install **MDT** (D:\\Downloads\\MDT\\MicrosoftDeploymentToolkit_x64.exe) with the default settings.
 
 ## Create the OU structure
 
@@ -231,8 +218,6 @@ If you have the Active Directory Users and Computers console open you can refres
 
 ## Create and share the logs folder
 
-Switch back to the MDT01 computer.
-
 By default MDT stores the log files locally on the client. In order to capture a reference image, you will need to enable server-side logging and, to do that, you will need to have a folder in which to store the logs. For more information, see [Create a Windows 10 reference image](create-a-windows-10-reference-image.md).
 
 On **MDT01**:
@@ -265,5 +250,13 @@ After installing the ConfigMgrTools.msi file, you can search for **cmtrace** and
 
 ## Next steps
 
-When you have completed all the steps in this section to prepare for deployment, see [Create a Windows 11 reference image](create-a-windows-11-reference-image.md).
+When you have completed all the steps in this section to prepare for deployment, see [Create a Windows 10 reference image](create-a-windows-10-reference-image.md).
 
+## Appendix
+
+**Sample files**
+
+The following sample files are also available to help automate some MDT deployment tasks. This guide does not use these files, but they are made available here so you can see how some tasks can be automated with Windows PowerShell.
+- [Gather.ps1](/samples/browse/?redirectedfrom=TechNet-Gallery). This sample Windows PowerShell script performs the MDT Gather process in a simulated MDT environment. This allows you to test the MDT gather process and check to see if it is working correctly without performing a full Windows deployment.
+- [Set-OUPermissions.ps1](https://go.microsoft.com/fwlink/p/?LinkId=619362). This sample Windows PowerShell script creates a domain account and then configures OU permissions to allow the account to join machines to the domain in the specified OU.
+- [MDTSample.zip](https://go.microsoft.com/fwlink/p/?LinkId=619363). This sample web service shows you how to configure a computer name dynamically using MDT.
diff --git a/windows/deployment/deploy-windows-mdt/refresh-a-windows-10-computer-with-windows-11.md b/windows/deployment/deploy-windows-mdt/refresh-a-windows-7-computer-with-windows-10.md
similarity index 53%
rename from windows/deployment/deploy-windows-mdt/refresh-a-windows-10-computer-with-windows-11.md
rename to windows/deployment/deploy-windows-mdt/refresh-a-windows-7-computer-with-windows-10.md
index 1ec5026bb1..57a26f04a9 100644
--- a/windows/deployment/deploy-windows-mdt/refresh-a-windows-10-computer-with-windows-11.md
+++ b/windows/deployment/deploy-windows-mdt/refresh-a-windows-7-computer-with-windows-10.md
@@ -1,6 +1,6 @@
 ---
-title: Refresh a Windows 10 computer with Windows 11 (Windows 11)
-description: This topic will show you how to use MDT Lite Touch Installation (LTI) to upgrade a Windows 10 computer to a Windows 11 computer using the computer refresh process.
+title: Refresh a Windows 7 computer with Windows 10 (Windows 10)
+description: This topic will show you how to use MDT Lite Touch Installation (LTI) to upgrade a Windows 7 computer to a Windows 10 computer using the computer refresh process.
 ms.assetid: 2866fb3c-4909-4c25-b083-6fc1f7869f6f
 ms.reviewer: 
 manager: dougeby
@@ -16,18 +16,17 @@ author: greg-lindsay
 ms.topic: article
 ---
 
-# Refresh a Windows 10 computer with Windows 11
+# Refresh a Windows 7 computer with Windows 10
 
 **Applies to**
-- Windows 10
-- Windows 11
+-   Windows 10
 
-This topic will show you how to use MDT Lite Touch Installation (LTI) to upgrade a Windows 10 computer to a Windows 11 computer using the online computer refresh process. The computer refresh scenario is a reinstallation of an updated operating system on the same computer. You can also use this procedure to reinstall the same OS version. In this article, the computer refresh will be done while the computer is online. MDT also supports an offline computer refresh. For more info on that scenario, see the USMTOfflineMigration property on the [MDT resource page](/mem/configmgr/mdt/).
+This topic will show you how to use MDT Lite Touch Installation (LTI) to upgrade a Windows 7 computer to a Windows 10 computer using the online computer refresh process. The computer refresh scenario is a reinstallation of an updated operating system on the same computer. You can also use this procedure to reinstall the same OS version. In this article, the computer refresh will be done while the computer is online. MDT also supports an offline computer refresh. For more info on that scenario, see the USMTOfflineMigration property on the [MDT resource page](/mem/configmgr/mdt/).
 
 For the purposes of this topic, we will use three computers: DC01, MDT01, and PC0001. 
 - DC01 is a domain controller for the contoso.com domain.
 - MDT01 is domain member server that hosts your deployment share.
-- PC0001 is a domain member computer running a previous version of Windows that is going to be refreshed to Windows 11, with data and settings restored. The example used here is a computer running Windows 10, version 1909.
+- PC0001 is a domain member computer running a previous version of Windows that is going to be refreshed to a new version of Windows 10, with data and settings restored. The example used here is a computer running Windows 7 SP1.
 
 Both DC01 and MDT01 are running Windows Server 2019; however any supported version of Windows Server can be used. For more details on the setup for this topic, please see [Prepare for deployment with MDT](prepare-for-windows-deployment-with-mdt.md).
 
@@ -39,7 +38,7 @@ The computers used in this topic.
 
 A computer refresh is not the same as an in-place upgrade because a computer refresh involves exporting user data and settings then wiping the device before installing a fresh OS and restoring the user's data and settings.
 
-For a computer refresh with MDT, you use the User State Migration Tool (USMT), which is part of the Windows Assessment and Deployment Kit (ADK), to migrate user data and settings. To complete a computer refresh you will:
+For a computer refresh with MDT, you use the User State Migration Tool (USMT), which is part of the Windows Assessment and Deployment Kit (ADK) for Windows 10, to migrate user data and settings. To complete a computer refresh you will:
 
 1.  Back up data and settings locally, in a backup folder.
 2.  Wipe the partition, except for the backup folder.
@@ -49,8 +48,8 @@ For a computer refresh with MDT, you use the User State Migration Tool (USMT), w
 
 During the computer refresh, USMT uses a feature called Hard-Link Migration Store. When you use this feature, the files are simply linked in the file system, which allows for fast migration, even when there is a lot of data.
 
-> [!NOTE]
-> In addition to the USMT backup, you can enable an optional full Windows Imaging (WIM) backup of the machine by configuring the MDT rules. If you do this, a .wim file is created in addition to the USMT backup. The .wim file contains the entire volume from the computer and helpdesk personnel can extract content from it if needed. Please note that this is a data WIM backup only. Using this backup to restore the entire computer is not a supported scenario.
+>[!NOTE]
+>In addition to the USMT backup, you can enable an optional full Windows Imaging (WIM) backup of the machine by configuring the MDT rules. If you do this, a .wim file is created in addition to the USMT backup. The .wim file contains the entire volume from the computer and helpdesk personnel can extract content from it if needed. Please note that this is a data WIM backup only. Using this backup to restore the entire computer is not a supported scenario.
  
 ### Multi-user migration
 
@@ -58,8 +57,8 @@ By default, ScanState in USMT backs up all profiles on the machine, including lo
 
 For example, the following line configures USMT to migrate only domain user profiles and not profiles from the local SAM account database: ScanStateArgs=/ue:\*\\\* /ui:CONTOSO\\\*
 
-> [!NOTE]
-> You also can combine the preceding switches with the /uel switch, which excludes profiles that have not been accessed within a specific number of days. For example, adding /uel:60 will configure ScanState (or LoadState) not to include profiles that haven't been accessed for more than 60 days.
+>[!NOTE]
+>You also can combine the preceding switches with the /uel switch, which excludes profiles that have not been accessed within a specific number of days. For example, adding /uel:60 will configure ScanState (or LoadState) not to include profiles that haven't been accessed for more than 60 days.
  
 ### Support for additional settings
 
@@ -69,32 +68,29 @@ In addition to the command-line switches that control which profiles to migrate,
 
 Multicast is a technology designed to optimize simultaneous deployment to multiple devices. If you have a limited number of simultaneous deployments, you should disable multicast which was [configured in a previous procedure](deploy-a-windows-10-image-using-mdt.md#set-up-mdt-for-multicast) in this guide. Disabling multicast will speed up deployment for a small number of computers. You will need to update the deployment share after changing this setting.
 
-## Refresh a Windows 10 client
+## Refresh a Windows 7 SP1 client
 
 In these section, we assume that you have already performed the prerequisite procedures in the following topics, so that you have a deployment share named **MDTProduction$** on MDT01:
 
 - [Prepare for deployment with MDT](prepare-for-windows-deployment-with-mdt.md)
-- [Create a Windows 11 reference image](create-a-windows-11-reference-image.md)
-- [Deploy a Windows 11 image using MDT](deploy-a-windows-11-image-using-mdt.md)
+- [Create a Windows 10 reference image](create-a-windows-10-reference-image.md)
+- [Deploy a Windows 10 image using MDT](deploy-a-windows-10-image-using-mdt.md)
 
-It is also assumed that you have a domain member client computer named PC0001 in your environment running Windows 7, 8.1 or 10 that is ready for a refresh to Windows 11.  For demonstration purposes, we will refreshing a Windows 10 PC to Windows 11.
-
-> [!IMPORTANT]
-> The computer refresh process can be used to install Windows 11 on a device that doesn't meet Windows 11 hardware requirements, resulting in an unsupported configuration. Before upgrading to Windows 11, verify that the device meets [Windows 11 hardware requirements](/windows/whats-new/windows-11-requirements).
+It is also assumed that you have a domain member client computer named PC0001 in your environment running Windows 7, 8.1 or 10 that is ready for a refresh to the latest version of Windows 10.  For demonstration purposes, we will refreshing a Windows 7 SP1 PC to Windows 10, version 1909.
  
-### Upgrade (refresh) a Windows 10 client
+### Upgrade (refresh) a Windows 7 SP1 client
 
-> [!IMPORTANT]
-> Domain join details [specified in the deployment share rules](deploy-a-windows-11-image-using-mdt.md#configure-the-rules) will be used to rejoin the computer to the domain during the refresh process.  If the Windows 10 client is domain-jonied in a different OU than the one specified by MachineObjectOU, the domain join process will initially fail and then retry without specifying an OU. If the domain account that is specified (ex: **MDT_JD**) has [permissions limited to a specific OU](deploy-a-windows-11-image-using-mdt.md#step-1-configure-active-directory-permissions) then the domain join will ultimately fail, the refresh process will proceed, and the client computer object will be orphaned in Active Directory. In the current guide, computer objects should be located in Contoso > Computers > Workstations. Use the Active Directory Users and Computers console to review the location of computer objects and move them if needed. To diagnose MDT domain join errors, see **ZTIDomainJoin.log** in the C:\Windows\Temp\DeploymentLogs directory on the client computer. 
+>[!IMPORTANT]
+>Domain join details [specified in the deployment share rules](deploy-a-windows-10-image-using-mdt.md#configure-the-rules) will be used to rejoin the computer to the domain during the refresh process.  If the Windows 7 client is domain-jonied in a different OU than the one specified by MachineObjectOU, the domain join process will initially fail and then retry without specifying an OU. If the domain account that is specified (ex: **MDT_JD**) has [permissions limited to a specific OU](deploy-a-windows-10-image-using-mdt.md#step-1-configure-active-directory-permissions) then the domain join will ultimately fail, the refresh process will proceed, and the client computer object will be orphaned in Active Directory. In the current guide, computer objects should be located in Contoso > Computers > Workstations. Use the Active Directory Users and Computers console to review the location of computer objects and move them if needed. To diagnose MDT domain join errors, see **ZTIDomainJoin.log** in the C:\Windows\Temp\DeploymentLogs directory on the client computer. 
 
 1. On PC0001, sign in as **contoso\\Administrator** and start the Lite Touch Deploy Wizard by opening **\\\\MDT01\\MDTProduction$\\Scripts\\Litetouch.vbs**. 
 2. Complete the deployment guide using the following settings:
     
-   * Select a task sequence to execute on this computer: Windows 11 Enterprise x64 Custom Image
+   * Select a task sequence to execute on this computer: Windows 10 Enterprise x64 RTM Custom Image
    * Computer name: <default>
    * Specify where to save a complete computer backup: Do not back up the existing computer
-     > [!NOTE]
-     > Skip this optional full WIM backup that we are choosing not to perform. The USMT backup will still run.
+     >[!NOTE]
+     >Skip this optional full WIM backup that we are choosing not to perform. The USMT backup will still run.
    * Select one or more applications to install: Install - Adobe Reader
 
      ![Computer refresh.](../images/fig2-taskseq.png "Start the computer refresh")
@@ -102,23 +98,23 @@ It is also assumed that you have a domain member client computer named PC0001 in
 4. Setup starts and does the following:
     
    * Backs up user settings and data using USMT.
-   * Installs the Windows 11 Enterprise x64 operating system.
+   * Installs the Windows 10 Enterprise x64 operating system.
    * Installs any added applications.
-   * Updates the operating system using your local Windows Server Update Services (WSUS) server (if applicable).
+   * Updates the operating system using your local Windows Server Update Services (WSUS) server.
    * Restores user settings and data using USMT.
 
 5. You can monitor progress of the deployment using the deployment workbench on MDT01. See the following example:
 
      ![monitor deployment.](../images/monitor-pc0001.png)
 
-6. After the refresh process completes, sign in to the Windows 11 computer and verify that user accounts, data and settings were migrated.
+6. After the refresh process completes, sign in to the Windows 10 computer and verify that user accounts, data and settings were migrated.
 
 ## Related topics
 
 [Get started with the Microsoft Deployment Toolkit (MDT)](get-started-with-the-microsoft-deployment-toolkit.md)
                    
 [Prepare for deployment with MDT](prepare-for-windows-deployment-with-mdt.md)
                    
-[Create a Windows 11 reference image](create-a-windows-11-reference-image.md)
                    
-[Deploy a Windows 11 image using MDT](deploy-a-windows-11-image-using-mdt.md)
                    
-[Build a distributed environment for Windows 11 deployment](build-a-distributed-environment-for-windows-deployment.md)
                    
-[Replace a Windows 10 computer with a Windows 11 computer](replace-a-windows-10-computer-with-a-windows-11-computer.md)
                    
+[Create a Windows 10 reference image](create-a-windows-10-reference-image.md)
                    
+[Deploy a Windows 10 image using MDT](deploy-a-windows-10-image-using-mdt.md)
                    
+[Build a distributed environment for Windows 10 deployment](build-a-distributed-environment-for-windows-10-deployment.md)
                    
+[Replace a Windows 7 computer with a Windows 10 computer](replace-a-windows-7-computer-with-a-windows-10-computer.md)
                    
 [Configure MDT settings](configure-mdt-settings.md)
\ No newline at end of file
diff --git a/windows/deployment/deploy-windows-mdt/replace-a-windows-10-computer-with-a-windows-11-computer.md b/windows/deployment/deploy-windows-mdt/replace-a-windows-7-computer-with-a-windows-10-computer.md
similarity index 85%
rename from windows/deployment/deploy-windows-mdt/replace-a-windows-10-computer-with-a-windows-11-computer.md
rename to windows/deployment/deploy-windows-mdt/replace-a-windows-7-computer-with-a-windows-10-computer.md
index 951872540b..baa35a0260 100644
--- a/windows/deployment/deploy-windows-mdt/replace-a-windows-10-computer-with-a-windows-11-computer.md
+++ b/windows/deployment/deploy-windows-mdt/replace-a-windows-7-computer-with-a-windows-10-computer.md
@@ -1,13 +1,13 @@
 ---
-title: Replace a Windows 10 computer with a Windows 11 computer (Windows 11)
-description: In this article, you will learn how to replace a Windows 10 device with a Windows 11 device.
+title: Replace a Windows 7 computer with a Windows 10 computer (Windows 10)
+description: In this article, you will learn how to replace a Windows 7 device with a Windows 10 device.
 ms.custom: seo-marvel-apr2020
 ms.assetid: acf091c9-f8f4-4131-9845-625691c09a2a
 ms.reviewer: 
 manager: dougeby
 ms.author: greglin
 keywords: deploy, deployment, replace
-ms.prod: w11
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.localizationpriority: medium
 ms.sitesec: library
@@ -17,19 +17,18 @@ author: greg-lindsay
 ms.topic: article
 ---
 
-# Replace a Windows 10 computer with a Windows 11 computer
+# Replace a Windows 7 computer with a Windows 10 computer
 
 **Applies to**
-- Windows 10
-- Windows 11
+-   Windows 10
 
-A computer replace scenario for Windows 11 is quite similar to a computer refresh for Windows 11. However, because you are replacing a device, you cannot store the backup on the old computer. Instead you need to store the backup to a location where the new computer can read it. The User State Migration Tool (USMT) will be used to back up and restore data and settings. 
+A computer replace scenario for Windows 10 is quite similar to a computer refresh for Windows 10. However, because you are replacing a device, you cannot store the backup on the old computer. Instead you need to store the backup to a location where the new computer can read it. The User State Migration Tool (USMT) will be used to back up and restore data and settings. 
 
 For the purposes of this topic, we will use four computers: DC01, MDT01, PC0002, and PC0007. 
 - DC01 is a domain controller for the contoso.com domain.
 - MDT01 is domain member server that hosts your deployment share.
-- PC0002 is an old computer running Windows 10 that will be replaced by PC0007. 
-- PC0007 is a new computer will have the Windows 11 OS installed prior to data from PC0002 being migrated. Both PC0002 and PC0007 are members of the contoso.com domain.
+- PC0002 is an old computer running Windows 7 SP1 that will be replaced by PC0007. 
+- PC0007 is a new computer will have the Windows 10 OS installed prior to data from PC0002 being migrated. Both PC0002 and PC0007 are members of the contoso.com domain.
 
 For more details on the setup for this topic, please see [Prepare for deployment with MDT](prepare-for-windows-deployment-with-mdt.md).
 
@@ -49,7 +48,7 @@ On **MDT01**:
 
 1. Open the Deployment Workbench, under **Deployment Shares** right-click **MDT Production**, click **Properties**, and then click the **Rules** tab.
 2. Change the **SkipUserData=YES** option to **NO**, and click **OK**.
-3. Right-click **MDT Production** and click **Update Deployment Share**. Click **Next**, **Next**, and **Finish** to complete the Update Deployment Share Wizard with the default setttings.
+3. Right-click **MDT Production** and click **Update Deployment Share**. Click **Next**, **Next**, and **Finish** to complete the Update Deployment Share Wizard with the default settings.
 
 ### Create and share the MigData folder
 
@@ -82,7 +81,7 @@ On **MDT01**:
 
 During a computer replace, these are the high-level steps that occur:
 
-1.  On the computer you are replacing, a special replace task sequence runs the USMT backup and, if you configured it, runs the optional full Window Imaging (WIM) backup.
+1.  On the computer you are replacing, a special replace task sequence runs the USMT backup and, if you configured it, runs the optional full Windows Imaging (WIM) backup.
 2.  On the new computer, you perform a standard bare-metal deployment. At the end of the bare-metal deployment, the USMT backup from the old computer is restored.
 
 ### Run the replace task sequence
@@ -97,8 +96,8 @@ On **PC0002**:
         * Specify where to save your data and settings: Specify a location
         * Location: \\\\MDT01\\MigData$\\PC0002
         
-        > [!NOTE]
-        > If you are replacing the computer at a remote site you should create the MigData folder on MDT02 and use that share instead.
+        >[!NOTE]
+        >If you are replacing the computer at a remote site you should create the MigData folder on MDT02 and use that share instead.
          
     2.  Specify where to save a complete computer backup: Do not back up the existing computer
 
@@ -152,16 +151,15 @@ On **HV01**:
     * Updates the operating system via your local Windows Server Update Services (WSUS) server.
     * Restores the USMT backup from PC0002.
 
-You can view progress of the process by clicking the Monitoring node in the Deployment Workbrench on MDT01.
+You can view progress of the process by clicking the Monitoring node in the Deployment Workbench on MDT01.
 
 ![Monitor progress.](../images/mdt-replace.png)
 
-
 ## Related topics
 
 [Get started with the Microsoft Deployment Toolkit (MDT)](get-started-with-the-microsoft-deployment-toolkit.md)
                    
-[Create a Windows 11 reference image](create-a-windows-11-reference-image.md)
                    
-[Deploy a Windows 11 image using MDT](deploy-a-windows-11-image-using-mdt.md)
                    
-[Build a distributed environment for Windows 11 deployment](build-a-distributed-environment-for-windows-deployment.md)
                    
-[Refresh a Windows 10 computer with Windows 11](refresh-a-windows-10-computer-with-windows-11.md)
                    
+[Create a Windows 10 reference image](create-a-windows-10-reference-image.md)
                    
+[Deploy a Windows 10 image using MDT](deploy-a-windows-10-image-using-mdt.md)
                    
+[Build a distributed environment for Windows 10 deployment](build-a-distributed-environment-for-windows-10-deployment.md)
                    
+[Refresh a Windows 7 computer with Windows 10](refresh-a-windows-7-computer-with-windows-10.md)
                    
 [Configure MDT settings](configure-mdt-settings.md)
diff --git a/windows/deployment/deploy-windows-mdt/set-up-mdt-for-bitlocker.md b/windows/deployment/deploy-windows-mdt/set-up-mdt-for-bitlocker.md
index 481df59b4a..64938b8f63 100644
--- a/windows/deployment/deploy-windows-mdt/set-up-mdt-for-bitlocker.md
+++ b/windows/deployment/deploy-windows-mdt/set-up-mdt-for-bitlocker.md
@@ -19,10 +19,6 @@ ms.custom: seo-marvel-mar2020
 
 # Set up MDT for BitLocker
 
-**Applies to**
-- Windows 10
-- Windows 11
-
 This topic will show you how to configure your environment for BitLocker, the disk volume encryption built into Windows 10 Enterprise and Windows 10 Pro, using MDT. BitLocker in Windows 10 has two requirements in regard to an operating system deployment:
 
 - A protector, which can either be stored in the Trusted Platform Module (TPM) chip, or stored as a password. Technically, you can also use a USB stick to store the protector, but it's not a practical approach as the USB stick can be lost or stolen. We, therefore, recommend that you instead use a TPM chip and/or a password.
diff --git a/windows/deployment/deploy-windows-mdt/simulate-a-windows-11-deployment-in-a-test-environment.md b/windows/deployment/deploy-windows-mdt/simulate-a-windows-10-deployment-in-a-test-environment.md
similarity index 76%
rename from windows/deployment/deploy-windows-mdt/simulate-a-windows-11-deployment-in-a-test-environment.md
rename to windows/deployment/deploy-windows-mdt/simulate-a-windows-10-deployment-in-a-test-environment.md
index 877add3082..d538a02412 100644
--- a/windows/deployment/deploy-windows-mdt/simulate-a-windows-11-deployment-in-a-test-environment.md
+++ b/windows/deployment/deploy-windows-mdt/simulate-a-windows-10-deployment-in-a-test-environment.md
@@ -1,12 +1,12 @@
 ---
-title: Simulate a Windows 11 deployment in a test environment (Windows 11)
-description: This topic will walk you through the process of creating a simulated environment on which to test your Windows 11 deployment using MDT.
+title: Simulate a Windows 10 deployment in a test environment (Windows 10)
+description: This topic will walk you through the process of creating a simulated environment on which to test your Windows 10 deployment using MDT.
 ms.assetid: 2de86c55-ced9-4078-b280-35e0329aea9c
 ms.reviewer: 
 manager: dougeby
 ms.author: greglin
 keywords: deploy, script
-ms.prod: w11
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.localizationpriority: medium
 ms.sitesec: library
@@ -16,11 +16,7 @@ author: greg-lindsay
 ms.topic: article
 ---
 
-# Simulate a Windows 11 deployment in a test environment
-
-**Applies to**
-- Windows 10
-- Windows 11
+# Simulate a Windows 10 deployment in a test environment
 
 This topic will walk you through the process of creating a simulated environment on which to test your Windows 10 deployment using MDT. When working with advanced settings and rules, especially those like database calls, it is most efficient to be able to test the settings without having to run through a complete deployment. Luckily, MDT enables you to perform a simulated deployment by running the Gather process by itself. The simulation works best when you are using a domain-joined client.
 
@@ -29,8 +25,8 @@ This topic will walk you through the process of creating a simulated environment
 - A Windows 10 client named **PC0001** will be used to simulate deployment. The client is joined to the contoso.com domain and has access to the Internet to required download tools and scripts.
 - It is assumed that you have performed (at least) the following procedures so that you have an MDT service account and an MDT production deployment share:
   - [Prepare for deployment with MDT](prepare-for-windows-deployment-with-mdt.md)
-  - [Create a Windows 11 reference image](create-a-windows-11-reference-image.md)
-  - [Deploy a Windows 11 image using MDT](deploy-a-windows-11-image-using-mdt.md)
+  - [Create a Windows 10 reference image](create-a-windows-10-reference-image.md)
+  - [Deploy a Windows 10 image using MDT](deploy-a-windows-10-image-using-mdt.md)
 
 ## Simulate deployment
 
@@ -39,23 +35,21 @@ On **PC0001**:
 1. Sign as **contoso\\Administrator**.
 2. Copy the following to a PowerShell script named gather.ps1 and copy it to a directory named **C:\MDT** on PC0001.
 
-```
-# Check for elevation
-If (-NOT ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole(`
-    [Security.Principal.WindowsBuiltInRole] "Administrator"))
-{
-    Write-Warning "Oupps, you need to run this script from an elevated PowerShell prompt!`nPlease start the PowerShell prompt as an Administrator and re-run the script."
-    Write-Warning "Aborting script..."
-    Break
-}
-
-cls
-if (Test-Path -Path "C:\MININT") {Write-Host "C:\MININT exists, deleting...";Remove-Item C:\MININT -Recurse}
-cscript.exe ZTIGather.wsf /debug:true
-
-# Optional, comment out if you want the script to open the log in CMTrace
-& "C:\MDT\CMTrace" C:\MININT\SMSOSD\OSDLOGS\ZTIGather.log
-```
+    ```powershell
+    # Check for elevation
+    If (-NOT ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole(`
+        [Security.Principal.WindowsBuiltInRole] "Administrator"))
+    {
+        Write-Warning "Oupps, you need to run this script from an elevated PowerShell prompt!`nPlease start the PowerShell prompt as an Administrator and re-run the script."
+        Write-Warning "Aborting script..."
+        Break
+    }
+    cls
+    if (Test-Path -Path "C:\MININT") {Write-Host "C:\MININT exists, deleting...";Remove-Item C:\MININT -Recurse}
+    cscript.exe ZTIGather.wsf /debug:true
+    # Optional, comment out if you want the script to open the log in CMTrace
+    & "C:\MDT\CMTrace" C:\MININT\SMSOSD\OSDLOGS\ZTIGather.log
+    ```
 
 3. Download and install the free [Microsoft System Center 2012 R2 Configuration Manager Toolkit](https://go.microsoft.com/fwlink/p/?LinkId=734717) on PC0001 so that you have access to the Configuration Manager Trace (cmtrace.exe) tool.
 4. Using Local Users and Groups (lusrmgr.msc), add the **contoso\\MDT\_BA** user account to the local **Administrators** group.
diff --git a/windows/deployment/deploy-windows-mdt/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md b/windows/deployment/deploy-windows-mdt/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md
new file mode 100644
index 0000000000..8760205a12
--- /dev/null
+++ b/windows/deployment/deploy-windows-mdt/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md
@@ -0,0 +1,114 @@
+---
+title: Perform an in-place upgrade to Windows 10 with MDT (Windows 10)
+description: The simplest path to upgrade PCs that are currently running Windows 7, Windows 8, or Windows 8.1 to Windows 10 is through an in-place upgrade.
+ms.assetid: B8993151-3C1E-4F22-93F4-2C5F2771A460
+ms.reviewer: 
+manager: dougeby
+ms.author: greglin
+keywords: upgrade, update, task sequence, deploy
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.localizationpriority: medium
+ms.sitesec: library
+ms.pagetype: mdt
+audience: itpro
+author: greg-lindsay
+ms.topic: article
+---
+
+# Perform an in-place upgrade to Windows 10 with MDT
+
+**Applies to**
+-   Windows 10
+
+The simplest path to upgrade PCs that are currently running Windows 7, Windows 8, or Windows 8.1 to Windows 10 is through an in-place upgrade. 
+
+>[!TIP]
+>In-place upgrade is the preferred method to use when migrating from Windows 10 to a later release of Windows 10, and is also a preferred method for upgrading from Windows 7 or 8.1 if you do not plan to significantly change the device's configuration or applications. MDT includes an in-place upgrade task sequence template that makes the process really simple. 
+
+In-place upgrade differs from [computer refresh](refresh-a-windows-7-computer-with-windows-10.md) in that you cannot use a custom image to perform the in-place upgrade. In this article we will add a default Windows 10 image to the production deployment share specifically to perform an in-place upgrade.
+
+Three computers are used in this topic: DC01, MDT01, and PC0002. 
+
+- DC01 is a domain controller for the contoso.com domain
+- MDT01 is a domain member server 
+- PC0002 is a domain member computer running Windows 7 SP1, targeted for the Windows 10 upgrade
+
+ ![computers.](../images/mdt-upgrade.png)
+
+ The computers used in this topic.
+
+>[!NOTE]
+>For details about the setup for the procedures in this article, please see [Prepare for deployment with MDT](prepare-for-windows-deployment-with-mdt.md).
+
+>If you have already completed all the steps in [Deploy a Windows 10 image using MDT](deploy-a-windows-10-image-using-mdt.md), then you already have a production deployment share and you can skip to [Add Windows 10 Enterprise x64 (full source)](#add-windows-10-enterprise-x64-full-source).
+
+## Create the MDT production deployment share
+
+On **MDT01**:
+
+1. Ensure you are signed on as: contoso\administrator.
+2. In the Deployment Workbench console, right-click **Deployment Shares** and select **New Deployment Share**.
+3. On the **Path** page, in the **Deployment share path** text box, type **D:\\MDTProduction** and click **Next**.
+4. On the **Share** page, in the **Share name** text box, type **MDTProduction$** and click **Next**.
+5. On the **Descriptive Name** page, in the **Deployment share description** text box, type **MDT Production** and click **Next**.
+6. On the **Options** page, accept the default settings and click **Next** twice, and then click **Finish**.
+7. Using File Explorer, verify that you can access the **\\\\MDT01\\MDTProduction$** share.
+
+## Add Windows 10 Enterprise x64 (full source)
+
+>If you have already have a Windows 10 [reference image](create-a-windows-10-reference-image.md) in the **MDT Build Lab** deployment share, you can use the deployment workbench to copy and paste this image from the MDT Build Lab share to the MDT Production share and skip the steps in this section.
+
+On **MDT01**:
+
+1. Sign in as contoso\\administrator and copy the content of a Windows 10 Enterprise x64 DVD/ISO to the **D:\\Downloads\\Windows 10 Enterprise x64** folder on MDT01, or just insert the DVD or mount an ISO on MDT01.
+2. Using the Deployment Workbench, expand the **Deployment Shares** node, and then expand **MDT Production**.
+3. Right-click the **Operating Systems** node, and create a new folder named **Windows 10**.
+4. Expand the **Operating Systems** node, right-click the **Windows 10** folder, and select **Import Operating System**. Use the following settings for the Import Operating System Wizard:
+    - Full set of source files
+    - Source directory: (location of your source files)
+    - Destination directory name: W10EX64RTM
+5. After adding the operating system, in the **Operating Systems / Windows 10** folder, double-click it and change the name to: **Windows 10 Enterprise x64 RTM Default Image**.
+
+## Create a task sequence to upgrade to Windows 10 Enterprise
+
+On **MDT01**:
+
+1.  Using the Deployment Workbench, select **Task Sequences** in the **MDT Production** node, and create a folder named **Windows 10**.
+2.  Right-click the new **Windows 10** folder and select **New Task Sequence**. Use the following settings for the New Task Sequence Wizard:
+    -   Task sequence ID: W10-X64-UPG
+    -   Task sequence name: Windows 10 Enterprise x64 RTM Upgrade
+    -   Template: Standard Client Upgrade Task Sequence
+    -   Select OS: Windows 10 Enterprise x64 RTM Default Image
+    -   Specify Product Key: Do not specify a product key at this time
+    -   Organization: Contoso
+    -   Admin Password: Do not specify an Administrator password at this time
+
+## Perform the Windows 10 upgrade
+
+To initiate the in-place upgrade, perform the following steps on PC0002 (the device to be upgraded).
+
+On **PC0002**:
+
+1. Start the MDT deployment wizard by running the following command: **\\\\MDT01\\MDTProduction$\\Scripts\\LiteTouch.vbs**
+2. Select the **Windows 10 Enterprise x64 RTM Upgrade** task sequence, and then click **Next**. 
+3. Select one or more applications to install (will appear if you use custom image): Install - Adobe Reader
+4. On the **Ready** tab, click **Begin** to start the task sequence.
+   When the task sequence begins, it automatically initiates the in-place upgrade process by invoking the Windows setup program (Setup.exe) with the necessary command-line parameters to perform an automated upgrade, which preserves all data, settings, apps, and drivers.
+
+![upgrade1.](../images/upgrademdt-fig5-winupgrade.png)
+
+
                    
+
+![upgrade2.](../images/mdt-upgrade-proc.png)
+
+
                    
+
+![upgrade3.](../images/mdt-post-upg.png)
+
+After the task sequence completes, the computer will be fully upgraded to Windows 10.
+
+## Related topics
+
+[Windows 10 deployment scenarios](../windows-10-deployment-scenarios.md)
                    
+[Microsoft Deployment Toolkit downloads and resources](/mem/configmgr/mdt/)
\ No newline at end of file
diff --git a/windows/deployment/deploy-windows-mdt/upgrade-to-windows-11-with-the-microsoft-deployment-toolkit.md b/windows/deployment/deploy-windows-mdt/upgrade-to-windows-11-with-the-microsoft-deployment-toolkit.md
deleted file mode 100644
index ccbb15d9c5..0000000000
--- a/windows/deployment/deploy-windows-mdt/upgrade-to-windows-11-with-the-microsoft-deployment-toolkit.md
+++ /dev/null
@@ -1,134 +0,0 @@
----
-title: Perform an in-place upgrade to Windows 11 with MDT (Windows 11)
-description: The simplest path to upgrade PCs that are currently running an earlier version of Windows client to Windows 11 is through an in-place upgrade.
-ms.assetid: B8993151-3C1E-4F22-93F4-2C5F2771A460
-ms.reviewer: 
-manager: dougeby
-ms.author: greglin
-keywords: upgrade, update, task sequence, deploy
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.localizationpriority: medium
-ms.sitesec: library
-ms.pagetype: mdt
-audience: itpro
-author: greg-lindsay
-ms.topic: article
----
-
-# Perform an in-place upgrade to Windows 11 with MDT
-
-**Applies to**
-- Windows 10
-- Windows 11
-
-The simplest path to upgrade PCs that are currently running an earlier version of Windows client to Windows 11 is through an in-place upgrade. 
-
-> [!TIP]
-> In-place upgrade is the preferred method to use when migrating to a newer version of the same OS, or upgrading to a new OS. This is especially true when you do not plan to significantly change the device's configuration or applications. MDT includes an in-place upgrade task sequence template that makes the process really simple. 
-
-In-place upgrade differs from [computer refresh](refresh-a-windows-10-computer-with-windows-11.md) in that you cannot use a custom image to perform the in-place upgrade. In this article we will add a default Windows 11 image to the production deployment share specifically to perform an in-place upgrade.
-
-> [!IMPORTANT]
-> Windows 11 setup will block the upgrade process on devices that do not meet [Windows 11 hardware requirements](/windows/whats-new/windows-11-requirements). Be sure to verify that your device meets these requirements before attempting to upgrade to Windows 11.
-
-Three computers are used in this topic: DC01, MDT01, and PC0002. 
-
-- DC01 is a domain controller for the contoso.com domain
-- MDT01 is a domain member server 
-- PC0002 is a domain member computer running Windows 10, targeted for the Windows 11 upgrade
-
- ![computers.](../images/mdt-upgrade.png)
-
- The computers used in this topic.
-
-> [!NOTE]
-> For details about the setup for the procedures in this article, please see [Prepare for deployment with MDT](prepare-for-windows-deployment-with-mdt.md).
-
-> If you have already completed all the steps in [Deploy a Windows 11 image using MDT](deploy-a-windows-11-image-using-mdt.md), then you already have a production deployment share and you can skip to [Add Windows 11 Enterprise x64 (full source)](#add-windows-11-enterprise-x64-full-source).
-
-## Create the MDT production deployment share
-
-On **MDT01**:
-
-1. Ensure you are signed on as: contoso\administrator.
-2. In the Deployment Workbench console, right-click **Deployment Shares** and select **New Deployment Share**.
-3. On the **Path** page, in the **Deployment share path** text box, type **D:\\MDTProduction** and click **Next**.
-4. On the **Share** page, in the **Share name** text box, type **MDTProduction$** and click **Next**.
-5. On the **Descriptive Name** page, in the **Deployment share description** text box, type **MDT Production** and click **Next**.
-6. On the **Options** page, accept the default settings and click **Next** twice, and then click **Finish**.
-7. Using File Explorer, verify that you can access the **\\\\MDT01\\MDTProduction$** share.
-
-## Add Windows 11 Enterprise x64 (full source)
-
-> If you have already have a Windows 11 [reference image](create-a-windows-11-reference-image.md) in the **MDT Build Lab** deployment share, you can use the deployment workbench to copy and paste this image from the MDT Build Lab share to the MDT Production share and skip the steps in this section.
-
- ![copy reference image.](../images/mdt-copy-image.png)
-
- Copying the reference image to the production deployment share
-
- If you copy the reference image using the above process, you should verify that all the files on MDT01 in **D:\\MDTBuildLab\\Operating Systems\\W11EX64** were successfully copied to **D:\\MDTProduction\\Operating Systems\\W11EX64** and then skip to [Create a task sequence to upgrade to Windows 11 Enterprise](#create-a-task-sequence-to-upgrade-to-windows11-enterprise).
-
-On **MDT01**:
-
-1. Sign in as contoso\\administrator and copy the content of a Windows 11 Enterprise x64 DVD/ISO to the **D:\\Downloads\\Windows 11 Enterprise x64** folder on MDT01, or just insert the DVD or mount an ISO on MDT01.
-2. Using the Deployment Workbench, expand the **Deployment Shares** node, and then expand **MDT Production**.
-3. Right-click the **Operating Systems** node, and create a new folder named **Windows 11**.
-4. Expand the **Operating Systems** node, right-click the **Windows 11** folder, and select **Import Operating System**. Use the following settings for the Import Operating System Wizard:
-    - Full set of source files
-    - Source directory: (location of your source files)
-    - Destination directory name: W11EX64
-5. After adding the operating system, in the **Operating Systems / Windows 11** folder, double-click it and change the name to: **Windows 11 Enterprise x64 Default Image**.
-
-## Create a task sequence to upgrade to Windows 11 Enterprise
-
-On **MDT01**:
-
-1.  Using the Deployment Workbench, select **Task Sequences** in the **MDT Production** node, and create a folder named **Windows 11**.
-2.  Right-click the new **Windows 11** folder and select **New Task Sequence**. Use the following settings for the New Task Sequence Wizard:
-    -   Task sequence ID: W11-X64-UPG
-    -   Task sequence name: Windows 11 Enterprise x64 Upgrade
-    -   Template: Standard Client Upgrade Task Sequence
-    -   Select OS: Windows 11 Enterprise x64 Default Image
-    -   Specify Product Key: Do not specify a product key at this time
-    -   Organization: Contoso
-    -   Admin Password: Do not specify an Administrator password at this time
-
-### Specify additional command line options
-
-Before running the upgrade task sequence, an additional step is required if you are upgrading to Windows 11.  This step is not necessary if you are upgrading to Windows 10.
-
-The **/EULA accept** command line option is required starting with Windows 11. For more information, see [Windows Setup command-line options](/windows-hardware/manufacture/desktop/windows-setup-command-line-options#eula). To add this command line option:
-
-1. In the Windows 11 Enterprise x64 Upgrade task sequence that you just created, in the Preparation section, click **Add** > **General** > **Set Task Sequence Variable** and provide the following values:
-   - Name: WindowsUpgradeAdditionalOptions
-   - Task Sequence Variable: WindowsUpgradeAdditionalOptions
-   - Value: /EULA accept
-2. Make the Set Task Sequence Variable step the first step in the Preparation phase by moving it up above the other steps.  See the following example:
-
-![Specify EULA](../images/windowsupgradeadditionaloptions.png)
-
-Using the WindowsUpgradeAdditionalOptions variable to set command line options.
-
-## Perform the Windows 11 upgrade
-
-To initiate the in-place upgrade, perform the following steps on PC0002 (the device to be upgraded).
-
-On **PC0002**:
-
-1. Start the MDT deployment wizard by running the following command: **\\\\MDT01\\MDTProduction$\\Scripts\\LiteTouch.vbs**
-2. Select the **Windows 11 Enterprise x64 Upgrade** task sequence, and then click **Next**. 
-3. Select one or more applications to install (will appear if you use custom image): Install - Adobe Reader
-4. On the **Ready** tab, click **Begin** to start the task sequence.
-   When the task sequence begins, it automatically initiates the in-place upgrade process by invoking the Windows setup program (Setup.exe) with the necessary command-line parameters to perform an automated upgrade, which preserves all data, settings, apps, and drivers.
-
-![upgrade1.](../images/upgrademdt-fig5-winupgrade.png)
-
-
                    
-
-After the task sequence completes, the computer will be fully upgraded to Windows 11.
-
-## Related topics
-
-[Windows 10 deployment scenarios](../windows-10-deployment-scenarios.md)
                    
-[Microsoft Deployment Toolkit downloads and resources](/mem/configmgr/mdt/)
\ No newline at end of file
diff --git a/windows/deployment/deploy-windows-mdt/use-orchestrator-runbooks-with-mdt.md b/windows/deployment/deploy-windows-mdt/use-orchestrator-runbooks-with-mdt.md
index 1a2a665f6a..600f2dec3e 100644
--- a/windows/deployment/deploy-windows-mdt/use-orchestrator-runbooks-with-mdt.md
+++ b/windows/deployment/deploy-windows-mdt/use-orchestrator-runbooks-with-mdt.md
@@ -1,5 +1,5 @@
 ---
-title: Use Orchestrator runbooks with MDT (Windows 11)
+title: Use Orchestrator runbooks with MDT (Windows 10)
 description: Learn how to integrate Microsoft System Center 2012 R2 Orchestrator with MDT to replace the existing web services that are used in deployment solutions.
 ms.assetid: 68302780-1f6f-4a9c-9407-b14371fdce3f
 ms.reviewer: 
@@ -18,10 +18,6 @@ ms.topic: article
 
 # Use Orchestrator runbooks with MDT
 
-**Applies to**
-- Windows 10
-- Windows 11
-
 This topic will show you how to integrate Microsoft System Center 2012 R2 Orchestrator with MDT to replace the existing web services that are used in deployment solutions.
 MDT can integrate with System Center 2012 R2 Orchestrator, which is a component that ties the Microsoft System Center products together, as well as other products from both Microsoft and third-party vendors. The difference between using Orchestrator and "normal" web services, is that with Orchestrator you have a rich drag-and-drop style interface when building the solution, and little or no coding is required.
 
diff --git a/windows/deployment/deploy-windows-mdt/use-the-mdt-database-to-stage-windows-deployment-information.md b/windows/deployment/deploy-windows-mdt/use-the-mdt-database-to-stage-windows-10-deployment-information.md
similarity index 96%
rename from windows/deployment/deploy-windows-mdt/use-the-mdt-database-to-stage-windows-deployment-information.md
rename to windows/deployment/deploy-windows-mdt/use-the-mdt-database-to-stage-windows-10-deployment-information.md
index 85da7682da..235c3ecedb 100644
--- a/windows/deployment/deploy-windows-mdt/use-the-mdt-database-to-stage-windows-deployment-information.md
+++ b/windows/deployment/deploy-windows-mdt/use-the-mdt-database-to-stage-windows-10-deployment-information.md
@@ -1,6 +1,6 @@
 ---
-title: Use MDT database to stage Windows 11 deployment info (Windows 11)
-description: Learn how to use the MDT database to pre-stage information on your Windows 11 deployment in a Microsoft SQL Server 2012 SP1 Express database.
+title: Use MDT database to stage Windows 10 deployment info (Windows 10)
+description: Learn how to use the MDT database to pre-stage information on your Windows 10 deployment in a Microsoft SQL Server 2012 SP1 Express database.
 ms.assetid: 8956ab54-90ba-45d3-a384-4fdec72c4d46
 ms.reviewer: 
 manager: dougeby
@@ -18,10 +18,6 @@ ms.topic: article
 
 # Use the MDT database to stage Windows 10 deployment information
 
-**Applies to**
-- Windows 10
-- Windows 11
-
 This topic is designed to teach you how to use the MDT database to pre-stage information on your Windows 10 deployment in a Microsoft SQL Server 2012 SP1 Express database, rather than include the information in a text file (CustomSettings.ini). You can use this process, for example, to add the client machines you want to deploy, specify their computer names and IP addresses, indicate applications to be deployed, and determine many additional settings for the machines.
 
 ## Database prerequisites
diff --git a/windows/deployment/deploy-windows-mdt/use-web-services-in-mdt.md b/windows/deployment/deploy-windows-mdt/use-web-services-in-mdt.md
index f9c72cfd2c..21536126c8 100644
--- a/windows/deployment/deploy-windows-mdt/use-web-services-in-mdt.md
+++ b/windows/deployment/deploy-windows-mdt/use-web-services-in-mdt.md
@@ -1,12 +1,12 @@
 ---
-title: Use web services in MDT (Windows 11)
-description: Learn how to create a simple web service that generates computer names and then configure MDT to use that service during your Windows 11 deployment.
+title: Use web services in MDT (Windows 10)
+description: Learn how to create a simple web service that generates computer names and then configure MDT to use that service during your Windows 10 deployment.
 ms.assetid: 8f47535e-0551-4ccb-8f02-bb97539c6522
 ms.reviewer: 
 manager: dougeby
 ms.author: greglin
 keywords: deploy, web apps
-ms.prod: w11
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.localizationpriority: medium
 ms.pagetype: mdt
@@ -18,10 +18,6 @@ ms.topic: article
 
 # Use web services in MDT
 
-**Applies to**
-- Windows 10
-- Windows 11
-
 In this topic, you will learn how to create a simple web service that generates computer names and then configure MDT to use that service during your Windows 10 deployment. Web services provide a powerful way to assign settings during a deployment. Simply put, web services are web applications that run code on the server side, and MDT has built-in functions to call these web services.
 Using a web service in MDT is straightforward, but it does require that you have enabled the Web Server (IIS) role on the server. Developing web services involves a little bit of coding, but for most web services used with MDT, you can use the free Microsoft Visual Studio Express 2013 for Web.
 
diff --git a/windows/deployment/images/acroread.png b/windows/deployment/images/acroread.png
index 13bc5c84e1..142e7b6d74 100644
Binary files a/windows/deployment/images/acroread.png and b/windows/deployment/images/acroread.png differ
diff --git a/windows/deployment/images/captureimage.png b/windows/deployment/images/captureimage.png
index 9cccb88a1f..e9ebbf3aad 100644
Binary files a/windows/deployment/images/captureimage.png and b/windows/deployment/images/captureimage.png differ
diff --git a/windows/deployment/images/deployment-workbench01.png b/windows/deployment/images/deployment-workbench01.png
index 34a03a5e1d..c68ee25db1 100644
Binary files a/windows/deployment/images/deployment-workbench01.png and b/windows/deployment/images/deployment-workbench01.png differ
diff --git a/windows/deployment/images/fig2-importedos.png b/windows/deployment/images/fig2-importedos.png
index 8aa48d1b25..90cf910c24 100644
Binary files a/windows/deployment/images/fig2-importedos.png and b/windows/deployment/images/fig2-importedos.png differ
diff --git a/windows/deployment/images/fig2-taskseq.png b/windows/deployment/images/fig2-taskseq.png
index d3deca7024..bdd81ddbde 100644
Binary files a/windows/deployment/images/fig2-taskseq.png and b/windows/deployment/images/fig2-taskseq.png differ
diff --git a/windows/deployment/images/fig4-oob-drivers.png b/windows/deployment/images/fig4-oob-drivers.png
index 11eb769926..14d93fb278 100644
Binary files a/windows/deployment/images/fig4-oob-drivers.png and b/windows/deployment/images/fig4-oob-drivers.png differ
diff --git a/windows/deployment/images/fig5-selectprofile.png b/windows/deployment/images/fig5-selectprofile.png
index 61c795dcee..452ab4f581 100644
Binary files a/windows/deployment/images/fig5-selectprofile.png and b/windows/deployment/images/fig5-selectprofile.png differ
diff --git a/windows/deployment/images/fig6-taskseq.png b/windows/deployment/images/fig6-taskseq.png
index d77e99d70d..8696cc04c4 100644
Binary files a/windows/deployment/images/fig6-taskseq.png and b/windows/deployment/images/fig6-taskseq.png differ
diff --git a/windows/deployment/images/fig8-cust-tasks.png b/windows/deployment/images/fig8-cust-tasks.png
index 5a0c7c2ac7..3ab40d730a 100644
Binary files a/windows/deployment/images/fig8-cust-tasks.png and b/windows/deployment/images/fig8-cust-tasks.png differ
diff --git a/windows/deployment/images/image-captured.png b/windows/deployment/images/image-captured.png
index 281e8ea0ff..69c5d5ef15 100644
Binary files a/windows/deployment/images/image-captured.png and b/windows/deployment/images/image-captured.png differ
diff --git a/windows/deployment/images/iso-data.png b/windows/deployment/images/iso-data.png
index 27075a9502..f188046b7f 100644
Binary files a/windows/deployment/images/iso-data.png and b/windows/deployment/images/iso-data.png differ
diff --git a/windows/deployment/images/mdt-03-fig03.png b/windows/deployment/images/mdt-03-fig03.png
index 7e128451d6..a387923d80 100644
Binary files a/windows/deployment/images/mdt-03-fig03.png and b/windows/deployment/images/mdt-03-fig03.png differ
diff --git a/windows/deployment/images/mdt-03-fig04.png b/windows/deployment/images/mdt-03-fig04.png
index 9ac1267b22..437531d2f6 100644
Binary files a/windows/deployment/images/mdt-03-fig04.png and b/windows/deployment/images/mdt-03-fig04.png differ
diff --git a/windows/deployment/images/mdt-07-fig10.png b/windows/deployment/images/mdt-07-fig10.png
index 23037de07d..2c61e0eb3d 100644
Binary files a/windows/deployment/images/mdt-07-fig10.png and b/windows/deployment/images/mdt-07-fig10.png differ
diff --git a/windows/deployment/images/mdt-10-fig05.png b/windows/deployment/images/mdt-10-fig05.png
index 94ce5cd310..8625f2972b 100644
Binary files a/windows/deployment/images/mdt-10-fig05.png and b/windows/deployment/images/mdt-10-fig05.png differ
diff --git a/windows/deployment/images/mdt-10-fig09.png b/windows/deployment/images/mdt-10-fig09.png
index 77b8960921..bb5010a93d 100644
Binary files a/windows/deployment/images/mdt-10-fig09.png and b/windows/deployment/images/mdt-10-fig09.png differ
diff --git a/windows/deployment/images/mdt-apps.png b/windows/deployment/images/mdt-apps.png
index 73587506af..72ee2268f2 100644
Binary files a/windows/deployment/images/mdt-apps.png and b/windows/deployment/images/mdt-apps.png differ
diff --git a/windows/deployment/images/mdt-offline-media.png b/windows/deployment/images/mdt-offline-media.png
index d31ad0f27d..d81ea4e0d8 100644
Binary files a/windows/deployment/images/mdt-offline-media.png and b/windows/deployment/images/mdt-offline-media.png differ
diff --git a/windows/deployment/images/mdt-replace.png b/windows/deployment/images/mdt-replace.png
index 950ec3d6f7..d731037d38 100644
Binary files a/windows/deployment/images/mdt-replace.png and b/windows/deployment/images/mdt-replace.png differ
diff --git a/windows/deployment/images/monitor-pc0001.PNG b/windows/deployment/images/monitor-pc0001.PNG
index 10708e3f71..072b9cb58c 100644
Binary files a/windows/deployment/images/monitor-pc0001.PNG and b/windows/deployment/images/monitor-pc0001.PNG differ
diff --git a/windows/deployment/images/pc0005-vm-office.png b/windows/deployment/images/pc0005-vm-office.png
index d572ae77e9..bb8e96f5af 100644
Binary files a/windows/deployment/images/pc0005-vm-office.png and b/windows/deployment/images/pc0005-vm-office.png differ
diff --git a/windows/deployment/images/pc0005-vm.png b/windows/deployment/images/pc0005-vm.png
index 9d4c46dfac..4b2af635c4 100644
Binary files a/windows/deployment/images/pc0005-vm.png and b/windows/deployment/images/pc0005-vm.png differ
diff --git a/windows/deployment/images/upgrademdt-fig5-winupgrade.png b/windows/deployment/images/upgrademdt-fig5-winupgrade.png
index f346380b98..f3bc05508a 100644
Binary files a/windows/deployment/images/upgrademdt-fig5-winupgrade.png and b/windows/deployment/images/upgrademdt-fig5-winupgrade.png differ
diff --git a/windows/deployment/mbr-to-gpt.md b/windows/deployment/mbr-to-gpt.md
index 8ad4b1b6a3..f925f48fd4 100644
--- a/windows/deployment/mbr-to-gpt.md
+++ b/windows/deployment/mbr-to-gpt.md
@@ -422,7 +422,7 @@ To fix this issue, mount the Windows PE image (WIM), copy the missing file from
 
 1. Mount the Windows PE WIM to a path (for example, C:\WinPE_Mount). For more information about how to mount WIM files, see [Mount an image](/windows-hardware/manufacture/desktop/mount-and-modify-a-windows-image-using-dism#mount-an-image).
 
-2. Copy the ReAgent files and the ReAgent localization files from the Window 10, version 1903 ADK source folder to the mounted WIM.
+2. Copy the ReAgent files and the ReAgent localization files from the Windows 10, version 1903 ADK source folder to the mounted WIM.
 
    For example, if the ADK is installed to the default location of C:\Program Files (x86)\Windows Kits\10 and the Windows PE image is mounted to C:\WinPE_Mount, run the following commands from an elevated Command Prompt window:
 
diff --git a/windows/deployment/planning/windows-10-deployment-considerations.md b/windows/deployment/planning/windows-10-deployment-considerations.md
index 90d0c547cb..4d8bf0ff3e 100644
--- a/windows/deployment/planning/windows-10-deployment-considerations.md
+++ b/windows/deployment/planning/windows-10-deployment-considerations.md
@@ -36,46 +36,13 @@ Windows 10 also introduces two additional scenarios that organizations should c
 
     So how do you choose? At a high level:
 
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    



                    Consider ...For these scenarios
                    In-place upgrade
                      
-
                    • When you want to keep all (or at least most) existing applications
                      • 
-
                    • When you do not plan to significantly change the device configuration (for example, BIOS to UEFI) or operating system configuration (for example, x86 to x64, language changes, Administrators to non-Administrators, Active Directory domain consolidations)
                      • 
-
                    • To migrate from Windows 10 to a later Windows 10 release
                      • 
-
                    Traditional wipe-and-load
                      
-
                    • When you upgrade significant numbers of applications along with the new Windows OS
                      • 
-
                    • When you make significant device or operating system configuration changes
                      • 
-
                    • When you “start clean”. For example, scenarios where it is not necessary to preserve existing apps or data (for example, call centers) or when you move from unmanaged to well-managed PCs
                      • 
-
                    • When you migrate from Windows Vista or other previous operating system versions
                      • 
-
                    Dynamic provisioning
                      
-
                    • For new devices, especially in “choose your own device” scenarios when simple configuration (not reimaging) is all that is required
                      • 
-
                    • When used in combination with a management tool (for example, an MDM service like Microsoft Intune) that enables self-service installation of user-specific or role-specific apps
                      • 
-
                    
+| Consider ... | For these scenarios  |
+|---|---|
+| In-place upgrade  | - When you want to keep all (or at least most) existing applications
                    - When you do not plan to significantly change the device configuration (for example, BIOS to UEFI) or operating system configuration (for example, x86 to x64, language changes, Administrators to non-Administrators, Active Directory domain consolidations)
                    - To migrate from Windows 10 to a later Windows 10 release |
+| Traditional wipe-and-load | - When you upgrade significant numbers of applications along with the new Windows OS
                    - When you make significant device or operating system configuration changes
                    - When you “start clean”. For example, scenarios where it is not necessary to preserve existing apps or data (for example, call centers) or when you move from unmanaged to well-managed PCs
                    - When you migrate from Windows Vista or other previous operating system versions |
+| Dynamic provisioning | - For new devices, especially in “choose your own device” scenarios when simple configuration (not reimaging) is all that is required. 
                    - When used in combination with a management tool (for example, an MDM service like Microsoft Intune) that enables self-service installation of user-specific or role-specific apps |
+
 
- 
 ## Migration from previous Windows versions
 
 For existing PCs running Windows 7 or Windows 8.1, in-place upgrade is the recommended method for Windows 10 deployment and should be used whenever possible. Although wipe-and-load (OS refresh) deployments are still fully supported (and necessary in some scenarios, as mentioned previously), in-place upgrade is simpler and faster, and enables a faster Windows 10 deployment overall.
@@ -105,7 +72,7 @@ In either of these scenarios, you can make a variety of configuration changes to
 
 ## Stay up to date
 
-For computers already running Windows 10 on the Semi-Annual Channel, new upgrades will be deployed two times per year. You can deploy these upgrades by using a variety of methods:
+For computers using the [General Availability Channel](../update/waas-overview.md#general-availability-channel), you can deploy these upgrades by using a variety of methods:
 
 -   Windows Update or Windows Update for Business, for devices where you want to receive updates directly from the Internet.
 -   Windows Server Update Services (WSUS), for devices configured to pull updates from internal servers after they are approved (deploying like an update). 
diff --git a/windows/deployment/planning/windows-10-enterprise-faq-itpro.yml b/windows/deployment/planning/windows-10-enterprise-faq-itpro.yml
index 8ca699331f..a8e1aa8c67 100644
--- a/windows/deployment/planning/windows-10-enterprise-faq-itpro.yml
+++ b/windows/deployment/planning/windows-10-enterprise-faq-itpro.yml
@@ -103,7 +103,7 @@ sections:
       - question: |
           What are the servicing channels?
         answer: |
-          To align with the new method of delivering feature updates and quality updates in Windows 10, Microsoft introduced the concept of servicing channels to allow customers to designate how aggressively their individual devices are updated. For example, an organization may have test devices that the IT department can update with new features as soon as possible, and then specialized devices that require a longer feature update cycle to ensure continuity. With that in mind, Microsoft offers two servicing channels for Windows 10: Semi-Annual Channel, and Long-Term Servicing Channel (LTSC). For details about the versions in each servicing channel, see [Windows 10 release information](https://technet.microsoft.com/windows/release-info.aspx). For more information on each channel, see [servicing channels](../update/waas-overview.md#servicing-channels).
+          To align with the new method of delivering feature updates and quality updates in Windows 10, Microsoft introduced the concept of servicing channels to allow customers to designate how aggressively their individual devices are updated. For example, an organization may have test devices that the IT department can update with new features as soon as possible, and then specialized devices that require a longer feature update cycle to ensure continuity. With that in mind, Microsoft offers two servicing channels for Windows 10: General Availability Channel, and Long-Term Servicing Channel (LTSC). For details about the versions in each servicing channel, see [Windows 10 release information](https://technet.microsoft.com/windows/release-info.aspx). For more information on each channel, see [servicing channels](../update/waas-overview.md#servicing-channels).
           
       - question: |
           What tools can I use to manage Windows as a service updates?
diff --git a/windows/deployment/update/WIP4Biz-intro.md b/windows/deployment/update/WIP4Biz-intro.md
index ae8c69d273..b73c7cb293 100644
--- a/windows/deployment/update/WIP4Biz-intro.md
+++ b/windows/deployment/update/WIP4Biz-intro.md
@@ -1,7 +1,7 @@
 ---
 title: Introduction to the Windows Insider Program for Business
 description: In this article, you'll learn about the Windows Insider Program for Business and why IT Pros should join.
-keywords: updates, servicing, current, deployment, semi-annual channel, feature, quality, rings, insider, WiP4Biz, enterprise, rings, flight
+keywords: updates, servicing, current, deployment, General Availability Channel, semi-annual channel, feature, quality, rings, insider, WiP4Biz, enterprise, rings, flight
 ms.custom: seo-marvel-apr2020
 ms.prod: w10
 ms.mktglfcycl: manage
@@ -22,7 +22,7 @@ ms.topic: article
 
 > **Looking for information about Windows 10 for personal or home use?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq)
 
-For many IT Pros, it's valuable to have visibility into feature updates early--before they’re available in the Semi-Annual Channel. With Windows 10, feature flighting enables participants in the Windows Insider Preview program can consume and deploy preproduction code to test devices, gaining early visibility into the next build. This is better for your organization because you can test the early builds of Windows 10 to discover possible issues with the code or with device and app compatibility in your organization before the update is ever publicly available. We at Microsoft also appreciate it because Insiders can report issues back to us in time for us to make improvements in a release before it is more generally available.
+For many IT Pros, it's valuable to have visibility into feature updates early--before they’re available in the General Availability Channel. With Windows 10, feature flighting enables participants in the Windows Insider Preview program can consume and deploy preproduction code to test devices, gaining early visibility into the next build. This is better for your organization because you can test the early builds of Windows 10 to discover possible issues with the code or with device and app compatibility in your organization before the update is ever publicly available. We at Microsoft also appreciate it because Insiders can report issues back to us in time for us to make improvements in a release before it is more generally available.
 
 The Windows Insider Program for Business gives you the opportunity to:
  
@@ -35,7 +35,7 @@ The Windows Insider Program for Business gives you the opportunity to:
 
 Microsoft recommends that all organizations have at least a few devices enrolled in the Windows Insider Program, to include the Windows Insider Program in their deployment plans, and to provide feedback on any issues they encounter to Microsoft via our Feedback Hub App. 
 
-The Windows Insider Program doesn't replace Semi-Annual Channel deployments in an organization. Rather, it provides IT Pros and other interested parties with pre-release Windows builds that they can test and ultimately provide feedback on to Microsoft.
+The Windows Insider Program doesn't replace General Availability Channel deployments in an organization. Rather, it provides IT Pros and other interested parties with pre-release Windows builds that they can test and ultimately provide feedback on to Microsoft.
 
 [![Illustration showing the Windows Insider PreviewFast Ring for exploration, the Slow Ring for validation, the Semi-Annual Channel Targeted ring for Pilot deployment, and the Semi-Annual Channel for broad deployment.](images/WIP4Biz_deployment.png)](images/WIP4Biz_deployment.png)
                    
 Windows 10 Insider Preview builds enable organizations to prepare sooner for Windows Semi-Annual releases and reduce the overall validation effort required with traditional deployments. 
@@ -52,12 +52,12 @@ Windows 10 Insider Preview builds offer organizations a valuable and exciting op
 
 ## Validate Insider Preview builds 
 Along with exploring new features, you also have the option to validate your apps and infrastructure on Insider Preview builds. This activity can play an important role in your [Windows 10 deployment strategy](/windows/deployment/update/waas-windows-insider-for-business). Early validation has several benefits:
- 
-- Get a head start on your Windows validation process 
-- Identify issues sooner to accelerate your Windows deployment 
-- Engage Microsoft earlier for help with potential compatibility issues 
-- Deploy Windows 10 Semi-Annual releases faster and more confidently 
-- Maximize the 18-month support Window that comes with each Semi-Annual release. 
+
+- Get a head start on your Windows validation process.
+- Identify issues sooner to accelerate your Windows deployment.
+- Engage Microsoft earlier for help with potential compatibility issues.
+- Deploy Windows 10 General Availability Channel releases faster and more confidently.
+- Maximize the support window that comes with each General Availability Channel release.
 
 |Objective |Feature exploration|
 |---------|---------|
diff --git a/windows/deployment/update/get-started-updates-channels-tools.md b/windows/deployment/update/get-started-updates-channels-tools.md
index f1d6c2488e..a9cda4ed31 100644
--- a/windows/deployment/update/get-started-updates-channels-tools.md
+++ b/windows/deployment/update/get-started-updates-channels-tools.md
@@ -1,7 +1,7 @@
 ---
 title: Windows client updates, channels, and tools
 description: Brief summary of the kinds of Windows updates, the channels they are served through, and the tools for managing them
-keywords: updates, servicing, current, deployment, semi-annual channel, feature, quality, rings, insider, tools
+keywords: updates, servicing, current, deployment, General Availability Channel, semi-annual channel, feature, quality, rings, insider, tools
 ms.prod: w10
 ms.mktglfcycl: manage
 author: jaimeo
@@ -35,7 +35,7 @@ version of the software.
 
 We include information here about many different update types you'll hear about, but the two overarching types that you have the most direct control over are *feature updates* and *quality updates*. 
 
-- **Feature updates:** Released as soon as they become available. Feature updates add new features and functionality to Windows 10. Because they are delivered frequently (rather than every 3-5 years), they are easier to manage.
+- **Feature updates:** Released annually. Feature updates add new features and functionality to Windows 10. Because they are delivered frequently (rather than every 3-5 years), they are easier to manage.
 - **Quality updates:** Quality updates deliver both security and non-security fixes. Quality updates include security updates, critical updates, servicing stack updates, and driver updates. They are typically released on the second Tuesday of each month, though they can be released at any time. The second-Tuesday releases are the ones that focus on security updates. Quality updates are *cumulative*, so installing the latest quality update is sufficient to get all the available fixes for a specific feature update, including any out-of-band security fixes and any *servicing stack updates* that might have been released previously.
 - **Servicing stack updates:** The "servicing stack" is the code component that actually installs Windows updates. From time to time, the servicing stack itself needs to be updated in order to function smoothly. If you don't install the latest servicing stack update, there's a risk that your device can't be updated with the latest Microsoft security fixes. Servicing stack updates are not necessarily included in *every* monthly quality update, and occasionally are released out of band to address a late-breaking issue. Always install the latest available quality update to catch any servicing stack updates that might have been released. The servicing stack also contains the "component-based servicing stack" (CBS), which is a key underlying component for several elements of Windows deployment, such as DISM, SFC, changing Windows features or roles, and repairing components. The CBS is a small component that typically does not have updates released every month. You can find a list of servicing stack updates at [Latest servicing stack updates](https://portal.msrc.microsoft.com/security-guidance/advisory/ADV990001). For more detail about servicing stack updates, see [Servicing stack updates](servicing-stack-updates.md).
 - **Driver updates**: These update drivers applicable to your devices. Driver updates are turned off by default in Windows Server Update Services (WSUS), but for cloud-based update methods, you can control whether they are installed or not.
@@ -51,7 +51,7 @@ The first step of controlling when and how devices install updates is assigning
 
 ### General Availability Channel
 
-In the General Availability Channel, feature updates are available as soon as Microsoft releases them. As long as a device isn't set to defer feature updates, any device in this channel will install a feature update as soon as it's released. If you use Windows Update for Business, the channel provides three months of additional total deployment time before being required to update to the next release.
+In the General Availability Channel, feature updates are released annually. As long as a device isn't set to defer feature updates, any device in this channel will install a feature update as soon as it's released. If you use Windows Update for Business, the channel provides three months of additional total deployment time before being required to update to the next release.
 
 
 ### Windows Insider Program for Business
diff --git a/windows/deployment/update/prepare-deploy-windows.md b/windows/deployment/update/prepare-deploy-windows.md
index 3ea447d2c4..4614f94847 100644
--- a/windows/deployment/update/prepare-deploy-windows.md
+++ b/windows/deployment/update/prepare-deploy-windows.md
@@ -94,7 +94,7 @@ Enable update services on devices. Ensure that every device is running all the s
 - Windows Management Service
 - Windows Module Installer
 - Windows Push Notification
-- Windows Security Center Service
+- Windows Security Service
 - Windows Time Service
 - Windows Update
 - Windows Update Medic Service
diff --git a/windows/deployment/update/safeguard-holds.md b/windows/deployment/update/safeguard-holds.md
index 0bb65fedd7..8ff5849aaa 100644
--- a/windows/deployment/update/safeguard-holds.md
+++ b/windows/deployment/update/safeguard-holds.md
@@ -14,8 +14,8 @@ ms.topic: article
 
 **Applies to**
 
--   Windows 10
--   Windows 11
+- Windows 10
+- Windows 11
 
 Microsoft uses quality and compatibility data to identify issues that might cause a Windows client feature update to fail or roll back. When we find such an issue, we might apply safeguard holds to the updating service to prevent affected devices from installing the update in order to safeguard them from these experiences. We also use safeguard holds when a customer, a partner, or Microsoft internal validation finds an issue that would cause severe impact (for example, rollback of the update, data loss, loss of connectivity, or loss of key functionality) and when a workaround is not immediately available.
 
diff --git a/windows/deployment/update/update-compliance-feature-update-status.md b/windows/deployment/update/update-compliance-feature-update-status.md
index 9613aaa41e..0632492b3e 100644
--- a/windows/deployment/update/update-compliance-feature-update-status.md
+++ b/windows/deployment/update/update-compliance-feature-update-status.md
@@ -48,7 +48,7 @@ Microsoft uses diagnostic data to determine whether devices that use Windows Upd
 ### Queries for safeguard holds
 
 > [!TIP]
-> For a new Update Compliance report with additional information on safeguard holds, try the [Safeguard Holds report](/windows/deployment/update/update-compliance-safeguard-holds).
+> For a new Update Compliance report with additional information on safeguard holds for devices managed using the [Windows Update for Business deployment service](/windows/deployment/update/deployment-service-overview), try the [Safeguard Holds report](/windows/deployment/update/update-compliance-safeguard-holds).
 
 The Feature Update Status report offers two queries to help you retrieve data related to safeguard holds. These queries show data for devices that are configured to send diagnostic data at the *Optional* level (previously *Full*). For Windows 10 devices, devices configured to send diagnostic data at *Enhanced* level are also included.
 
diff --git a/windows/deployment/update/update-compliance-safeguard-holds.md b/windows/deployment/update/update-compliance-safeguard-holds.md
index a46fbed232..98221fda7c 100644
--- a/windows/deployment/update/update-compliance-safeguard-holds.md
+++ b/windows/deployment/update/update-compliance-safeguard-holds.md
@@ -22,11 +22,11 @@ ms.custom: seo-marvel-apr2020
 - Windows 10
 - Windows 11
 
-The Safeguard Holds report provides information about devices in your population that are affected by a [safeguard hold](/windows/deployment/update/safeguard-holds).
+The Safeguard Holds report provides information about devices in your population that are affected by a [safeguard hold](/windows/deployment/update/safeguard-holds). 
 
 Microsoft uses diagnostic data to determine whether devices that use Windows Update are ready for a feature update in order to ensure a smooth experience. When Microsoft determines a device is not ready to update due to a known issue, a *safeguard hold* is generated to delay the device's upgrade and protect the end-user experience. Safeguard holds are released over time as diagnostic data is analyzed and fixes are addressed. Details are provided on some, but not all safeguard holds on the Windows client release information pages for any given release.
 
-Update Compliance provides two views into the safeguard holds that apply to devices in your population. The report shows data for devices that are configured to send diagnostic data at the *Optional* level (previously *Full*). For Windows 10 devices, devices configured to send diagnostic data at *Enhanced* level are also included.
+As part of the Safeguard Holds report, Update Compliance provides aggregated and device-specific views into the safeguard holds that apply to devices in your population. These views will show data for all devices that are configured to send diagnostic data at the *Optional* level (previously *Full*). For Windows 10 devices, devices configured to send diagnostic data at *Enhanced* level are also included. If your devices are not sending the required diagnostic data, they will be excluded from these views.
 
 The safeguard hold report can be found in a different location from the other Update Compliance reports. To access the safeguard hold report, follow the instructions below.
 
@@ -36,6 +36,8 @@ The safeguard hold report can be found in a different location from the other Up
 4. In the left-hand menu, select **Workbooks**.
 5. Under the subsection **WaaSUpdateInsights**, select the workbook named **Safeguard Holds**.
 
+This report shows information for devices that are managed using the [Windows Update for Business deployment service](/windows/deployment/update/deployment-service-overview). To view information about safeguard holds for other devices, you can use the workbook named **WaaSUpdateInsights** or the [queries for safeguard holds](/windows/deployment/update/update-compliance-feature-update-status) in the Feature Update Status report.
+
 ## Safeguard hold view
 
 ![The safeguard hold view of the Safeguard Hold report.](images/uc-workspace-safeguard-holds-safeguard-hold-view.png)
diff --git a/windows/deployment/update/waas-manage-updates-wsus.md b/windows/deployment/update/waas-manage-updates-wsus.md
index 8bfab4700e..bb91408f6f 100644
--- a/windows/deployment/update/waas-manage-updates-wsus.md
+++ b/windows/deployment/update/waas-manage-updates-wsus.md
@@ -60,7 +60,7 @@ When using WSUS to manage updates on Windows client devices, start by configurin
 
 3. Right-click **Your_Domain**, and then select **Create a GPO in this domain, and Link it here**.
 
-   ![Example of UI.](images/waas-wsus-fig3.png) 
+   ![Create a GPO in this domain example in the UI.](images/waas-wsus-fig3.png) 
     
    >[!NOTE]
    >In this example, the **Configure Automatic Updates** and **Intranet Microsoft Update Service Location** Group Policy settings are specified for the entire domain. This is not a requirement; you can target these settings to any security group by using Security Filtering or a specific OU.
@@ -73,13 +73,13 @@ When using WSUS to manage updates on Windows client devices, start by configurin
 
 7. Right-click the **Configure Automatic Updates** setting, and then click **Edit**.
 
-   ![Example of UI.](images/waas-wsus-fig4.png)
+   ![Configure Automatic Updates in the UI.](images/waas-wsus-fig4.png)
     
 8. In the **Configure Automatic Updates** dialog box, select **Enable**.
 
 9. Under **Options**, from the **Configure automatic updating** list, select **3 - Auto download and notify for install**, and then click **OK**.
 
-   ![Example of UI.](images/waas-wsus-fig5.png)
+   ![Select Auto download and notify for install in the UI.](images/waas-wsus-fig5.png)
    
    >[!IMPORTANT]
    > Use Regedit.exe to check that the following key is not enabled, because it can break Windows Store connectivity: Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\DoNotConnectToWindowsUpdateInternetLocations
@@ -91,12 +91,12 @@ When using WSUS to manage updates on Windows client devices, start by configurin
 
 11. In the **Specify intranet Microsoft update service location** dialog box, select **Enable**.
 
-12. Under **Options**, in the **Set the intranet update service for detecting updates** and **Set the intranet statistics server** options, type http://Your_WSUS_Server_FQDN:PortNumber, and then select **OK**.
+12. Under **Options**, in the **Set the intranet update service for detecting updates** and **Set the intranet statistics server** options, type `http://Your_WSUS_Server_FQDN:PortNumber`, and then select **OK**.
 
     >[!NOTE]
     >The URL `http://CONTOSO-WSUS1.contoso.com:8530` in the following image is just an example. In your environment, be sure to use the server name and port number for your WSUS instance.
     
-     ![Example of UI.](images/waas-wsus-fig6.png)
+     ![Set the intranet statistics server in the UI.](images/waas-wsus-fig6.png)
      
      >[!NOTE]
      >The default HTTP port for WSUS is 8530, and the default HTTP over Secure Sockets Layer (HTTPS) port is 8531. (The other options are 80 and 443; no other ports are supported.)
@@ -116,7 +116,7 @@ You can use computer groups to target a subset of devices that have specific qua
 
 2. Go to *Server_Name*\Computers\All Computers, and then click **Add Computer Group**. 
 
-    ![Example of UI.](images/waas-wsus-fig7.png)
+    ![Add Computer Group in the WSUS Administration UI.](images/waas-wsus-fig7.png)
     
 3. Type **Ring 2 Pilot Business Users** for the name, and then click **Add**.
 
@@ -144,7 +144,7 @@ When new computers communicate with WSUS, they appear in the **Unassigned Comput
 
 2. Select both computers, right-click the selection, and then click **Change Membership**.
 
-    ![Example of UI.](images/waas-wsus-fig8.png)
+    ![Select Change Membership in the UI.](images/waas-wsus-fig8.png)
 
 3. In the **Set Computer Group Membership** dialog box, select the **Ring 2 Pilot Business Users** deployment ring, and then click **OK**.
 
@@ -162,7 +162,7 @@ Another way to add multiple computers to a deployment ring in the WSUS Administr
 
 3. In the search results, select the computers, right-click the selection, and then click **Change Membership**.
 
-    ![Example of UI.](images/waas-wsus-fig9.png)
+    ![Select Change Membership to search for multiple computers in the UI.](images/waas-wsus-fig9.png)
     
 4. Select the **Ring 3 Broad IT** deployment ring, and then click **OK**.
 
@@ -179,7 +179,7 @@ The WSUS Administration Console provides a friendly interface from which you can
 
 1. Open the WSUS Administration Console, and go to *Server_Name*\Options, and then click **Computers**.
 
-     ![Example of UI.](images/waas-wsus-fig10.png)
+     ![Select Comptuers in the WSUS Administration Console.](images/waas-wsus-fig10.png)
      
 2. In the **Computers** dialog box, select **Use Group Policy or registry settings on computers**, and then click **OK**.
 
@@ -203,7 +203,7 @@ Now that WSUS is ready for client-side targeting, complete the following steps t
 
 5. Right-click the **WSUS – Client Targeting – Ring 4 Broad Business Users** GPO, and then click **Edit**.
 
-    ![Example of UI.](images/waas-wsus-fig11.png)
+    ![Select the WSUS ring 4 and edit in group policy.](images/waas-wsus-fig11.png)
     
 6. In the Group Policy Management Editor, go to Computer Configuration\Policies\Administrative Templates\Windows Components\Windows Update.
 
@@ -213,7 +213,7 @@ Now that WSUS is ready for client-side targeting, complete the following steps t
 
 9. In the **Target group name for this computer** box, type *Ring 4 Broad Business Users*. This is the name of the deployment ring in WSUS to which these computers will be added.
 
-    ![Example of UI.](images/waas-wsus-fig12.png)
+    ![Enter the WSUS deployment ring name.](images/waas-wsus-fig12.png)
 
 > [!WARNING]
 > The target group name must match the computer group name.
@@ -230,7 +230,7 @@ Now you’re ready to deploy this GPO to the correct computer security group for
 
 3. Under **Security Filtering**, remove the default **AUTHENTICATED USERS** security group, and then add the **Ring 4 Broad Business Users** group.
 
-    ![Example of UI.](images/waas-wsus-fig13.png)
+    ![Remove the default AUTHENTICATED USERS security group in group policy.](images/waas-wsus-fig13.png)
     
 The next time the clients in the **Ring 4 Broad Business Users** security group receive their computer policy and contact WSUS, they will be added to the **Ring 4 Broad Business Users** deployment ring. 
 
@@ -239,7 +239,7 @@ The next time the clients in the **Ring 4 Broad Business Users** security group
 For clients that should have their feature updates approved as soon as they’re available, you can configure Automatic Approval rules in WSUS.
 
 >[!NOTE]
->WSUS respects the client device's servicing branch. If you approve a feature update while it is still in one branch, such as Insider Preview, WSUS will install the update only on devices that are in that servicing branch. When Microsoft releases the build for Semi-Annual Channel (or General Availability Channel), the devices in that will install it. Windows Update for Business branch settings do not apply to feature updates through WSUS.
+>WSUS respects the client device's servicing branch. If you approve a feature update while it is still in one branch, such as Insider Preview, WSUS will install the update only on devices that are in that servicing branch. When Microsoft releases the build for the [General Availability Channel](waas-overview.md#general-availability-channel), the devices in that will install it. Windows Update for Business branch settings do not apply to feature updates through WSUS.
 
 
 **To configure an Automatic Approval rule for Windows client feature updates and approve them for the Ring 3 Broad IT deployment ring**
@@ -251,7 +251,7 @@ This example uses Windows 10, but the process is the same for Windows 11.
 
 3. In the **Add Rule** dialog box, select the **When an update is in a specific classification**, **When an update is in a specific product**, and **Set a deadline for the approval** check boxes.
 
-     ![Example of UI.](images/waas-wsus-fig14.png)
+     ![Select the update and deadline check boxes in the WSUS Administration Console.](images/waas-wsus-fig14.png)
      
 4. In the **Edit the properties** area, select **any classification**. Clear everything except **Upgrades**, and then click **OK**.
 
@@ -265,7 +265,7 @@ This example uses Windows 10, but the process is the same for Windows 11.
 
 8. In the **Step 3: Specify a name** box, type **Windows 10 Upgrade Auto-approval for Ring 3 Broad IT**, and then click **OK**.
 
-    ![Example of UI.](images/waas-wsus-fig15.png)
+    ![Enter the ring 3 deployment name.](images/waas-wsus-fig15.png)
     
 9. In the **Automatic Approvals** dialog box, click **OK**.
 
@@ -300,7 +300,7 @@ To simplify the manual approval process, start by creating a software update vie
     
 5. In the **Step 3: Specify a name** box, type **All Windows 10 Upgrades**, and then click **OK**.
 
-     ![Example of UI.](images/waas-wsus-fig16.png)
+     ![Enter All Windows 10 Upgrades for the name in the WSUS admin console.](images/waas-wsus-fig16.png)
 
 Now that you have the **All Windows 10 Upgrades** view, complete the following steps to manually approve an update for the **Ring 4 Broad Business Users** deployment ring:
 
@@ -308,21 +308,21 @@ Now that you have the **All Windows 10 Upgrades** view, complete the following s
 
 2. Right-click the feature update you want to deploy, and then click **Approve**.
 
-      ![Example of UI.](images/waas-wsus-fig17.png)  
+      ![Approve the feature you want to deploy in WSUS admin console.](images/waas-wsus-fig17.png)  
       
 3. In the **Approve Updates** dialog box, from the **Ring 4 Broad Business Users** list, select **Approved for Install**.
 
-      ![Example of UI.](images/waas-wsus-fig18.png) 
+      ![Select Approve for install in the WSUS admin console.](images/waas-wsus-fig18.png) 
       
 4. In the **Approve Updates** dialog box, from the **Ring 4 Broad Business Users** list, click **Deadline**, click **One Week**, and then click **OK**. 
 
-      ![Example of UI.](images/waas-wsus-fig19.png) 
+      ![Select a one week deadline in the WSUS admin console.](images/waas-wsus-fig19.png) 
       
 5. If the **Microsoft Software License Terms** dialog box opens, click **Accept**.
 
     If the deployment is successful, you should receive a successful progress report.
     
-    ![Example of UI.](images/waas-wsus-fig20.png) 
+    ![A sample successful deployment.](images/waas-wsus-fig20.png) 
 
 6. In the **Approval Progress** dialog box, click **Close**.
 
diff --git a/windows/deployment/update/waas-overview.md b/windows/deployment/update/waas-overview.md
index 5947bdc897..543f0e96db 100644
--- a/windows/deployment/update/waas-overview.md
+++ b/windows/deployment/update/waas-overview.md
@@ -1,7 +1,7 @@
 ---
 title: Overview of Windows as a service
 description: Windows as a service is a way to build, deploy, and service Windows. Learn how Windows as a service works.
-keywords: updates, servicing, current, deployment, semi-annual channel, feature, quality, rings, insider, tools
+keywords: updates, servicing, current, deployment, General Availability Channel, semi-annual channel, feature, quality, rings, insider, tools
 ms.prod: w10
 ms.mktglfcycl: manage
 author: jaimeo
@@ -90,9 +90,9 @@ There are three servicing channels. The [Windows Insider Program](#windows-insid
 
 ### General Availability Channel
 
-In the General Availability Channel, feature updates are available as soon as Microsoft releases them. This servicing model is ideal for pilot deployments and testing of feature updates and for users such as developers who need to work with the latest features immediately. Once the latest release has gone through pilot deployment and testing, you will be able to choose the timing at which it goes into broad deployment.
+In the General Availability Channel, feature updates are available annually. This servicing model is ideal for pilot deployments and testing of feature updates and for users such as developers who need to work with the latest features. Once the latest release has gone through pilot deployment and testing, you will be able to choose the timing at which it goes into broad deployment.
 
-When Microsoft officially releases a feature update, we make it available to any device not configured to defer feature updates so that those devices can immediately install it. Organizations that use Windows Server Update Services (WSUS), Microsoft Endpoint Configuration Manager, or Windows Update for Business, however, can defer feature updates to selective devices by withholding their approval and deployment. In this scenario, the content available for the Semi-Annual Channel will be available but not necessarily immediately mandatory, depending on the policy of the management system. For more details about servicing tools, see [Servicing tools](#servicing-tools).
+When Microsoft officially releases a feature update, we make it available to any device not configured to defer feature updates so that those devices can immediately install it. Organizations that use Windows Server Update Services (WSUS), Microsoft Endpoint Configuration Manager, or Windows Update for Business, however, can defer feature updates to selective devices by withholding their approval and deployment. In this scenario, the content available for the General Availability Channel will be available but not necessarily immediately mandatory, depending on the policy of the management system. For more details about servicing tools, see [Servicing tools](#servicing-tools).
 
 
 > [!NOTE]
@@ -120,7 +120,7 @@ The Long-term Servicing Channel is available only in the Windows 10 Enterprise L
 
 ### Windows Insider
 
-For many IT pros, gaining visibility into feature updates early--before they’re available to the Semi-Annual Channel — can be both intriguing and valuable for future end user communications as well as provide the means to test for any issues on the next General Availability release. Windows Insiders can consume and deploy preproduction code to their test machines, gaining early visibility into the next build. Testing the early builds helps both Microsoft and its customers because they have the opportunity to discover possible issues before the update is ever publicly available and can report it to Microsoft.
+For many IT pros, gaining visibility into feature updates early--before they’re available to the General Availability Channel — can be both intriguing and valuable for future end user communications as well as provide the means to test for any issues on the next General Availability release. Windows Insiders can consume and deploy preproduction code to their test machines, gaining early visibility into the next build. Testing the early builds helps both Microsoft and its customers because they have the opportunity to discover possible issues before the update is ever publicly available and can report it to Microsoft.
 
 Microsoft recommends that all organizations have at least a few devices enrolled in the Windows Insider Program and provide feedback on any issues they encounter. For information about the Windows Insider Program for Business, go to [Windows Insider Program for Business](/windows-insider/at-work-pro/wip-4-biz-get-started).
 
@@ -130,7 +130,7 @@ Microsoft recommends that all organizations have at least a few devices enrolled
 
 There are many tools you can use to service Windows as a service. Each option has its pros and cons, ranging from capabilities and control to simplicity and low administrative requirements. The following are examples of the servicing tools available to manage Windows as a service updates:
 
-- **Windows Update (stand-alone)** provides limited control over feature updates, with IT pros manually configuring the device to be in the Semi-Annual Channel. Organizations can target which devices defer updates by selecting the **Defer upgrades** check box in **Start\Settings\Update & Security\Advanced Options** on a Windows client device.
+- **Windows Update (stand-alone)** provides limited control over feature updates, with IT pros manually configuring the device to be in the General Availability Channel. Organizations can target which devices defer updates by selecting the **Defer upgrades** check box in **Start\Settings\Update & Security\Advanced Options** on a Windows client device.
 - **Windows Update for Business** includes control over update deferment and provides centralized management using Group Policy or MDM. Windows Update for Business can be used to defer updates by up to 365 days, depending on the version. These deployment options are available to clients in the General Availability Channel. In addition to being able to use Group Policy to manage Windows Update for Business, either option can be configured without requiring any on-premises infrastructure by using Microsoft Intune.
 - **Windows Server Update Services (WSUS)** provides extensive control over updates and is natively available in the Windows Server operating system. In addition to the ability to defer updates, organizations can add an approval layer for updates and choose to deploy them to specific computers or groups of computers whenever ready. 
 - **Microsoft Endpoint Configuration Manager** provides the greatest control over servicing Windows as a service. IT pros can defer updates, approve them, and have multiple options for targeting deployments and managing bandwidth usage and deployment times. 
diff --git a/windows/deployment/update/waas-quick-start.md b/windows/deployment/update/waas-quick-start.md
index f9c793095d..59bb0e9b9a 100644
--- a/windows/deployment/update/waas-quick-start.md
+++ b/windows/deployment/update/waas-quick-start.md
@@ -1,14 +1,14 @@
 ---
 title: Quick guide to Windows as a service (Windows 10)
 description: In Windows 10, Microsoft has streamlined servicing to make operating system updates simpler to test, manage, and deploy.
-keywords: updates, servicing, current, deployment, semi-annual channel, feature, quality, rings, insider, tools
+keywords: updates, servicing, current, deployment, General Availability Channel, semi-annual channel, feature, quality, rings, insider, tools
 ms.prod: w10
 ms.mktglfcycl: manage
 author: jaimeo
 ms.localizationpriority: high
 ms.author: jaimeo
 ms.reviewer: 
-manager: laurawi
+manager: dougeby
 ms.topic: article
 ---
 
@@ -25,12 +25,13 @@ Here is a quick guide to the most important concepts in Windows as a service. Fo
 ## Definitions
 
 Some new terms have been introduced as part of Windows as a service, so you should know what these terms mean.
-- **Feature updates** are released twice per year, around March and September. As the name suggests, these updates add new features, delivered in bite-sized chunks compared to the previous practice of Windows releases every 3-5 years.
+
+- **Feature updates** are released annually. As the name suggests, these updates add new features, delivered in bite-sized chunks compared to the previous practice of Windows releases every 3-5 years.
 - **Quality updates** deliver both security and non-security fixes. They are typically released on the second Tuesday of each month, though they can be released at any time. Quality updates include security updates, critical updates, servicing stack updates, and driver updates. Quality updates are cumulative, so installing the latest quality update is sufficient to get all the available fixes for a specific Windows 10 feature update. The "servicing stack" is the code that installs other updates, so they are important to keep current. For more information, see [Servicing stack updates](servicing-stack-updates.md).
 - **Insider Preview** builds are made available during the development of the features that will be shipped in the next feature update, enabling organizations to validate new features and confirm compatibility with existing apps and infrastructure, providing feedback to Microsoft on any issues encountered.
 - **Servicing channels** allow organizations to choose when to deploy new features. 
-    - The **General Availability Channel** receives feature updates as they become available. 
-    - The **Long-Term Servicing Channel**, which meant only for specialized devices (which typically don't run Office) such as those that control medical equipment or ATM machines, receives new feature releases every two to three years.
+  - The **General Availability Channel** receives feature updates annually.
+  - The **Long-Term Servicing Channel**, which meant only for specialized devices (which typically don't run Office) such as those that control medical equipment or ATM machines, receives new feature releases every two to three years.
 - **Deployment rings** are groups of devices used to initially pilot, and then to broadly deploy, each feature update in an organization. 
 
 See [Overview of Windows as a service](waas-overview.md) for more information.
@@ -51,6 +52,6 @@ To stay up to date, deploy feature updates at an appropriate time after their re
 
 Extensive advanced testing isn’t required. Instead, only business-critical apps need to be tested, with the remaining apps validated through a series of pilot deployment rings. Once these pilot deployments have validated most apps, broad deployment can begin.
 
-This process repeats with each new feature update as they become available. These are small deployment projects, compared to the large projects that were necessary with the old three-to-five-year Windows release cycles.
+This process repeats with each new feature update. These are small deployment projects, compared to the large projects that were necessary with the old three-to-five-year Windows release cycles.
 
 Other technologies such as BranchCache and Delivery Optimization, both peer-to-peer distribution tools, can help with the distribution of the feature update installation files.
diff --git a/windows/deployment/update/waas-servicing-channels-windows-10-updates.md b/windows/deployment/update/waas-servicing-channels-windows-10-updates.md
index cbf9133ff3..65880f7388 100644
--- a/windows/deployment/update/waas-servicing-channels-windows-10-updates.md
+++ b/windows/deployment/update/waas-servicing-channels-windows-10-updates.md
@@ -43,7 +43,7 @@ The General Availability Channel is the default servicing channel for all Window
 >The LTSC edition is only available through the [Microsoft Volume Licensing Center](https://www.microsoft.com/Licensing/servicecenter/default.aspx).
 
 >[!NOTE]
->Devices will automatically receive updates from the Semi-Annual Channel, unless they are configured to receive preview updates through the Windows Insider Program.
+>Devices will automatically receive updates from the General Availability Channel, unless they are configured to receive preview updates through the Windows Insider Program.
 
 
 ## Enroll devices in the Windows Insider Program
diff --git a/windows/deployment/upgrade/windows-10-upgrade-paths.md b/windows/deployment/upgrade/windows-10-upgrade-paths.md
index c50df27515..600631905f 100644
--- a/windows/deployment/upgrade/windows-10-upgrade-paths.md
+++ b/windows/deployment/upgrade/windows-10-upgrade-paths.md
@@ -15,6 +15,7 @@ ms.topic: article
 ---
 
 # Windows 10 upgrade paths
+
 **Applies to**
 
 -   Windows 10
@@ -25,194 +26,73 @@ This topic provides a summary of available upgrade paths to Windows 10. You can
 
 If you are also migrating to a different edition of Windows, see [Windows 10 edition upgrade](windows-10-edition-upgrades.md). Methods and supported paths are described on this page to change the edition of Windows. These methods require that you input a license or product key for the new Windows edition prior to starting the upgrade process. Edition downgrade is also supported for some paths, but please note that applications and settings are not maintained when the Windows edition is downgraded.
 
-> **Windows 10 version upgrade**: You can directly upgrade any semi-annual channel version of Windows 10 to a newer, supported semi-annual channel version of Windows 10, even if it involves skipping versions. Work with your account representative if your current version of Windows is out of support. See the [Windows lifecycle fact sheet](https://support.microsoft.com/help/13853/windows-lifecycle-fact-sheet) for availability and service information.
-> 
-> In-place upgrade from Windows 7, Windows 8.1, or [Windows 10 semi-annual channel](/windows/release-health/release-information) to Windows 10 LTSC is not supported.  **Note**: Windows 10 LTSC 2015 did not block this upgrade path.  This was corrected in the Windows 10 LTSC 2016 release, which will now only allow data-only and clean install options. You can upgrade from Windows 10 LTSC to Windows 10 semi-annual channel, provided that you upgrade to the same or a newer build version. For example, Windows 10 Enterprise 2016 LTSB can be upgraded to Windows 10 Enterprise version 1607 or later. Upgrade is supported using the in-place upgrade process (using Windows setup). You will need to use the Product Key switch if you want to keep your apps. If you don't use the switch the option 'Keep personal files and apps' will be grayed out. The command line would be **setup.exe /pkey xxxxx-xxxxx-xxxxx-xxxxx-xxxxx**, using your relevant Windows 10 SAC product key. For example, if using a KMS, the command line would be **setup.exe /pkey NPPR9-FWDCX-D2C8J-H872K-2YT43**.
-> 
-> **Windows N/KN**: Windows "N" and "KN" SKUs (editions without media-related functionality) follow the same upgrade paths shown below. If the pre-upgrade and post-upgrade editions are not the same type (e.g. Windows 8.1 Pro N to Windows 10 Pro), personal data will be kept but applications and settings will be removed during the upgrade process.
-> 
-> **Windows 8.0**: You cannot upgrade directly from Windows 8.0 to Windows 10. To upgrade from Windows 8.0, you must first install the [Windows 8.1 update](https://support.microsoft.com/help/15356/windows-8-install-update-kb-2919355).
+- **Windows 10 version upgrade**: You can directly upgrade any General Availability Channel version of Windows 10 to a newer, supported General Availability Channel version of Windows 10, even if it involves skipping versions. Work with your account representative if your current version of Windows is out of support. See the [Windows lifecycle fact sheet](https://support.microsoft.com/help/13853/windows-lifecycle-fact-sheet) for availability and service information.
+
+- **In-place upgrade from Windows 7, Windows 8.1, or [Windows 10 General Availability Channel](/windows/release-health/release-information)** to Windows 10 LTSC is not supported. Windows 10 LTSC 2015 did not block this in-place upgrade path. This issue was corrected in the Windows 10 LTSC 2016 release, which only allows data-only and clean install options.
+
+  You can upgrade from Windows 10 LTSC to Windows 10 General Availability Channel, provided that you upgrade to the same or a newer build version. For example, Windows 10 Enterprise 2016 LTSB can be upgraded to Windows 10 Enterprise version 1607 or later. Upgrade is supported using the in-place upgrade process (using Windows setup). You will need to use the Product Key switch if you want to keep your apps. If you don't use the switch, the option **Keep personal files and apps** option is grayed out. The command line would be `setup.exe /pkey xxxxx-xxxxx-xxxxx-xxxxx-xxxxx`, using your relevant Windows 10 SAC product key. For example, if using a KMS, the command line would be `setup.exe /pkey NPPR9-FWDCX-D2C8J-H872K-2YT43`.
+
+- **Windows N/KN**: Windows "N" and "KN" SKUs (editions without media-related functionality) follow the same upgrade paths shown below. If the pre-upgrade and post-upgrade editions are not the same type (e.g. Windows 8.1 Pro N to Windows 10 Pro), personal data will be kept but applications and settings will be removed during the upgrade process.
+
+- **Windows 8.0**: You cannot upgrade directly from Windows 8.0 to Windows 10. To upgrade from Windows 8.0, you must first install the [Windows 8.1 update](https://support.microsoft.com/help/15356/windows-8-install-update-kb-2919355).
+
+## Windows 10
+
+✔ = Full upgrade is supported including personal data, settings, and applications.
 
-✔ = Full upgrade is supported including personal data, settings, and applications.
                    
 D = Edition downgrade; personal data is maintained, applications and settings are removed.
 
-
                    
-
-    
-        
-        
-        
-        
-        
-        
-        
-    
-    
-        
-    
-    
-        
-        
-        
-        
-        
-        
-    
-    
-        
-        
-        
-        
-        
-        
-    
-    
-        
-        
-        
-        
-        
-        
-    
-    
-        
-        
-        
-        
-        
-        
-    
-    
-        
-        
-        
-        
-        
-        
-    
-    
-        
-        
-        
-        
-        
-        
-    
-    
-        
-    
-    
-        
-        
-        
-        
-        
-        
-    
-    
-        
-        
-        
-        
-        
-        
-    
-    
-        
-        
-        
-        
-        
-        
-    
-    
-        
-        
-        
-        
-        
-        
-    
-    
-        
-        
-        
-        
-        
-        
-    
-    
-        
-        
-        
-        
-        
-        
-    
-    
-        
-        
-        
-        
-        
-        
-    
-    
-        
-        
-        
-        
-        
-        
-    
-    
-        
-        
-        
-        
-        
-        
-    
-    
-        
-    
-    
-        
-        
-        
-        
-        
-        
-    
-    
-        
-        
-        
-        
-        
-        
-    
-    
-        
-        
-        
-        
-        
-        
-    
-    
-        
-        
-        
-        
-        
-        
-    
-    
                           Windows 10 HomeWindows 10 ProWindows 10 Pro EducationWindows 10 EducationWindows 10 Enterprise
                    Windows 7
                    Starter
                    Home Basic
                    Home Premium
                    ProfessionalD
                    UltimateD
                    Enterprise
                    Windows 8.1
                    (Core)
                    Connected
                    ProD
                    Pro StudentD
                    Pro WMCD
                    Enterprise
                    Embedded Industry
                    Windows RT
                    Windows Phone 8.1
                    Windows 10
                    Home
                    ProD
                    EducationD
                    Enterprise
                    
+---
+| | Windows 10 Home | Windows 10 Pro | Windows 10 Pro Education | Windows 10 Education | Windows 10 Enterprise |
+|---|---|---|---|---|---|
+| **Home**  | | ✔  | ✔  | ✔  | |
+| **Pro**   | D | | ✔   | ✔  | ✔  |
+| **Education**  | | | | | D  |
+| **Enterprise**  | | | | ✔ | |
 
+---
+
+## Windows 8.1
+
+✔ = Full upgrade is supported including personal data, settings, and applications.
+
+D = Edition downgrade; personal data is maintained, applications and settings are removed.
+
+---
+|  | Windows 10 Home | Windows 10 Pro | Windows 10 Pro Education | Windows 10 Education | Windows 10 Enterprise |
+|---|---|---|---|---|---|
+| **(Core)**  | ✔  | ✔  | ✔  | ✔  | |
+| **Connected**   | ✔  | ✔  | ✔  | ✔  | |
+| **Pro**  | D   | ✔  | ✔   | ✔  | ✔  |
+| **Pro Student**  | D | ✔  | ✔  | ✔  | ✔  |
+| **Pro WMC**  | D  | ✔  | ✔  | ✔  | ✔  |
+| **Enterprise**  | | | | ✔  | ✔  |
+| **Embedded Industry** | | | | | ✔  |
+
+---
+
+## Windows 7
+
+✔ = Full upgrade is supported including personal data, settings, and applications.
+
+D = Edition downgrade; personal data is maintained, applications and settings are removed.
+
+---
+|  | Windows 10 Home | Windows 10 Pro | Windows 10 Pro Education | Windows 10 Education | Windows 10 Enterprise |
+|---|---|---|---|---|---|
+| **Starter**   | ✔  | ✔  | ✔  | ✔  | |
+| **Home Basic**  | ✔  | ✔  | ✔  | ✔  | |
+| **Home Premium**  | ✔  | ✔  | ✔  | ✔  | |
+| **Professional**  | D  | ✔  | ✔ | ✔  | ✔  |
+| **Ultimate**  | D  | ✔   | ✔   | ✔  | ✔  |
+| **Enterprise**  |  |  |  | ✔  | ✔  |
+
+---
 
 ## Related Topics
 
-[Windows 10 deployment scenarios](../windows-10-deployment-scenarios.md)
                    
-[Windows upgrade and migration considerations](windows-upgrade-and-migration-considerations.md)
                    
-[Windows 10 edition upgrade](windows-10-edition-upgrades.md)
\ No newline at end of file
+[Windows 10 deployment scenarios](../windows-10-deployment-scenarios.md)
+
+[Windows upgrade and migration considerations](windows-upgrade-and-migration-considerations.md)
+
+[Windows 10 edition upgrade](windows-10-edition-upgrades.md)
diff --git a/windows/deployment/usmt/usmt-requirements.md b/windows/deployment/usmt/usmt-requirements.md
index 1bb916cf7a..9134680979 100644
--- a/windows/deployment/usmt/usmt-requirements.md
+++ b/windows/deployment/usmt/usmt-requirements.md
@@ -91,15 +91,15 @@ You can migrate a 32-bit operating system to a 64-bit operating system. However,
 USMT does not support any of the Windows Server® operating systems, Windows 2000, Windows XP, or any of the starter editions for Windows Vista or Windows 7.
 
 USMT for Windows 10 should not be used for migrating from Windows 7 to Windows 8.1. It is meant to migrate to Windows 10.
-For more information about previous releases of the USMT tools, see [User State Migration Tool (USMT) 4.0 User’s Guide](/previous-versions/windows/server/dd560801(v=ws.10)). 
+For more information about previous releases of the USMT tools, see [User State Migration Tool (USMT) 4.0 User’s Guide](/previous-versions/windows/server/dd560801(v=ws.10)).
 
 ## Windows PE
 
--   **Must use latest version of Window PE.** For example, to migrate to Windows 10, you'll need Windows PE 5.1. For more info, see [What's New in Windows PE](/windows-hardware/manufacture/desktop/whats-new-in-windows-pe-s14).
+- **Must use latest version of Windows PE.** For example, to migrate to Windows 10, you'll need Windows PE 5.1. For more info, see [What's New in Windows PE](/windows-hardware/manufacture/desktop/whats-new-in-windows-pe-s14).
 
 ## Credentials
 
--  **Run as administrator**
+- **Run as administrator**
     When manually running the **ScanState** and **LoadState** tools on Windows 7, Windows 8 or Windows 10 you must run them from an elevated command prompt to ensure that all specified users are migrated. If you do not run USMT from an elevated prompt, only the user profile that is logged on will be included in the migration.
 
 To open an elevated command prompt:
diff --git a/windows/deployment/windows-10-media.md b/windows/deployment/windows-10-media.md
index 0e160f2943..3595e295f0 100644
--- a/windows/deployment/windows-10-media.md
+++ b/windows/deployment/windows-10-media.md
@@ -34,43 +34,12 @@ When you select a product, for example “Windows 10 Enterprise” or “Windows
 > [!NOTE]
 > If you do not see a Windows 10 release available in the list of downloads, verify the [release date](https://technet.microsoft.com/windows/release-info.aspx).
 
-In Windows 10, version 1709 the packaging of volume licensing media and upgrade packages is different than it has been for previous releases. Instead of having separate media and packages for Windows 10 Pro (volume licensing version), Windows 10 Enterprise, and Windows 10 Education, all three are bundled together. The following section explains this change.
-
-### Windows 10, version 1709
-
-Windows 10, version 1709 is available starting on 10/17/2017 in all relevant distribution channels. Note: An updated [Windows ADK for Windows 10](https://developer.microsoft.com/en-us/windows/hardware/windows-assessment-deployment-kit) is also available.
-
-For ISOs that you download from the VLSC or Visual Studio Subscriptions, you can still search for the individual Windows editions. However, each of these editions (Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education) will point to the same ISO file, so you only need to download the ISO once. A single Windows image (WIM) file is included in the ISO that contains all the volume licensing images:
-
-![Images.](images/table01.png)
-
-When using the contents of these ISOs with tools such as the Microsoft Deployment Toolkit or Microsoft Endpoint Configuration Manager, make sure you select the appropriate image index in any task sequences that you create or update.
-
-For packages published to Windows Server Update Services (WSUS), you’ll also notice the change because, instead of having separate packages for each Windows edition, there will be just one package:
-
-
                    
-
-| Title | Classification | Description |
-| --- | --- | --- |
-| Feature update to Windows 10, version 1709, \ | Upgrades | Package to upgrade Windows 10 Pro (VL), Windows 10 Enterprise, or Windows 10 Education to version 1709 |
-| Windows 7 and 8.1 upgrade to Windows 10, version 1709, \ | Upgrades | Package to upgrade Windows 7 Professional (VL), Windows 7 Enterprise, Windows 8.1 Professional (VL), or Windows 8.1 Enterprise to Windows 10 1709 |
-
-
                    
-
-When you approve one of these packages, it applies to all of the editions.
-
-This Semi-Annual Channel release of Windows 10 continues the Windows as a service methodology.  For more information about implementing Windows as a service in your organization in order to stay up to date with Windows, see [Update Windows 10 in the enterprise](./update/index.md).
-
+Instead of having separate media and packages for Windows 10 Pro (volume licensing version), Windows 10 Enterprise, and Windows 10 Education, all three are bundled together. 
 
 ### Language packs
 
-- **Windows 10 versions 1507 and 1511**: you can select **Windows 10 Enterprise Language Pack**, click **Download** and then select **English** and **64-bit** to see these downloads. 
 - **Windows 10 1607 and later**: you must select **Multilanguage** from the drop-down list of languages.
 
-See the following example for Windows 10, version 1709:
-
-![Windows 10, version 1709 lang pack.](images/lang-pack-1709.png)
-
 ### Features on demand
 
 [Features on demand](/archive/blogs/mniehaus/adding-features-including-net-3-5-to-windows-10) can be downloaded by searching for "**Windows 10 Enterprise Features on Demand**" and then following the same download process that is described above.
diff --git a/windows/deployment/windows-10-poc-mdt.md b/windows/deployment/windows-10-poc-mdt.md
index 99a97d2f55..c59e537d48 100644
--- a/windows/deployment/windows-10-poc-mdt.md
+++ b/windows/deployment/windows-10-poc-mdt.md
@@ -528,7 +528,7 @@ This section will demonstrate how to export user data from an existing client co
 ## Replace a computer with Windows 10
 
 At a high level, the computer replace process consists of:
                    
-- A special replace task sequence that runs the USMT backup and an optional full Window Imaging (WIM) backup.
                    
+- A special replace task sequence that runs the USMT backup and an optional full Windows Imaging (WIM) backup.
                    
 - A standard OS deployment on a new computer. At the end of the deployment, the USMT backup from the old computer is restored.
 
 ### Create a backup-only task sequence
diff --git a/windows/deployment/windows-10-subscription-activation.md b/windows/deployment/windows-10-subscription-activation.md
index 4d6d62258a..46c4eef1ae 100644
--- a/windows/deployment/windows-10-subscription-activation.md
+++ b/windows/deployment/windows-10-subscription-activation.md
@@ -23,7 +23,7 @@ Applies to:
 - Windows 10
 - Windows 11
 
-Starting with Windows 10, version 1703, Windows 10 Pro supports the Subscription Activation feature, enabling users to “step-up” from Windows 10 Pro or Windows 11 Pro to **Windows 10 Enterprise** or **Windows 11 Enterprise**, respectively, if they are subscribed to Windows 10/11 Enterprise E3 or E5.
+Windows 10 Pro supports the Subscription Activation feature, enabling users to “step-up” from Windows 10 Pro or Windows 11 Pro to **Windows 10 Enterprise** or **Windows 11 Enterprise**, respectively, if they are subscribed to Windows 10/11 Enterprise E3 or E5.
 
 With Windows 10, version 1903 and later, the Subscription Activation feature also supports the ability to step-up from Windows 10 Pro Education or Windows 11 Pro Education to the Enterprise grade editions for educational institutions—**Windows 10 Education** or **Windows 11 Education**.
 
@@ -44,9 +44,10 @@ For information on how to deploy Enterprise licenses, see [Deploy Windows 10/11
 
 ## Subscription Activation for Windows 10/11 Enterprise
 
-With Windows 10, version 1703 and later both Windows 10/11 Enterprise E3 and Windows 10/11 Enterprise E5 are available as online services via subscription. Deploying Windows 10 Enterprise or Windows 11 Enterprise in your organization can now be accomplished with no keys and no reboots.
+Windows 10/11 Enterprise E3 and Windows 10/11 Enterprise E5 are available as online services via subscription. Deploying Windows 10 Enterprise or Windows 11 Enterprise in your organization can now be accomplished with no keys and no reboots.
 
  If you are running Windows 10, version 1703 or later:
+
 - Devices with a current Windows 10 Pro license or Windows 11 Pro license can be seamlessly upgraded to Windows 10 Enterprise or Windows 11 Enterprise, respectively.
 - Product key-based Windows 10 Enterprise or Windows 11 Enterprise software licenses can be transitioned to Windows 10 Enterprise and Windows 11 Enterprise subscriptions.
 
@@ -109,8 +110,6 @@ An issue has been identified with Hybrid Azure AD joined devices that have enabl
 
 To resolve this issue:
 
-If the device is running Windows 10, version 1703, 1709, or 1803, the user must either sign in with an Azure AD account, or you must disable MFA for this user during the 30-day polling period and renewal.
-
 If the device is running Windows 10, version 1809 or later:
 
 - Windows 10, version 1809 must be updated with [KB4497934](https://support.microsoft.com/help/4497934/windows-10-update-kb4497934). Later versions of Windows 10 automatically include this patch.
@@ -166,7 +165,7 @@ The IT administrator assigns Windows 10 Enterprise to a user. See the following
 
 When a licensed user signs in to a device that meets requirements using their Azure AD credentials, the operating system steps up from Windows 10 Pro to Windows 10 Enterprise (or Windows 10 Pro Education to Windows 10 Education) and all the appropriate Windows 10 Enterprise/Education features are unlocked. When a user’s subscription expires or is transferred to another user, the device reverts seamlessly to Windows 10 Pro / Windows 10 Pro Education edition, once current subscription validity expires.
 
-Devices running Windows 10 Pro, version 1703 or Windows 10 Pro Education, version 1903 or later can get Windows 10 Enterprise or Education Semi-Annual Channel on up to five devices for each user covered by the license. This benefit does not include Long Term Servicing Channel.
+Devices running Windows 10 Pro Education, version 1903 or later can get Windows 10 Enterprise or Education General Availability Channel on up to five devices for each user covered by the license. This benefit does not include Long Term Servicing Channel.
 
 The following figures summarize how the Subscription Activation model works:
 
@@ -190,19 +189,7 @@ You are using Windows 10, version 1803 or above, and just purchased Windows 10 E
 
 All of your Windows 10 Pro devices will step-up to Windows 10 Enterprise, and devices that are already running Windows 10 Enterprise will migrate from KMS or MAK activated Enterprise edition to Subscription activated Enterprise edition when a Subscription Activation-enabled user signs in to the device.
 
-#### Scenario #2 
-
-You are using Windows 10, version 1607, 1703, or 1709 with KMS for activation, and just purchased Windows 10 Enterprise E3 or E5 subscriptions (or have had an E3 or E5 subscription for a while but haven’t yet deployed Windows 10 Enterprise).
-
-To change all of your Windows 10 Pro devices to Windows 10 Enterprise, run the following command on each computer:
-
-```console
-cscript.exe c:\windows\system32\slmgr.vbs /ipk NPPR9-FWDCX-D2C8J-H872K-2YT43
-```
-
-The command causes the OS to change to Windows 10 Enterprise and then seek out the KMS server to reactivate.  This key comes from [Appendix A: KMS Client Setup Keys](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj612867(v=ws.11)) in the Volume Activation guide.  It is also possible to inject the Windows 10 Pro key from this article if you wish to step back down from Enterprise to Pro.
-
-#### Scenario #3
+#### Scenario #2
 
 Using Azure AD-joined devices or Active Directory-joined devices running Windows 10 1709 or later, and with Azure AD synchronization configured, just follow the steps in [Deploy Windows 10 Enterprise licenses](deploy-enterprise-licenses.md) to acquire a $0 SKU and get a new Windows 10 Enterprise E3 or E5 license in Azure AD. Then, assign that license to all of your Azure AD users. These can be AD-synced accounts.  The device will automatically change from Windows 10 Pro to Windows 10 Enterprise when that user signs in.
 
@@ -231,7 +218,7 @@ If you are running Windows 10, version 1803 or later, Subscription Activation wi
 
 If you are using Windows 10, version 1607, 1703, or 1709 and have already deployed Windows 10 Enterprise, but you want to move away from depending on KMS servers and MAK keys for Windows client machines, you can seamlessly transition as long as the computer has been activated with a firmware-embedded Windows 10 Pro product key.
 
-If the computer has never been activated with a Pro key, run the following script. Copy the text below into a .cmd file and run the file from an elevated command prompt:
+If the computer has never been activated with a Pro key, run the following script. Copy the text below into a `.cmd` file, and run the file from an elevated command prompt:
 
 ```console
 @echo off
@@ -249,6 +236,12 @@ changepk.exe /ProductKey %ProductKey%
 )
 ```
 
+Since [WMIC was deprecated](/windows/win32/wmisdk/wmic) in Windows 10, version 21H1, you can use the following Windows PowerShell script instead:
+
+```powershell
+$(Get-WmiObject SoftwareLicensingService).OA3xOriginalProductKey | foreach{ if ( $null -ne $_ ) { Write-Host "Installing"$_;.\changepk.exe /Productkey $_ } else { Write-Host "No key present" } }
+```
+
 ### Obtaining an Azure AD license
 
 Enterprise Agreement/Software Assurance (EA/SA):
diff --git a/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md b/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md
index b47dd4d0f2..ac69de04a3 100644
--- a/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md
+++ b/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md
@@ -47,7 +47,7 @@ These are the things you'll need to complete this lab:
 
 |    | Description |
 |:---|:---|
-|**Windows 10 installation media**|Windows 10 Professional or Enterprise (ISO file) for a supported version of Windows 10, semi-annual channel. If you don't already have an ISO to use, a link is provided to download an evaluation version of Windows 10 Enterprise.|
+|**Windows 10 installation media**|Windows 10 Professional or Enterprise (ISO file) for a supported version of Windows 10, General Availability Channel. If you don't already have an ISO to use, a link is provided to download an evaluation version of Windows 10 Enterprise.|
 |**Internet access**|If you're behind a firewall, see the detailed networking requirements. Otherwise, just ensure that you have a connection to the internet.|
 |**Hyper-V or a physical device running Windows 10**|The guide assumes that you'll use a Hyper-V VM, and provides instructions to install and configure Hyper-V if needed. To use a physical device, skip the steps to install and configure Hyper-V.|
 |**An account with Azure Active Directory (AD) Premium license**|This guide will describe how to obtain a free 30-day trial Azure AD Premium subscription that can be used to complete the lab.|
diff --git a/windows/manage/TOC.yml b/windows/manage/TOC.yml
new file mode 100644
index 0000000000..892ce64421
--- /dev/null
+++ b/windows/manage/TOC.yml
@@ -0,0 +1,2 @@
+- name: Test
+  href: test.md
diff --git a/windows/manage/test.md b/windows/manage/test.md
new file mode 100644
index 0000000000..36d16a3f6b
--- /dev/null
+++ b/windows/manage/test.md
@@ -0,0 +1,19 @@
+---
+title: Test
+description: Test
+ms.prod: w11
+ms.mktglfcycl: deploy
+ms.sitesec: library
+author: dstrome
+ms.author: dstrome
+ms.reviewer: 
+manager: dstrome
+ms.topic: article
+---
+
+# Test
+
+## Deployment planning
+
+This article provides guidance to help you plan for Windows 11 in your organization.
+
diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1703.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1703.md
index 16e94c4bd9..a2c09c70c3 100644
--- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1703.md
+++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1703.md
@@ -13,7 +13,7 @@ manager: dansimp
 ms.collection: M365-security-compliance
 ms.topic: article
 audience: ITPro
-ms.date: 09/08/2021
+ms.date: 
 ms.reviewer:
 ---
 
@@ -34,7 +34,7 @@ Use this article to learn about diagnostic events, grouped by event area, and th
 You can learn more about Windows functional and diagnostic data through these articles:
 
 - [Required Windows 11 diagnostic events and fields](required-windows-11-diagnostic-events-and-fields.md)
-- [Windows 10, version 20H2 and Windows 10, version 2004 basic diagnostic events and fields](required-windows-diagnostic-data-events-and-fields-2004.md)
+- [Windows 10, version 21H2, Windows 10, version 21H1, Windows 10, version 20H2 and Windows 10, version 2004 required Windows diagnostic events and fields](required-windows-diagnostic-data-events-and-fields-2004.md)
 - [Windows 10, version 1903 and Windows 10, version 1909 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1903.md)
 - [Windows 10, version 1809 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1809.md)
 - [Windows 10, version 1803 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1803.md)
diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1709.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1709.md
index fe2e57d529..2c105c0127 100644
--- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1709.md
+++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1709.md
@@ -13,7 +13,7 @@ manager: dansimp
 ms.collection: M365-security-compliance
 ms.topic: article
 audience: ITPro
-ms.date: 09/08/2021
+ms.date: 
 ms.reviewer:
 ---
 
@@ -34,7 +34,7 @@ Use this article to learn about diagnostic events, grouped by event area, and th
 You can learn more about Windows functional and diagnostic data through these articles:
 
 - [Required Windows 11 diagnostic events and fields](required-windows-11-diagnostic-events-and-fields.md)
-- [Windows 10, version 20H2 and Windows 10, version 2004 basic diagnostic events and fields](required-windows-diagnostic-data-events-and-fields-2004.md)
+- [Windows 10, version 21H2, Windows 10, version 21H1, Windows 10, version 20H2 and Windows 10, version 2004 required Windows diagnostic events and fields](required-windows-diagnostic-data-events-and-fields-2004.md)
 - [Windows 10, version 1903 and Windows 10, version 1909 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1903.md)
 - [Windows 10, version 1809 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1809.md)
 - [Windows 10, version 1803 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1803.md)
@@ -3029,22 +3029,6 @@ The following fields are available:
 
 - **winInetError**  The HResult of the operation.
 
-
-## Other events
-
-### Microsoft.ServerManagementExperience.Gateway.Service.ManagedNodeProperties
-
-This is a periodic rundown event that contains more detailed information about the nodes added to this Windows Admin Center gateway for management.
-
-The following fields are available:
-
-- **nodeId**  The nodeTypeId concatenated with the hostname or IP address that gateway uses to connect to this node.
-- **nodeOperatingSystem**  A user friendly description of the node's OS version.
-- **nodeOSVersion**  A major or minor build version string for the node's OS.
-- **nodeTypeId**  A string that distinguishes between a connection target, whether it is a client, server, cluster or a hyper-converged cluster.
-- **otherProperties**  Contains a JSON object with variable content and may contain: "nodes": a list of host names or IP addresses of the servers belonging to a cluster, "aliases": the alias if it is set for this connection, "lastUpdatedTime": the number of milliseconds since Unix epoch when this connection was last updated, "ncUri", "caption", "version", "productType", "networkName", "operatingSystem", "computerManufacturer", "computerModel", "isS2dEnabled". This JSON object is formatted as an quotes-escaped string.
-
-
 ## Privacy logging notification events
 
 ### Microsoft.Windows.Shell.PrivacyNotifierLogging.PrivacyNotifierCompleted
diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md
index 27ad38b904..89feae1164 100644
--- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md
+++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md
@@ -13,7 +13,7 @@ manager: dansimp
 ms.collection: M365-security-compliance
 ms.topic: article
 audience: ITPro
-ms.date: 09/08/2021
+ms.date: 
 ms.reviewer:
 ---
 
@@ -34,7 +34,7 @@ Use this article to learn about diagnostic events, grouped by event area, and th
 You can learn more about Windows functional and diagnostic data through these articles:
 
 - [Required Windows 11 diagnostic events and fields](required-windows-11-diagnostic-events-and-fields.md)
-- [Windows 10, version 20H2 and Windows 10, version 2004 basic diagnostic events and fields](required-windows-diagnostic-data-events-and-fields-2004.md)
+- [Windows 10, version 21H2, Windows 10, version 21H1, Windows 10, version 20H2 and Windows 10, version 2004 required Windows diagnostic events and fields](required-windows-diagnostic-data-events-and-fields-2004.md)
 - [Windows 10, version 1903 and Windows 10, version 1909 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1903.md)
 - [Windows 10, version 1809 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1809.md)
 - [Windows 10, version 1709 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1709.md)
@@ -44,7 +44,6 @@ You can learn more about Windows functional and diagnostic data through these ar
 
 
 
-
 ## Appraiser events
 
 ### Microsoft.Windows.Appraiser.General.ChecksumTotalPictureCount
@@ -4370,14 +4369,6 @@ The following fields are available:
 
 ## Other events
 
-### Microsoft.Surface.Battery.Prod.BatteryInfoEvent
-
-This event includes the hardware level data about battery performance. The data collected with this event is used to help keep Windows products and services performing properly.
-
-The following fields are available:
-
-- **pszBatteryDataXml**  Battery performance data.
-- **szBatteryInfo**  Battery performance data.
 
 
 ## Privacy consent logging events
@@ -5473,6 +5464,17 @@ The following fields are available:
 - **UpdateId**  The update ID for a specific piece of content.
 - **ValidityWindowInDays**  The validity window that's in effect when verifying the timestamp.
 
+## Surface events
+
+### Microsoft.Surface.Battery.Prod.BatteryInfoEvent
+
+This event includes the hardware level data about battery performance. The data collected with this event is used to help keep Windows products and services performing properly.
+
+The following fields are available:
+
+- **pszBatteryDataXml**  Battery performance data.
+- **szBatteryInfo**  Battery performance data.
+
 
 ## Update Assistant events
 
diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1809.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1809.md
index e45351e107..e170e13dbe 100644
--- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1809.md
+++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1809.md
@@ -13,7 +13,7 @@ manager: dansimp
 ms.collection: M365-security-compliance
 ms.topic: article
 audience: ITPro
-ms.date: 09/08/2021
+ms.date:
 ms.reviewer:
 ---
 
@@ -24,7 +24,6 @@ ms.reviewer:
 
 - Windows 10, version 1809
 
-
 The Basic level gathers a limited set of information that is critical for understanding the device and its configuration including: basic device information, quality-related information, app compatibility, and Microsoft Store. When the level is set to Basic, it also includes the Security level information.
 
 The Basic level helps to identify problems that can occur on a particular device hardware or software configuration. For example, it can help determine if crashes are more frequent on devices with a specific amount of memory or that are running a particular driver version. This helps Microsoft fix operating system or app problems.
@@ -34,7 +33,7 @@ Use this article to learn about diagnostic events, grouped by event area, and th
 You can learn more about Windows functional and diagnostic data through these articles:
 
 - [Required Windows 11 diagnostic events and fields](required-windows-11-diagnostic-events-and-fields.md)
-- [Windows 10, version 20H2 and Windows 10, version 2004 basic diagnostic events and fields](required-windows-diagnostic-data-events-and-fields-2004.md)
+- [Windows 10, version 21H2, Windows 10, version 21H1, Windows 10, version 20H2 and Windows 10, version 2004 required Windows diagnostic events and fields](required-windows-diagnostic-data-events-and-fields-2004.md)
 - [Windows 10, version 1903 and Windows 10, version 1909 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1903.md)
 - [Windows 10, version 1803 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1803.md)
 - [Windows 10, version 1709 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1709.md)
@@ -5790,36 +5789,6 @@ The following fields are available:
 - **totalRunDuration**  Total running/evaluation time from last time.
 - **totalRuns**  Total number of running/evaluation from last time.
 
-
-## Other events
-
-### Microsoft.ServerManagementExperience.Gateway.Service.ManagedNodeProperties
-
-This is a periodic rundown event that contains more detailed information about the nodes added to this Windows Admin Center gateway for management.
-
-The following fields are available:
-
-- **nodeId**  The nodeTypeId concatenated with the hostname or IP address that gateway uses to connect to this node.
-- **nodeOperatingSystem**  A user friendly description of the node's OS version.
-- **nodeOSVersion**  A major or minor build version string for the node's OS.
-- **nodeTypeId**  A string that distinguishes between a connection target, whether it is a client, server, cluster or a hyper-converged cluster.
-- **otherProperties**  Contains a JSON object with variable content and may contain: "nodes": a list of host names or IP addresses of the servers belonging to a cluster, "aliases": the alias if it is set for this connection, "lastUpdatedTime": the number of milliseconds since Unix epoch when this connection was last updated, "ncUri", "caption", "version", "productType", "networkName", "operatingSystem", "computerManufacturer", "computerModel", "isS2dEnabled". This JSON object is formatted as an quotes-escaped string.
-
-
-### Microsoft.Surface.Battery.Prod.BatteryInfoEvent
-
-This event includes the hardware level data about battery performance. The data collected with this event is used to help keep Windows products and services performing properly.
-
-The following fields are available:
-
-- **batteryData.data()**  Battery performance data.
-- **BatteryDataSize:**  Size of the battery performance data.
-- **batteryInfo.data()**  Battery performance data.
-- **BatteryInfoSize:**  Size of the battery performance data.
-- **pszBatteryDataXml**  Battery performance data.
-- **szBatteryInfo**  Battery performance data.
-
-
 ## Privacy consent logging events
 
 ### Microsoft.Windows.Shell.PrivacyConsentLogging.PrivacyConsentCompleted
@@ -7029,6 +6998,22 @@ The following fields are available:
 - **UpdateId**  The update ID for a specific piece of content.
 - **ValidityWindowInDays**  The validity window that's in effect when verifying the timestamp.
 
+## Surface events
+
+### Microsoft.Surface.Battery.Prod.BatteryInfoEvent
+
+This event includes the hardware level data about battery performance. The data collected with this event is used to help keep Windows products and services performing properly.
+
+The following fields are available:
+
+- **batteryData.data()**  Battery performance data.
+- **BatteryDataSize:**  Size of the battery performance data.
+- **batteryInfo.data()**  Battery performance data.
+- **BatteryInfoSize:**  Size of the battery performance data.
+- **pszBatteryDataXml**  Battery performance data.
+- **szBatteryInfo**  Battery performance data.
+
+
 
 ## System Resource Usage Monitor events
 
diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1903.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1903.md
index d9cf6ceee1..7cd176eb53 100644
--- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1903.md
+++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1903.md
@@ -13,7 +13,7 @@ manager: dansimp
 ms.collection: M365-security-compliance
 ms.topic: article
 audience: ITPro
-ms.date: 09/08/2021
+ms.date:
 ---
 
 
@@ -39,7 +39,7 @@ Use this article to learn about diagnostic events, grouped by event area, and th
 You can learn more about Windows functional and diagnostic data through these articles:
 
 - [Required Windows 11 diagnostic events and fields](required-windows-11-diagnostic-events-and-fields.md)
-- [Windows 10, version 20H2 and Windows 10, version 2004 basic diagnostic events and fields](required-windows-diagnostic-data-events-and-fields-2004.md)
+- [Windows 10, version 21H2, Windows 10, version 21H1, Windows 10, version 20H2 and Windows 10, version 2004 required Windows diagnostic events and fields](required-windows-diagnostic-data-events-and-fields-2004.md)
 - [Windows 10, version 1809 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1809.md)
 - [Windows 10, version 1803 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1803.md)
 - [Windows 10, version 1709 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1709.md)
@@ -277,6 +277,8 @@ The following fields are available:
 - **DatasourceApplicationFile_20H1Setup**  The total number of objects of this type present on this device.
 - **DatasourceApplicationFile_21H1**  The total number of objects of this type present on this device.
 - **DatasourceApplicationFile_21H1Setup**  The total number of objects of this type present on this device.
+- **DatasourceApplicationFile_21H2**  The total number of objects of this type present on this device.
+- **DatasourceApplicationFile_21H2Setup**  The total number of objects of this type present on this device.
 - **DatasourceApplicationFile_RS1**  The total number of objects of this type present on this device.
 - **DatasourceApplicationFile_RS2**  The total number of objects of this type present on this device.
 - **DatasourceApplicationFile_RS3**  The total number of objects of this type present on this device.
@@ -290,6 +292,8 @@ The following fields are available:
 - **DatasourceDevicePnp_20H1Setup**  The total number of objects of this type present on this device.
 - **DatasourceDevicePnp_21H1**  The total number of objects of this type present on this device.
 - **DatasourceDevicePnp_21H1Setup**  The total number of objects of this type present on this device.
+- **DatasourceDevicePnp_21H2**  The total number of objects of this type present on this device.
+- **DatasourceDevicePnp_21H2Setup**  The total number of objects of this type present on this device.
 - **DatasourceDevicePnp_RS1**  The total number of objects of this type present on this device.
 - **DatasourceDevicePnp_RS2**  The total number of objects of this type present on this device.
 - **DatasourceDevicePnp_RS3**  The total number of objects of this type present on this device.
@@ -306,6 +310,8 @@ The following fields are available:
 - **DatasourceDriverPackage_20H1Setup**  The total number of objects of this type present on this device.
 - **DatasourceDriverPackage_21H1**  The total number of objects of this type present on this device.
 - **DatasourceDriverPackage_21H1Setup**  The total number of objects of this type present on this device.
+- **DatasourceDriverPackage_21H2**  The total number of objects of this type present on this device.
+- **DatasourceDriverPackage_21H2Setup**  The total number of objects of this type present on this device.
 - **DatasourceDriverPackage_RS1**  The total number of objects of this type present on this device.
 - **DatasourceDriverPackage_RS2**  The total number of objects of this type present on this device.
 - **DatasourceDriverPackage_RS3**  The total number of objects of this type present on this device.
@@ -322,6 +328,8 @@ The following fields are available:
 - **DataSourceMatchingInfoBlock_20H1Setup**  The total number of objects of this type present on this device.
 - **DataSourceMatchingInfoBlock_21H1**  The total number of objects of this type present on this device.
 - **DataSourceMatchingInfoBlock_21H1Setup**  The total number of objects of this type present on this device.
+- **DataSourceMatchingInfoBlock_21H2**  The total number of objects of this type present on this device.
+- **DataSourceMatchingInfoBlock_21H2Setup**  The total number of objects of this type present on this device.
 - **DataSourceMatchingInfoBlock_RS1**  The total number of objects of this type present on this device.
 - **DataSourceMatchingInfoBlock_RS2**  The total number of objects of this type present on this device.
 - **DataSourceMatchingInfoBlock_RS3**  The total number of objects of this type present on this device.
@@ -335,6 +343,8 @@ The following fields are available:
 - **DataSourceMatchingInfoPassive_20H1Setup**  The total number of objects of this type present on this device.
 - **DataSourceMatchingInfoPassive_21H1**  The total number of objects of this type present on this device.
 - **DataSourceMatchingInfoPassive_21H1Setup**  The total number of objects of this type present on this device.
+- **DataSourceMatchingInfoPassive_21H2**  The total number of objects of this type present on this device.
+- **DataSourceMatchingInfoPassive_21H2Setup**  The total number of objects of this type present on this device.
 - **DataSourceMatchingInfoPassive_RS1**  The total number of objects of this type present on this device.
 - **DataSourceMatchingInfoPassive_RS2**  The total number of objects of this type present on this device.
 - **DataSourceMatchingInfoPassive_RS3**  The total number of objects of this type present on this device.
@@ -348,6 +358,8 @@ The following fields are available:
 - **DataSourceMatchingInfoPostUpgrade_20H1Setup**  The total number of objects of this type present on this device.
 - **DataSourceMatchingInfoPostUpgrade_21H1**  The total number of objects of this type present on this device.
 - **DataSourceMatchingInfoPostUpgrade_21H1Setup**  The total number of objects of this type present on this device.
+- **DataSourceMatchingInfoPostUpgrade_21H2**  The total number of objects of this type present on this device.
+- **DataSourceMatchingInfoPostUpgrade_21H2Setup**  The total number of objects of this type present on this device.
 - **DataSourceMatchingInfoPostUpgrade_RS1**  The total number of objects of this type present on this device.
 - **DataSourceMatchingInfoPostUpgrade_RS2**  The total number of objects of this type present on this device.
 - **DataSourceMatchingInfoPostUpgrade_RS3**  The total number of objects of this type present on this device.
@@ -362,6 +374,8 @@ The following fields are available:
 - **DatasourceSystemBios_20H1Setup**  The total number of objects of this type present on this device.
 - **DatasourceSystemBios_21H1**  The total number of objects of this type present on this device.
 - **DatasourceSystemBios_21H1Setup**  The total number of objects of this type present on this device.
+- **DatasourceSystemBios_21H2**  The total number of objects of this type present on this device.
+- **DatasourceSystemBios_21H2Setup**  The total number of objects of this type present on this device.
 - **DatasourceSystemBios_RS1**  The total number of objects of this type present on this device.
 - **DatasourceSystemBios_RS2**  The total number of objects of this type present on this device.
 - **DatasourceSystemBios_RS3**  The total number of objects of this type present on this device.
@@ -378,6 +392,8 @@ The following fields are available:
 - **DecisionApplicationFile_20H1Setup**  The total number of objects of this type present on this device.
 - **DecisionApplicationFile_21H1**  The total number of objects of this type present on this device.
 - **DecisionApplicationFile_21H1Setup**  The total number of objects of this type present on this device.
+- **DecisionApplicationFile_21H2**  The total number of objects of this type present on this device.
+- **DecisionApplicationFile_21H2Setup**  The total number of objects of this type present on this device.
 - **DecisionApplicationFile_RS1**  The total number of objects of this type present on this device.
 - **DecisionApplicationFile_RS2**  The total number of objects of this type present on this device.
 - **DecisionApplicationFile_RS3**  The total number of objects of this type present on this device.
@@ -391,6 +407,8 @@ The following fields are available:
 - **DecisionDevicePnp_20H1Setup**  The total number of objects of this type present on this device.
 - **DecisionDevicePnp_21H1**  The total number of objects of this type present on this device.
 - **DecisionDevicePnp_21H1Setup**  The total number of objects of this type present on this device.
+- **DecisionDevicePnp_21H2**  The total number of objects of this type present on this device.
+- **DecisionDevicePnp_21H2Setup**  The total number of objects of this type present on this device.
 - **DecisionDevicePnp_RS1**  The total number of objects of this type present on this device.
 - **DecisionDevicePnp_RS2**  The total number of objects of this type present on this device.
 - **DecisionDevicePnp_RS3**  The total number of objects of this type present on this device.
@@ -407,6 +425,8 @@ The following fields are available:
 - **DecisionDriverPackage_20H1Setup**  The total number of objects of this type present on this device.
 - **DecisionDriverPackage_21H1**  The total number of objects of this type present on this device.
 - **DecisionDriverPackage_21H1Setup**  The total number of objects of this type present on this device.
+- **DecisionDriverPackage_21H2**  The total number of objects of this type present on this device.
+- **DecisionDriverPackage_21H2Setup**  The total number of objects of this type present on this device.
 - **DecisionDriverPackage_RS1**  The total number of objects of this type present on this device.
 - **DecisionDriverPackage_RS2**  The total number of objects of this type present on this device.
 - **DecisionDriverPackage_RS3**  The total number of objects of this type present on this device.
@@ -423,6 +443,8 @@ The following fields are available:
 - **DecisionMatchingInfoBlock_20H1Setup**  The total number of objects of this type present on this device.
 - **DecisionMatchingInfoBlock_21H1**  The total number of objects of this type present on this device.
 - **DecisionMatchingInfoBlock_21H1Setup**  The total number of objects of this type present on this device.
+- **DecisionMatchingInfoBlock_21H2**  The total number of objects of this type present on this device.
+- **DecisionMatchingInfoBlock_21H2Setup**  The total number of objects of this type present on this device.
 - **DecisionMatchingInfoBlock_RS1**  The total number of objects of this type present on this device.
 - **DecisionMatchingInfoBlock_RS2**  The total number of objects of this type present on this device.
 - **DecisionMatchingInfoBlock_RS3**  The total number of objects of this type present on this device.
@@ -436,6 +458,8 @@ The following fields are available:
 - **DecisionMatchingInfoPassive_20H1Setup**  The total number of objects of this type present on this device.
 - **DecisionMatchingInfoPassive_21H1**  The total number of objects of this type present on this device.
 - **DecisionMatchingInfoPassive_21H1Setup**  The total number of objects of this type present on this device.
+- **DecisionMatchingInfoPassive_21H2**  The total number of objects of this type present on this device.
+- **DecisionMatchingInfoPassive_21H2Setup**  The total number of objects of this type present on this device.
 - **DecisionMatchingInfoPassive_RS1**  The total number of objects of this type present on this device.
 - **DecisionMatchingInfoPassive_RS2**  The total number of objects of this type present on this device.
 - **DecisionMatchingInfoPassive_RS3**  The total number of objects of this type present on this device.
@@ -449,6 +473,8 @@ The following fields are available:
 - **DecisionMatchingInfoPostUpgrade_20H1Setup**  The total number of objects of this type present on this device.
 - **DecisionMatchingInfoPostUpgrade_21H1**  The total number of objects of this type present on this device.
 - **DecisionMatchingInfoPostUpgrade_21H1Setup**  The total number of objects of this type present on this device.
+- **DecisionMatchingInfoPostUpgrade_21H2**  The total number of objects of this type present on this device.
+- **DecisionMatchingInfoPostUpgrade_21H2Setup**  The total number of objects of this type present on this device.
 - **DecisionMatchingInfoPostUpgrade_RS1**  The total number of objects of this type present on this device.
 - **DecisionMatchingInfoPostUpgrade_RS2**  The total number of objects of this type present on this device.
 - **DecisionMatchingInfoPostUpgrade_RS3**  The total number of objects of this type present on this device.
@@ -462,6 +488,8 @@ The following fields are available:
 - **DecisionMediaCenter_20H1Setup**  The total number of objects of this type present on this device.
 - **DecisionMediaCenter_21H1**  The total number of objects of this type present on this device.
 - **DecisionMediaCenter_21H1Setup**  The total number of objects of this type present on this device.
+- **DecisionMediaCenter_21H2**  The total number of objects of this type present on this device.
+- **DecisionMediaCenter_21H2Setup**  The total number of objects of this type present on this device.
 - **DecisionMediaCenter_RS1**  The total number of objects of this type present on this device.
 - **DecisionMediaCenter_RS2**  The total number of objects of this type present on this device.
 - **DecisionMediaCenter_RS3**  The total number of objects of this type present on this device.
@@ -469,17 +497,19 @@ The following fields are available:
 - **DecisionMediaCenter_RS5**  The total number of objects of this type present on this device.
 - **DecisionMediaCenter_TH1**  The total number of objects of this type present on this device.
 - **DecisionMediaCenter_TH2**  The total number of objects of this type present on this device.
-- **DecisionSModeState_19H1** The total number of objects of this type present on this device.
+- **DecisionSModeState_19H1**  The total number of objects of this type present on this device.
 - **DecisionSModeState_20H1**  The total number of objects of this type present on this device.
 - **DecisionSModeState_20H1Setup**  The total number of objects of this type present on this device.
 - **DecisionSModeState_21H1**  The total number of objects of this type present on this device.
-- **DecisionSModeState_RS1** The total number of objects of this type present on this device.
-- **DecisionSModeState_RS2** The total number of objects of this type present on this device.
-- **DecisionSModeState_RS3** The total number of objects of this type present on this device.
-- **DecisionSModeState_RS4** The total number of objects of this type present on this device.
-- **DecisionSModeState_RS5** The total number of objects of this type present on this device.
-- **DecisionSModeState_TH1** The total number of objects of this type present on this device.
-- **DecisionSModeState_TH2** The total number of objects of this type present on this device.
+- **DecisionSModeState_21H2**  The total number of objects of this type present on this device.
+- **DecisionSModeState_21H2Setup**  The total number of objects of this type present on this device.
+- **DecisionSModeState_RS1**  The total number of objects of this type present on this device.
+- **DecisionSModeState_RS2**  The total number of objects of this type present on this device.
+- **DecisionSModeState_RS3**  The total number of objects of this type present on this device.
+- **DecisionSModeState_RS4**  The total number of objects of this type present on this device.
+- **DecisionSModeState_RS5**  The total number of objects of this type present on this device.
+- **DecisionSModeState_TH1**  The total number of objects of this type present on this device.
+- **DecisionSModeState_TH2**  The total number of objects of this type present on this device.
 - **DecisionSystemBios_19ASetup**  The total number of objects of this type present on this device.
 - **DecisionSystemBios_19H1**  The total number of objects of this type present on this device.
 - **DecisionSystemBios_19H1Setup**  The total number of objects of this type present on this device.
@@ -487,6 +517,8 @@ The following fields are available:
 - **DecisionSystemBios_20H1Setup**  The total number of objects of this type present on this device.
 - **DecisionSystemBios_21H1**  The total number of objects of this type present on this device.
 - **DecisionSystemBios_21H1Setup**  The total number of objects of this type present on this device.
+- **DecisionSystemBios_21H2**  The total number of objects of this type present on this device.
+- **DecisionSystemBios_21H2Setup**  The total number of objects of this type present on this device.
 - **DecisionSystemBios_RS1**  The total number of objects of this type present on this device.
 - **DecisionSystemBios_RS2**  The total number of objects of this type present on this device.
 - **DecisionSystemBios_RS3**  The total number of objects of this type present on this device.
@@ -497,67 +529,79 @@ The following fields are available:
 - **DecisionSystemBios_RS5Setup**  The total number of objects of this type present on this device.
 - **DecisionSystemBios_TH1**  The total number of objects of this type present on this device.
 - **DecisionSystemBios_TH2**  The total number of objects of this type present on this device.
-- **DecisionSystemDiskSize_19H1** The total number of objects of this type present on this device.
+- **DecisionSystemDiskSize_19H1**  The total number of objects of this type present on this device.
 - **DecisionSystemDiskSize_20H1**  The total number of objects of this type present on this device.
 - **DecisionSystemDiskSize_20H1Setup**  The total number of objects of this type present on this device.
 - **DecisionSystemDiskSize_21H1**  The total number of objects of this type present on this device.
-- **DecisionSystemDiskSize_RS1** The total number of objects of this type present on this device.
-- **DecisionSystemDiskSize_RS2** The total number of objects of this type present on this device.
-- **DecisionSystemDiskSize_RS3** The total number of objects of this type present on this device.
-- **DecisionSystemDiskSize_RS4** The total number of objects of this type present on this device.
-- **DecisionSystemDiskSize_RS5** The total number of objects of this type present on this device.
-- **DecisionSystemDiskSize_TH1** The total number of objects of this type present on this device.
-- **DecisionSystemDiskSize_TH2** The total number of objects of this type present on this device.
-- **DecisionSystemMemory_19H1** The total number of objects of this type present on this device.
+- **DecisionSystemDiskSize_21H2**  The total number of objects of this type present on this device.
+- **DecisionSystemDiskSize_21H2Setup**  The total number of objects of this type present on this device.
+- **DecisionSystemDiskSize_RS1**  The total number of objects of this type present on this device.
+- **DecisionSystemDiskSize_RS2**  The total number of objects of this type present on this device.
+- **DecisionSystemDiskSize_RS3**  The total number of objects of this type present on this device.
+- **DecisionSystemDiskSize_RS4**  The total number of objects of this type present on this device.
+- **DecisionSystemDiskSize_RS5**  The total number of objects of this type present on this device.
+- **DecisionSystemDiskSize_TH1**  The total number of objects of this type present on this device.
+- **DecisionSystemDiskSize_TH2**  The total number of objects of this type present on this device.
+- **DecisionSystemMemory_19H1**  The total number of objects of this type present on this device.
 - **DecisionSystemMemory_20H1**  The total number of objects of this type present on this device.
 - **DecisionSystemMemory_20H1Setup**  The total number of objects of this type present on this device.
 - **DecisionSystemMemory_21H1**  The total number of objects of this type present on this device.
-- **DecisionSystemMemory_RS1** The total number of objects of this type present on this device.
-- **DecisionSystemMemory_RS2** The total number of objects of this type present on this device.
-- **DecisionSystemMemory_RS3** The total number of objects of this type present on this device.
-- **DecisionSystemMemory_RS4** The total number of objects of this type present on this device.
-- **DecisionSystemMemory_RS5** The total number of objects of this type present on this device.
-- **DecisionSystemMemory_TH1** The total number of objects of this type present on this device.
-- **DecisionSystemMemory_TH2** The total number of objects of this type present on this device.
+- **DecisionSystemMemory_21H2**  The total number of objects of this type present on this device.
+- **DecisionSystemMemory_21H2Setup**  The total number of objects of this type present on this device.
+- **DecisionSystemMemory_RS1**  The total number of objects of this type present on this device.
+- **DecisionSystemMemory_RS2**  The total number of objects of this type present on this device.
+- **DecisionSystemMemory_RS3**  The total number of objects of this type present on this device.
+- **DecisionSystemMemory_RS4**  The total number of objects of this type present on this device.
+- **DecisionSystemMemory_RS5**  The total number of objects of this type present on this device.
+- **DecisionSystemMemory_TH1**  The total number of objects of this type present on this device.
+- **DecisionSystemMemory_TH2**  The total number of objects of this type present on this device.
 - **DecisionSystemProcessor_RS2**  The total number of objects of this type present on this device.
-- **DecisionSystemProcessorCpuCores_19H1** The total number of objects of this type present on this device.
+- **DecisionSystemProcessorCpuCores_19H1**  The total number of objects of this type present on this device.
 - **DecisionSystemProcessorCpuCores_20H1**  The total number of objects of this type present on this device.
 - **DecisionSystemProcessorCpuCores_20H1Setup**  The total number of objects of this type present on this device.
 - **DecisionSystemProcessorCpuCores_21H1**  The total number of objects of this type present on this device.
-- **DecisionSystemProcessorCpuCores_RS1** The total number of objects of this type present on this device.
-- **DecisionSystemProcessorCpuCores_RS2** The total number of objects of this type present on this device.
-- **DecisionSystemProcessorCpuCores_RS3** The total number of objects of this type present on this device.
-- **DecisionSystemProcessorCpuCores_RS4** The total number of objects of this type present on this device.
-- **DecisionSystemProcessorCpuCores_RS5** The total number of objects of this type present on this device.
-- **DecisionSystemProcessorCpuCores_TH1** The total number of objects of this type present on this device.
-- **DecisionSystemProcessorCpuCores_TH2** The total number of objects of this type present on this device.
-- **DecisionSystemProcessorCpuModel_19H1** The total number of objects of this type present on this device.
+- **DecisionSystemProcessorCpuCores_21H2**  The total number of objects of this type present on this device.
+- **DecisionSystemProcessorCpuCores_21H2Setup**  The total number of objects of this type present on this device.
+- **DecisionSystemProcessorCpuCores_RS1**  The total number of objects of this type present on this device.
+- **DecisionSystemProcessorCpuCores_RS2**  The total number of objects of this type present on this device.
+- **DecisionSystemProcessorCpuCores_RS3**  The total number of objects of this type present on this device.
+- **DecisionSystemProcessorCpuCores_RS4**  The total number of objects of this type present on this device.
+- **DecisionSystemProcessorCpuCores_RS5**  The total number of objects of this type present on this device.
+- **DecisionSystemProcessorCpuCores_TH1**  The total number of objects of this type present on this device.
+- **DecisionSystemProcessorCpuCores_TH2**  The total number of objects of this type present on this device.
+- **DecisionSystemProcessorCpuModel_19H1**  The total number of objects of this type present on this device.
 - **DecisionSystemProcessorCpuModel_20H1**  The total number of objects of this type present on this device.
 - **DecisionSystemProcessorCpuModel_20H1Setup**  The total number of objects of this type present on this device.
 - **DecisionSystemProcessorCpuModel_21H1**  The total number of objects of this type present on this device.
-- **DecisionSystemProcessorCpuModel_RS1** The total number of objects of this type present on this device.
-- **DecisionSystemProcessorCpuModel_RS2** The total number of objects of this type present on this device.
-- **DecisionSystemProcessorCpuModel_RS3** The total number of objects of this type present on this device.
-- **DecisionSystemProcessorCpuModel_RS4** The total number of objects of this type present on this device.
-- **DecisionSystemProcessorCpuModel_RS5** The total number of objects of this type present on this device.
-- **DecisionSystemProcessorCpuModel_TH1** The total number of objects of this type present on this device.
-- **DecisionSystemProcessorCpuModel_TH2** The total number of objects of this type present on this device.
-- **DecisionSystemProcessorCpuSpeed_19H1** The total number of objects of this type present on this device.
+- **DecisionSystemProcessorCpuModel_21H2**  The total number of objects of this type present on this device.
+- **DecisionSystemProcessorCpuModel_21H2Setup**  The total number of objects of this type present on this device.
+- **DecisionSystemProcessorCpuModel_RS1**  The total number of objects of this type present on this device.
+- **DecisionSystemProcessorCpuModel_RS2**  The total number of objects of this type present on this device.
+- **DecisionSystemProcessorCpuModel_RS3**  The total number of objects of this type present on this device.
+- **DecisionSystemProcessorCpuModel_RS4**  The total number of objects of this type present on this device.
+- **DecisionSystemProcessorCpuModel_RS5**  The total number of objects of this type present on this device.
+- **DecisionSystemProcessorCpuModel_TH1**  The total number of objects of this type present on this device.
+- **DecisionSystemProcessorCpuModel_TH2**  The total number of objects of this type present on this device.
+- **DecisionSystemProcessorCpuSpeed_19H1**  The total number of objects of this type present on this device.
 - **DecisionSystemProcessorCpuSpeed_20H1**  The total number of objects of this type present on this device.
 - **DecisionSystemProcessorCpuSpeed_20H1Setup**  The total number of objects of this type present on this device.
 - **DecisionSystemProcessorCpuSpeed_21H1**  The total number of objects of this type present on this device.
-- **DecisionSystemProcessorCpuSpeed_RS1** The total number of objects of this type present on this device.
-- **DecisionSystemProcessorCpuSpeed_RS2** The total number of objects of this type present on this device.
-- **DecisionSystemProcessorCpuSpeed_RS3** The total number of objects of this type present on this device.
-- **DecisionSystemProcessorCpuSpeed_RS4** The total number of objects of this type present on this device.
-- **DecisionSystemProcessorCpuSpeed_RS5** The total number of objects of this type present on this device.
-- **DecisionSystemProcessorCpuSpeed_TH1** The total number of objects of this type present on this device.
-- **DecisionSystemProcessorCpuSpeed_TH2** The total number of objects of this type present on this device.
+- **DecisionSystemProcessorCpuSpeed_21H2**  The total number of objects of this type present on this device.
+- **DecisionSystemProcessorCpuSpeed_21H2Setup**  The total number of objects of this type present on this device.
+- **DecisionSystemProcessorCpuSpeed_RS1**  The total number of objects of this type present on this device.
+- **DecisionSystemProcessorCpuSpeed_RS2**  The total number of objects of this type present on this device.
+- **DecisionSystemProcessorCpuSpeed_RS3**  The total number of objects of this type present on this device.
+- **DecisionSystemProcessorCpuSpeed_RS4**  The total number of objects of this type present on this device.
+- **DecisionSystemProcessorCpuSpeed_RS5**  The total number of objects of this type present on this device.
+- **DecisionSystemProcessorCpuSpeed_TH1**  The total number of objects of this type present on this device.
+- **DecisionSystemProcessorCpuSpeed_TH2**  The total number of objects of this type present on this device.
 - **DecisionTest_19H1**  The total number of objects of this type present on this device.
 - **DecisionTest_20H1**  The total number of objects of this type present on this device.
 - **DecisionTest_20H1Setup**  The total number of objects of this type present on this device.
 - **DecisionTest_21H1**  The total number of objects of this type present on this device.
 - **DecisionTest_21H1Setup**  The total number of objects of this type present on this device.
+- **DecisionTest_21H2**  The total number of objects of this type present on this device.
+- **DecisionTest_21H2Setup**  The total number of objects of this type present on this device.
 - **DecisionTest_RS1**  The total number of objects of this type present on this device.
 - **DecisionTest_RS2**  The total number of objects of this type present on this device.
 - **DecisionTest_RS3**  The total number of objects of this type present on this device.
@@ -565,28 +609,32 @@ The following fields are available:
 - **DecisionTest_RS5**  The total number of objects of this type present on this device.
 - **DecisionTest_TH1**  The total number of objects of this type present on this device.
 - **DecisionTest_TH2**  The total number of objects of this type present on this device.
-- **DecisionTpmVersion_19H1** The total number of objects of this type present on this device.
+- **DecisionTpmVersion_19H1**  The total number of objects of this type present on this device.
 - **DecisionTpmVersion_20H1**  The total number of objects of this type present on this device.
 - **DecisionTpmVersion_20H1Setup**  The total number of objects of this type present on this device.
 - **DecisionTpmVersion_21H1**  The total number of objects of this type present on this device.
-- **DecisionTpmVersion_RS1** The total number of objects of this type present on this device.
-- **DecisionTpmVersion_RS2** The total number of objects of this type present on this device.
-- **DecisionTpmVersion_RS3** The total number of objects of this type present on this device.
-- **DecisionTpmVersion_RS4** The total number of objects of this type present on this device.
-- **DecisionTpmVersion_RS5** The total number of objects of this type present on this device.
-- **DecisionTpmVersion_TH1** The total number of objects of this type present on this device.
-- **DecisionTpmVersion_TH2** The total number of objects of this type present on this device.
-- **DecisionUefiSecureBoot_19H1** The total number of objects of this type present on this device.
+- **DecisionTpmVersion_21H2**  The total number of objects of this type present on this device.
+- **DecisionTpmVersion_21H2Setup**  The total number of objects of this type present on this device.
+- **DecisionTpmVersion_RS1**  The total number of objects of this type present on this device.
+- **DecisionTpmVersion_RS2**  The total number of objects of this type present on this device.
+- **DecisionTpmVersion_RS3**  The total number of objects of this type present on this device.
+- **DecisionTpmVersion_RS4**  The total number of objects of this type present on this device.
+- **DecisionTpmVersion_RS5**  The total number of objects of this type present on this device.
+- **DecisionTpmVersion_TH1**  The total number of objects of this type present on this device.
+- **DecisionTpmVersion_TH2**  The total number of objects of this type present on this device.
+- **DecisionUefiSecureBoot_19H1**  The total number of objects of this type present on this device.
 - **DecisionUefiSecureBoot_20H1**  The total number of objects of this type present on this device.
 - **DecisionUefiSecureBoot_20H1Setup**  The total number of objects of this type present on this device.
 - **DecisionUefiSecureBoot_21H1**  The total number of objects of this type present on this device.
-- **DecisionUefiSecureBoot_RS1** The total number of objects of this type present on this device.
-- **DecisionUefiSecureBoot_RS2** The total number of objects of this type present on this device.
-- **DecisionUefiSecureBoot_RS3** The total number of objects of this type present on this device.
-- **DecisionUefiSecureBoot_RS4** The total number of objects of this type present on this device.
-- **DecisionUefiSecureBoot_RS5** The total number of objects of this type present on this device.
-- **DecisionUefiSecureBoot_TH1** The total number of objects of this type present on this device.
-- **DecisionUefiSecureBoot_TH2** The total number of objects of this type present on this device.
+- **DecisionUefiSecureBoot_21H2**  The total number of objects of this type present on this device.
+- **DecisionUefiSecureBoot_21H2Setup**  The total number of objects of this type present on this device.
+- **DecisionUefiSecureBoot_RS1**  The total number of objects of this type present on this device.
+- **DecisionUefiSecureBoot_RS2**  The total number of objects of this type present on this device.
+- **DecisionUefiSecureBoot_RS3**  The total number of objects of this type present on this device.
+- **DecisionUefiSecureBoot_RS4**  The total number of objects of this type present on this device.
+- **DecisionUefiSecureBoot_RS5**  The total number of objects of this type present on this device.
+- **DecisionUefiSecureBoot_TH1**  The total number of objects of this type present on this device.
+- **DecisionUefiSecureBoot_TH2**  The total number of objects of this type present on this device.
 - **InventoryApplicationFile**  The total number of objects of this type present on this device.
 - **InventoryDeviceContainer**  The total number of objects of this type present on this device.
 - **InventoryDevicePnp**  The total number of objects of this type present on this device.
@@ -616,6 +664,8 @@ The following fields are available:
 - **Wmdrm_20H1Setup**  The total number of objects of this type present on this device.
 - **Wmdrm_21H1**  The total number of objects of this type present on this device.
 - **Wmdrm_21H1Setup**  The total number of objects of this type present on this device.
+- **Wmdrm_21H2**  The total number of objects of this type present on this device.
+- **Wmdrm_21H2Setup**  The total number of objects of this type present on this device.
 - **Wmdrm_RS1**  The total number of objects of this type present on this device.
 - **Wmdrm_RS2**  The total number of objects of this type present on this device.
 - **Wmdrm_RS3**  The total number of objects of this type present on this device.
@@ -4237,6 +4287,7 @@ The following fields are available:
 - **DriverInfSectionName**  Name of the DDInstall section within the driver INF file.
 - **DriverPackageId**  The ID of the driver package that is staged to the driver store.
 - **DriverProvider**  The driver manufacturer or provider.
+- **DriverShimIds**  List of driver shim IDs.
 - **DriverUpdated**  Indicates whether the driver is replacing an old driver.
 - **DriverVersion**  The version of the driver file.
 - **EndTime**  The time the installation completed.
@@ -4614,13 +4665,13 @@ The following fields are available:
 - **Generic**  A count of generic objects in cache.
 - **HwItem**  A count of hwitem objects in cache.
 - **InventoryAcpiPhatHealthRecord**  A count of ACPI PHAT health records in cache.
-- **InventoryAcpiPhatVersionElement**  A count of ACPI PHAT version elements in cache
+- **InventoryAcpiPhatVersionElement**  A count of ACPI PHAT version elements in cache.
 - **InventoryApplication**  A count of application objects in cache.
 - **InventoryApplicationAppV**  A count of application AppV objects in cache.
-- **InventoryApplicationDriver**  A count of application driver objects in cache
+- **InventoryApplicationDriver**  A count of application driver objects in cache.
 - **InventoryApplicationFile**  A count of application file objects in cache.
-- **InventoryApplicationFramework**  A count of application framework objects in cache
-- **InventoryApplicationShortcut**  A count of application shortcut objects in cache
+- **InventoryApplicationFramework**  A count of application framework objects in cache.
+- **InventoryApplicationShortcut**  A count of application shortcut objects in cache.
 - **InventoryDeviceContainer**  A count of device container objects in cache.
 - **InventoryDeviceInterface**  A count of Plug and Play device interface objects in cache.
 - **InventoryDeviceMediaClass**  A count of device media objects in cache.
@@ -4631,14 +4682,14 @@ The following fields are available:
 - **InventoryDriverPackage**  A count of device objects in cache.
 - **InventoryMiscellaneousOfficeAddIn**  A count of office add-in objects in cache
 - **InventoryMiscellaneousOfficeAddInUsage**  A count of office add-in usage objects in cache.
-- **InventoryMiscellaneousOfficeIdentifiers**  A count of office identifier objects in cache
-- **InventoryMiscellaneousOfficeIESettings**  A count of office ie settings objects in cache
-- **InventoryMiscellaneousOfficeInsights**  A count of office insights objects in cache
-- **InventoryMiscellaneousOfficeProducts**  A count of office products objects in cache
-- **InventoryMiscellaneousOfficeSettings**  A count of office settings objects in cache
-- **InventoryMiscellaneousOfficeVBA**  A count of office vba objects in cache
-- **InventoryMiscellaneousOfficeVBARuleViolations**  A count of office vba rule violations objects in cache
-- **InventoryMiscellaneousUUPInfo**  A count of uup info objects in cache
+- **InventoryMiscellaneousOfficeIdentifiers**  A count of office identifier objects in cache.
+- **InventoryMiscellaneousOfficeIESettings**  A count of office ie settings objects in cache.
+- **InventoryMiscellaneousOfficeInsights**  A count of office insights objects in cache.
+- **InventoryMiscellaneousOfficeProducts**  A count of office products objects in cache.
+- **InventoryMiscellaneousOfficeSettings**  A count of office settings objects in cache.
+- **InventoryMiscellaneousOfficeVBA**  A count of office vba objects in cache.
+- **InventoryMiscellaneousOfficeVBARuleViolations**  A count of office vba rule violations objects in cache.
+- **InventoryMiscellaneousUUPInfo**  A count of uup info objects in cache.
 - **InventoryVersion**  The version of the inventory binary generating the events.
 - **Metadata**  A count of metadata objects in cache.
 - **Orphan**  A count of orphan file objects in cache.
@@ -5896,27 +5947,6 @@ The following fields are available:
 - **ModelName**  Windows Mixed Reality device model name.
 - **SerialNumber**  Windows Mixed Reality device serial number.
 
-
-## OneDrive events
-
-### Microsoft.OneDrive.Sync.Setup.OSUpgradeInstallationOperation
-
-This event is related to the OS version when the OS is upgraded with OneDrive installed. The data collected with this event is used to help keep Windows up to date, secure, and performing properly.
-
-The following fields are available:
-
-- **CurrentOneDriveVersion**  The current version of OneDrive.
-- **CurrentOSBuildBranch**  The current branch of the operating system.
-- **CurrentOSBuildNumber**  The current build number of the operating system.
-- **CurrentOSVersion**  The current version of the operating system.
-- **HResult**  The HResult of the operation.
-- **SourceOSBuildBranch**  The source branch of the operating system.
-- **SourceOSBuildNumber**  The source build number of the operating system.
-- **SourceOSVersion**  The source version of the operating system.
-
-
-## Other events
-
 ### Microsoft.ML.ONNXRuntime.ProcessInfo
 
 This event collects information when an application loads ONNXRuntime.dll. The data collected with this event is used to keep Windows product and service performing properly.
@@ -5941,21 +5971,52 @@ The following fields are available:
 - **totalRunDuration**  Total running/evaluation time from last time.
 - **totalRuns**  Total number of running/evaluation from last time.
 
+## OneDrive events
 
-### Microsoft.Surface.Battery.Prod.BatteryInfoEvent
+### Microsoft.OneDrive.Sync.Setup.OSUpgradeInstallationOperation
 
-This event includes the hardware level data about battery performance. The data collected with this event is used to help keep Windows products and services performing properly.
+This event is related to the OS version when the OS is upgraded with OneDrive installed. The data collected with this event is used to help keep Windows up to date, secure, and performing properly.
 
 The following fields are available:
 
-- **batteryData**  Hardware level data about battery performance.
-- **batteryData.data()**  Battery performance data.
-- **BatteryDataSize:**  Size of the battery performance data.
-- **batteryInfo.data()**  Battery performance data.
-- **BatteryInfoSize:**  Battery performance data.
-- **pszBatteryDataXml**  Battery performance data.
-- **szBatteryInfo**  Battery performance data.
+- **CurrentOneDriveVersion**  The current version of OneDrive.
+- **CurrentOSBuildBranch**  The current branch of the operating system.
+- **CurrentOSBuildNumber**  The current build number of the operating system.
+- **CurrentOSVersion**  The current version of the operating system.
+- **HResult**  The HResult of the operation.
+- **SourceOSBuildBranch**  The source branch of the operating system.
+- **SourceOSBuildNumber**  The source build number of the operating system.
+- **SourceOSVersion**  The source version of the operating system.
 
+## Privacy consent logging events
+
+### Microsoft.Windows.Shell.PrivacyConsentLogging.PrivacyConsentCompleted
+
+This event is used to determine whether the user successfully completed the privacy consent experience. The data collected with this event is used to help keep Windows up to date.
+
+The following fields are available:
+
+- **presentationVersion**  Which display version of the privacy consent experience the user completed
+- **privacyConsentState**  The current state of the privacy consent experience
+- **settingsVersion**  Which setting version of the privacy consent experience the user completed
+- **userOobeExitReason**  The exit reason of the privacy consent experience
+
+
+### Microsoft.Windows.Shell.PrivacyConsentLogging.PrivacyConsentStatus
+
+This event provides the effectiveness of new privacy experience. The data collected with this event is used to help keep Windows up to date.
+
+The following fields are available:
+
+- **isAdmin**  whether the person who is logging in is an admin
+- **isExistingUser**  whether the account existed in a downlevel OS
+- **isLaunching**  Whether or not the privacy consent experience will be launched
+- **isSilentElevation**  whether the user has most restrictive UAC controls
+- **privacyConsentState**  whether the user has completed privacy experience
+- **userRegionCode**  The current user's region setting
+
+
+## Update Assistant events
 
 ### Microsoft.Windows.UpdateHealthTools.ExpediteBlocked
 
@@ -6336,37 +6397,6 @@ The following fields are available:
 - **GlobalEventCounter**  Client side counter which indicates ordering of events sent by this user.
 - **PackageVersion**  Current package version of remediation.
 
-
-## Privacy consent logging events
-
-### Microsoft.Windows.Shell.PrivacyConsentLogging.PrivacyConsentCompleted
-
-This event is used to determine whether the user successfully completed the privacy consent experience. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **presentationVersion**  Which display version of the privacy consent experience the user completed
-- **privacyConsentState**  The current state of the privacy consent experience
-- **settingsVersion**  Which setting version of the privacy consent experience the user completed
-- **userOobeExitReason**  The exit reason of the privacy consent experience
-
-
-### Microsoft.Windows.Shell.PrivacyConsentLogging.PrivacyConsentStatus
-
-This event provides the effectiveness of new privacy experience. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **isAdmin**  whether the person who is logging in is an admin
-- **isExistingUser**  whether the account existed in a downlevel OS
-- **isLaunching**  Whether or not the privacy consent experience will be launched
-- **isSilentElevation**  whether the user has most restrictive UAC controls
-- **privacyConsentState**  whether the user has completed privacy experience
-- **userRegionCode**  The current user's region setting
-
-
-## Quality Update Assistant events
-
 ### Microsoft.Windows.QualityUpdateAssistant.Applicability
 
 This event sends basic info on whether the device should be updated to the latest cumulative update. The data collected with this event is used to help keep Windows up to date and secure.
@@ -7037,6 +7067,19 @@ The following fields are available:
 - **healthLogSize**  4KB.
 - **productId**  Identifier for product model.
 
+### Microsoft.Surface.Battery.Prod.BatteryInfoEvent
+
+This event includes the hardware level data about battery performance. The data collected with this event is used to help keep Windows products and services performing properly.
+
+The following fields are available:
+
+- **batteryData**  Hardware level data about battery performance.
+- **batteryData.data()**  Battery performance data.
+- **BatteryDataSize:**  Size of the battery performance data.
+- **batteryInfo.data()**  Battery performance data.
+- **BatteryInfoSize:**  Battery performance data.
+- **pszBatteryDataXml**  Battery performance data.
+- **szBatteryInfo**  Battery performance data.
 
 ## System reset events
 
diff --git a/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md b/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md
index 99c3bb9e74..c4cac4808b 100644
--- a/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md
+++ b/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md
@@ -261,11 +261,15 @@ The Windows diagnostic data processor configuration enables you to be the contro
 
 ### Prerequisites
 
-- The device must be any of the following releases of Windows:
-  - Windows 11 Enterprise, Professional, or Education edition
-  - Windows 10 Enterprise, Education, or Professional edition, version 1809 with July 2021 update or later.
+- Use a supported version of Windows 10 or Windows 11
+- The following editions are supported: 
+  - Enterprise
+  - Professional
+  - Education
 - The device must be joined to Azure Active Directory.
 
+For the best experience, use the most current build of any operating system specified above. Configuration functionality and availability may vary on older systems. See [Lifecycle Policy](/lifecycle/products/windows-10-enterprise-and-education)
+
 The diagnostic data setting on the device should be set to Required diagnostic data or higher, and the following endpoints need to be reachable:
 
 - v10c.events.data.microsoft.com
diff --git a/windows/privacy/manage-windows-21h2-endpoints.md b/windows/privacy/manage-windows-21h2-endpoints.md
new file mode 100644
index 0000000000..c6578dcc77
--- /dev/null
+++ b/windows/privacy/manage-windows-21h2-endpoints.md
@@ -0,0 +1,157 @@
+---
+title: Connection endpoints for Windows 10 Enterprise, version 21H2
+description: Explains what Windows 10 endpoints are used for, how to turn off traffic to them, and the impact. Specific to Windows 10 Enterprise, version 21H2.
+keywords: privacy, manage connections to Microsoft, Windows 10
+ms.prod: w10
+ms.mktglfcycl: manage
+ms.sitesec: library
+ms.localizationpriority: high
+audience: ITPro
+author: gental-giant
+ms.author: v-hakima
+manager: robsize
+ms.collection: M365-security-compliance
+ms.topic: article
+ms.date: 10/04/2021
+---
+
+# Manage connection endpoints for Windows 10 Enterprise, version 21H2
+
+**Applies to**
+
+- Windows 10 Enterprise, version 21H2
+
+Some Windows components, app, and related services transfer data to Microsoft network endpoints. Some examples include:
+
+- Connecting to Microsoft Office and Windows sites to download the latest app and security updates.
+- Connecting to email servers to send and receive email.
+- Connecting to the web for every day web browsing.
+- Connecting to the cloud to store and access backups.
+- Using your location to show a weather forecast.
+
+Details about the different ways to control traffic to these endpoints are covered in [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md).
+Where applicable, each endpoint covered in this topic includes a link to the specific details on how to control that traffic.
+
+The following methodology was used to derive these network endpoints:
+
+1. Set up the latest version of Windows 10 on a test virtual machine using the default settings.
+2. Leave the device(s) running idle for a week ("idle" means a user is not interacting with the system/device).
+3. Use globally accepted network protocol analyzer/capturing tools and log all background egress traffic.
+4. Compile reports on traffic going to public IP addresses.
+5. The test virtual machine(s) was logged into using a local account, and was not joined to a domain or Azure Active Directory.
+6. All traffic was captured in our lab using a IPV4 network. Therefore, no IPV6 traffic is reported here.
+7. These tests were conducted in an approved Microsoft lab. It's possible your results may be different.
+8. These tests were conducted for one week, but if you capture traffic for longer you may have different results.
+
+> [!NOTE]
+> Microsoft uses global load balancers that can appear in network trace-routes. For example, an endpoint for *.akadns.net might be used to load balance requests to an Azure datacenter, which can change over time.
+
+## Windows 10 21H2 Enterprise connection endpoints
+
+|Area|Description|Protocol|Destination|
+|----------------|----------|----------|------------|
+|Apps|||[Learn how to turn off traffic to the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore)|
+||The following endpoint is used for the Weather app. To turn off traffic for this endpoint, either uninstall the Weather app or disable the Microsoft Store. If you disable the Microsoft store, other Store apps cannot be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them.|HTTP|tile-service.weather.microsoft.com|
+||The following endpoint is used for OneNote Live Tile. To turn off traffic for this endpoint, either uninstall OneNote or disable the Microsoft Store. If you disable the Microsoft store, other Store apps cannot be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them.|TLSv1.2/HTTPS/HTTP|cdn.onenote.net|
+||The following endpoint is used by the Photos app to download configuration files, and to connect to the Office 365 portal's shared infrastructure, including Office in a browser. To turn off traffic for this endpoint, either uninstall the Photos app or disable the Microsoft Store. If you disable the Microsoft store, other Store apps cannot be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them.|TLSv1.2/HTTPS|evoke-windowsservices-tas.msedge.net
+|Certificates|The following endpoint is used by the Automatic Root Certificates Update component to automatically check the list of trusted authorities on Windows Update to see if an update is available. It is possible to turn off traffic to this endpoint, but it is not recommended because as root certificates are updated over time, applications and websites may stop working because they did not receive an updated root certificate the application uses. Additionally, it is used to download certificates that are publicly known to be fraudulent. These settings are critical for both Windows security and the overall security of the Internet. We do not recommend blocking this endpoint. If traffic to this endpoint is turned off, Windows no longer automatically downloads certificates known to be fraudulent, which increases the attack vector on the device.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#automatic-root-certificates-update)|
+|||TLSv1.2/HTTPS/HTTP|ctldl.windowsupdate.com|
+|Cortana and Live Tiles|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-cortana)|
+||The following endpoints are related to Cortana and Live Tiles. If you turn off traffic for this endpoint, you will block updates to Cortana greetings, tips, and Live Tiles.|TLSv1.2/HTTPS/HTTP|www.bing.com*|
+|||TLSv1.2/HTTPS/HTTP|fp.msedge.net|
+|||TLSv1.2|I-ring.msedge.net|
+|||HTTPS|s-ring.msedge.net|
+|Device authentication|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-feedback)|
+||The following endpoint is used to authenticate a device. If you  turn off traffic for this endpoint, the device will not be authenticated.|HTTPS|login.live.com*|
+|Device metadata|The following endpoint is used to retrieve device metadata. If you turn off traffic for this endpoint, metadata will not be updated for the device.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#4-device-metadata-retrieval)|
+|||HTTP|dmd.metaservices.microsoft.com|
+|Diagnostic Data|The following endpoints are used by the Connected User Experiences and Telemetry component and connects to the Microsoft Data Management service. 
                    If you turn off traffic for this endpoint, diagnostic and usage information, which helps Microsoft find and fix problems and improve our products and services, will not be sent back to Microsoft. ||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-feedback)|
+|||TLSv1.2/HTTPS/HTTP|v10.events.data.microsoft.com|
+||The following endpoints are used by Windows Error Reporting. To turn off traffic for these endpoints, enable the following Group Policy: Administrative Templates > Windows Components > Windows Error Reporting > Disable Windows Error Reporting. This means error reporting information will not be sent back to Microsoft.|TLSv1.2|telecommand.telemetry.microsoft.com|
+|||TLS v1.2/HTTPS/HTTP|watson.*.microsoft.com|
+|Font Streaming|The following endpoints are used to download fonts on demand. If you turn off traffic for these endpoints, you will not be able to download fonts on demand.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#6-font-streaming)|
+|||HTTPS|fs.microsoft.com|
+|Licensing|The following endpoint is used for online activation and some app licensing. To turn off traffic for this endpoint, disable the Windows License Manager Service. This will also block online activation and app licensing may not work.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#9-license-manager)|
+|||TLSv1.2/HTTPS/HTTP|licensing.mp.microsoft.com|
+|Maps|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-offlinemaps)|
+||The following endpoints are used to check for updates to maps that have been downloaded for offline use. If you turn off traffic for this endpoint, offline maps will not be updated.|TLSv1.2/HTTPS/HTTP|maps.windows.com|
+|Microsoft Account|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-microsoft-account)|
+||The following endpoints are used for Microsoft accounts to sign in. If you turn off traffic for these endpoints, users cannot sign in with Microsoft accounts. |TLSv1.2/HTTPS|login.live.com|
+|Microsoft Edge|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#13-microsoft-edge)|
+||This traffic is related to the Microsoft Edge browser.|HTTPS|iecvlist.microsoft.com|
+||The following endpoint is used by Microsoft Edge Update service to check for new updates. If you disable this endpoint, Microsoft Edge won’t be able to check for and apply new edge updates.|TLSv1.2/HTTPS/HTTP|msedge.api.cdp.microsoft.com|
+|Microsoft forward link redirection service (FWLink)|The following endpoint is used by the Microsoft forward link redirection service (FWLink) to redirect permanent web links to their actual, sometimes transitory, URL. FWlinks are similar to URL shorteners, just longer. If you disable this endpoint, Windows Defender won't be able to update its malware definitions; links from Windows and other Microsoft products to the Web won't work; and PowerShell updateable Help won't update. To disable the traffic, instead disable the traffic that's getting forwarded.|HTTP|go.microsoft.com|
+|Microsoft Store|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#26-microsoft-store)|
+||The following endpoint is used to download image files that are called when applications run (Microsoft Store or Inbox MSN Apps). If you turn off traffic for these endpoints, the image files won't be downloaded, and apps cannot be installed or updated from the Microsoft Store. Additionally, the Microsoft Store won't be able to revoke malicious apps and users will still be able to open them.|HTTPS|img-prod-cms-rt-microsoft-com.akamaized.net|
+||The following endpoint is needed to load the content in the Microsoft Store app.|HTTPS|livetileedge.dsx.mp.microsoft.com|
+||The following endpoint is used for the Windows Push Notification Services (WNS). WNS enables third-party developers to send toast, tile, badge, and raw updates from their own cloud service. This provides a mechanism to deliver new updates to your users in a power-efficient and dependable way. If you turn off traffic for this endpoint, push notifications will no longer work, including MDM device management, mail synchronization, settings synchronization.|TLSv1.2/HTTPS|*.wns.windows.com|
+||The following endpoints are used to revoke licenses for malicious apps in the Microsoft Store. To turn off traffic for this endpoint, either uninstall the app or disable the Microsoft Store. If you disable the Microsoft Store, other Microsoft Store apps cannot be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious apps and users will still be able to open them|TLSv1.2/HTTPS/HTTP|storecatalogrevocation.storequality.microsoft.com|
+||The following endpoint is used to get Microsoft Store analytics.|HTTPS|manage.devcenter.microsoft.com|
+||The following endpoints are used to communicate with Microsoft Store. If you turn off traffic for these endpoints, apps cannot be installed or updated from the Microsoft Store.|TLSv1.2/HTTPS/HTTP|displaycatalog.mp.microsoft.com|
+|||HTTPS|pti.store.microsoft.com|
+|||HTTP|share.microsoft.com|
+||The following endpoint is used to get Microsoft Store analytics.|TLSv1.2/HTTPS/HTTP|manage.devcenter.microsoft.com|
+|Network Connection Status Indicator (NCSI)|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-ncsi)|
+||Network Connection Status Indicator (NCSI) detects Internet connectivity and corporate network connectivity status. NCSI sends a DNS request and HTTP query to this endpoint to determine if the device can communicate with the Internet. If you turn off traffic for this endpoint, NCSI won't be able to determine if the device is connected to the Internet and the network status tray icon will show a warning.|HTTPS|www.msftconnecttest.com*|
+|Office|The following endpoints are used to connect to the Office 365 portal's shared infrastructure, including Office in a browser. For more info, see Office 365 URLs and IP address ranges. You can turn this off by removing all Microsoft Office apps and the Mail and Calendar apps. If you turn off traffic for these endpoints, users won't be able to save documents to the cloud or see their recently used documents.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#26-microsoft-store)|
+|||HTTPS|www.office.com|
+|||HTTPS|blobs.officehome.msocdn.com|
+|||HTTPS|officehomeblobs.blob.core.windows.net|
+|||HTTPS|self.events.data.microsoft.com|
+|||TLSv1.2/HTTPS/HTTP|outlookmobile-office365-tas.msedge.net|
+|OneDrive|The following endpoints are related to OneDrive. If you turn off traffic for these endpoints, anything that relies on g.live.com to get updated URL information will no longer work.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-onedrive)|
+|||TLSv1.2/HTTPS/HTTP|g.live.com|
+|||TLSv1.2/HTTPS/HTTP|oneclient.sfx.ms|
+|||HTTPS| logincdn.msauth.net|
+|Settings|The following endpoint is used as a way for apps to dynamically update their configuration. Apps such as System Initiated User Feedback and the Xbox app use it. If you turn off traffic for this endpoint, an app that uses this endpoint may stop working.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-feedback)|
+|||TLSv1.2/HTTPS/HTTP|settings-win.data.microsoft.com|
+|||HTTPS|settings.data.microsoft.com|
+|Skype|The following endpoint is used to retrieve Skype configuration values. To turn off traffic for this endpoint, either uninstall the app or disable the Microsoft Store. If you disable the Microsoft store, other Microsoft Store apps cannot be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious apps and users will still be able to open them.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore)|
+|||HTTPS/HTTP|*.pipe.aria.microsoft.com|
+|||TLSv1.2/HTTPS/HTTP|config.edge.skype.com|
+|Teams|The following endpoint is used for Microsoft Teams application.||[Learn how to turn off traffic to all of the following endpoint(s).]( manage-connections-from-windows-operating-system-components-to-microsoft-services.md#26-microsoft-store)|
+|||TLSv1.2/HTTPS/HTTP|config.teams.microsoft.com|
+|Windows Defender|The following endpoint is used for Windows Defender when Cloud-based Protection is enabled. If you turn off traffic for this endpoint, the device will not use Cloud-based Protection.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-defender)|
+|||HTTPS/TLSv1.2|wdcp.microsoft.com|
+||The following endpoints are used for Windows Defender SmartScreen reporting and notifications. If you turn off traffic for these endpoints, SmartScreen notifications will not appear.|HTTPS|*smartscreen-prod.microsoft.com|
+|||HTTPS/HTTP|checkappexec.microsoft.com|
+|Windows Spotlight|The following endpoints are used to retrieve Windows Spotlight metadata that describes content, such as references to image locations, as well as suggested apps, Microsoft account notifications, and Windows tips. If you turn off traffic for these endpoints, Windows Spotlight will still try to deliver new lock screen images and updated content but it will fail; suggested apps, Microsoft account notifications, and Windows tips will not be downloaded. For more information, see Windows Spotlight.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-spotlight)|
+|||TLSv1.2/HTTPS/HTTP|arc.msn.com|
+|||HTTPS|ris.api.iris.microsoft.com|
+|Windows Update|The following endpoint is used for Windows Update downloads of apps and OS updates, including HTTP downloads or HTTP downloads blended with peers. If you turn off traffic for this endpoint, Windows Update downloads will not be managed, as critical metadata that is used to make downloads more resilient is blocked. Downloads may be impacted by corruption (resulting in re-downloads of full files). Additionally, downloads of the same update by multiple devices on the same local network will not use peer devices for bandwidth reduction.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-updates)|
+|||TLSv1.2/HTTPS/HTTP|*.prod.do.dsp.mp.microsoft.com|
+|||HTTP|emdl.ws.microsoft.com|
+||The following endpoints are used to download operating system patches, updates, and apps from Microsoft Store. If you turn off traffic for these endpoints, the device will not be able to download updates for the operating system.|TLSv1.2/HTTPS/HTTP|*.dl.delivery.mp.microsoft.com|
+|||HTTP|*.windowsupdate.com|
+||The following endpoints enable connections to Windows Update, Microsoft Update, and the online services of the Store. If you turn off traffic for these endpoints, the device will not be able to connect to Windows Update and Microsoft Update to help keep the device secure. Also, the device will not be able to acquire and update apps from the Store. These are dependent on also enabling "Device authentication" and "Microsoft Account" endpoints.|TLSv1.2/HTTPS/HTTP|*.delivery.mp.microsoft.com|
+|||TLSv1.2/HTTPS/HTTP|*.update.microsoft.com|
+||The following endpoint is used for compatibility database updates for Windows.|HTTPS|adl.windows.com|
+||The following endpoint is used for content regulation. If you turn off traffic for this endpoint, the Windows Update Agent will be unable to contact the endpoint and fallback behavior will be used. This may result in content being either incorrectly downloaded or not downloaded at all.|TLSv1.2/HTTPS/HTTP|tsfe.trafficshaping.dsp.mp.microsoft.com|
+|Xbox Live|The following endpoint is used for Xbox Live.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#26-microsoft-store)|
+|||HTTPS|dlassets-ssl.xboxlive.com|
+
+
+## Other Windows 10 editions
+
+To view endpoints for other versions of Windows 10 Enterprise, see:
+
+- [Manage connection endpoints for Windows 10, version 2004](manage-windows-2004-endpoints.md)
+- [Manage connection endpoints for Windows 10, version 1909](manage-windows-1909-endpoints.md)
+- [Manage connection endpoints for Windows 10, version 1903](manage-windows-1903-endpoints.md)
+- [Manage connection endpoints for Windows 10, version 1809](manage-windows-1809-endpoints.md)
+- [Manage connection endpoints for Windows 10, version 1803](manage-windows-1803-endpoints.md)
+- [Manage connection endpoints for Windows 10, version 1709](manage-windows-1709-endpoints.md)
+
+To view endpoints for non-Enterprise Windows 10 editions, see:
+
+- [Windows 10, version 2004, connection endpoints for non-Enterprise editions](windows-endpoints-2004-non-enterprise-editions.md)
+- [Windows 10, version 1909, connection endpoints for non-Enterprise editions](windows-endpoints-1909-non-enterprise-editions.md)
+- [Windows 10, version 1903, connection endpoints for non-Enterprise editions](windows-endpoints-1903-non-enterprise-editions.md)
+- [Windows 10, version 1809, connection endpoints for non-Enterprise editions](windows-endpoints-1809-non-enterprise-editions.md)
+- [Windows 10, version 1803, connection endpoints for non-Enterprise editions](windows-endpoints-1803-non-enterprise-editions.md)
+- [Windows 10, version 1709, connection endpoints for non-Enterprise editions](windows-endpoints-1709-non-enterprise-editions.md)
+
+## Related links
+
+- [Office 365 URLs and IP address ranges](https://support.office.com/en-us/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US)
+- [Network infrastructure requirements for Microsoft Intune](/mem/intune/fundamentals/intune-endpoints)
\ No newline at end of file
diff --git a/windows/privacy/required-windows-11-diagnostic-events-and-fields.md b/windows/privacy/required-windows-11-diagnostic-events-and-fields.md
index 246577e395..728704a57e 100644
--- a/windows/privacy/required-windows-11-diagnostic-events-and-fields.md
+++ b/windows/privacy/required-windows-11-diagnostic-events-and-fields.md
@@ -36,7 +36,7 @@ Use this article to learn about diagnostic events, grouped by event area, and th
 
 You can learn more about Windows functional and diagnostic data through these articles:
 
-- [Windows 10, version 20H2 and Windows 10, version 2004 basic diagnostic events and fields](required-windows-diagnostic-data-events-and-fields-2004.md)
+- [Windows 10, version 21H2, Windows 10, version 21H1, Windows 10, version 20H2 and Windows 10, version 2004 required Windows diagnostic events and fields](required-windows-diagnostic-data-events-and-fields-2004.md)
 - [Windows 10, version 1809 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1809.md)
 - [Windows 10, version 1803 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1803.md)
 - [Windows 10, version 1709 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1709.md)
diff --git a/windows/privacy/required-windows-diagnostic-data-events-and-fields-2004.md b/windows/privacy/required-windows-diagnostic-data-events-and-fields-2004.md
index 535d41535f..5c6f22d52c 100644
--- a/windows/privacy/required-windows-diagnostic-data-events-and-fields-2004.md
+++ b/windows/privacy/required-windows-diagnostic-data-events-and-fields-2004.md
@@ -1,6 +1,6 @@
 ---
 description: Use this article to learn more about what required Windows diagnostic data is gathered.
-title: Windows 10, version 21H1, Windows 10, version 20H2 and Windows 10, version 2004 required diagnostic events and fields (Windows 10)
+title: Windows 10, version 21H2, Windows 10, version 21H1, Windows 10, version 20H2 and Windows 10, version 2004 required diagnostic events and fields (Windows 10)
 keywords: privacy, telemetry
 ms.prod: w10
 ms.mktglfcycl: manage
@@ -13,11 +13,11 @@ manager: dansimp
 ms.collection: M365-security-compliance
 ms.topic: article
 audience: ITPro
-ms.date: 10/04/2021
+ms.date: 
 ---
 
 
-# Windows 10, version 20H2 and Windows 10, version 2004 required Windows diagnostic events and fields
+# Windows 10, version 21H2, Windows 10, version 21H1, Windows 10, version 20H2 and Windows 10, version 2004 required Windows diagnostic events and fields
 
 
 > [!IMPORTANT]  
@@ -26,10 +26,12 @@ ms.date: 10/04/2021
 
  **Applies to**
 
+- Windows 10, version 21H2
 - Windows 10, version 21H1
 - Windows 10, version 20H2
 - Windows 10, version 2004
 
+
 Required diagnostic data gathers a limited set of information that is critical for understanding the device and its configuration including: basic device information, quality-related information, app compatibility, and Microsoft Store.
 
 Required diagnostic data helps to identify problems that can occur on a particular device hardware or software configuration. For example, it can help determine if crashes are more frequent on devices with a specific amount of memory or that are running a particular driver version. This helps Microsoft fix operating system or app problems.
@@ -63,6 +65,8 @@ The following fields are available:
 - **DatasourceApplicationFile_20H1Setup**  The total number of objects of this type present on this device.
 - **DatasourceApplicationFile_21H1**  The total number of objects of this type present on this device.
 - **DatasourceApplicationFile_21H1Setup**  The total number of objects of this type present on this device.
+- **DatasourceApplicationFile_21H2**  The total number of objects of this type present on this device.
+- **DatasourceApplicationFile_21H2Setup**  The total number of objects of this type present on this device.
 - **DatasourceApplicationFile_RS1**  The total number of objects of this type present on this device.
 - **DatasourceApplicationFile_RS2**  The total number of objects of this type present on this device.
 - **DatasourceApplicationFile_RS3**  The total number of objects of this type present on this device.
@@ -76,6 +80,8 @@ The following fields are available:
 - **DatasourceDevicePnp_20H1Setup**  The total number of objects of this type present on this device.
 - **DatasourceDevicePnp_21H1**  The total number of objects of this type present on this device.
 - **DatasourceDevicePnp_21H1Setup**  The total number of objects of this type present on this device.
+- **DatasourceDevicePnp_21H2**  The total number of objects of this type present on this device.
+- **DatasourceDevicePnp_21H2Setup**  The total number of objects of this type present on this device.
 - **DatasourceDevicePnp_RS1**  The total number of objects of this type present on this device.
 - **DatasourceDevicePnp_RS2**  The total number of objects of this type present on this device.
 - **DatasourceDevicePnp_RS3**  The total number of objects of this type present on this device.
@@ -91,6 +97,8 @@ The following fields are available:
 - **DatasourceDriverPackage_20H1Setup**  The total number of objects of this type present on this device.
 - **DatasourceDriverPackage_21H1**  The total number of objects of this type present on this device.
 - **DatasourceDriverPackage_21H1Setup**  The total number of objects of this type present on this device.
+- **DatasourceDriverPackage_21H2**  The total number of objects of this type present on this device.
+- **DatasourceDriverPackage_21H2Setup**  The total number of objects of this type present on this device.
 - **DatasourceDriverPackage_RS1**  The total number of objects of this type present on this device.
 - **DatasourceDriverPackage_RS2**  The total number of objects of this type present on this device.
 - **DatasourceDriverPackage_RS3**  The total number of objects of this type present on this device.
@@ -106,6 +114,8 @@ The following fields are available:
 - **DataSourceMatchingInfoBlock_20H1Setup**  The total number of objects of this type present on this device.
 - **DataSourceMatchingInfoBlock_21H1**  The total number of objects of this type present on this device.
 - **DataSourceMatchingInfoBlock_21H1Setup**  The total number of objects of this type present on this device.
+- **DataSourceMatchingInfoBlock_21H2**  The total number of objects of this type present on this device.
+- **DataSourceMatchingInfoBlock_21H2Setup**  The total number of objects of this type present on this device.
 - **DataSourceMatchingInfoBlock_RS1**  The total number of objects of this type present on this device.
 - **DataSourceMatchingInfoBlock_RS2**  The total number of objects of this type present on this device.
 - **DataSourceMatchingInfoBlock_RS3**  The total number of objects of this type present on this device.
@@ -119,6 +129,8 @@ The following fields are available:
 - **DataSourceMatchingInfoPassive_20H1Setup**  The total number of objects of this type present on this device.
 - **DataSourceMatchingInfoPassive_21H1**  The total number of objects of this type present on this device.
 - **DataSourceMatchingInfoPassive_21H1Setup**  The total number of objects of this type present on this device.
+- **DataSourceMatchingInfoPassive_21H2**  The total number of objects of this type present on this device.
+- **DataSourceMatchingInfoPassive_21H2Setup**  The total number of objects of this type present on this device.
 - **DataSourceMatchingInfoPassive_RS1**  The total number of objects of this type present on this device.
 - **DataSourceMatchingInfoPassive_RS2**  The total number of objects of this type present on this device.
 - **DataSourceMatchingInfoPassive_RS3**  The total number of objects of this type present on this device.
@@ -132,6 +144,8 @@ The following fields are available:
 - **DataSourceMatchingInfoPostUpgrade_20H1Setup**  The total number of objects of this type present on this device.
 - **DataSourceMatchingInfoPostUpgrade_21H1**  The total number of objects of this type present on this device.
 - **DataSourceMatchingInfoPostUpgrade_21H1Setup**  The total number of objects of this type present on this device.
+- **DataSourceMatchingInfoPostUpgrade_21H2**  The total number of objects of this type present on this device.
+- **DataSourceMatchingInfoPostUpgrade_21H2Setup**  The total number of objects of this type present on this device.
 - **DataSourceMatchingInfoPostUpgrade_RS1**  The total number of objects of this type present on this device.
 - **DataSourceMatchingInfoPostUpgrade_RS2**  The total number of objects of this type present on this device.
 - **DataSourceMatchingInfoPostUpgrade_RS3**  The total number of objects of this type present on this device.
@@ -145,6 +159,8 @@ The following fields are available:
 - **DatasourceSystemBios_20H1Setup**  The total number of objects of this type present on this device.
 - **DatasourceSystemBios_21H1**  The total number of objects of this type present on this device.
 - **DatasourceSystemBios_21H1Setup**  The total number of objects of this type present on this device.
+- **DatasourceSystemBios_21H2**  The total number of objects of this type present on this device.
+- **DatasourceSystemBios_21H2Setup**  The total number of objects of this type present on this device.
 - **DatasourceSystemBios_RS1**  The total number of objects of this type present on this device.
 - **DatasourceSystemBios_RS2**  The total number of objects of this type present on this device.
 - **DatasourceSystemBios_RS3**  The total number of objects of this type present on this device.
@@ -160,6 +176,8 @@ The following fields are available:
 - **DecisionApplicationFile_20H1Setup**  The total number of objects of this type present on this device.
 - **DecisionApplicationFile_21H1**  The total number of objects of this type present on this device.
 - **DecisionApplicationFile_21H1Setup**  The total number of objects of this type present on this device.
+- **DecisionApplicationFile_21H2**  The total number of objects of this type present on this device.
+- **DecisionApplicationFile_21H2Setup**  The total number of objects of this type present on this device.
 - **DecisionApplicationFile_RS1**  The total number of objects of this type present on this device.
 - **DecisionApplicationFile_RS2**  The total number of objects of this type present on this device.
 - **DecisionApplicationFile_RS3**  The total number of objects of this type present on this device.
@@ -173,6 +191,8 @@ The following fields are available:
 - **DecisionDevicePnp_20H1Setup**  The total number of objects of this type present on this device.
 - **DecisionDevicePnp_21H1**  The total number of objects of this type present on this device.
 - **DecisionDevicePnp_21H1Setup**  The total number of objects of this type present on this device.
+- **DecisionDevicePnp_21H2**  The total number of objects of this type present on this device.
+- **DecisionDevicePnp_21H2Setup**  The total number of objects of this type present on this device.
 - **DecisionDevicePnp_RS1**  The total number of objects of this type present on this device.
 - **DecisionDevicePnp_RS2**  The total number of objects of this type present on this device.
 - **DecisionDevicePnp_RS3**  The total number of objects of this type present on this device.
@@ -188,6 +208,8 @@ The following fields are available:
 - **DecisionDriverPackage_20H1Setup**  The total number of objects of this type present on this device.
 - **DecisionDriverPackage_21H1**  The total number of objects of this type present on this device.
 - **DecisionDriverPackage_21H1Setup**  The total number of objects of this type present on this device.
+- **DecisionDriverPackage_21H2**  The total number of objects of this type present on this device.
+- **DecisionDriverPackage_21H2Setup**  The total number of objects of this type present on this device.
 - **DecisionDriverPackage_RS1**  The total number of objects of this type present on this device.
 - **DecisionDriverPackage_RS2**  The total number of objects of this type present on this device.
 - **DecisionDriverPackage_RS3**  The total number of objects of this type present on this device.
@@ -203,6 +225,8 @@ The following fields are available:
 - **DecisionMatchingInfoBlock_20H1Setup**  The total number of objects of this type present on this device.
 - **DecisionMatchingInfoBlock_21H1**  The total number of objects of this type present on this device.
 - **DecisionMatchingInfoBlock_21H1Setup**  The total number of objects of this type present on this device.
+- **DecisionMatchingInfoBlock_21H2**  The total number of objects of this type present on this device.
+- **DecisionMatchingInfoBlock_21H2Setup**  The total number of objects of this type present on this device.
 - **DecisionMatchingInfoBlock_RS1**  The total number of objects of this type present on this device.
 - **DecisionMatchingInfoBlock_RS2**  The total number of objects of this type present on this device.
 - **DecisionMatchingInfoBlock_RS3**  The total number of objects of this type present on this device.
@@ -216,6 +240,8 @@ The following fields are available:
 - **DecisionMatchingInfoPassive_20H1Setup**  The total number of objects of this type present on this device.
 - **DecisionMatchingInfoPassive_21H1**  The total number of objects of this type present on this device.
 - **DecisionMatchingInfoPassive_21H1Setup**  The total number of objects of this type present on this device.
+- **DecisionMatchingInfoPassive_21H2**  The total number of objects of this type present on this device.
+- **DecisionMatchingInfoPassive_21H2Setup**  The total number of objects of this type present on this device.
 - **DecisionMatchingInfoPassive_RS1**  The total number of objects of this type present on this device.
 - **DecisionMatchingInfoPassive_RS2**  The total number of objects of this type present on this device.
 - **DecisionMatchingInfoPassive_RS3**  The total number of objects of this type present on this device.
@@ -229,6 +255,8 @@ The following fields are available:
 - **DecisionMatchingInfoPostUpgrade_20H1Setup**  The total number of objects of this type present on this device.
 - **DecisionMatchingInfoPostUpgrade_21H1**  The total number of objects of this type present on this device.
 - **DecisionMatchingInfoPostUpgrade_21H1Setup**  The total number of objects of this type present on this device.
+- **DecisionMatchingInfoPostUpgrade_21H2**  The total number of objects of this type present on this device.
+- **DecisionMatchingInfoPostUpgrade_21H2Setup**  The total number of objects of this type present on this device.
 - **DecisionMatchingInfoPostUpgrade_RS1**  The total number of objects of this type present on this device.
 - **DecisionMatchingInfoPostUpgrade_RS2**  The total number of objects of this type present on this device.
 - **DecisionMatchingInfoPostUpgrade_RS3**  The total number of objects of this type present on this device.
@@ -242,6 +270,8 @@ The following fields are available:
 - **DecisionMediaCenter_20H1Setup**  The total number of objects of this type present on this device.
 - **DecisionMediaCenter_21H1**  The total number of objects of this type present on this device.
 - **DecisionMediaCenter_21H1Setup**  The total number of objects of this type present on this device.
+- **DecisionMediaCenter_21H2**  The total number of objects of this type present on this device.
+- **DecisionMediaCenter_21H2Setup**  The total number of objects of this type present on this device.
 - **DecisionMediaCenter_RS1**  The total number of objects of this type present on this device.
 - **DecisionMediaCenter_RS2**  The total number of objects of this type present on this device.
 - **DecisionMediaCenter_RS3**  The total number of objects of this type present on this device.
@@ -254,6 +284,8 @@ The following fields are available:
 - **DecisionSModeState_20H1Setup**  The total number of objects of this type present on this device.
 - **DecisionSModeState_21H1**  The total number of objects of this type present on this device.
 - **DecisionSModeState_21H1Setup**  The total number of objects of this type present on this device.
+- **DecisionSModeState_21H2**  The total number of objects of this type present on this device.
+- **DecisionSModeState_21H2Setup**  The total number of objects of this type present on this device.
 - **DecisionSModeState_RS1**  The total number of objects of this type present on this device.
 - **DecisionSModeState_RS2**  The total number of objects of this type present on this device.
 - **DecisionSModeState_RS3**  The total number of objects of this type present on this device.
@@ -267,6 +299,8 @@ The following fields are available:
 - **DecisionSystemBios_20H1Setup**  The total number of objects of this type present on this device.
 - **DecisionSystemBios_21H1**  The total number of objects of this type present on this device.
 - **DecisionSystemBios_21H1Setup**  The total number of objects of this type present on this device.
+- **DecisionSystemBios_21H2**  The total number of objects of this type present on this device.
+- **DecisionSystemBios_21H2Setup**  The total number of objects of this type present on this device.
 - **DecisionSystemBios_RS1**  The total number of objects of this type present on this device.
 - **DecisionSystemBios_RS2**  The total number of objects of this type present on this device.
 - **DecisionSystemBios_RS3**  The total number of objects of this type present on this device.
@@ -281,6 +315,8 @@ The following fields are available:
 - **DecisionSystemDiskSize_20H1Setup**  The total number of objects of this type present on this device.
 - **DecisionSystemDiskSize_21H1**  The total number of objects of this type present on this device.
 - **DecisionSystemDiskSize_21H1Setup**  The total number of objects of this type present on this device.
+- **DecisionSystemDiskSize_21H2**  The total number of objects of this type present on this device.
+- **DecisionSystemDiskSize_21H2Setup**  The total number of objects of this type present on this device.
 - **DecisionSystemDiskSize_RS1**  The total number of objects of this type present on this device.
 - **DecisionSystemDiskSize_RS2**  The total number of objects of this type present on this device.
 - **DecisionSystemDiskSize_RS3**  The total number of objects of this type present on this device.
@@ -293,6 +329,8 @@ The following fields are available:
 - **DecisionSystemMemory_20H1Setup**  The total number of objects of this type present on this device.
 - **DecisionSystemMemory_21H1**  The total number of objects of this type present on this device.
 - **DecisionSystemMemory_21H1Setup**  The total number of objects of this type present on this device.
+- **DecisionSystemMemory_21H2**  The total number of objects of this type present on this device.
+- **DecisionSystemMemory_21H2Setup**  The total number of objects of this type present on this device.
 - **DecisionSystemMemory_RS1**  The total number of objects of this type present on this device.
 - **DecisionSystemMemory_RS2**  The total number of objects of this type present on this device.
 - **DecisionSystemMemory_RS3**  The total number of objects of this type present on this device.
@@ -305,6 +343,8 @@ The following fields are available:
 - **DecisionSystemProcessorCpuCores_20H1Setup**  The total number of objects of this type present on this device.
 - **DecisionSystemProcessorCpuCores_21H1**  The total number of objects of this type present on this device.
 - **DecisionSystemProcessorCpuCores_21H1Setup**  The total number of objects of this type present on this device.
+- **DecisionSystemProcessorCpuCores_21H2**  The total number of objects of this type present on this device.
+- **DecisionSystemProcessorCpuCores_21H2Setup**  The total number of objects of this type present on this device.
 - **DecisionSystemProcessorCpuCores_RS1**  The total number of objects of this type present on this device.
 - **DecisionSystemProcessorCpuCores_RS2**  The total number of objects of this type present on this device.
 - **DecisionSystemProcessorCpuCores_RS3**  The total number of objects of this type present on this device.
@@ -317,6 +357,7 @@ The following fields are available:
 - **DecisionSystemProcessorCpuModel_20H1Setup**  The total number of objects of this type present on this device.
 - **DecisionSystemProcessorCpuModel_21H1**  The total number of objects of this type present on this device.
 - **DecisionSystemProcessorCpuModel_21H1Setup**  The total number of objects of this type present on this device.
+- **DecisionSystemProcessorCpuModel_21H2**  The total number of objects of this type present on this device.
 - **DecisionSystemProcessorCpuModel_RS1**  The total number of objects of this type present on this device.
 - **DecisionSystemProcessorCpuModel_RS2**  The total number of objects of this type present on this device.
 - **DecisionSystemProcessorCpuModel_RS3**  The total number of objects of this type present on this device.
@@ -329,6 +370,8 @@ The following fields are available:
 - **DecisionSystemProcessorCpuSpeed_20H1Setup**  The total number of objects of this type present on this device.
 - **DecisionSystemProcessorCpuSpeed_21H1**  The total number of objects of this type present on this device.
 - **DecisionSystemProcessorCpuSpeed_21H1Setup**  The total number of objects of this type present on this device.
+- **DecisionSystemProcessorCpuSpeed_21H2**  The total number of objects of this type present on this device.
+- **DecisionSystemProcessorCpuSpeed_21H2Setup**  The total number of objects of this type present on this device.
 - **DecisionSystemProcessorCpuSpeed_RS1**  The total number of objects of this type present on this device.
 - **DecisionSystemProcessorCpuSpeed_RS2**  The total number of objects of this type present on this device.
 - **DecisionSystemProcessorCpuSpeed_RS3**  The total number of objects of this type present on this device.
@@ -341,6 +384,8 @@ The following fields are available:
 - **DecisionTest_20H1Setup**  The total number of objects of this type present on this device.
 - **DecisionTest_21H1**  The total number of objects of this type present on this device.
 - **DecisionTest_21H1Setup**  The total number of objects of this type present on this device.
+- **DecisionTest_21H2**  The total number of objects of this type present on this device.
+- **DecisionTest_21H2Setup**  The total number of objects of this type present on this device.
 - **DecisionTest_RS1**  The total number of objects of this type present on this device.
 - **DecisionTest_RS2**  The total number of objects of this type present on this device.
 - **DecisionTest_RS3**  The total number of objects of this type present on this device.
@@ -353,6 +398,8 @@ The following fields are available:
 - **DecisionTpmVersion_20H1Setup**  The total number of objects of this type present on this device.
 - **DecisionTpmVersion_21H1**  The total number of objects of this type present on this device.
 - **DecisionTpmVersion_21H1Setup**  The total number of objects of this type present on this device.
+- **DecisionTpmVersion_21H2**  The total number of objects of this type present on this device.
+- **DecisionTpmVersion_21H2Setup**  The total number of objects of this type present on this device.
 - **DecisionTpmVersion_RS1**  The total number of objects of this type present on this device.
 - **DecisionTpmVersion_RS2**  The total number of objects of this type present on this device.
 - **DecisionTpmVersion_RS3**  The total number of objects of this type present on this device.
@@ -365,6 +412,8 @@ The following fields are available:
 - **DecisionUefiSecureBoot_20H1Setup**  The total number of objects of this type present on this device.
 - **DecisionUefiSecureBoot_21H1**  The total number of objects of this type present on this device.
 - **DecisionUefiSecureBoot_21H1Setup**  The total number of objects of this type present on this device.
+- **DecisionUefiSecureBoot_21H2**  The total number of objects of this type present on this device.
+- **DecisionUefiSecureBoot_21H2Setup**  The total number of objects of this type present on this device.
 - **DecisionUefiSecureBoot_RS1**  The total number of objects of this type present on this device.
 - **DecisionUefiSecureBoot_RS2**  The total number of objects of this type present on this device.
 - **DecisionUefiSecureBoot_RS3**  The total number of objects of this type present on this device.
@@ -395,6 +444,8 @@ The following fields are available:
 - **Wmdrm_20H1Setup**  The total number of objects of this type present on this device.
 - **Wmdrm_21H1**  The total number of objects of this type present on this device.
 - **Wmdrm_21H1Setup**  The total number of objects of this type present on this device.
+- **Wmdrm_21H2**  The total number of objects of this type present on this device.
+- **Wmdrm_21H2Setup**  The total number of objects of this type present on this device.
 - **Wmdrm_RS1**  The total number of objects of this type present on this device.
 - **Wmdrm_RS2**  The total number of objects of this type present on this device.
 - **Wmdrm_RS3**  The total number of objects of this type present on this device.
@@ -2446,6 +2497,7 @@ The following fields are available:
 - **objectType**  Indicates the object type that the event applies to.
 - **syncId**  A string used to group StartSync, EndSync, Add, and Remove operations that belong together. This field is unique by Sync period and is used to disambiguate in situations where multiple agents perform overlapping inventories for the same object.
 
+
 ## Component-based servicing events
 
 ### CbsServicingProvider.CbsCapabilityEnumeration
@@ -2978,6 +3030,7 @@ The following fields are available:
 - **DriverInfSectionName**  Name of the DDInstall section within the driver INF file.
 - **DriverPackageId**  The ID of the driver package that is staged to the driver store.
 - **DriverProvider**  The driver manufacturer or provider.
+- **DriverShimIds**  List of driver shim IDs.
 - **DriverUpdated**  Indicates whether the driver is replacing an old driver.
 - **DriverVersion**  The version of the driver file.
 - **EndTime**  The time the installation completed.
@@ -4375,7 +4428,7 @@ The following fields are available:
 - **device_sample_rate**  A number representing how often the device sends telemetry, expressed as a percentage. Low values indicate that device sends more events and high values indicate that device sends fewer events. The value is rounded to 5 significant figures for privacy reasons and if an error is hit in getting the device sample number value from the registry then this will be -1; and if client is not on a UTC-enabled platform, then this value will not be set.
 - **Etag**  Etag is an identifier representing all service applied configurations and experiments for the current browser session. This field is left empty when Windows diagnostic level is set to Basic or lower or when consent for diagnostic data has been denied.
 - **EventInfo.Level**  The minimum Windows diagnostic data level required for the event where 1 is basic, 2 is enhanced, and 3 is full.
-- **experimentation_mode**  A number representing the value set for the ExperimentationAndConfigurationServiceControl group policy.  See [Microsoft Edge - Policies](/DeployEdge/microsoft-edge-policies#experimentationandconfigurationservicecontrol) for more details on this policy.
+- **experimentation_mode**  A number representing the value set for the ExperimentationAndConfigurationServiceControl group policy. See [Microsoft Edge - Policies](/DeployEdge/microsoft-edge-policies#experimentationandconfigurationservicecontrol) for more details on this policy.
 - **install_date**  The date and time of the most recent installation in seconds since midnight on January 1, 1970 UTC, rounded down to the nearest hour.
 - **installSource**  An enumeration representing the source of this installation: source was not retrieved (0), unspecified source (1), website installer (2), enterprise MSI (3), Windows update (4), Edge updater (5), scheduled or timed task (6, 7), uninstall (8), Edge about page (9), self-repair (10), other install command line (11), reserved (12), unknown source (13).
 - **installSourceName**  A string representation of the installation source.
@@ -4618,195 +4671,16 @@ The following fields are available:
 - **totalRunDuration**  Total running/evaluation time from last time.
 - **totalRuns**  Total number of running/evaluation from last time.
 
+## Settings events
 
-## Other events
+### Microsoft.Windows.Shell.SystemSettings.SettingsAppActivity.ProtocolActivation
 
-### Microsoft.Surface.Battery.Prod.BatteryInfoEvent
-
-This event includes the hardware level data about battery performance. The data collected with this event is used to help keep Windows products and services performing properly.
+This event tracks protocol launching for Setting's URIs. The data collected with this event is used to help keep Windows up to date.
 
 The following fields are available:
 
-- **batteryData**  Battery Performance data.
-- **batteryData.data()**  Battery performance data.
-- **BatteryDataSize:**  Size of the battery performance data.
-- **batteryInfo.data()**  Battery performance data.
-- **BatteryInfoSize:**  Size of the battery performance data.
-- **pszBatteryDataXml**  Battery performance data.
-- **szBatteryInfo**  Battery performance data.
-
-
-### Microsoft.Surface.Battery.Prod.BatteryInfoEventV2_BPM
-
-This event includes the hardware level data about battery performance. The data The data collected with this event is used to keep Windows performing properly.
-
-The following fields are available:
-
-- **BPMCurrentlyEngaged**  Instantaneous snapshot if BPM is engaged on device.
-- **BPMExitCriteria**  What is the BPM exit criteria - 20%SOC or 50%SOC?
-- **BPMHvtCountA**  Current HVT count for BPM counter A.
-- **BPMHvtCountB**  Current HVT count for BPM counter B.
-- **bpmOptOutLifetimeCount**  BPM OptOut Lifetime Count.
-- **BPMRsocBucketsHighTemp_Values**  Time in temperature range 46°C -60°C and in the following true RSOC ranges: 0%-49%; 50%-79%; 80%-89%; 90%-94%; 95%-100%.
-- **BPMRsocBucketsLowTemp_Values**  Time in temperature range 0°C -20°C and in the following true RSOC ranges: 0%-49%; 50%-79%; 80%-89%; 90%-94%; 95%-100%.
-- **BPMRsocBucketsMediumHighTemp_Values**  Time in temperature range 36°C -45°C and in the following true RSOC ranges: 0%-49%; 50%-79%; 80%-89%; 90%-94%; 95%-100%.
-- **BPMRsocBucketsMediumLowTemp_Values**  Time in temperature range 21°C-35°C and in the following true RSOC ranges: 0%-49%; 50%-79%; 80%-89%; 90%-94%; 95%-100%.
-- **BPMTotalEngagedMinutes**  Total time that BPM was engaged.
-- **BPMTotalEntryEvents**  Total number of times entering BPM.
-- **ComponentId**  Component ID.
-- **FwVersion**  FW version that created this log.
-- **LogClass**  Log Class.
-- **LogInstance**  Log instance within class (1..n).
-- **LogVersion**  Log MGR version.
-- **MCUInstance**  Instance id used to identify multiple MCU's in a product.
-- **ProductId**  Product ID.
-- **SeqNum**  Sequence Number.
-- **TimeStamp**  UTC seconds when log was created.
-- **Ver**  Schema version.
-
-
-### Microsoft.Surface.Battery.Prod.BatteryInfoEventV2_GG
-
-This event includes the hardware level data about battery performance. The data The data collected with this event is used to keep Windows performing properly.
-
-The following fields are available:
-
-- **cbTimeCell_Values**  cb time for different cells.
-- **ComponentId**  Component ID.
-- **cycleCount**  Cycle Count.
-- **deltaVoltage**  Delta voltage.
-- **eocChargeVoltage_Values**  EOC Charge voltage values.
-- **fullChargeCapacity**  Full Charge Capacity.
-- **FwVersion**  FW version that created this log.
-- **lastCovEvent**  Last Cov event.
-- **lastCuvEvent**  Last Cuv event.
-- **LogClass**  LOG_CLASS.
-- **LogInstance**  Log instance within class (1..n).
-- **LogVersion**  LOG_MGR_VERSION.
-- **manufacturerName**  Manufacturer name.
-- **maxChargeCurrent**  Max charge current.
-- **maxDeltaCellVoltage**  Max delta cell voltage.
-- **maxDischargeCurrent**  Max discharge current.
-- **maxTempCell**  Max temp cell.
-- **maxVoltage_Values**  Max voltage values.
-- **MCUInstance**  Instance id used to identify multiple MCU's in a product.
-- **minTempCell**  Min temp cell.
-- **minVoltage_Values**  Min voltage values.
-- **numberOfCovEvents**  Number of Cov events.
-- **numberOfCuvEvents**  Number of Cuv events.
-- **numberOfOCD1Events**  Number of OCD1 events.
-- **numberOfOCD2Events**  Number of OCD2 events.
-- **numberOfQmaxUpdates**  Number of Qmax updates.
-- **numberOfRaUpdates**  Number of Ra updates.
-- **numberOfShutdowns**  Number of shutdowns.
-- **pfStatus_Values**  pf status values.
-- **ProductId**  Product ID.
-- **qmax_Values**  Qmax values for different cells.
-- **SeqNum**  Sequence Number.
-- **TimeStamp**  UTC seconds when log was created.
-- **Ver**  Schema version.
-
-
-### Microsoft.Surface.Battery.Prod.BatteryInfoEventV2_GGExt
-
-This event includes the hardware level data about battery performance. The data The data collected with this event is used to keep Windows performing properly.
-
-The following fields are available:
-
-- **avgCurrLastRun**  Average current last run.
-- **avgPowLastRun**  Average power last run.
-- **batteryMSPN**  BatteryMSPN
-- **batteryMSSN**  BatteryMSSN.
-- **cell0Ra3**  Cell0Ra3.
-- **cell1Ra3**  Cell1Ra3.
-- **cell2Ra3**  Cell2Ra3.
-- **cell3Ra3**  Cell3Ra3.
-- **ComponentId**  Component ID.
-- **currentAtEoc**  Current at Eoc.
-- **firstPFstatusA**  First PF status-A.
-- **firstPFstatusB**  First PF status-B.
-- **firstPFstatusC**  First PF status-C.
-- **firstPFstatusD**  First PF status-D.
-- **FwVersion**  FW version that created this log.
-- **lastQmaxUpdate**  Last Qmax update.
-- **lastRaDisable**  Last Ra disable.
-- **lastRaUpdate**  Last Ra update.
-- **lastValidChargeTerm**  Last valid charge term.
-- **LogClass**  LOG CLASS.
-- **LogInstance**  Log instance within class (1..n).
-- **LogVersion**  LOG MGR VERSION.
-- **maxAvgCurrLastRun**  Max average current last run.
-- **maxAvgPowLastRun**  Max average power last run.
-- **MCUInstance**  Instance id used to identify multiple MCU's in a product.
-- **mfgInfoBlockB01**  MFG info Block B01.
-- **mfgInfoBlockB02**  MFG info Block B02.
-- **mfgInfoBlockB03**  MFG info Block B03.
-- **mfgInfoBlockB04**  MFG info Block B04.
-- **numOfRaDisable**  Number of Ra disable.
-- **numOfValidChargeTerm**  Number of valid charge term.
-- **ProductId**  Product ID.
-- **qmaxCycleCount**  Qmax cycle count.
-- **SeqNum**  Sequence Number.
-- **stateOfHealthEnergy**  State of health energy.
-- **stateOfHealthFcc**  State of health Fcc.
-- **stateOfHealthPercent**  State of health percent.
-- **TimeStamp**  UTC seconds when log was created.
-- **totalFwRuntime**  Total FW runtime.
-- **updateStatus**  Update status.
-- **Ver**  Schema version.
-
-
-### Microsoft.Surface.SystemReset.Prod.ResetCauseEventV2
-
-This event sends reason for SAM, PCH and SoC reset. The data collected with this event is used to keep Windows performing properly.
-
-The following fields are available:
-
-- **HostResetCause**  Host reset cause.
-- **PchResetCause**  PCH reset cause.
-- **SamResetCause**  SAM reset cause.
-
-
-### Microsoft.Windows.UpdateAssistantApp.UpdateAssistantDeviceInformation
-
-This event provides basic information about the device where update assistant was run. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **CV**  The correlation vector.
-- **GlobalEventCounter**  The global event counter for all telemetry on the device.
-- **UpdateAssistantAppFilePath**  Path to Update Assistant app.
-- **UpdateAssistantDeviceId**  Device Id of the Update Assistant Candidate Device.
-- **UpdateAssistantExeName**  Exe name running as Update Assistant.
-- **UpdateAssistantExternalId**  External Id of the Update Assistant Candidate Device.
-- **UpdateAssistantIsDeviceCloverTrail**  True/False is the device clovertrail.
-- **UpdateAssistantIsPushing**  True if the update is pushing to the device.
-- **UpdateAssistantMachineId**  Machine Id of the Update Assistant Candidate Device.
-- **UpdateAssistantOsVersion**  Update Assistant OS Version.
-- **UpdateAssistantPartnerId**  Partner Id for Assistant application.
-- **UpdateAssistantReportPath**  Path to report for Update Assistant.
-- **UpdateAssistantStartTime**  Start time for UpdateAssistant.
-- **UpdateAssistantUiType**  The type of UI whether default or OOBE.
-- **UpdateAssistantVersion**  Current package version of UpdateAssistant.
-- **UpdateAssistantVersionInfo**  Information about Update Assistant application.
-
-
-### Microsoft.Windows.UpdateAssistantApp.UpdateAssistantStartState
-
-This event marks the start of an Update Assistant State. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **CV**  The correlation vector.
-- **GlobalEventCounter**  The global event counter for all telemetry on the device.
-- **UpdateAssistantStateAcceptEULA**  True at the start of AcceptEULA.
-- **UpdateAssistantStateCheckingCompat**  True at the start of Checking Compat
-- **UpdateAssistantStateCheckingUpgrade**  True at the start of CheckingUpgrade.
-- **UpdateAssistantStateDownloading**  True at the start Downloading.
-- **UpdateAssistantStateInitializingApplication**  True at the start of the state InitializingApplication.
-- **UpdateAssistantStateInitializingStates**  True at the start of InitializingStates.
-- **UpdateAssistantStateInstalling**  True at the start of Installing.
-- **UpdateAssistantVersion**  Current package version of UpdateAssistant.
+- **activationSource**  Where activation is initiated.
+- **uriString**  URI of the launching protocol.
 
 
 ## Privacy consent logging events
@@ -5411,6 +5285,182 @@ The following fields are available:
 - **healthLogSize**  4KB.
 - **productId**  Identifier for product model.
 
+### Microsoft.Surface.Battery.Prod.BatteryInfoEvent
+
+This event includes the hardware level data about battery performance. The data collected with this event is used to help keep Windows products and services performing properly.
+
+The following fields are available:
+
+- **batteryData**  Battery Performance data.
+- **batteryData.data()**  Battery performance data.
+- **BatteryDataSize:**  Size of the battery performance data.
+- **batteryInfo.data()**  Battery performance data.
+- **BatteryInfoSize:**  Size of the battery performance data.
+- **pszBatteryDataXml**  Battery performance data.
+- **szBatteryInfo**  Battery performance data.
+
+
+### Microsoft.Surface.Battery.Prod.BatteryInfoEventV2_BPM
+
+This event includes the hardware level data about battery performance. The data The data collected with this event is used to keep Windows performing properly.
+
+The following fields are available:
+
+- **BPMCurrentlyEngaged**  Instantaneous snapshot if BPM is engaged on device.
+- **BPMExitCriteria**  What is the BPM exit criteria - 20%SOC or 50%SOC?
+- **BPMHvtCountA**  Current HVT count for BPM counter A.
+- **BPMHvtCountB**  Current HVT count for BPM counter B.
+- **bpmOptOutLifetimeCount**  BPM OptOut Lifetime Count.
+- **BPMRsocBucketsHighTemp_Values**  Time in temperature range 46°C -60°C and in the following true RSOC ranges: 0%-49%; 50%-79%; 80%-89%; 90%-94%; 95%-100%.
+- **BPMRsocBucketsLowTemp_Values**  Time in temperature range 0°C -20°C and in the following true RSOC ranges: 0%-49%; 50%-79%; 80%-89%; 90%-94%; 95%-100%.
+- **BPMRsocBucketsMediumHighTemp_Values**  Time in temperature range 36°C -45°C and in the following true RSOC ranges: 0%-49%; 50%-79%; 80%-89%; 90%-94%; 95%-100%.
+- **BPMRsocBucketsMediumLowTemp_Values**  Time in temperature range 21°C-35°C and in the following true RSOC ranges: 0%-49%; 50%-79%; 80%-89%; 90%-94%; 95%-100%.
+- **BPMTotalEngagedMinutes**  Total time that BPM was engaged.
+- **BPMTotalEntryEvents**  Total number of times entering BPM.
+- **ComponentId**  Component ID.
+- **FwVersion**  FW version that created this log.
+- **LogClass**  Log Class.
+- **LogInstance**  Log instance within class (1..n).
+- **LogVersion**  Log MGR version.
+- **MCUInstance**  Instance id used to identify multiple MCU's in a product.
+- **ProductId**  Product ID.
+- **SeqNum**  Sequence Number.
+- **TimeStamp**  UTC seconds when log was created.
+- **Ver**  Schema version.
+
+
+### Microsoft.Surface.Battery.Prod.BatteryInfoEventV2_CTT
+
+This event includes the hardware level data about battery performance. The data The data collected with this event is used to keep Windows performing properly.
+
+The following fields are available:
+
+- **BPMKioskModeStartDateInSeconds**  First time Battery Limit was turned on.
+- **BPMKioskModeTotalEngagedMinutes**  Total time Battery Limit was on (SOC value at 50%).
+- **ComponentId**  Component ID.
+- **CTTEqvTimeat35C**  Poll time every minute. Add to lifetime counter based on temperature. Only count time above 80% SOC.
+- **CTTEqvTimeat35CinBPM**  Poll time every minute. Add to lifetime counter based on temperature. Only count time above 55% SOC and when device is in BPM. Round up.
+- **CTTMinSOC1day**  Rolling 1 day minimum SOC. Value set to 0 initially.
+- **CTTMinSOC28day**  Rolling 28 day minimum SOC. Value set to 0 initially.
+- **CTTMinSOC3day**  Rolling 3 day minimum SOC. Value set to 0 initially.
+- **CTTMinSOC7day**  Rolling 7 day minimum SOC. Value set to 0 initially.
+- **CTTStartDateInSeconds**  Start date from when device was starting to be used.
+- **currentAuthenticationState**  Current Authentication State.
+- **FwVersion**  FW version that created this log.
+- **LogClass**  Log Class.
+- **LogInstance**  Log instance within class (1..n).
+- **LogVersion**  Log MGR version.
+- **MCUInstance**  Instance id used to identify multiple MCU's in a product.
+- **newSnFruUpdateCount**  New Sn FRU Update Count.
+- **newSnUpdateCount**  New Sn Update Count.
+- **ProductId**  Product ID.
+- **ProtectionPolicy**  Battery limit engaged. True (0 False).
+- **SeqNum**  Sequence Number.
+- **TimeStamp**  UTC seconds when log was created.
+- **Ver**  Schema version.
+- **VoltageOptimization**  Current CTT reduction in mV.
+
+
+### Microsoft.Surface.Battery.Prod.BatteryInfoEventV2_GG
+
+This event includes the hardware level data about battery performance. The data The data collected with this event is used to keep Windows performing properly.
+
+The following fields are available:
+
+- **cbTimeCell_Values**  cb time for different cells.
+- **ComponentId**  Component ID.
+- **cycleCount**  Cycle Count.
+- **deltaVoltage**  Delta voltage.
+- **eocChargeVoltage_Values**  EOC Charge voltage values.
+- **fullChargeCapacity**  Full Charge Capacity.
+- **FwVersion**  FW version that created this log.
+- **lastCovEvent**  Last Cov event.
+- **lastCuvEvent**  Last Cuv event.
+- **LogClass**  LOG_CLASS.
+- **LogInstance**  Log instance within class (1..n).
+- **LogVersion**  LOG_MGR_VERSION.
+- **manufacturerName**  Manufacturer name.
+- **maxChargeCurrent**  Max charge current.
+- **maxDeltaCellVoltage**  Max delta cell voltage.
+- **maxDischargeCurrent**  Max discharge current.
+- **maxTempCell**  Max temp cell.
+- **maxVoltage_Values**  Max voltage values.
+- **MCUInstance**  Instance id used to identify multiple MCU's in a product.
+- **minTempCell**  Min temp cell.
+- **minVoltage_Values**  Min voltage values.
+- **numberOfCovEvents**  Number of Cov events.
+- **numberOfCuvEvents**  Number of Cuv events.
+- **numberOfOCD1Events**  Number of OCD1 events.
+- **numberOfOCD2Events**  Number of OCD2 events.
+- **numberOfQmaxUpdates**  Number of Qmax updates.
+- **numberOfRaUpdates**  Number of Ra updates.
+- **numberOfShutdowns**  Number of shutdowns.
+- **pfStatus_Values**  pf status values.
+- **ProductId**  Product ID.
+- **qmax_Values**  Qmax values for different cells.
+- **SeqNum**  Sequence Number.
+- **TimeStamp**  UTC seconds when log was created.
+- **Ver**  Schema version.
+
+
+### Microsoft.Surface.Battery.Prod.BatteryInfoEventV2_GGExt
+
+This event includes the hardware level data about battery performance. The data The data collected with this event is used to keep Windows performing properly.
+
+The following fields are available:
+
+- **avgCurrLastRun**  Average current last run.
+- **avgPowLastRun**  Average power last run.
+- **batteryMSPN**  BatteryMSPN
+- **batteryMSSN**  BatteryMSSN.
+- **cell0Ra3**  Cell0Ra3.
+- **cell1Ra3**  Cell1Ra3.
+- **cell2Ra3**  Cell2Ra3.
+- **cell3Ra3**  Cell3Ra3.
+- **ComponentId**  Component ID.
+- **currentAtEoc**  Current at Eoc.
+- **firstPFstatusA**  First PF status-A.
+- **firstPFstatusB**  First PF status-B.
+- **firstPFstatusC**  First PF status-C.
+- **firstPFstatusD**  First PF status-D.
+- **FwVersion**  FW version that created this log.
+- **lastQmaxUpdate**  Last Qmax update.
+- **lastRaDisable**  Last Ra disable.
+- **lastRaUpdate**  Last Ra update.
+- **lastValidChargeTerm**  Last valid charge term.
+- **LogClass**  LOG CLASS.
+- **LogInstance**  Log instance within class (1..n).
+- **LogVersion**  LOG MGR VERSION.
+- **maxAvgCurrLastRun**  Max average current last run.
+- **maxAvgPowLastRun**  Max average power last run.
+- **MCUInstance**  Instance id used to identify multiple MCU's in a product.
+- **mfgInfoBlockB01**  MFG info Block B01.
+- **mfgInfoBlockB02**  MFG info Block B02.
+- **mfgInfoBlockB03**  MFG info Block B03.
+- **mfgInfoBlockB04**  MFG info Block B04.
+- **numOfRaDisable**  Number of Ra disable.
+- **numOfValidChargeTerm**  Number of valid charge term.
+- **ProductId**  Product ID.
+- **qmaxCycleCount**  Qmax cycle count.
+- **SeqNum**  Sequence Number.
+- **stateOfHealthEnergy**  State of health energy.
+- **stateOfHealthFcc**  State of health Fcc.
+- **stateOfHealthPercent**  State of health percent.
+- **TimeStamp**  UTC seconds when log was created.
+- **totalFwRuntime**  Total FW runtime.
+- **updateStatus**  Update status.
+- **Ver**  Schema version.
+
+
+### Microsoft.Surface.SystemReset.Prod.ResetCauseEventV2
+
+This event sends reason for SAM, PCH and SoC reset. The data collected with this event is used to keep Windows performing properly.
+
+The following fields are available:
+
+- **HostResetCause**  Host reset cause.
+- **PchResetCause**  PCH reset cause.
+- **SamResetCause**  SAM reset cause.
 
 ## Update Assistant events
 
@@ -5888,6 +5938,90 @@ The following fields are available:
 - **GlobalEventCounter**  Client side counter which indicates ordering of events sent by this user.
 - **PackageVersion**  Current package version of remediation.
 
+### Microsoft.Windows.UpdateAssistantApp.UpdateAssistantCompatCheckResult
+
+This event provides the result of running the compatibility check for update assistant. The data collected with this event is used to help keep Windows up to date.
+
+The following fields are available:
+
+- **CV**  The correlation vector.
+- **GlobalEventCounter**  The global event counter for all telemetry on the device.
+- **UpdateAssistantCompatCheckResultOutput**  Output of compatibility check for update assistant.
+- **UpdateAssistantVersion**  Current package version of UpdateAssistant.
+
+
+### Microsoft.Windows.UpdateAssistantApp.UpdateAssistantDeviceInformation
+
+This event provides basic information about the device where update assistant was run. The data collected with this event is used to help keep Windows up to date.
+
+The following fields are available:
+
+- **CV**  The correlation vector.
+- **GlobalEventCounter**  The global event counter for all telemetry on the device.
+- **UpdateAssistantAppFilePath**  Path to Update Assistant app.
+- **UpdateAssistantDeviceId**  Device Id of the Update Assistant Candidate Device.
+- **UpdateAssistantExeName**  Exe name running as Update Assistant.
+- **UpdateAssistantExternalId**  External Id of the Update Assistant Candidate Device.
+- **UpdateAssistantIsDeviceCloverTrail**  True/False is the device clovertrail.
+- **UpdateAssistantIsPushing**  True if the update is pushing to the device.
+- **UpdateAssistantMachineId**  Machine Id of the Update Assistant Candidate Device.
+- **UpdateAssistantOsVersion**  Update Assistant OS Version.
+- **UpdateAssistantPartnerId**  Partner Id for Assistant application.
+- **UpdateAssistantReportPath**  Path to report for Update Assistant.
+- **UpdateAssistantStartTime**  Start time for UpdateAssistant.
+- **UpdateAssistantTargetOSVersion**  Update Assistant Target OS Version.
+- **UpdateAssistantUiType**  The type of UI whether default or OOBE.
+- **UpdateAssistantVersion**  Current package version of UpdateAssistant.
+- **UpdateAssistantVersionInfo**  Information about Update Assistant application.
+
+
+### Microsoft.Windows.UpdateAssistantApp.UpdateAssistantEULAProperty
+
+This event is set to true at the start of AcceptEULA. The data collected with this event is used to help keep Windows up to date.
+
+The following fields are available:
+
+- **CV**  The correlation vector.
+- **GlobalEventCounter**  The global event counter for all telemetry on the device.
+- **UpdateAssistantEULAPropertyGeoId**  Geo Id used to show EULA.
+- **UpdateAssistantEULAPropertyRegion**  Region used to show EULA.
+- **UpdateAssistantVersion**  Current package version of UpdateAssistant.
+
+
+### Microsoft.Windows.UpdateAssistantApp.UpdateAssistantStartState
+
+This event marks the start of an Update Assistant State. The data collected with this event is used to help keep Windows up to date.
+
+The following fields are available:
+
+- **CV**  The correlation vector.
+- **GlobalEventCounter**  The global event counter for all telemetry on the device.
+- **UpdateAssistantStateAcceptEULA**  True at the start of AcceptEULA.
+- **UpdateAssistantStateCheckingCompat**  True at the start of Checking Compat
+- **UpdateAssistantStateCheckingUpgrade**  True at the start of CheckingUpgrade.
+- **UpdateAssistantStateDownloading**  True at the start Downloading.
+- **UpdateAssistantStateInitializingApplication**  True at the start of the state InitializingApplication.
+- **UpdateAssistantStateInitializingStates**  True at the start of InitializingStates.
+- **UpdateAssistantStateInstalling**  True at the start of Installing.
+- **UpdateAssistantStatePerformRestart**  True at the start of PerformRestart.
+- **UpdateAssistantStatePostInstall**  True at the start of PostInstall.
+- **UpdateAssistantStateShowingUpdate**  True at the start of Showing Update.
+- **UpdateAssistantStateWelcomeToNewOS**  True at the start of WelcomeToNewOS.
+- **UpdateAssistantVersion**  Current package version of UpdateAssistant.
+
+
+### Microsoft.Windows.UpdateAssistantApp.UpdateAssistantUserActionDetails
+
+This event provides details about user action. The data collected with this event is used to help keep Windows up to date.
+
+The following fields are available:
+
+- **CV**  The correlation vector.
+- **GlobalEventCounter**  The global event counter for all telemetry on the device.
+- **UpdateAssistantUserActionExitingState**  Exiting state name user performed action on.
+- **UpdateAssistantUserActionHResult**  HRESULT of user action.
+- **UpdateAssistantUserActionState**  State name user performed action on.
+- **UpdateAssistantVersion**  Current package version of UpdateAssistant.
 
 ## Update events
 
diff --git a/windows/privacy/toc.yml b/windows/privacy/toc.yml
index 25fc676681..56331c2e27 100644
--- a/windows/privacy/toc.yml
+++ b/windows/privacy/toc.yml
@@ -17,7 +17,7 @@
       items: 
         - name: Required Windows 11 diagnostic data events and fields
           href: required-windows-11-diagnostic-events-and-fields.md
-        - name: Windows 10, version 21H1, Windows 10, version 20H2 and Windows 10, version 2004 required Windows diagnostic data events and fields
+        - name:  Windows 10, version 21H2, Windows 10, version 21H1, Windows 10, version 20H2 and Windows 10, version 2004 required Windows diagnostic data events and fields
           href: required-windows-diagnostic-data-events-and-fields-2004.md
         - name: Windows 10, version 1909 and Windows 10, version 1903 required level Windows diagnostic events and fields
           href: basic-level-windows-diagnostic-events-and-fields-1903.md
@@ -47,6 +47,8 @@
           href: essential-services-and-connected-experiences.md
         - name: Connection endpoints for Windows 11
           href: manage-windows-11-endpoints.md
+        - name: Connection endpoints for Windows 10, version 21H2
+          href: manage-windows-21h2-endpoints.md
         - name: Connection endpoints for Windows 10, version 21H1
           href: manage-windows-21H1-endpoints.md
         - name: Connection endpoints for Windows 10, version 20H2
diff --git a/windows/privacy/windows-diagnostic-data.md b/windows/privacy/windows-diagnostic-data.md
index 11c346e2e5..711144eaff 100644
--- a/windows/privacy/windows-diagnostic-data.md
+++ b/windows/privacy/windows-diagnostic-data.md
@@ -19,6 +19,8 @@ ms.reviewer:
 
 Applies to:
 - Windows 11
+- Windows 10, version 21H2
+- Windows 10, version 21H1
 - Windows 10, version 20H2
 - Windows 10, version 2004
 - Windows 10, version 1909
@@ -253,7 +255,7 @@ This type of data includes details about the health of the device, operating sys
 - Data about the reliability of content that appears in the [Windows Spotlight](/windows/configuration/windows-spotlight) (rotating lock screen images) is used for Windows Spotlight reliability investigations.
 - Timing data about how quickly Cortana responds to voice commands is used to improve Cortana listening performance.
 - Timing data about how quickly the facial recognition feature starts up and finishes is used to improve facial recognition performance.
-- Data about when an Application Window fails to appear is used to investigate issues with Application Window reliability and performance.
+- Data about when an application window fails to appear is used to investigate issues with application window reliability and performance.
 
 **With (optional) Tailored experiences:**
                    
 If a user has enabled Tailored experiences on the device, [pseudonymized](#pseudo) Product and Service Performance data from Windows 10 and Windows 11 is used by Microsoft to [personalize](#personalize), [recommend](#recommend), and [offer](#offer) Microsoft products and services to Windows 10 and Windows 11 users. Also, if a user has enabled Tailored experiences on the device, [pseudonymized](#pseudo) Product and Service Performance data from Windows 10 and Windows 11 is used by Microsoft to [promote](#promote) third-party Windows apps, services, hardware, and peripherals to Windows 10 and Windows 11 users.
diff --git a/windows/security/identity-protection/access-control/service-accounts.md b/windows/security/identity-protection/access-control/service-accounts.md
index 11290388a1..d9e9c99503 100644
--- a/windows/security/identity-protection/access-control/service-accounts.md
+++ b/windows/security/identity-protection/access-control/service-accounts.md
@@ -12,7 +12,7 @@ manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
 ms.localizationpriority: medium
-ms.date: 04/19/2017
+ms.date: 11/19/2021
 ms.reviewer: 
 ---
 
@@ -47,7 +47,7 @@ In addition to the enhanced security that is provided by having individual accou
 
 -   You can create a class of domain accounts that can be used to manage and maintain services on local computers.
 
--   Unlike domain accounts in which administrators must reset manually passwords, the network passwords for these accounts are automatically reset.
+-   Unlike domain accounts in which administrators must manually reset passwords, the network passwords for these accounts are automatically reset.
 
 -   You do not have to complete complex SPN management tasks to use managed service accounts.
 
@@ -115,4 +115,4 @@ The following table provides links to additional resources that are related to s
 |---------------|-------------|
 | **Product evaluation** | [What's New for Managed Service Accounts](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh831451(v=ws.11))
                    [Getting Started with Group Managed Service Accounts](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj128431(v=ws.11)) |
 | **Deployment** | [Windows Server 2012: Group Managed Service Accounts - Ask Premier Field Engineering (PFE) Platforms - Site Home - TechNet Blogs](https://blogs.technet.com/b/askpfeplat/archive/2012/12/17/windows-server-2012-group-managed-service-accounts.aspx) |
-| **Related technologies** | [Security Principals](security-principals.md)
                    [What's new in Active Directory Domain Services](/windows-server/identity/whats-new-active-directory-domain-services) |
\ No newline at end of file
+| **Related technologies** | [Security Principals](security-principals.md)
                    [What's new in Active Directory Domain Services](/windows-server/identity/whats-new-active-directory-domain-services) |
diff --git a/windows/security/identity-protection/user-account-control/user-account-control-group-policy-and-registry-key-settings.md b/windows/security/identity-protection/user-account-control/user-account-control-group-policy-and-registry-key-settings.md
index a4ae0b4d3d..8f6746eee7 100644
--- a/windows/security/identity-protection/user-account-control/user-account-control-group-policy-and-registry-key-settings.md
+++ b/windows/security/identity-protection/user-account-control/user-account-control-group-policy-and-registry-key-settings.md
@@ -150,7 +150,7 @@ The options are:
 -   **Enabled.** (Default) Admin Approval Mode is enabled. This policy must be enabled and related UAC policy settings must also be set appropriately to allow the built-in Administrator account and all other users who are members of the **Administrators** group to run in Admin Approval Mode.
 -   **Disabled.** Admin Approval Mode and all related UAC policy settings are disabled.
 
-**Note** If this policy setting is disabled, the Security Center notifies you that the overall security of the operating system has been reduced.
+**Note** If this policy setting is disabled, the Windows Security app notifies you that the overall security of the operating system has been reduced.
 
 ### User Account Control: Switch to the secure desktop when prompting for elevation
 
diff --git a/windows/security/identity-protection/user-account-control/user-account-control-security-policy-settings.md b/windows/security/identity-protection/user-account-control/user-account-control-security-policy-settings.md
index 9a6cb42323..f811afcaa3 100644
--- a/windows/security/identity-protection/user-account-control/user-account-control-security-policy-settings.md
+++ b/windows/security/identity-protection/user-account-control/user-account-control-security-policy-settings.md
@@ -91,7 +91,7 @@ This policy setting controls whether applications that request to run with a Use
 This policy setting controls the behavior of all User Account Control (UAC) policy settings for the computer. If you change this policy setting, you must restart your computer.
 
 -   **Enabled** (Default) Admin Approval Mode is enabled. This policy must be enabled and related UAC policy settings must also be set appropriately to allow the built-in Administrator account and all other users who are members of the Administrators group to run in Admin Approval Mode.
--   **Disabled** Admin Approval Mode and all related UAC policy settings are disabled. Note: If this policy setting is disabled, the Security Center notifies you that the overall security of the operating system has been reduced.
+-   **Disabled** Admin Approval Mode and all related UAC policy settings are disabled. Note: If this policy setting is disabled, the Windows Security app notifies you that the overall security of the operating system has been reduced.
 
 ## User Account Control: Switch to the secure desktop when prompting for elevation
 
diff --git a/windows/security/includes/microsoft-defender.md b/windows/security/includes/microsoft-defender.md
index ec183caa51..cf62bf3732 100644
--- a/windows/security/includes/microsoft-defender.md
+++ b/windows/security/includes/microsoft-defender.md
@@ -1,6 +1,6 @@
 ---
-title: Microsoft Defender important guidance
-description: A note in regard to important Microsoft Defender guidance.
+title: Microsoft 365 Defender important guidance
+description: A note in regard to important Microsoft 365 Defender guidance.
 ms.date: 
 ms.reviewer: 
 manager: dansimp
@@ -11,4 +11,4 @@ ms.topic: include
 ---
 
 > [!IMPORTANT]
-> The improved [Microsoft 365 security center](https://security.microsoft.com) is now available. This new experience brings Defender for Endpoint, Defender for Office 365, Microsoft 365 Defender, and more into the Microsoft 365 security center. [Learn what's new](/microsoft-365/security/mtp/overview-security-center).
\ No newline at end of file
+> The improved [Microsoft 365 Defender portal](https://security.microsoft.com) is now available. This new experience brings Defender for Endpoint, Defender for Office 365, Microsoft 365 Defender, and more into the Microsoft 365 Defender portal. [Learn what's new](/microsoft-365/security/mtp/overview-security-center).
diff --git a/windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md b/windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md
index bca11cfd78..e89b66ca77 100644
--- a/windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md
+++ b/windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md
@@ -73,11 +73,11 @@ Systems released prior to Windows 10 version 1803 do not support Kernel DMA Prot
 
 Systems running Windows 10 version 1803 that do support Kernel DMA Protection do have this security feature enabled automatically by the OS with no user or IT admin configuration required.
 
-### Using Security Center
+### Using the Windows Security app
 
-Beginning with Windows 10 version 1809, you can use Security Center to check if Kernel DMA Protection is enabled. Click **Start** > **Settings** > **Update & Security** > **Windows Security** > **Open Windows Security** > **Device security** > **Core isolation details** > **Memory access protection**.
+Beginning with Windows 10 version 1809, you can use the Windows Security app to check if Kernel DMA Protection is enabled. Click **Start** > **Settings** > **Update & Security** > **Windows Security** > **Open Windows Security** > **Device security** > **Core isolation details** > **Memory access protection**.
 
-![Kernel DMA protection in Security Center.](bitlocker/images/kernel-dma-protection-security-center.png)
+![Kernel DMA protection in Windows Security](bitlocker/images/kernel-dma-protection-security-center.png)
 
 ### Using System information
 
@@ -146,4 +146,4 @@ The policy can be enabled by using:
 ## Related topics
 
 - [BitLocker countermeasures](bitlocker/bitlocker-countermeasures.md)
-- [DmaGuard MDM policies](/windows/client-management/mdm/policy-csp-dmaguard#dmaguard-policies)
\ No newline at end of file
+- [DmaGuard MDM policies](/windows/client-management/mdm/policy-csp-dmaguard#dmaguard-policies)
diff --git a/windows/security/information-protection/tpm/how-windows-uses-the-tpm.md b/windows/security/information-protection/tpm/how-windows-uses-the-tpm.md
index 038e7da093..3688226a4f 100644
--- a/windows/security/information-protection/tpm/how-windows-uses-the-tpm.md
+++ b/windows/security/information-protection/tpm/how-windows-uses-the-tpm.md
@@ -23,6 +23,7 @@ The Windows operating system improves most existing security features in the ope
 
 
 **See also:**
+- [Windows 11 Specifications](https://www.microsoft.com/windows/windows-11-specifications)
 
 - [Windows 10 Specifications](https://www.microsoft.com/windows/windows-10-specifications)
 
@@ -58,9 +59,9 @@ Although CNG sounds like a mundane starting point, it illustrates some of the ad
 
 The Platform Crypto Provider, introduced in the Windows 8 operating system, exposes the following special TPM properties, which software-only CNG providers cannot offer or cannot offer as effectively:
 
-•	**Key protection**. The Platform Crypto Provider can create keys in the TPM with restrictions on their use. The operating system can load and use the keys in the TPM without copying the keys to system memory, where they are vulnerable to malware. The Platform Crypto Provider can also configure keys that a TPM protects so that they are not removable. If a TPM creates a key, the key is unique and resides only in that TPM. If the TPM imports a key, the Platform Crypto Provider can use the key in that TPM, but that TPM is not a source for making more copies of the key or enabling the use of copies elsewhere. In sharp contrast, software solutions that protect keys from copying are subject to reverse-engineering attacks, in which someone figures out how the solution stores keys or makes copies of keys while they are in memory during use.
+- **Key protection**. The Platform Crypto Provider can create keys in the TPM with restrictions on their use. The operating system can load and use the keys in the TPM without copying the keys to system memory, where they are vulnerable to malware. The Platform Crypto Provider can also configure keys that a TPM protects so that they are not removable. If a TPM creates a key, the key is unique and resides only in that TPM. If the TPM imports a key, the Platform Crypto Provider can use the key in that TPM, but that TPM is not a source for making more copies of the key or enabling the use of copies elsewhere. In sharp contrast, software solutions that protect keys from copying are subject to reverse-engineering attacks, in which someone figures out how the solution stores keys or makes copies of keys while they are in memory during use.
 
-•	**Dictionary attack protection**. Keys that a TPM protects can require an authorization value such as a PIN. With dictionary attack protection, the TPM can prevent attacks that attempt a large number of guesses to determine the PIN. After too many guesses, the TPM simply returns an error saying no more guesses are allowed for a period of time. Software solutions might provide similar features, but they cannot provide the same level of protection, especially if the system restarts, the system clock changes, or files on the hard disk that count failed guesses are rolled back. In addition, with dictionary attack protection, authorization values such as PINs can be shorter and easier to remember while still providing the same level of protection as more complex values when using software solutions.
+- **Dictionary attack protection**. Keys that a TPM protects can require an authorization value such as a PIN. With dictionary attack protection, the TPM can prevent attacks that attempt a large number of guesses to determine the PIN. After too many guesses, the TPM simply returns an error saying no more guesses are allowed for a period of time. Software solutions might provide similar features, but they cannot provide the same level of protection, especially if the system restarts, the system clock changes, or files on the hard disk that count failed guesses are rolled back. In addition, with dictionary attack protection, authorization values such as PINs can be shorter and easier to remember while still providing the same level of protection as more complex values when using software solutions.
 
 These TPM features give Platform Crypto Provider distinct advantages over software-based solutions. A practical way to see these benefits in action is when using certificates on a Windows device. On platforms that include a TPM, Windows can use the Platform Crypto Provider to provide certificate storage. Certificate templates can specify that a TPM use the Platform Crypto Provider to protect the key associated with a certificate. In mixed environments, where some computers might not have a TPM, the certificate template could prefer the Platform Crypto Provider over the standard Windows software provider. If a certificate is configured as not able to be exported, the private key for the certificate is restricted and cannot be exported from the TPM. If the certificate requires a PIN, the PIN gains the TPM’s dictionary attack protection automatically.
 
@@ -80,12 +81,11 @@ The adoption of new authentication technology requires that identity providers a
 
 Identity providers have flexibility in how they provision credentials on client devices. For example, an organization might provision only those devices that have a TPM so that the organization knows that a TPM protects the credentials. The ability to distinguish a TPM from malware acting like a TPM requires the following TPM capabilities (see Figure 1):
 
-•	**Endorsement key**. The TPM manufacturer can create a special key in the TPM called an *endorsement key*. An endorsement key certificate, signed by the manufacturer, says that the endorsement key is present in a TPM that the manufacturer made. Solutions can use the certificate with the TPM containing the endorsement key to confirm a scenario really involves a TPM from a specific TPM manufacturer (instead of malware acting like a TPM.
+- **Endorsement key**. The TPM manufacturer can create a special key in the TPM called an *endorsement key*. An endorsement key certificate, signed by the manufacturer, says that the endorsement key is present in a TPM that the manufacturer made. Solutions can use the certificate with the TPM containing the endorsement key to confirm a scenario really involves a TPM from a specific TPM manufacturer (instead of malware acting like a TPM.
 
-•	**Attestation identity key**. To protect privacy, most TPM scenarios do not directly use an actual endorsement key. Instead, they use attestation identity keys, and an identity certificate authority (CA) uses the endorsement key and its certificate to prove that one or more attestation identity keys actually exist in a real TPM. The identity CA issues attestation identity key certificates. More than one identity CA will generally see the same endorsement key certificate that can uniquely identify the TPM, but any number of attestation identity key certificates can be created to limit the information shared in other scenarios.
-
-![TPM Capabilities.](images/tpm-capabilities.png)
+- **Attestation identity key**. To protect privacy, most TPM scenarios do not directly use an actual endorsement key. Instead, they use attestation identity keys, and an identity certificate authority (CA) uses the endorsement key and its certificate to prove that one or more attestation identity keys actually exist in a real TPM. The identity CA issues attestation identity key certificates. More than one identity CA will generally see the same endorsement key certificate that can uniquely identify the TPM, but any number of attestation identity key certificates can be created to limit the information shared in other scenarios.
 
+:::image type="content" alt-text="TPM Capabilities." source="images/tpm-capabilities.png" lightbox="images/tpm-capabilities.png":::
 *Figure 1:  TPM Cryptographic Key Management*
 
 For Windows Hello for Business, Microsoft can fill the role of the identity CA. Microsoft services can issue an attestation identity key certificate for each device, user, and identify provider to ensure that privacy is protected and to help identity providers ensure that device TPM requirements are met before Windows Hello for Business credentials are provisioned.
@@ -96,9 +96,9 @@ BitLocker provides full-volume encryption to protect data at rest. The most comm
 
 In the most common configuration, BitLocker encrypts the operating system volume so that if the computer or hard disk is lost or stolen when powered off, the data on the volume remains confidential. When the computer is turned on, starts normally, and proceeds to the Windows logon prompt, the only path forward is for the user to log on with his or her credentials, allowing the operating system to enforce its normal file permissions. If something about the boot process changes, however—for example, a different operating system is booted from a USB device—the operating system volume and user data cannot be read and are not accessible. The TPM and system firmware collaborate to record measurements of how the system started, including loaded software and configuration details such as whether boot occurred from the hard drive or a USB device. BitLocker relies on the TPM to allow the use of a key only when startup occurs in an expected way. The system firmware and TPM are carefully designed to work together to provide the following capabilities:
 
-•	**Hardware root of trust for measurement**. A TPM allows software to send it commands that record measurements of software or configuration information. This information can be calculated using a hash algorithm that essentially transforms a lot of data into a small, statistically unique hash value. The system firmware has a component called the Core Root of Trust for Measurement (CRTM) that is implicitly trusted. The CRTM unconditionally hashes the next software component and records the measurement value by sending a command to the TPM. Successive components, whether system firmware or operating system loaders, continue the process by measuring any software components they load before running them. Because each component’s measurement is sent to the TPM before it runs, a component cannot erase its measurement from the TPM. (However, measurements are erased when the system is restarted.) The result is that at each step of the system startup process, the TPM holds measurements of boot software and configuration information. Any changes in boot software or configuration yield different TPM measurements at that step and later steps. Because the system firmware unconditionally starts the measurement chain, it provides a hardware-based root of trust for the TPM measurements. At some point in the startup process, the value of recording all loaded software and configuration information diminishes and the chain of measurements stops. The TPM allows for the creation of keys that can be used only when the platform configuration registers that hold the measurements have specific values.
+- **Hardware root of trust for measurement**. A TPM allows software to send it commands that record measurements of software or configuration information. This information can be calculated using a hash algorithm that essentially transforms a lot of data into a small, statistically unique hash value. The system firmware has a component called the Core Root of Trust for Measurement (CRTM) that is implicitly trusted. The CRTM unconditionally hashes the next software component and records the measurement value by sending a command to the TPM. Successive components, whether system firmware or operating system loaders, continue the process by measuring any software components they load before running them. Because each component’s measurement is sent to the TPM before it runs, a component cannot erase its measurement from the TPM. (However, measurements are erased when the system is restarted.) The result is that at each step of the system startup process, the TPM holds measurements of boot software and configuration information. Any changes in boot software or configuration yield different TPM measurements at that step and later steps. Because the system firmware unconditionally starts the measurement chain, it provides a hardware-based root of trust for the TPM measurements. At some point in the startup process, the value of recording all loaded software and configuration information diminishes and the chain of measurements stops. The TPM allows for the creation of keys that can be used only when the platform configuration registers that hold the measurements have specific values.
 
-•	**Key used only when boot measurements are accurate**. BitLocker creates a key in the TPM that can be used only when the boot measurements match an expected value. The expected value is calculated for the step in the startup process when Windows Boot Manager runs from the operating system volume on the system hard drive. Windows Boot Manager, which is stored unencrypted on the boot volume, needs to use the TPM key so that it can decrypt data read into memory from the operating system volume and startup can proceed using the encrypted operating system volume. If a different operating system is booted or the configuration is changed, the measurement values in the TPM will be different, the TPM will not let Windows Boot Manager use the key, and the startup process cannot proceed normally because the data on the operating system cannot be decrypted. If someone tries to boot the system with a different operating system or a different device, the software or configuration measurements in the TPM will be wrong and the TPM will not allow use of the key needed to decrypt the operating system volume. As a failsafe, if measurement values change unexpectedly, the user can always use the BitLocker recovery key to access volume data. Organizations can configure BitLocker to store the recovery key-in Active Directory Domain Services (AD DS).
+- **Key used only when boot measurements are accurate**. BitLocker creates a key in the TPM that can be used only when the boot measurements match an expected value. The expected value is calculated for the step in the startup process when Windows Boot Manager runs from the operating system volume on the system hard drive. Windows Boot Manager, which is stored unencrypted on the boot volume, needs to use the TPM key so that it can decrypt data read into memory from the operating system volume and startup can proceed using the encrypted operating system volume. If a different operating system is booted or the configuration is changed, the measurement values in the TPM will be different, the TPM will not let Windows Boot Manager use the key, and the startup process cannot proceed normally because the data on the operating system cannot be decrypted. If someone tries to boot the system with a different operating system or a different device, the software or configuration measurements in the TPM will be wrong and the TPM will not allow use of the key needed to decrypt the operating system volume. As a failsafe, if measurement values change unexpectedly, the user can always use the BitLocker recovery key to access volume data. Organizations can configure BitLocker to store the recovery key-in Active Directory Domain Services (AD DS).
 
 Device hardware characteristics are important to BitLocker and its ability to protect data. One consideration is whether the device provides attack vectors when the system is at the logon screen. For example, if the Windows device has a port that allows direct memory access so that someone can plug in hardware and read memory, an attacker can read the operating system volume’s decryption key from memory while at the Windows logon screen. To mitigate this risk, organizations can configure BitLocker so that the TPM key requires both the correct software measurements and an authorization value. The system startup process stops at Windows Boot Manager, and the user is prompted to enter the authorization value for the TPM key or insert a USB device with the value. This process stops BitLocker from automatically loading the key into memory where it might be vulnerable, but has a less desirable user experience.
 
@@ -122,12 +122,11 @@ TPM measurements are designed to avoid recording any privacy-sensitive informati
 
 The TPM provides the following way for scenarios to use the measurements recorded in the TPM during boot:
 
-•	**Remote Attestation**.  Using an attestation identity key, the TPM can generate and cryptographically sign a statement (or*quote*) of the current measurements in the TPM. Windows can create unique attestation identity keys for various scenarios to prevent separate evaluators from collaborating to track the same device. Additional information in the quote is cryptographically scrambled to limit information sharing and better protect privacy. By sending the quote to a remote entity, a device can attest which software and configuration settings were used to boot the device and initialize the operating system. An attestation identity key certificate can provide further assurance that the quote is coming from a real TPM. Remote attestation is the process of recording measurements in the TPM, generating a quote, and sending the quote information to another system that evaluates the measurements to establish trust in a device. Figure 2 illustrates this process.
+- **Remote Attestation**.  Using an attestation identity key, the TPM can generate and cryptographically sign a statement (or*quote*) of the current measurements in the TPM. Windows can create unique attestation identity keys for various scenarios to prevent separate evaluators from collaborating to track the same device. Additional information in the quote is cryptographically scrambled to limit information sharing and better protect privacy. By sending the quote to a remote entity, a device can attest which software and configuration settings were used to boot the device and initialize the operating system. An attestation identity key certificate can provide further assurance that the quote is coming from a real TPM. Remote attestation is the process of recording measurements in the TPM, generating a quote, and sending the quote information to another system that evaluates the measurements to establish trust in a device. Figure 2 illustrates this process.
 
 When new security features are added to Windows, Measured Boot adds security-relevant configuration information to the measurements recorded in the TPM. Measured Boot enables remote attestation scenarios that reflect the system firmware and the Windows initialization state.
 
-![Process to Create Evidence of Boot Software and Configuration Using TPM.](images/process-to-create-evidence-of-boot-software-and-configuration-using-tpm.png)
-
+:::image type="content" alt-text="Process to Create Evidence of Boot Software and Configuration Using TPM." source="images/process-to-create-evidence-of-boot-software-and-configuration-using-tpm.png" lightbox="images/process-to-create-evidence-of-boot-software-and-configuration-using-tpm.png":::
 *Figure 2:  Process used to create evidence of boot software and configuration using a TPM*
 
 
@@ -149,17 +148,18 @@ The resulting solution provides defense in depth, because even if malware runs i
 
 The TPM adds hardware-based security benefits to Windows. When installed on hardware that includes a TPM, Window delivers remarkably improved security benefits. The following table summarizes the key benefits of the TPM’s major features.
 
+
                    
 
 |Feature | Benefits when used on a system with a TPM|
 |---|---|
-| Platform Crypto Provider |  •      If the machine is compromised, the private key associated with the certificate cannot be copied off the device.
                    •	        The TPM’s dictionary attack mechanism protects PIN values to use a certificate.
-| Virtual Smart Card | 	•      Achieve security similar to that of physical smart cards without deploying physical smart cards or card readers.|
-| Windows Hello for Business | 	•      Credentials provisioned on a device cannot be copied elsewhere.  
                     •	         Confirm a device’s TPM before credentials are provisioned. |
-| BitLocker Drive Encryption | 	•      Multiple options are available for enterprises to protect data at rest while balancing security requirements with different device hardware.
-|Device Encryption | 	•     With a Microsoft account and the right hardware, consumers’ devices seamlessly benefit from data-at-rest protection.
-| Measured Boot | 	•      A hardware root of trust contains boot measurements that help detect malware during remote attestation.
-| Health Attestation | 	•      MDM solutions can easily perform remote attestation and evaluate client health before granting access to resources or cloud services such as Office 365.
-| Credential Guard | 	•      Defense in depth increases so that even if malware has administrative rights on one machine, it is significantly more difficult to compromise additional machines in an organization.
+| Platform Crypto Provider | 
                    • If the machine is compromised, the private key associated with the certificate cannot be copied off the device.
                    • The TPM’s dictionary attack mechanism protects PIN values to use a certificate.
                     |
+| Virtual Smart Card | 
                    • Achieve security similar to that of physical smart cards without deploying physical smart cards or card readers.
                     |
+| Windows Hello for Business | 
                    • Credentials provisioned on a device cannot be copied elsewhere.
                    • Confirm a device’s TPM before credentials are provisioned.
                     |
+| BitLocker Drive Encryption | 
                    • Multiple options are available for enterprises to protect data at rest while balancing security requirements with different device hardware.
                     |
+|Device Encryption | 
                    • With a Microsoft account and the right hardware, consumers’ devices seamlessly benefit from data-at-rest protection.
                     |
+| Measured Boot | 
                    • A hardware root of trust contains boot measurements that help detect malware during remote attestation.
                     |
+| Health Attestation | 
                    • MDM solutions can easily perform remote attestation and evaluate client health before granting access to resources or cloud services such as Office 365. 
                     |
+| Credential Guard | 
                    • Defense in depth increases so that even if malware has administrative rights on one machine, it is significantly more difficult to compromise additional machines in an organization.
                     |
 
 
                    
 
diff --git a/windows/security/information-protection/tpm/trusted-platform-module-overview.md b/windows/security/information-protection/tpm/trusted-platform-module-overview.md
index e401d19506..c5a7d50e68 100644
--- a/windows/security/information-protection/tpm/trusted-platform-module-overview.md
+++ b/windows/security/information-protection/tpm/trusted-platform-module-overview.md
@@ -32,7 +32,7 @@ This topic for the IT professional describes the Trusted Platform Module (TPM) a
 
 - Generate, store, and limit the use of cryptographic keys.
 
-- Use TPM technology for platform device authentication by using the TPM’s unique RSA key, which is burned into itself.
+- Use TPM technology for platform device authentication by using the TPM’s unique RSA key, which is burned into it.
 
 - Help ensure platform integrity by taking and storing security measurements.
 
diff --git a/windows/security/threat-protection/auditing/advanced-security-auditing-faq.yml b/windows/security/threat-protection/auditing/advanced-security-auditing-faq.yml
index a3f1fdac56..8cce54444d 100644
--- a/windows/security/threat-protection/auditing/advanced-security-auditing-faq.yml
+++ b/windows/security/threat-protection/auditing/advanced-security-auditing-faq.yml
@@ -15,32 +15,46 @@ metadata:
   audience: ITPro
   ms.collection: M365-security-compliance
   ms.topic: conceptual
-  ms.date: 09/06/2021
-  ms.technology: windows-sec
+  ms.date: 11/10/2021
+  ms.technology: mde
     
 title: Advanced security auditing FAQ
-
-
-
-  This topic for the IT professional lists questions and answers about understanding, deploying, and managing security audit policies.
+summary: This topic for the IT professional lists questions and answers about understanding, deploying, and managing security audit policies.
   
   -   [What is Windows security auditing and why might I want to use it?](#what-is-windows-security-auditing-and-why-might-i-want-to-use-it-)
+
   -   [What is the difference between audit policies located in Local Policies\\Audit Policy and audit policies located in Advanced Audit Policy Configuration?](#what-is-the-difference-between-audit-policies-located-in-local-policies--audit-policy-and-audit-policies-located-in-advanced-audit-policy-configuration-)
+
   -   [What is the interaction between basic audit policy settings and advanced audit policy settings?](#what-is-the-interaction-between-basic-audit-policy-settings-and-advanced-audit-policy-settings-)
+
   -   [How are audit settings merged by Group Policy?](#how-are-audit-settings-merged-by-group-policy-)
+
   -   [What is the difference between an object DACL and an object SACL?](#what-is-the-difference-between-an-object-dacl-and-an-object-sacl-)
+
   -   [Why are audit policies applied on a per-computer basis rather than per user?](#why-are-audit-policies-applied-on-a-per-computer-basis-rather-than-per-user-)
+
   -   [What are the differences in auditing functionality between versions of Windows?](#what-are-the-differences-in-auditing-functionality-between-versions-of-windows-)
+
   -   [Can I use advanced audit policy from a domain controller running Windows Server 2003 or Windows 2000 Server?](#can-i-use-advanced-audit-policies-from-a-domain-controller-running-windows-server-2003-or-windows-2000-server-)
+
   -   [What is the difference between success and failure events? Is something wrong if I get a failure audit?](#what-is-the-difference-between-success-and-failure-events--is-something-wrong-if-i-get-a-failure-audit-)
+
   -   [How can I set an audit policy that affects all objects on a computer?](#how-can-i-set-an-audit-policy-that-affects-all-objects-on-a-computer-)
+
   -   [How do I figure out why someone was able to access a resource?](#how-do-i-figure-out-why-someone-was-able-to-access-a-resource-)
+
   -   [How do I know when changes are made to access control settings, by whom, and what the changes were?](#how-do-i-know-when-changes-are-made-to-access-control-settings--by-whom--and-what-the-changes-were-)
+
   -   [How can I roll back security audit policies from the advanced audit policy to the basic audit policy?](#how-can-i-roll-back-security-audit-policies-from-the-advanced-audit-policy-to-the-basic-audit-policy-)
+
   -   [How can I monitor if changes are made to audit policy settings?](#how-can-i-monitor-if-changes-are-made-to-audit-policy-settings-)
+
   -   [How can I minimize the number of events that are generated?](#how-can-i-minimize-the-number-of-events-that-are-generated-)
+
   -   [What are the best tools to model and manage audit policy?](#what-are-the-best-tools-to-model-and-manage-audit-policies-)
+
   -   [Where can I find information about all the possible events that I might receive?](#where-can-i-find-information-about-all-the-possible-events-that-i-might-receive-)
+
   -   [Where can I find more detailed information?](#where-can-i-find-more-detailed-information-)
   
 
diff --git a/windows/security/threat-protection/auditing/event-4625.md b/windows/security/threat-protection/auditing/event-4625.md
index 380cc917cd..9f97418b4d 100644
--- a/windows/security/threat-protection/auditing/event-4625.md
+++ b/windows/security/threat-protection/auditing/event-4625.md
@@ -182,7 +182,7 @@ This event generates on domain controllers, member servers, and workstations.
     | 0x0                     | Status OK.  |
 
 > [!NOTE]
-> To see the meaning of other status or substatus codes, you might also check for status code in the Window header file ntstatus.h in Windows SDK.
+> To see the meaning of other status or substatus codes, you might also check for status code in the Windows header file ntstatus.h in Windows SDK.
 
 More information: 
 
diff --git a/windows/security/threat-protection/block-untrusted-fonts-in-enterprise.md b/windows/security/threat-protection/block-untrusted-fonts-in-enterprise.md
index 3fff0198ed..7057f8c90f 100644
--- a/windows/security/threat-protection/block-untrusted-fonts-in-enterprise.md
+++ b/windows/security/threat-protection/block-untrusted-fonts-in-enterprise.md
@@ -13,7 +13,7 @@ author: dansimp
 ms.author: dansimp
 ms.date: 08/14/2017
 ms.localizationpriority: medium
-ms.technology: other
+ms.technology: windows-sec
 ---
 
 # Block untrusted fonts in an enterprise
diff --git a/windows/security/threat-protection/fips-140-validation.md b/windows/security/threat-protection/fips-140-validation.md
index fc40dc48df..5c8dd1358e 100644
--- a/windows/security/threat-protection/fips-140-validation.md
+++ b/windows/security/threat-protection/fips-140-validation.md
@@ -1,7349 +1,7349 @@
----
-title: Federal Information Processing Standard (FIPS) 140 Validation
-description: Learn how Microsoft products and cryptographic modules follow the U.S. Federal government standard FIPS 140.
-ms.prod: m365-security
-audience: ITPro
-author: dansimp
-ms.author: dansimp
-manager: dansimp
-ms.collection: M365-identity-device-management
-ms.topic: article
-ms.localizationpriority: medium
-ms.reviewer: 
-ms.technology: other
----
-
-# FIPS 140-2 Validation
-
-## FIPS 140-2 standard overview
-
-The Federal Information Processing Standard (FIPS) Publication 140-2 is a U.S. government standard. FIPS is based on Section 5131 of the Information Technology Management Reform Act of 1996. It defines the minimum security requirements for cryptographic modules in IT products.
-
-The [Cryptographic Module Validation Program (CMVP)](https://csrc.nist.gov/Projects/cryptographic-module-validation-program) is a joint effort of the U.S. National Institute of Standards and Technology (NIST) and the Canadian Centre for Cyber Security (CCCS). It validates cryptographic modules against the Security Requirements for Cryptographic Modules (part of FIPS 140-2) and related FIPS cryptography standards. The FIPS 140-2 security requirements cover 11 areas related to the design and implementation of a cryptographic module. The NIST Information Technology Laboratory operates a related program that validates the FIPS approved cryptographic algorithms in the module.
-
-## Microsoft’s approach to FIPS 140-2 validation
-
-Microsoft maintains an active commitment to meeting the requirements of the FIPS 140-2 standard, having validated cryptographic modules against it since it was first established in 2001.  Microsoft validates its cryptographic modules under the NIST CMVP, as described above.  Multiple Microsoft products, including Windows 10, Windows Server, and many cloud services, use these cryptographic modules.
-
-## Using Windows in a FIPS 140-2 approved mode of operation
-
-Windows 10 and Windows Server may be configured to run in a FIPS 140-2 approved mode of operation, commonly referred to as "FIPS mode."  If you turn on FIPS mode, the Cryptographic Primitives Library (bcryptprimitives.dll) and Kernel Mode Cryptographic Primitives Library (CNG.sys) modules will run self-tests before Windows runs cryptographic operations. These self-tests are run according to FIPS 140-2 Section 4.9. They ensure that the modules are functioning properly.
-
-The Cryptographic Primitives Library and the Kernel Mode Cryptographic Primitives Library are the only modules affected by FIPS mode. FIPS mode won't prevent Windows and its subsystems from using non-FIPS validated cryptographic algorithms. FIPS mode is merely advisory for applications or components other than the Cryptographic Primitives Library and the Kernel Mode Cryptographic Primitives Library.
-
-US government regulations continue to mandate FIPS mode for government devices running Windows. Other customers should decide for themselves if FIPS mode is right for them. There are many applications and protocols that use FIPS mode policy to determine which cryptographic functionality to run. Customers seeking to follow the FIPS 140-2 standard should research the configuration settings of their applications and protocols. This research will help ensure that they can be configured to use FIPS 140-2 validated cryptography.
-
-Achieving this FIPS 140-2 approved mode of operation of Windows requires administrators to complete all four steps outlined below.
-
-### Step 1: Ensure FIPS 140-2 validated cryptographic modules are installed
-
-Administrators must ensure that all cryptographic modules installed are FIPS 140-2 validated.  Tables listing validated modules, organized by operating system release, are available later in this article.
-
-### Step 2: Ensure all security policies for all cryptographic modules are followed
-
-Each of the cryptographic modules has a defined security policy that must be met for the module to operate in its FIPS 140-2 approved mode.  The security policy may be found in each module’s published Security Policy Document (SPD).  The SPDs for each module may be found in the table of validated modules at the end of this article.  Select the module version number to view the published SPD for the module. 
-
-### Step 3: Enable the FIPS security policy
-
-Windows provides the security policy setting, *System cryptography: Use FIPS-compliant algorithms for encryption, hashing, and signing*. This setting is used by some Microsoft products to determine whether to run in FIPS mode.  When this policy is turned on, the validated cryptographic modules in Windows will also operate in FIPS mode.  This policy may be set using Local Security Policy, as part of Group Policy, or through a Modern Device Management (MDM) solution.   For more information on the policy, see [System cryptography: Use FIPS-compliant algorithms for encryption, hashing, and signing](./security-policy-settings/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing.md).  
-
-### Step 4: Ensure that only FIPS validated cryptographic algorithms are used
-
-FIPS mode is enforced at the level of the application or service. It is not enforced by the operating system or by individual cryptographic modules. Applications or services running in FIPS mode must follow the security policies of validated modules. They must not use a cryptographic algorithm that isn't FIPS-compliant.
-
-In short, an application or service is running in FIPS mode if it:
-
-* Checks for the policy flag
-* Enforces security policies of validated modules
-
-## Frequently asked questions
-
-### How long does it take to certify a cryptographic module?
-
-Microsoft begins certification of cryptographic modules after each major feature release of Windows 10 and Windows Server. The duration of each evaluation varies, depending on many factors.
-
-### When does Microsoft undertake a FIPS 140 validation?
-
-The cadence for starting module validation aligns with the feature updates of Windows 10 and Windows Server.  As the software industry evolves, operating systems release more frequently. Microsoft completes validation work on major releases but, in between releases, seeks to minimize the changes to the cryptographic modules.  
-
-### What is the difference between *FIPS 140 validated* and *FIPS 140 compliant*?
-
-*FIPS 140 validated* means that the cryptographic module, or a product that embeds the module, has been validated ("certified") by the CMVP as meeting the FIPS 140-2 requirements. *FIPS 140 compliant* is an industry term for IT products that rely on FIPS 140 validated products for cryptographic functionality.
-
-### How do I know if a Windows service or application is FIPS 140-2 validated?
-
-The cryptographic modules used in Windows are validated through the CMVP. They aren't validated by individual services, applications, hardware peripherals, or other solutions.  Any compliant solution must call a FIPS 140-2 validated cryptographic module in the underlying OS, and the OS must be configured to run in FIPS mode.  Contact the vendor of the service, application, or product for information on whether it calls a validated cryptographic module.
-
-### What does *When operated in FIPS mode* mean on a certificate?
-
-This label means that certain configuration and security rules must be followed to use the cryptographic module in compliance with its FIPS 140-2 security policy. Each module has its own security policy—a precise specification of the security rules under which it will operate—and employs approved cryptographic algorithms, cryptographic key management, and authentication techniques. The security rules are defined in the Security Policy Document (SPD) for each module.
-
-### What is the relationship between FIPS 140-2 and Common Criteria?
-
-FIPS 140-2 and Common Criteria are two separate security standards with different, but complementary, purposes. FIPS 140-2 is designed specifically for validating software and hardware cryptographic modules. Common Criteria are designed to evaluate security functions in IT software and hardware products. Common Criteria evaluations often rely on FIPS 140-2 validations to provide assurance that basic cryptographic functionality is implemented properly.
-
-### How does FIPS 140 relate to Suite B?
-
-Suite B is a set of cryptographic algorithms defined by the U.S. National Security Agency (NSA) as part of its Cryptographic Modernization Program. The set of Suite B cryptographic algorithms are to be used for both unclassified information and most classified information. The Suite B cryptographic algorithms are a subset of the FIPS approved cryptographic algorithms allowed by the FIPS 140-2 standard.
-
-### Is SMB3 (Server Message Block) FIPS 140 compliant in Windows?
-
-SMB3 can be FIPS 140 compliant, if Windows is configured to operate in FIPS 140 mode on both client and server.  In FIPS mode, SMB3 relies on the underlying Windows FIPS 140 validated cryptographic modules for cryptographic operations.
-
-## Microsoft FIPS 140-2 validated cryptographic modules
-
-The following tables identify the cryptographic modules used in an operating system, organized by release.
-
-## Modules used by Windows
-
-##### Windows 10 Fall 2018 Update (Version 1809)
-
-Validated Editions: Home, Pro, Enterprise, Education
-
-
------
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    





                    Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
                    Cryptographic Primitives Library10.0.17763#3197See Security Policy and Certificate page for algorithm information
                    Kernel Mode Cryptographic Primitives Library10.0.17763#3196See Security Policy and Certificate page for algorithm information
                    Code Integrity10.0.17763#3644See Security Policy and Certificate page for algorithm information
                    Windows OS Loader10.0.17763#3615See Security Policy and Certificate page for algorithm information
                    Secure Kernel Code Integrity10.0.17763#3651See Security Policy and Certificate page for algorithm information
                    BitLocker Dump Filter10.0.17763#3092See Security Policy and Certificate page for algorithm information
                    Boot Manager10.0.17763#3089See Security Policy and Certificate page for algorithm information
                    Virtual TPM10.0.17763#3690See Security Policy and Certificate page for algorithm information
                    
-
-##### Windows 10 Spring 2018 Update (Version 1803)
-
-Validated Editions: Home, Pro, Enterprise, Education
-
-
------
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    





                    Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
                    Cryptographic Primitives Library10.0.17134#3197See Security Policy and Certificate page for algorithm information
                    Kernel Mode Cryptographic Primitives Library10.0.17134#3196See Security Policy and Certificate page for algorithm information
                    Code Integrity10.0.17134#3195See Security Policy and Certificate page for algorithm information
                    Windows OS Loader10.0.17134#3480See Security Policy and Certificate page for algorithm information
                    Secure Kernel Code Integrity10.0.17134#3096See Security Policy and Certificate page for algorithm information
                    BitLocker Dump Filter10.0.17134#3092See Security Policy and Certificate page for algorithm information
                    Boot Manager10.0.17134#3089See Security Policy and Certificate page for algorithm information
                    
-
-##### Windows 10 Fall Creators Update (Version 1709)
-
-Validated Editions: Home, Pro, Enterprise, Education, S, Surface Hub, Mobile
-
-
------
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    





                    Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
                    Cryptographic Primitives Library10.0.16299#3197See Security Policy and Certificate page for algorithm information
                    Kernel Mode Cryptographic Primitives Library10.0.16299#3196See Security Policy and Certificate page for algorithm information
                    Code Integrity10.0.16299#3195See Security Policy and Certificate page for algorithm information
                    Windows OS Loader10.0.16299#3194See Security Policy and Certificate page for algorithm information
                    Secure Kernel Code Integrity10.0.16299#3096See Security Policy and Certificate page for algorithm information
                    BitLocker Dump Filter10.0.16299#3092See Security Policy and Certificate page for algorithm information
                    Windows Resume10.0.16299#3091See Security Policy and Certificate page for algorithm information
                    Boot Manager10.0.16299#3089See Security Policy and Certificate page for algorithm information
                    
-
-##### Windows 10 Creators Update (Version 1703)
-
-Validated Editions: Home, Pro, Enterprise, Education, S, Surface Hub, Mobile
-
-
--
----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    




                    Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
                    Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll)10.0.15063#3095
                    FIPS approved algorithms: AES (Cert. #4624); CKG (vendor affirmed); CVL (Certs. #1278 and #1281); DRBG (Cert. #1555); DSA (Cert. #1223); ECDSA (Cert. #1133); HMAC (Cert. #3061); KAS (Cert. #127); KBKDF (Cert. #140); KTS (AES Cert. #4626; key establishment methodology provides between 128 bits and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #2521 and #2522); SHS (Cert. #3790); Triple-DES (Cert. #2459)
                    
-
                    
-Other algorithms: HMAC-MD5; MD5; DES; Legacy CAPI KDF; MD2; MD4; RC2; RC4; RSA (encrypt/decrypt)
                    
-
                    Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. #1133); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #2521); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. #1281); SP800-135 - Section 4.1.1, IKEv1 Section 4.1.2, IKEv2 Section 4.2, TLS (Cert. #1278)
                    Kernel Mode Cryptographic Primitives Library (cng.sys)10.0.15063#3094
                    #3094
                    
-
                    FIPS approved algorithms: AES (Certs. #4624 and #4626); CKG (vendor affirmed); CVL (Certs. #1278 and #1281); DRBG (Cert. #1555); DSA (Cert. #1223); ECDSA (Cert. #1133); HMAC (Cert. #3061); KAS (Cert. #127); KBKDF (Cert. #140); KTS (AES Cert. #4626; key establishment methodology provides between 128 bits and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #2521 and #2523); SHS (Cert. #3790); Triple-DES (Cert. #2459)
                    
-
                    
-Other algorithms: HMAC-MD5; MD5; NDRNG; DES; Legacy CAPI KDF; MD2; MD4; RC2; RC4; RSA (encrypt/decrypt)
                    
-
                    Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert.#1133); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert.#2521); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert.#1281)
                    Boot Manager10.0.15063#3089
                    FIPS approved algorithms: AES (Certs. #4624 and #4625); CKG (vendor affirmed); HMAC (Cert. #3061); PBKDF (vendor affirmed); RSA (Cert. #2523); SHS (Cert. #3790)
                    
-
                    Other algorithms: PBKDF (vendor affirmed); VMK KDF (vendor affirmed)
                    Windows OS Loader10.0.15063#3090
                    FIPS approved algorithms: AES (Certs. #4624 and #4625); RSA (Cert. #2523); SHS (Cert. #3790)
                    
-
                    Other algorithms: NDRNG
                    Windows Resume[1]10.0.15063#3091FIPS approved algorithms: AES (Certs. #4624 and #4625); RSA (Cert. #2523); SHS (Cert. #3790)
                    BitLocker® Dump Filter[2]10.0.15063#3092FIPS approved algorithms: AES (Certs. #4624 and #4625); RSA (Cert. #2522); SHS (Cert. #3790)
                    Code Integrity (ci.dll)10.0.15063#3093
                    FIPS approved algorithms: AES (Cert. #4624); RSA (Certs. #2522 and #2523); SHS (Cert. #3790)
                    
-
                    Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v1.5 - RSASP1 Signature Primitive (Cert. #1282)
                    Secure Kernel Code Integrity (skci.dll)[3]10.0.15063#3096
                    FIPS approved algorithms: AES (Cert. #4624); RSA (Certs. #2522 and #2523); SHS (Cert. #3790)
                    
-
                    Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v1.5 - RSASP1 Signature Primitive (Cert. #1282)
                    
-
-
-\[1\] Applies only to Home, Pro, Enterprise, Education, and S.
-
-\[2\] Applies only to Pro, Enterprise, Education, S, Mobile, and Surface Hub
-
-\[3\] Applies only to Pro, Enterprise, Education, and S
-
-##### Windows 10 Anniversary Update (Version 1607)
-
-Validated Editions: Home, Pro, Enterprise, Enterprise LTSB, Mobile
-
-
------
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    





                    Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
                    Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll)10.0.14393#2937
                    FIPS approved algorithms: AES (Cert. #4064); DRBG (Cert. #1217); DSA (Cert. #1098); ECDSA (Cert. #911); HMAC (Cert. #2651); KAS (Cert. #92); KBKDF (Cert. #101); KTS (AES Cert. #4062; key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #2192, #2193, and #2195); SHS (Cert. #3347); Triple-DES (Cert. #2227)
                    
-
                    
-Other algorithms: HMAC-MD5; MD5; DES; Legacy CAPI KDF; MD2; MD4; RC2; RC4; RSA (encrypt/decrypt)
                    
-
                    Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. #922); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #888); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. #887); SP800-135 - Section 4.1.1, IKEv1 Section 4.1.2, IKEv2 Section 4.2, TLS (Cert. #886)
                    Kernel Mode Cryptographic Primitives Library (cng.sys)10.0.14393#2936
                    FIPS approved algorithms: AES (Cert. #4064); DRBG (Cert. #1217); DSA (Cert. #1098); ECDSA (Cert. #911); HMAC (Cert. #2651); KAS (Cert. #92); KBKDF (Cert. #101); KTS (AES Cert. #4062; key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #2192, #2193, and #2195); SHS (Cert. #3347); Triple-DES (Cert. #2227)
                    
-
                    
-Other algorithms: HMAC-MD5; MD5; NDRNG; DES; Legacy CAPI KDF; MD2; MD4; RC2; RC4; RSA (encrypt/decrypt)
                    
-
                    Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. #922); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #888); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. #887)
                    Boot Manager10.0.14393#2931
                    FIPS approved algorithms: AES (Certs. #4061 and #4064); HMAC (Cert. #2651); PBKDF (vendor affirmed); RSA (Cert. #2193); SHS (Cert. #3347)
                    
-
                    Other algorithms: MD5; PBKDF (non-compliant); VMK KDF
                    BitLocker® Windows OS Loader (winload)10.0.14393#2932FIPS approved algorithms: AES (Certs. #4061 and #4064); RSA (Cert. #2193); SHS (Cert. #3347)
                    
-
                    
-Other algorithms: NDRNG; MD5
                    BitLocker® Windows Resume (winresume)[1]10.0.14393#2933FIPS approved algorithms: AES (Certs. #4061 and #4064); RSA (Cert. #2193); SHS (Cert. #3347)
                    
-
                    
-Other algorithms: MD5
                    BitLocker® Dump Filter (dumpfve.sys)[2]10.0.14393#2934FIPS approved algorithms: AES (Certs. #4061 and #4064)
                    Code Integrity (ci.dll)10.0.14393#2935
                    FIPS approved algorithms: RSA (Cert. #2193); SHS (Cert. #3347)
                    
-
                    
-Other algorithms: AES (non-compliant); MD5
                    
-
                    Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #888)
                    Secure Kernel Code Integrity (skci.dll)[3]10.0.14393#2938
                    FIPS approved algorithms: RSA (Certs. #2193); SHS (Certs. #3347)
                    
-
                    
-Other algorithms: MD5
                    
-
                    Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #888)
                    
-
-
-\[1\] Applies only to Home, Pro, Enterprise, and Enterprise LTSB
-
-\[2\] Applies only to Pro, Enterprise, Enterprise LTSB, and Mobile
-
-\[3\] Applies only to Pro, Enterprise, and Enterprise LTSB
-
-##### Windows 10 November 2015 Update (Version 1511)
-
-Validated Editions: Home, Pro, Enterprise, Enterprise LTSB, Mobile, Surface Hub
-
-
------
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    





                    Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
                    Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll)10.0.10586#2606
                    FIPS approved algorithms: AES (Certs. #3629); DRBG (Certs. #955); DSA (Certs. #1024); ECDSA (Certs. #760); HMAC (Certs. #2381); KAS (Certs. #72; key agreement; key establishment methodology provides between 112 bits and 256 bits of encryption strength); KBKDF (Certs. #72); KTS (AES Certs. #3653; key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #1887, #1888, and #1889); SHS (Certs. #3047); Triple-DES (Certs. #2024)
                    
-
                    
-Other algorithms: DES; HMAC-MD5; Legacy CAPI KDF; MD2; MD4; MD5; RC2; RC4; RSA (encrypt/decrypt)
                    
-
                    Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. #666); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #665); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. #663); SP800-135 - Section 4.1.1, IKEv1 Section 4.1.2, IKEv2 Section 4.2, TLS (Cert. #664)
                    Kernel Mode Cryptographic Primitives Library (cng.sys)10.0.10586#2605
                    FIPS approved algorithms: AES (Certs. #3629); DRBG (Certs. #955); DSA (Certs.  #1024); ECDSA (Certs. #760); HMAC (Certs. #2381); KAS (Certs. #72; key agreement; key establishment methodology provides between 112 bits and 256 bits of encryption strength); KBKDF (Certs. #72); KTS (AES Certs. #3653; key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #1887, #1888, and #1889); SHS (Certs. #3047); Triple-DES (Certs. #2024)
                    
-
                    
-Other algorithms: DES; HMAC-MD5; Legacy CAPI KDF; MD2; MD4; MD5; RC2; RC4; RSA (encrypt/decrypt)
                    
-
                    Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. #666); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #665); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. #663)
                    Boot Manager[4]10.0.10586#2700FIPS approved algorithms: AES (Certs. #3653); HMAC (Cert. #2381); PBKDF (vendor affirmed); RSA (Cert. #1871); SHS (Certs. #3047 and #3048)
                    
-
                    
-Other algorithms: MD5; KDF (non-compliant); PBKDF (non-compliant)
                    BitLocker® Windows OS Loader (winload)[5]10.0.10586#2701FIPS approved algorithms: AES (Certs. #3629 and #3653); RSA (Cert. #1871); SHS (Cert. #3048)
                    
-
                    
-Other algorithms: MD5; NDRNG
                    BitLocker® Windows Resume (winresume)[6]10.0.10586#2702FIPS approved algorithms: AES (Certs. #3653); RSA (Cert. #1871); SHS (Cert. #3048)
                    
-
                    
-Other algorithms: MD5
                    BitLocker® Dump Filter (dumpfve.sys)[7]10.0.10586#2703FIPS approved algorithms: AES (Certs. #3653)
                    Code Integrity (ci.dll)10.0.10586#2604
                    FIPS approved algorithms: RSA (Certs. #1871); SHS (Certs. #3048)
                    
-
                    
-Other algorithms: AES (non-compliant); MD5
                    
-
                    Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #665)
                    Secure Kernel Code Integrity (skci.dll)[8]10.0.10586#2607
                    FIPS approved algorithms: RSA (Certs. #1871); SHS (Certs. #3048)
                    
-
                    
-Other algorithms: MD5
                    
-
                    Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #665)
                    
-
-
-\[4\] Applies only to Home, Pro, Enterprise, Mobile, and Surface Hub
-
-\[5\] Applies only to Home, Pro, Enterprise, Mobile, and Surface Hub
-
-\[6\] Applies only to Home, Pro, and Enterprise
-
-\[7\] Applies only to Pro, Enterprise, Mobile, and Surface Hub
-
-\[8\] Applies only to Enterprise and Enterprise LTSB
-
-##### Windows 10 (Version 1507)
-
-Validated Editions: Home, Pro, Enterprise, Enterprise LTSB, Mobile, and Surface Hub
-
-
------
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    





                    Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
                    Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll)10.0.10240#2606
                    FIPS approved algorithms: AES (Certs. #3497); DRBG (Certs. #868); DSA (Certs. #983); ECDSA (Certs. #706); HMAC (Certs. #2233); KAS (Certs. #64; key agreement; key establishment methodology provides between 112 bits and 256 bits of encryption strength); KBKDF (Certs. #66); KTS (AES Certs. #3507; key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #1783, #1798, and #1802); SHS (Certs. #2886); Triple-DES (Certs. #1969)
                    
-
                    
-Other algorithms: DES; HMAC-MD5; Legacy CAPI KDF; MD2; MD4; MD5; RC2; RC4; RSA (encrypt/decrypt)
                    
-
                    Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #572); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. #576); SP800-135 - Section 4.1.1, IKEv1 Section 4.1.2, IKEv2 Section 4.2, TLS (Cert. #575)
                    Kernel Mode Cryptographic Primitives Library (cng.sys)10.0.10240#2605
                    FIPS approved algorithms: AES (Certs. #3497); DRBG (Certs. #868); DSA (Certs. #983); ECDSA (Certs. #706); HMAC (Certs. #2233); KAS (Certs. #64; key agreement; key establishment methodology provides between 112 bits and 256 bits of encryption strength); KBKDF (Certs. #66); KTS (AES Certs. #3507; key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #1783, #1798, and #1802); SHS (Certs. #2886); Triple-DES (Certs. #1969)
                    
-
                    
-Other algorithms: DES; HMAC-MD5; Legacy CAPI KDF; MD2; MD4; MD5; RC2; RC4; RSA (encrypt/decrypt)
                    
-
                    Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #572); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. #576)
                    Boot Manager[9]10.0.10240#2600FIPS approved algorithms: AES (Cert. #3497); HMAC (Cert. #2233); KTS (AES Cert. #3498); PBKDF (vendor affirmed); RSA (Cert. #1784); SHS (Certs. #2871 and #2886)
                    
-
                    
-Other algorithms: MD5; KDF (non-compliant); PBKDF (non-compliant)
                    BitLocker® Windows OS Loader (winload)[10]10.0.10240#2601FIPS approved algorithms: AES (Certs. #3497 and #3498); RSA (Cert. #1784); SHS (Cert. #2871)
                    
-
                    
-Other algorithms: MD5; NDRNG
                    BitLocker® Windows Resume (winresume)[11]10.0.10240#2602FIPS approved algorithms: AES (Certs. #3497 and #3498); RSA (Cert. #1784); SHS (Cert. #2871)
                    
-
                    
-Other algorithms: MD5
                    BitLocker® Dump Filter (dumpfve.sys)[12]10.0.10240#2603FIPS approved algorithms: AES (Certs. #3497 and #3498)
                    Code Integrity (ci.dll)10.0.10240#2604
                    FIPS approved algorithms: RSA (Certs. #1784); SHS (Certs. #2871)
                    
-
                    
-Other algorithms: AES (non-compliant); MD5
                    
-
                    Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #572)
                    Secure Kernel Code Integrity (skci.dll)[13]10.0.10240#2607
                    FIPS approved algorithms: RSA (Certs. #1784); SHS (Certs. #2871)
                    
-
                    
-Other algorithms: MD5
                    
-
                    Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #572)
                    
-
-
-\[9\] Applies only to Home, Pro, Enterprise, and Enterprise LTSB
-
-\[10\] Applies only to Home, Pro, Enterprise, and Enterprise LTSB
-
-\[11\] Applies only to Home, Pro, Enterprise, and Enterprise LTSB
-
-\[12\] Applies only to Pro, Enterprise, and Enterprise LTSB
-
-\[13\] Applies only to Enterprise and Enterprise LTSB
-
-##### Windows 8.1
-
-Validated Editions: RT, Pro, Enterprise, Phone, Embedded
-
-
------
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    





                    Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
                    Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll)6.3.9600 6.3.9600.17031#2357
                    FIPS approved algorithms: AES (Cert. #2832); DRBG (Certs. #489); DSA (Cert. #855); ECDSA (Cert. #505); HMAC (Cert. #1773); KAS (Cert. #47); KBKDF (Cert. #30); PBKDF (vendor affirmed); RSA (Certs. #1487, #1493, and #1519); SHS (Cert. #2373); Triple-DES (Cert. #1692)
                    
-
                    
-Other algorithms: AES (Cert. #2832, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); AES-GCM encryption (non-compliant); DES; HMAC MD5; Legacy CAPI KDF; MD2; MD4; MD5; NDRNG; RC2; RC4; RSA (encrypt/decrypt)#2832, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); AES-GCM encryption (non-compliant); DES; HMAC MD5; Legacy CAPI KDF; MD2; MD4; MD5; NDRNG; RC2; RC4; RSA (encrypt/decrypt)
                    
-
                    Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. #288); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #289); SP800-135 - Section 4.1.1, IKEv1 Section 4.1.2, IKEv2 Section 4.2, TLS (Cert. #323)
                    Kernel Mode Cryptographic Primitives Library (cng.sys)6.3.9600 6.3.9600.17042#2356
                    FIPS approved algorithms: AES (Cert. #2832); DRBG (Certs. #489); ECDSA (Cert. #505); HMAC (Cert. #1773); KAS (Cert. #47); KBKDF (Cert. #30); PBKDF (vendor affirmed); RSA (Certs. #1487, #1493, and #1519); SHS (Cert. # 2373); Triple-DES (Cert. #1692)
                    
-
                    
-Other algorithms: AES (Cert. #2832, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); AES-GCM encryption (non-compliant); DES; HMAC MD5; Legacy CAPI KDF; MD2; MD4; MD5; NDRNG; RC2; RC4; RSA (encrypt/decrypt)
                    
-
                    Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. #288); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #289)
                    Boot Manager6.3.9600 6.3.9600.17031#2351FIPS approved algorithms: AES (Cert. #2832); HMAC (Cert. #1773); PBKDF (vendor affirmed); RSA (Cert. #1494); SHS (Certs. # 2373 and #2396)
                    
-
                    
-Other algorithms: MD5; KDF (non-compliant); PBKDF (non-compliant)
                    BitLocker® Windows OS Loader (winload)6.3.9600 6.3.9600.17031#2352FIPS approved algorithms: AES (Cert. #2832); RSA (Cert. #1494); SHS (Cert. #2396)
                    
-
                    
-Other algorithms: MD5; NDRNG
                    BitLocker® Windows Resume (winresume)[14]6.3.9600 6.3.9600.17031#2353FIPS approved algorithms: AES (Cert. #2832); RSA (Cert. #1494); SHS (Certs. # 2373 and #2396)
                    
-
                    
-Other algorithms: MD5
                    BitLocker® Dump Filter (dumpfve.sys)6.3.9600 6.3.9600.17031#2354FIPS approved algorithms: AES (Cert. #2832)
                    
-
                    
-Other algorithms: N/A
                    Code Integrity (ci.dll)6.3.9600 6.3.9600.17031#2355#2355
                    FIPS approved algorithms: RSA (Cert. #1494); SHS (Cert. # 2373)
                    
-
                    
-Other algorithms: MD5
                    
-
                    Validated Component Implementations: PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #289)
                    
-
-
-\[14\] Applies only to Pro, Enterprise, and Embedded 8.
-
-##### Windows 8
-
-Validated Editions: RT, Home, Pro, Enterprise, Phone
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
                    Cryptographic Primitives Library (BCRYPTPRIMITIVES.DLL)6.2.9200#1892FIPS approved algorithms: AES (Certs. #2197 and #2216); DRBG (Certs. #258); DSA (Cert. #687); ECDSA (Cert. #341); HMAC (Cert. #1345); KAS (Cert. #36); KBKDF (Cert. #3); PBKDF (vendor affirmed); RSA (Certs. #1133 and #1134); SHS (Cert. #1903); Triple-DES (Cert. #1387)
                    
-
                    
-Other algorithms: AES (Cert. #2197, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)#258); DSA (Cert.); ECDSA (Cert.); HMAC (Cert.); KAS (Cert); KBKDF (Cert.); PBKDF (vendor affirmed); RSA (Certs.  and); SHS (Cert.); Triple-DES (Cert.)
                    
-
                    
-
                    Kernel Mode Cryptographic Primitives Library (cng.sys)6.2.9200#1891FIPS approved algorithms: AES (Certs. #2197 and #2216); DRBG (Certs. #258 and #259); ECDSA (Cert. #341); HMAC (Cert. #1345); KAS (Cert. #36); KBKDF (Cert. #3); PBKDF (vendor affirmed); RNG (Cert. #1110); RSA (Certs. #1133 and #1134); SHS (Cert. #1903); Triple-DES (Cert. #1387)
                    
-
                    
-Other algorithms: AES (Cert. #2197, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)#258 and); ECDSA (Cert.); HMAC (Cert.); KAS (Cert.); KBKDF (Cert.); PBKDF (vendor affirmed); RNG (Cert.); RSA (Certs.  and); SHS (Cert.); Triple-DES (Cert.)
                    
-
                    
-Other algorithms: AES (Certificate, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)
                    Boot Manager6.2.9200#1895FIPS approved algorithms: AES (Certs. #2196 and #2198); HMAC (Cert. #1347); RSA (Cert. #1132); SHS (Cert. #1903)
                    
-
                    
-Other algorithms: MD5
                    BitLocker® Windows OS Loader (WINLOAD)6.2.9200#1896FIPS approved algorithms: AES (Certs. #2196 and #2198); RSA (Cert. #1132); SHS (Cert. #1903)
                    
-
                    
-Other algorithms: AES (Cert. #2197; non-compliant); MD5; Non-Approved RNG
                    BitLocker® Windows Resume (WINRESUME)[15]6.2.9200#1898FIPS approved algorithms: AES (Certs. #2196 and #2198); RSA (Cert. #1132); SHS (Cert. #1903)
                    
-
                    
-Other algorithms: MD5
                    BitLocker® Dump Filter (DUMPFVE.SYS)6.2.9200#1899FIPS approved algorithms: AES (Certs. #2196 and #2198)
                    
-
                    
-Other algorithms: N/A
                    Code Integrity (CI.DLL)6.2.9200#1897FIPS approved algorithms: RSA (Cert. #1132); SHS (Cert. #1903)
                    
-
                    
-Other algorithms: MD5
                    Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH.DLL)6.2.9200#1893FIPS approved algorithms: DSA (Cert. #686); SHS (Cert. #1902); Triple-DES (Cert. #1386); Triple-DES MAC (Triple-DES Cert. #1386, vendor affirmed)
                    
-
                    
-Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman; MD5; RC2; RC2 MAC; RC4; Triple-DES (Cert. #1386, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)#1902); Triple-DES (Cert.); Triple-DES MAC (Triple-DES Certificate, vendor affirmed)
                    
-
                    
-Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman; MD5; RC2; RC2 MAC; RC4; Triple-DES (Certificate, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
                    Enhanced Cryptographic Provider (RSAENH.DLL)6.2.9200#1894FIPS approved algorithms: AES (Cert. #2196); HMAC (Cert. #1346); RSA (Cert. #1132); SHS (Cert. #1902); Triple-DES (Cert. #1386)
                    
-
                    
-Other algorithms: AES (Cert. #2196, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Triple-DES (Cert. #1386, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
                    
-
-
-\[15\] Applies only to Home and Pro
-
-**Windows 7**
-
-Validated Editions: Windows 7, Windows 7 SP1
-
-
------
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    





                    Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
                    Cryptographic Primitives Library (BCRYPTPRIMITIVES.DLL)
                    6.1.7600.16385
                    
-
                    6.1.7601.17514
                    		1329FIPS approved algorithms: AES (Certs. #1168 and #1178); AES GCM (Cert. #1168, vendor-affirmed); AES GMAC (Cert. #1168, vendor-affirmed); DRBG (Certs. #23 and #24); DSA (Cert. #386); ECDSA (Cert. #141); HMAC (Cert. #677); KAS (SP 800-56A, vendor affirmed, key agreement; key establishment methodology provides 80 bits to 256 bits of encryption strength); RNG (Cert. #649); RSA (Certs. #559 and #560); SHS (Cert. #1081); Triple-DES (Cert. #846)
                    
-
                    
-Other algorithms: AES (Cert. #1168, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4#559 and); SHS (Cert.); Triple-DES (Cert.)
                    
-
                    
-Other algorithms: AES (Certificate, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4
                    Kernel Mode Cryptographic Primitives Library (cng.sys)
                    6.1.7600.16385
                    
-
                    6.1.7600.16915
                    
-
                    6.1.7600.21092
                    
-
                    6.1.7601.17514
                    
-
                    6.1.7601.17725
                    
-
                    6.1.7601.17919
                    
-
                    6.1.7601.21861
                    
-
                    6.1.7601.22076
                    		1328FIPS approved algorithms: AES (Certs. #1168 and #1178); AES GCM (Cert. #1168, vendor-affirmed); AES GMAC (Cert. #1168, vendor-affirmed); DRBG (Certs. #23 and #24); ECDSA (Cert. #141); HMAC (Cert. #677); KAS (SP 800-56A, vendor affirmed, key agreement; key establishment methodology provides 80 bits to 256 bits of encryption strength); RNG (Cert. #649); RSA (Certs. #559 and #560); SHS (Cert. #1081); Triple-DES (Cert. #846)
                    
-
                    
-Other algorithms: AES (Cert. #1168, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4
                    Boot Manager
                    6.1.7600.16385
                    
-
                    6.1.7601.17514
                    		1319FIPS approved algorithms: AES (Certs. #1168 and #1177); HMAC (Cert. #675); RSA (Cert. #557); SHS (Cert. #1081)
                    
-
                    
-Other algorithms: MD5#1168 and); HMAC (Cert.); RSA (Cert.); SHS (Cert.)
                    
-
                    
-Other algorithms: MD5
                    Winload OS Loader (winload.exe)
                    6.1.7600.16385
                    
-
                    6.1.7600.16757
                    
-
                    6.1.7600.20897
                    
-
                    6.1.7600.20916
                    
-
                    6.1.7601.17514
                    
-
                    6.1.7601.17556
                    
-
                    6.1.7601.21655
                    
-
                    6.1.7601.21675
                    		1326FIPS approved algorithms: AES (Certs. #1168 and #1177); RSA (Cert. #557); SHS (Cert. #1081)
                    
-
                    
-Other algorithms: MD5
                    BitLocker™ Drive Encryption
                    6.1.7600.16385
                    
-
                    6.1.7600.16429
                    
-
                    6.1.7600.16757
                    
-
                    6.1.7600.20536
                    
-
                    6.1.7600.20873
                    
-
                    6.1.7600.20897
                    
-
                    6.1.7600.20916
                    
-
                    6.1.7601.17514
                    
-
                    6.1.7601.17556
                    
-
                    6.1.7601.21634
                    
-
                    6.1.7601.21655
                    
-
                    6.1.7601.21675
                    		1332FIPS approved algorithms: AES (Certs. #1168 and #1177); HMAC (Cert. #675); SHS (Cert. #1081)
                    
-
                    
-Other algorithms: Elephant Diffuser
                    Code Integrity (CI.DLL)
                    6.1.7600.16385
                    
-
                    6.1.7600.17122
                    
-
                    6.1.7600.21320
                    
-
                    6.1.7601.17514
                    
-
                    6.1.7601.17950
                    
-
                    6.1.7601.22108
                    		1327FIPS approved algorithms: RSA (Cert. #557); SHS (Cert. #1081)
                    
-
                    
-Other algorithms: MD5
                    Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH.DLL)6.1.7600.16385
                    
-(no change in SP1)                    		1331FIPS approved algorithms: DSA (Cert. #385); RNG (Cert. #649); SHS (Cert. #1081); Triple-DES (Cert. #846); Triple-DES MAC (Triple-DES Cert. #846, vendor affirmed)
                    
-
                    
-Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman; MD5; RC2; RC2 MAC; RC4
                    Enhanced Cryptographic Provider (RSAENH.DLL)6.1.7600.16385
                    
-(no change in SP1)                    		1330FIPS approved algorithms: AES (Cert. #1168); DRBG (Cert. #23); HMAC (Cert. #673); SHS (Cert. #1081); RSA (Certs. #557 and #559); Triple-DES (Cert. #846)
                    
-
                    
-Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 bits and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
                    
-
-
-##### Windows Vista SP1
-
-Validated Editions: Ultimate Edition
-
-
------
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    





                    Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
                    Boot Manager (bootmgr)6.0.6001.18000 and 6.0.6002.18005978FIPS approved algorithms: AES (Certs. #739 and #760); HMAC (Cert. #415); RSA (Cert. #354); SHS (Cert. #753)
                    Winload OS Loader (winload.exe)6.0.6001.18000, 6.0.6001.18027, 6.0.6001.18606, 6.0.6001.22125, 6.0.6001.22861, 6.0.6002.18005, 6.0.6002.18411 and 6.0.6002.22596979FIPS approved algorithms: AES (Certs. #739 and #760); RSA (Cert. #354); SHS (Cert. #753)
                    
-
                    
-Other algorithms: MD5
                    Code Integrity (ci.dll)6.0.6001.18000, 6.0.6001.18023, 6.0.6001.22120, and 6.0.6002.18005980FIPS approved algorithms: RSA (Cert. #354); SHS (Cert. #753)
                    
-
                    
-Other algorithms: MD5
                    Kernel Mode Security Support Provider Interface (ksecdd.sys)6.0.6001.18709, 6.0.6001.18272, 6.0.6001.18796, 6.0.6001.22202, 6.0.6001.22450, 6.0.6001.22987, 6.0.6001.23069, 6.0.6002.18005, 6.0.6002.18051, 6.0.6002.18541, 6.0.6002.18643, 6.0.6002.22152, 6.0.6002.22742, and 6.0.6002.228691000
                    FIPS approved algorithms: AES (Certs. #739 and #756); ECDSA (Cert. #82); HMAC (Cert. #412); RNG (Cert. #435 and SP 800-90 AES-CTR, vendor-affirmed); RSA (Certs. #353 and #357); SHS (Cert. #753); Triple-DES (Cert. #656)#739 and); ECDSA (Cert.); HMAC (Cert.); RNG (Cert.  and SP 800-90 AES-CTR, vendor-affirmed); RSA (Certs.  and); SHS (Cert.); Triple-DES (Cert.)
                    
-
                    Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 bits and 256 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
                    Cryptographic Primitives Library (bcrypt.dll)6.0.6001.22202, 6.0.6002.18005, and 6.0.6002.228721001
                    FIPS approved algorithms: AES (Certs. #739 and #756); DSA (Cert. #283); ECDSA (Cert. #82); HMAC (Cert. #412); RNG (Cert. #435 and SP 800-90, vendor affirmed); RSA (Certs. #353 and #357); SHS (Cert. #753); Triple-DES (Cert. #656)
                    
-
                    Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 bits and 256 bits of encryption strength); MD2; MD4; MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant provides less than 112 bits of encryption strength)
                    Enhanced Cryptographic Provider (RSAENH)6.0.6001.22202 and 6.0.6002.180051002
                    FIPS approved algorithms: AES (Cert. #739); HMAC (Cert. #407); RNG (SP 800-90, vendor affirmed); RSA (Certs. #353 and #354); SHS (Cert. #753); Triple-DES (Cert. #656)
                    
-
                    Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
                    Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH)6.0.6001.18000 and 6.0.6002.180051003
                    FIPS approved algorithms: DSA (Cert. #281); RNG (Cert. #435); SHS (Cert. #753); Triple-DES (Cert. #656); Triple-DES MAC (Triple-DES Cert. #656, vendor affirmed)
                    
-
                    Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RC2; RC2 MAC; RC4
                    
-
-
-##### Windows Vista
-
-Validated Editions: Ultimate Edition
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
                    Enhanced Cryptographic Provider (RSAENH)6.0.6000.16386893FIPS approved algorithms: AES (Cert. #553); HMAC (Cert. #297); RNG (Cert. #321); RSA (Certs. #255 and #258); SHS (Cert. #618); Triple-DES (Cert. #549)
                    
-
                    
-Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
                    Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH)6.0.6000.16386894FIPS approved algorithms: DSA (Cert. #226); RNG (Cert. #321); SHS (Cert. #618); Triple-DES (Cert. #549); Triple-DES MAC (Triple-DES Cert. #549, vendor affirmed)
                    
-
                    
-Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RC2; RC2 MAC; RC4
                    BitLocker™ Drive Encryption6.0.6000.16386947FIPS approved algorithms: AES (Cert. #715); HMAC (Cert. #386); SHS (Cert. #737)
                    
-
                    
-Other algorithms: Elephant Diffuser
                    Kernel Mode Security Support Provider Interface (ksecdd.sys)6.0.6000.16386, 6.0.6000.16870 and 6.0.6000.21067891FIPS approved algorithms: AES (Cert. #553); ECDSA (Cert. #60); HMAC (Cert. #298); RNG (Cert. #321); RSA (Certs. #257 and #258); SHS (Cert. #618); Triple-DES (Cert. #549)
                    
-
                    
-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 bits to 256 bits of encryption strength); MD2; MD4; MD5; RC2; RC4; HMAC MD5
                    
-
-
-##### Windows XP SP3
-
-
------
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    





                    Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
                    Kernel Mode Cryptographic Module (FIPS.SYS)5.1.2600.5512997
                    FIPS approved algorithms: HMAC (Cert. #429); RNG (Cert. #449); SHS (Cert. #785); Triple-DES (Cert. #677); Triple-DES MAC (Triple-DES Cert. #677, vendor affirmed)
                    
-
                    Other algorithms: DES; MD5; HMAC MD5
                    Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH)5.1.2600.5507990
                    FIPS approved algorithms: DSA (Cert. #292); RNG (Cert. #448); SHS (Cert. #784); Triple-DES (Cert. #676); Triple-DES MAC (Triple-DES Cert. #676, vendor affirmed)
                    
-
                    Other algorithms: DES; DES40; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits); MD5; RC2; RC4
                    Enhanced Cryptographic Provider (RSAENH)5.1.2600.5507989
                    FIPS approved algorithms: AES (Cert. #781); HMAC (Cert. #428); RNG (Cert. #447); RSA (Cert. #371); SHS (Cert. #783); Triple-DES (Cert. #675); Triple-DES MAC (Triple-DES Cert. #675, vendor affirmed)
                    
-
                    Other algorithms: DES; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits)
                    
-
-
-##### Windows XP SP2
-
-
------
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    





                    Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
                    DSS/Diffie-Hellman Enhanced Cryptographic Provider5.1.2600.2133240
                    FIPS approved algorithms: Triple-DES (Cert. #16); DSA/SHA-1 (Cert. #29)
                    
-
                    Other algorithms: DES (Cert. #66); RC2; RC4; MD5; DES40; Diffie-Hellman (key agreement)
                    Microsoft Enhanced Cryptographic Provider5.1.2600.2161238
                    FIPS approved algorithms: Triple-DES (Cert. #81); AES (Cert. #33); SHA-1 (Cert. #83); RSA (PKCS#1, vendor affirmed); HMAC-SHA-1 (Cert. #83, vendor affirmed)
                    
-
                    Other algorithms: DES (Cert. #156); RC2; RC4; MD5
                    
-
-
-##### Windows XP SP1
-
-
------
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    





                    Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
                    Microsoft Enhanced Cryptographic Provider5.1.2600.1029238
                    FIPS approved algorithms: Triple-DES (Cert. #81); AES (Cert. #33); SHA-1 (Cert. #83); RSA (PKCS#1, vendor affirmed); HMAC-SHA-1 (Cert. #83, vendor affirmed)
                    
-
                    Other algorithms: DES (Cert. #156); RC2; RC4; MD5
                    
-
-
-##### Windows XP
-
-
------
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    





                    Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
                    Kernel Mode Cryptographic Module5.1.2600.0241
                    FIPS approved algorithms: Triple-DES (Cert. #16); DSA/SHA-1 (Cert. #35); HMAC-SHA-1 (Cert. #35, vendor affirmed)
                    
-
                    Other algorithms: DES (Cert. #89)
                    
-
-
-##### Windows 2000 SP3
-
-
------
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    





                    Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
                    Kernel Mode Cryptographic Module (FIPS.SYS)5.0.2195.1569106
                    FIPS approved algorithms: Triple-DES (Cert. #16); SHA-1 (Certs. #35)
                    
-
                    Other algorithms: DES (Certs. #89)
                    Base DSS Cryptographic Provider, Base Cryptographic Provider, DSS/Diffie-Hellman Enhanced Cryptographic Provider, and Enhanced Cryptographic Provider
                    (Base DSS: 5.0.2195.3665 [SP3])
                    
-
                    (Base: 5.0.2195.3839 [SP3])
                    
-
                    (DSS/DH Enh: 5.0.2195.3665 [SP3])
                    
-
                    (Enh: 5.0.2195.3839 [SP3]
                    		103
                    FIPS approved algorithms: Triple-DES (Cert. #16); DSA/SHA-1 (Certs. #28 and #29); RSA (vendor affirmed)
                    
-
                    Other algorithms: DES (Certs. #65, 66, 67 and 68); Diffie-Hellman (key agreement); RC2; RC4; MD2; MD4; MD5
                    
-
-
-##### Windows 2000 SP2
-
-
------
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    





                    Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
                    Kernel Mode Cryptographic Module (FIPS.SYS)5.0.2195.1569106
                    FIPS approved algorithms: Triple-DES (Cert. #16); SHA-1 (Certs. #35)
                    
-
                    Other algorithms: DES (Certs. #89)
                    Base DSS Cryptographic Provider, Base Cryptographic Provider, DSS/Diffie-Hellman Enhanced Cryptographic Provider, and Enhanced Cryptographic Provider
                    (Base DSS:
                    
-
                    5.0.2195.2228 [SP2])
                    
-
                    (Base:
                    
-
                    5.0.2195.2228 [SP2])
                    
-
                    (DSS/DH Enh:
                    
-
                    5.0.2195.2228 [SP2])
                    
-
                    (Enh:
                    
-
                    5.0.2195.2228 [SP2])
                    		103
                    FIPS approved algorithms: Triple-DES (Cert. #16); DSA/SHA-1 (Certs. #28 and #29); RSA (vendor affirmed)
                    
-
                    Other algorithms: DES (Certs. #65, 66, 67 and 68); Diffie-Hellman (key agreement); RC2; RC4; MD2; MD4; MD5
                    
-
-
-##### Windows 2000 SP1
-
-
------
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    





                    Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
                    Base DSS Cryptographic Provider, Base Cryptographic Provider, DSS/Diffie-Hellman Enhanced Cryptographic Provider, and Enhanced Cryptographic Provider
                    (Base DSS: 5.0.2150.1391 [SP1])
                    
-
                    (Base: 5.0.2150.1391 [SP1])
                    
-
                    (DSS/DH Enh: 5.0.2150.1391 [SP1])
                    
-
                    (Enh: 5.0.2150.1391 [SP1])
                    		103
                    FIPS approved algorithms: Triple-DES (Cert. #16); DSA/SHA-1 (Certs. #28 and #29); RSA (vendor affirmed)
                    
-
                    Other algorithms: DES (Certs. #65, 66, 67 and 68); Diffie-Hellman (key agreement); RC2; RC4; MD2; MD4; MD5
                    
-
-
-##### Windows 2000
-
-
------
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    





                    Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
                    Base DSS Cryptographic Provider, Base Cryptographic Provider, DSS/Diffie-Hellman Enhanced Cryptographic Provider, and Enhanced Cryptographic Provider5.0.2150.176
                    FIPS approved algorithms: Triple-DES (vendor affirmed); DSA/SHA-1 (Certs. #28 and 29); RSA (vendor affirmed)
                    
-
                    Other algorithms: DES (Certs. #65, 66, 67 and 68); RC2; RC4; MD2; MD4; MD5; Diffie-Hellman (key agreement)
                    
-
-
-##### Windows 95 and Windows 98
-
-
------
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    





                    Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
                    Base DSS Cryptographic Provider, Base Cryptographic Provider, DSS/Diffie-Hellman Enhanced Cryptographic Provider, and Enhanced Cryptographic Provider5.0.1877.6 and 5.0.1877.775
                    FIPS approved algorithms: Triple-DES (vendor affirmed); SHA-1 (Certs. #20 and 21); DSA/SHA-1 (Certs. #25 and 26); RSA (vendor- affirmed)
                    
-
                    Other algorithms: DES (Certs. #61, 62, 63 and 64); RC2; RC4; MD2; MD4; MD5; Diffie-Hellman (key agreement)
                    
-
-
-##### Windows NT 4.0
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
                    Base Cryptographic Provider5.0.1877.6 and 5.0.1877.768FIPS approved algorithms: SHA-1 (Certs. #20 and 21); DSA/SHA- 1 (Certs. #25 and 26); RSA (vendor affirmed)
                    
-
                    
-Other algorithms: DES (Certs. #61, 62, 63 and 64); Triple-DES (allowed for US and Canadian Government use); RC2; RC4; MD2; MD4; MD5; Diffie-Hellman (key agreement)
                    
-
-## Modules used by Windows Server
-
-##### Windows Server 2019 (Version 1809)
-
-Validated Editions: Standard, Datacenter
-
-
------
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    





                    Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
                    Cryptographic Primitives Library10.0.17763#3197See Security Policy and Certificate page for algorithm information
                    Kernel Mode Cryptographic Primitives Library10.0.17763#3196See Security Policy and Certificate page for algorithm information
                    Code Integrity10.0.17763#3644See Security Policy and Certificate page for algorithm information
                    Windows OS Loader10.0.17763#3615See Security Policy and Certificate page for algorithm information
                    Secure Kernel Code Integrity10.0.17763#3651See Security Policy and Certificate page for algorithm information
                    BitLocker Dump Filter10.0.17763#3092See Security Policy and Certificate page for algorithm information
                    Boot Manager10.0.17763#3089See Security Policy and Certificate page for algorithm information
                    Virtual TPM10.0.17763#3690See Security Policy and Certificate page for algorithm information
                    
-
-##### Windows Server (Version 1803)
-
-Validated Editions: Standard, Datacenter
-
-
------
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    





                    Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
                    Cryptographic Primitives Library10.0.17134#3197See Security Policy and Certificate page for algorithm information
                    Kernel Mode Cryptographic Primitives Library10.0.17134#3196See Security Policy and Certificate page for algorithm information
                    Code Integrity10.0.17134#3195See Security Policy and Certificate page for algorithm information
                    Windows OS Loader10.0.17134#3480See Security Policy and Certificate page for algorithm information
                    Secure Kernel Code Integrity10.0.17134#3096See Security Policy and Certificate page for algorithm information
                    BitLocker Dump Filter10.0.17134#3092See Security Policy and Certificate page for algorithm information
                    Boot Manager10.0.17134#3089See Security Policy and Certificate page for algorithm information
                    
-
-##### Windows Server (Version 1709)
-
-Validated Editions: Standard, Datacenter
-
-
------
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    





                    Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
                    Cryptographic Primitives Library10.0.16299#3197See Security Policy and Certificate page for algorithm information
                    Kernel Mode Cryptographic Primitives Library10.0.16299#3196See Security Policy and Certificate page for algorithm information
                    Code Integrity10.0.16299#3195See Security Policy and Certificate page for algorithm information
                    Windows OS Loader10.0.16299#3194See Security Policy and Certificate page for algorithm information
                    Secure Kernel Code Integrity10.0.16299#3096See Security Policy and Certificate page for algorithm information
                    BitLocker Dump Filter10.0.16299#3092See Security Policy and Certificate page for algorithm information
                    Windows Resume10.0.16299#3091See Security Policy and Certificate page for algorithm information
                    Boot Manager10.0.16299#3089See Security Policy and Certificate page for algorithm information
                    
-
-##### Windows Server 2016
-
-Validated Editions: Standard, Datacenter, Storage Server
-
-
------
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    





                    Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
                    Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll)10.0.143932937FIPS approved algorithms: AES (Cert. #4064); DRBG (Cert. #1217); DSA (Cert. #1098); ECDSA (Cert. #911); HMAC (Cert. #2651); KAS (Cert. #92); KBKDF (Cert. #101); KTS (AES Cert. #4062; key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #2192, #2193, and #2195); SHS (Cert. #3347); Triple-DES (Cert. #2227)
                    
-
                    
-Other algorithms: HMAC-MD5; MD5; DES; Legacy CAPI KDF; MD2; MD4; RC2; RC4; RSA (encrypt/decrypt)
                    Kernel Mode Cryptographic Primitives Library (cng.sys)10.0.143932936FIPS approved algorithms: AES (Cert. #4064); DRBG (Cert. #1217); DSA (Cert. #1098); ECDSA (Cert. #911); HMAC (Cert. #2651); KAS (Cert. #92); KBKDF (Cert. #101); KTS (AES Cert. #4062; key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #2192, #2193, and #2195); SHS (Cert. #3347); Triple-DES (Cert. #2227)
                    
-
                    
-Other algorithms: HMAC-MD5; MD5; NDRNG; DES; Legacy CAPI KDF; MD2; MD4; RC2; RC4; RSA (encrypt/decrypt)
                    Boot Manager10.0.143932931
                    FIPS approved algorithms: AES (Certs. #4061 and #4064); HMAC (Cert. #2651); PBKDF (vendor affirmed); RSA (Cert. #2193); SHS (Cert. #3347)
                    
-
                    Other algorithms: MD5; PBKDF (non-compliant); VMK KDF
                    BitLocker® Windows OS Loader (winload)10.0.143932932FIPS approved algorithms: AES (Certs. #4061 and #4064); RSA (Cert. #2193); SHS (Cert. #3347)
                    
-
                    
-Other algorithms: NDRNG; MD5
                    BitLocker® Windows Resume (winresume)10.0.143932933FIPS approved algorithms: AES (Certs. #4061 and #4064); RSA (Cert. #2193); SHS (Cert. #3347)
                    
-
                    
-Other algorithms: MD5
                    BitLocker® Dump Filter (dumpfve.sys)10.0.143932934FIPS approved algorithms: AES (Certs. #4061 and #4064)
                    Code Integrity (ci.dll)10.0.143932935FIPS approved algorithms: RSA (Cert. #2193); SHS (Cert. #3347)
                    
-
                    
-Other algorithms: AES (non-compliant); MD5
                    Secure Kernel Code Integrity (skci.dll)10.0.143932938FIPS approved algorithms: RSA (Certs. #2193); SHS (Certs. #3347)
                    
-
                    
-Other algorithms: MD5
                    
-
-
-##### Windows Server 2012 R2
-
-Validated Editions: Server, Storage Server,
-
-**StorSimple 8000 Series, Azure StorSimple Virtual Array Windows Server 2012 R2**
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
                    Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll)6.3.9600 6.3.9600.170312357FIPS approved algorithms: AES (Cert. #2832); DRBG (Certs. #489); DSA (Cert. #855); ECDSA (Cert. #505); HMAC (Cert. #1773); KAS (Cert. #47); KBKDF (Cert. #30); PBKDF (vendor affirmed); RSA (Certs. #1487, #1493, and #1519); SHS (Cert. #2373); Triple-DES (Cert. #1692)
                    
-
                    
-Other algorithms: AES (Cert. #2832, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); AES-GCM encryption (non-compliant); DES; HMAC MD5; Legacy CAPI KDF; MD2; MD4; MD5; NDRNG; RC2; RC4; RSA (encrypt/decrypt)
                    Kernel Mode Cryptographic Primitives Library (cng.sys)6.3.9600 6.3.9600.170422356FIPS approved algorithms: AES (Cert. #2832); DRBG (Certs. #489); ECDSA (Cert. #505); HMAC (Cert. #1773); KAS (Cert. #47); KBKDF (Cert. #30); PBKDF (vendor affirmed); RSA (Certs. #1487, #1493, and #1519); SHS (Cert. # 2373); Triple-DES (Cert. #1692)
                    
-
                    
-Other algorithms: AES (Cert. #2832, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); AES-GCM encryption (non-compliant); DES; HMAC MD5; Legacy CAPI KDF; MD2; MD4; MD5; NDRNG; RC2; RC4; RSA (encrypt/decrypt)
                    Boot Manager6.3.9600 6.3.9600.170312351FIPS approved algorithms: AES (Cert. #2832); HMAC (Cert. #1773); PBKDF (vendor affirmed); RSA (Cert. #1494); SHS (Certs. # 2373 and #2396)
                    
-
                    
-Other algorithms: MD5; KDF (non-compliant); PBKDF (non-compliant)
                    BitLocker® Windows OS Loader (winload)6.3.9600 6.3.9600.170312352FIPS approved algorithms: AES (Cert. #2832); RSA (Cert. #1494); SHS (Cert. #2396)
                    
-
                    
-Other algorithms: MD5; NDRNG
                    BitLocker® Windows Resume (winresume)[16]6.3.9600 6.3.9600.170312353FIPS approved algorithms: AES (Cert. #2832); RSA (Cert. #1494); SHS (Certs. # 2373 and #2396)
                    
-
                    
-Other algorithms: MD5
                    BitLocker® Dump Filter (dumpfve.sys)[17]6.3.9600 6.3.9600.170312354FIPS approved algorithms: AES (Cert. #2832)
                    
-
                    
-Other algorithms: N/A
                    Code Integrity (ci.dll)6.3.9600 6.3.9600.170312355FIPS approved algorithms: RSA (Cert. #1494); SHS (Cert. # 2373)
                    
-
                    
-Other algorithms: MD5
                    
-
-
-\[16\] Doesn't apply to **Azure StorSimple Virtual Array Windows Server 2012 R2**
-
-\[17\] Doesn't apply to **Azure StorSimple Virtual Array Windows Server 2012 R2**
-
-**Windows Server 2012**
-
-Validated Editions: Server, Storage Server
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
                    Cryptographic Primitives Library (BCRYPTPRIMITIVES.DLL)6.2.92001892FIPS approved algorithms: AES (Certs. #2197 and #2216); DRBG (Certs. #258); DSA (Cert. #687); ECDSA (Cert. #341); HMAC (Cert. #1345); KAS (Cert. #36); KBKDF (Cert. #3); PBKDF (vendor affirmed); RSA (Certs. #1133 and #1134); SHS (Cert. #1903); Triple-DES (Cert. #1387)
                    
-
                    
-Other algorithms: AES (Cert. #2197, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)#687); ECDSA (Cert.); HMAC (Cert. #); KAS (Cert.); KBKDF (Cert.); PBKDF (vendor affirmed); RSA (Certs.  and); SHS (Cert.); Triple-DES (Cert.)
                    
-
                    
-Other algorithms: AES (Certificate, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)
                    Kernel Mode Cryptographic Primitives Library (cng.sys)6.2.92001891FIPS approved algorithms: AES (Certs. #2197 and #2216); DRBG (Certs. #258 and #259); ECDSA (Cert. #341); HMAC (Cert. #1345); KAS (Cert. #36); KBKDF (Cert. #3); PBKDF (vendor affirmed); RNG (Cert. #1110); RSA (Certs. #1133 and #1134); SHS (Cert. #1903); Triple-DES (Cert. #1387)
                    
-
                    
-Other algorithms: AES (Cert. #2197, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)#1110); RSA (Certs.  and); SHS (Cert.); Triple-DES (Cert.)
                    
-
                    
-Other algorithms: AES (Certificate, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)
                    Boot Manager6.2.92001895FIPS approved algorithms: AES (Certs. #2196 and #2198); HMAC (Cert. #1347); RSA (Cert. #1132); SHS (Cert. #1903)
                    
-
                    
-Other algorithms: MD5
                    BitLocker® Windows OS Loader (WINLOAD)6.2.92001896FIPS approved algorithms: AES (Certs. #2196 and #2198); RSA (Cert. #1132); SHS (Cert. #1903)
                    
-
                    
-Other algorithms: AES (Cert. #2197; non-compliant); MD5; Non-Approved RNG
                    BitLocker® Windows Resume (WINRESUME)6.2.92001898FIPS approved algorithms: AES (Certs. #2196 and #2198); RSA (Cert. #1132); SHS (Cert. #1903)
                    
-
                    
-Other algorithms: MD5
                    BitLocker® Dump Filter (DUMPFVE.SYS)6.2.92001899FIPS approved algorithms: AES (Certs. #2196 and #2198)
                    
-
                    
-Other algorithms: N/A
                    Code Integrity (CI.DLL)6.2.92001897FIPS approved algorithms: RSA (Cert. #1132); SHS (Cert. #1903)
                    
-
                    
-Other algorithms: MD5
                    Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH.DLL)6.2.92001893FIPS approved algorithms: DSA (Cert. #686); SHS (Cert. #1902); Triple-DES (Cert. #1386); Triple-DES MAC (Triple-DES Cert. #1386, vendor affirmed)
                    
-
                    
-Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman; MD5; RC2; RC2 MAC; RC4; Triple-DES (Cert. #1386, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
                    Enhanced Cryptographic Provider (RSAENH.DLL)6.2.92001894FIPS approved algorithms: AES (Cert. #2196); HMAC (Cert. #1346); RSA (Cert. #1132); SHS (Cert. #1902); Triple-DES (Cert. #1386)
                    
-
                    
-Other algorithms: AES (Cert. #2196, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Triple-DES (Cert. #1386, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
                    
-
-
-##### Windows Server 2008 R2
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
                    Boot Manager (bootmgr)6.1.7600.16385 or 6.1.7601.175141321FIPS approved algorithms: AES (Certs. #1168 and #1177); HMAC (Cert. #675); RSA (Cert. #568); SHS (Cert. #1081)
                    
-
                    
-Other algorithms: MD5
                    Winload OS Loader (winload.exe)6.1.7600.16385, 6.1.7600.16757, 6.1.7600.20897, 6.1.7600.20916, 6.1.7601.17514, 6.1.7601.17556, 6.1.7601.21655 and 6.1.7601.216751333FIPS approved algorithms: AES (Certs. #1168 and #1177); RSA (Cert. #568); SHS (Cert. #1081)
                    
-
                    
-Other algorithms: MD5
                    Code Integrity (ci.dll)6.1.7600.16385, 6.1.7600.17122, 6.1.7600.21320, 6.1.7601.17514, 6.1.7601.17950 and 6.1.7601.221081334FIPS approved algorithms: RSA (Cert. #568); SHS (Cert. #1081)
                    
-
                    
-Other algorithms: MD5
                    Kernel Mode Cryptographic Primitives Library (cng.sys)6.1.7600.16385, 6.1.7600.16915, 6.1.7600.21092, 6.1.7601.17514, 6.1.7601.17919, 6.1.7601.17725, 6.1.7601.21861 and 6.1.7601.220761335FIPS approved algorithms: AES (Certs. #1168 and #1177); AES GCM (Cert. #1168, vendor-affirmed); AES GMAC (Cert. #1168, vendor-affirmed); DRBG (Certs. #23 and #27); ECDSA (Cert. #142); HMAC (Cert. #686); KAS (SP 800-56A, vendor affirmed, key agreement; key establishment methodology provides between 80 bits and 256 bits of encryption strength); RNG (Cert. #649); RSA (Certs. #559 and #567); SHS (Cert. #1081); Triple-DES (Cert. #846)
                    
-
                    
--Other algorithms: AES (Cert. #1168, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4
                    Cryptographic Primitives Library (bcryptprimitives.dll)66.1.7600.16385 or 6.1.7601.175141336FIPS approved algorithms: AES (Certs. #1168 and #1177); AES GCM (Cert. #1168, vendor-affirmed); AES GMAC (Cert. #1168, vendor-affirmed); DRBG (Certs. #23 and #27); DSA (Cert. #391); ECDSA (Cert. #142); HMAC (Cert. #686); KAS (SP 800-56A, vendor affirmed, key agreement; key establishment methodology provides between 80 bits and 256 bits of encryption strength); RNG (Cert. #649); RSA (Certs. #559 and #567); SHS (Cert. #1081); Triple-DES (Cert. #846)
                    
-
                    
-Other algorithms: AES (Cert. #1168, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; HMAC MD5; MD2; MD4; MD5; RC2; RC4
                    Enhanced Cryptographic Provider (RSAENH)6.1.7600.163851337FIPS approved algorithms: AES (Cert. #1168); DRBG (Cert. #23); HMAC (Cert. #687); SHS (Cert. #1081); RSA (Certs. #559 and #568); Triple-DES (Cert. #846)
                    
-
                    
-Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 bits and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
                    Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH)6.1.7600.163851338FIPS approved algorithms: DSA (Cert. #390); RNG (Cert. #649); SHS (Cert. #1081); Triple-DES (Cert. #846); Triple-DES MAC (Triple-DES Cert. #846, vendor affirmed)
                    
-
                    
-Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman; MD5; RC2; RC2 MAC; RC4
                    BitLocker™ Drive Encryption6.1.7600.16385, 6.1.7600.16429, 6.1.7600.16757, 6.1.7600.20536, 6.1.7600.20873, 6.1.7600.20897, 6.1.7600.20916, 6.1.7601.17514, 6.1.7601.17556, 6.1.7601.21634, 6.1.7601.21655 or 6.1.7601.216751339FIPS approved algorithms: AES (Certs. #1168 and #1177); HMAC (Cert. #675); SHS (Cert. #1081)
                    
-
                    
-Other algorithms: Elephant Diffuser
                    
-
-
-##### Windows Server 2008
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
                    Boot Manager (bootmgr)6.0.6001.18000, 6.0.6002.18005 and 6.0.6002.224971004FIPS approved algorithms: AES (Certs. #739 and #760); HMAC (Cert. #415); RSA (Cert. #355); SHS (Cert. #753)
                    
-
                    
-Other algorithms: N/A
                    Winload OS Loader (winload.exe)6.0.6001.18000, 6.0.6001.18606, 6.0.6001.22861, 6.0.6002.18005, 6.0.6002.18411, 6.0.6002.22497 and 6.0.6002.225961005FIPS approved algorithms: AES (Certs. #739 and #760); RSA (Cert. #355); SHS (Cert. #753)
                    
-
                    
-Other algorithms: MD5
                    Code Integrity (ci.dll)6.0.6001.18000 and 6.0.6002.180051006FIPS approved algorithms: RSA (Cert. #355); SHS (Cert. #753)
                    
-
                    
-Other algorithms: MD5
                    Kernel Mode Security Support Provider Interface (ksecdd.sys)6.0.6001.18709, 6.0.6001.18272, 6.0.6001.18796, 6.0.6001.22202, 6.0.6001.22450, 6.0.6001.22987, 6.0.6001.23069, 6.0.6002.18005, 6.0.6002.18051, 6.0.6002.18541, 6.0.6002.18643, 6.0.6002.22152, 6.0.6002.22742 and 6.0.6002.228691007FIPS approved algorithms: AES (Certs. #739 and #757); ECDSA (Cert. #83); HMAC (Cert. #413); RNG (Cert. #435 and SP800-90 AES-CTR, vendor affirmed); RSA (Certs. #353 and #358); SHS (Cert. #753); Triple-DES (Cert. #656)
                    
-
                    
-Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 bits and 256 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping: key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)#83); HMAC (Cert.); RNG (Cert.  and SP800-90 AES-CTR, vendor affirmed); RSA (Certs.  and); SHS (Cert.); Triple-DES (Cert.)
                    
-
                    
-Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 bits and 256 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping: key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
                    Cryptographic Primitives Library (bcrypt.dll)6.0.6001.22202, 6.0.6002.18005 and 6.0.6002.228721008FIPS approved algorithms: AES (Certs. #739 and #757); DSA (Cert. #284); ECDSA (Cert. #83); HMAC (Cert. #413); RNG (Cert. #435 and SP800-90, vendor affirmed); RSA (Certs. #353 and #358); SHS (Cert. #753); Triple-DES (Cert. #656)
                    
-
                    
-Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 bits and 256 bits of encryption strength); MD2; MD4; MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant provides less than 112 bits of encryption strength)
                    Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH)6.0.6001.18000 and 6.0.6002.180051009FIPS approved algorithms: DSA (Cert. #282); RNG (Cert. #435); SHS (Cert. #753); Triple-DES (Cert. #656); Triple-DES MAC (Triple-DES Cert. #656, vendor affirmed)
                    
-
                    
--Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RC2; RC2 MAC; RC4
                    Enhanced Cryptographic Provider (RSAENH)6.0.6001.22202 and 6.0.6002.180051010FIPS approved algorithms: AES (Cert. #739); HMAC (Cert. #408); RNG (SP 800-90, vendor affirmed); RSA (Certs. #353 and #355); SHS (Cert. #753); Triple-DES (Cert. #656)
                    
-
                    
-Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
                    
-
-
-##### Windows Server 2003 SP2
-
-
------
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    





                    Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
                    Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH)5.2.3790.3959875
                    FIPS approved algorithms: DSA (Cert. #221); RNG (Cert. #314); RSA (Cert. #245); SHS (Cert. #611); Triple-DES (Cert. #543)
                    
-
                    Other algorithms: DES; DES40; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RC2; RC4
                    Kernel Mode Cryptographic Module (FIPS.SYS)5.2.3790.3959869
                    FIPS approved algorithms: HMAC (Cert. #287); RNG (Cert. #313); SHS (Cert. #610); Triple-DES (Cert. #542)
                    
-
                    Other algorithms: DES; HMAC-MD5
                    Enhanced Cryptographic Provider (RSAENH)5.2.3790.3959868
                    FIPS approved algorithms: AES (Cert. #548); HMAC (Cert. #289); RNG (Cert. #316); RSA (Cert. #245); SHS (Cert. #613); Triple-DES (Cert. #544)
                    
-
                    Other algorithms: DES; RC2; RC4; MD2; MD4; MD5; RSA (key wrapping; key establishment methodology provides between 112 bits and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
                    
-
-
-##### Windows Server 2003 SP1
-
-
------
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    





                    Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
                    Kernel Mode Cryptographic Module (FIPS.SYS)5.2.3790.1830 [SP1]405
                    FIPS approved algorithms: Triple-DES (Certs. #201[1] and #370[1]); SHS (Certs. #177[1] and #371[2])
                    
-
                    Other algorithms: DES (Cert. #230[1]); HMAC-MD5; HMAC-SHA-1 (non-compliant)
                    
-
                    [1] x86
                    
-[2] SP1 x86, x64, IA64
                    Enhanced Cryptographic Provider (RSAENH)5.2.3790.1830 [Service Pack 1])382
                    FIPS approved algorithms: Triple-DES (Cert. #192[1] and #365[2]); AES (Certs. #80[1] and #290[2]); SHS (Cert. #176[1] and #364[2]); HMAC (Cert. #176, vendor affirmed[1] and #99[2]); RSA (PKCS#1, vendor affirmed[1] and #81[2])
                    
-
                    Other algorithms: DES (Cert. #226[1]); SHA-256[1]; SHA-384[1]; SHA-512[1]; RC2; RC4; MD2; MD4; MD5
                    
-
                    [1] x86
                    
-[2] SP1 x86, x64, IA64
                    Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH)5.2.3790.1830 [Service Pack 1]381
                    FIPS approved algorithms: Triple-DES (Certs. #199[1] and #381[2]); SHA-1 (Certs. #181[1] and #385[2]); DSA (Certs. #95[1] and #146[2]); RSA (Cert. #81)
                    
-
                    Other algorithms: DES (Cert. #229[1]); Diffie-Hellman (key agreement); RC2; RC4; MD5; DES 40
                    
-
                    [1] x86
                    
-[2] SP1 x86, x64, IA64
                    
-
-
-##### Windows Server 2003
-
-
------
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    





                    Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
                    Kernel Mode Cryptographic Module (FIPS.SYS)5.2.3790.0405
                    FIPS approved algorithms: Triple-DES (Certs. #201[1] and #370[1]); SHS (Certs. #177[1] and #371[2])
                    
-
                    Other algorithms: DES (Cert. #230[1]); HMAC-MD5; HMAC-SHA-1 (non-compliant)
                    
-
                    [1] x86
                    
-[2] SP1 x86, x64, IA64
                    Enhanced Cryptographic Provider (RSAENH)5.2.3790.0382
                    FIPS approved algorithms: Triple-DES (Cert. #192[1] and #365[2]); AES (Certs. #80[1] and #290[2]); SHS (Cert. #176[1] and #364[2]); HMAC (Cert. #176, vendor affirmed[1] and #99[2]); RSA (PKCS#1, vendor affirmed[1] and #81[2])
                    
-
                    Other algorithms: DES (Cert. #226[1]); SHA-256[1]; SHA-384[1]; SHA-512[1]; RC2; RC4; MD2; MD4; MD5
                    
-
                    [1] x86
                    
-[2] SP1 x86, x64, IA64
                    Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH)5.2.3790.0381
                    FIPS approved algorithms: Triple-DES (Certs. #199[1] and #381[2]); SHA-1 (Certs. #181[1] and #385[2]); DSA (Certs. #95[1] and #146[2]); RSA (Cert. #81)
                    
-
                    Other algorithms: DES (Cert. #229[1]); Diffie-Hellman (key agreement); RC2; RC4; MD5; DES 40
                    
-
                    [1] x86
                    
-[2] SP1 x86, x64, IA64
                    
-
-
-#### Other Products
-
-##### Windows Embedded Compact 7 and Windows Embedded Compact 8
-
-
------
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    





                    Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
                    Enhanced Cryptographic Provider7.00.2872 [1] and 8.00.6246 [2]2957
                    FIPS approved algorithms: AES (Certs.#4433and#4434); CKG (vendor affirmed); DRBG (Certs.#1432and#1433); HMAC (Certs.#2946and#2945); RSA (Certs.#2414and#2415); SHS (Certs.#3651and#3652); Triple-DES (Certs.#2383and#2384)
                    
-
                    Allowed algorithms: HMAC-MD5, MD5, NDRNG
                    Cryptographic Primitives Library (bcrypt.dll)7.00.2872 [1] and 8.00.6246 [2]2956
                    FIPS approved algorithms: AES (Certs.#4430and#4431); CKG (vendor affirmed); CVL (Certs.#1139and#1140); DRBG (Certs.#1429and#1430); DSA (Certs.#1187and#1188); ECDSA (Certs.#1072and#1073); HMAC (Certs.#2942and#2943); KAS (Certs.#114and#115); RSA (Certs.#2411and#2412); SHS (Certs.#3648and#3649); Triple-DES (Certs.#2381and#2382)
                    
-
                    Allowed algorithms: MD5, NDRNG, RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength
                    
-
-
-
-##### Windows CE 6.0 and Windows Embedded Compact 7
-
-
------
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    





                    Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
                    Enhanced Cryptographic Provider6.00.1937 [1] and 7.00.1687 [2]825
                    FIPS approved algorithms: AES (Certs. #516 [1] and #2024 [2]); HMAC (Certs. #267 [1] and #1227 [2]); RNG (Certs. #292 [1] and #1060 [2]); RSA (Cert. #230 [1] and #1052 [2]); SHS (Certs. #589 [1] and #1774 [2]); Triple-DES (Certs. #526 [1] and #1308 [2])
                    
-
                    Other algorithms: MD5; HMAC-MD5; RC2; RC4; DES
                    
-
-
-##### Outlook Cryptographic Provider
-
-
------
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    





                    Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
                    Outlook Cryptographic Provider (EXCHCSP)SR-1A (3821)110
                    FIPS approved algorithms: Triple-DES (Cert. #18); SHA-1 (Certs. #32); RSA (vendor affirmed)
                    
-
                    Other algorithms: DES (Certs. #91); DES MAC; RC2; MD2; MD5
                    
-
- 
-
-### Cryptographic Algorithms
-
-The following tables are organized by cryptographic algorithms with their modes, states, and key sizes. For each algorithm implementation (operating system / platform), there is a link to the Cryptographic Algorithm Validation Program (CAVP) issued certificate.
-
-### Advanced Encryption Standard (AES)
-
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    



                    Modes / States / Key SizesAlgorithm Implementation and Certificate #
                      
-
                    • AES-CBC:
                      • 
-
                      • 
-
                      • Modes: Decrypt, Encrypt
                        • 
-
                      • Key Lengths: 128, 192, 256 (bits)
                        • 
-
                      • 
-
                    • AES-CFB128:
                      • 
-
                      • 
-
                      • Modes: Decrypt, Encrypt
                        • 
-
                      • Key Lengths: 128, 192, 256 (bits)
                        • 
-
                      • 
-
                    • AES-CTR:
                      • 
-
                      • 
-
                      • Counter Source: Internal
                        • 
-
                      • Key Lengths: 128, 192, 256 (bits)
                        • 
-
                      • 
-
                    • AES-OFB:
                      • 
-
                      • 
-
                      • Modes: Decrypt, Encrypt
                        • 
-
                      • Key Lengths: 128, 192, 256 (bits)
                        • 
-
                      • 
-
                    Microsoft Surface Hub Virtual TPM Implementations #4904
                    
-
                    Version 10.0.15063.674
                      
-
                    • AES-CBC:
                      • 
-
                      • 
-
                      • Modes: Decrypt, Encrypt
                        • 
-
                      • Key Lengths: 128, 192, 256 (bits)
                        • 
-
                      • 
-
                    • AES-CFB128:
                      • 
-
                      • 
-
                      • Modes: Decrypt, Encrypt
                        • 
-
                      • Key Lengths: 128, 192, 256 (bits)
                        • 
-
                      • 
-
                    • AES-CTR:
                      • 
-
                      • 
-
                      • Counter Source: Internal
                        • 
-
                      • Key Lengths: 128, 192, 256 (bits)
                        • 
-
                      • 
-
                    • AES-OFB:
                      • 
-
                      • 
-
                      • Modes: Decrypt, Encrypt
                        • 
-
                      • Key Lengths: 128, 192, 256 (bits)
                        • 
-
                      • 
-
                    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations #4903
                    
-
                    Version 10.0.16299
                      
-
                    • AES-CBC:
                      • 
-
                      • 
-
                      • Modes: Decrypt, Encrypt
                        • 
-
                      • Key Lengths: 128, 192, 256 (bits)
                        • 
-
                      • 
-
                    • AES-CCM:
                      • 
-
                      • 
-
                      • Key Lengths: 128, 192, 256 (bits)
                        • 
-
                      • Tag Lengths: 32, 48, 64, 80, 96, 112, 128 (bits)
                        • 
-
                      • IV Lengths: 56, 64, 72, 80, 88, 96, 104 (bits)
                        • 
-
                      • Plain Text Length: 0-32
                        • 
-
                      • Additional authenticated data length: 0-65536
                        • 
-
                      • 
-
                    • AES-CFB128:
                      • 
-
                      • 
-
                      • Modes: Decrypt, Encrypt
                        • 
-
                      • Key Lengths: 128, 192, 256 (bits)
                        • 
-
                      • 
-
                    • AES-CFB8:
                      • 
-
                      • 
-
                      • Modes: Decrypt, Encrypt
                        • 
-
                      • Key Lengths: 128, 192, 256 (bits)
                        • 
-
                      • 
-
                    • AES-CMAC:
                      • 
-
                      • 
-
                      • Generation:
                        • 
-
                        • 
-
                        • AES-128:
                          • 
-
                          • 
-
                          • Block Sizes: Full, Partial
                            • 
-
                          • Message Length: 0-65536
                            • 
-
                          • Tag Length: 16-16
                            • 
-
                          • 
-
                        • AES-192:
                          • 
-
                          • 
-
                          • Block Sizes: Full, Partial
                            • 
-
                          • Message Length: 0-65536
                            • 
-
                          • Tag Length: 16-16
                            • 
-
                          • 
-
                        • AES-256:
                          • 
-
                          • 
-
                          • Block Sizes: Full, Partial
                            • 
-
                          • Message Length: 0-65536
                            • 
-
                          • Tag Length: 16-16
                            • 
-
                          • 
-
                        • 
-
                      • Verification:
                        • 
-
                        • 
-
                        • AES-128:
                          • 
-
                          • 
-
                          • Block Sizes: Full, Partial
                            • 
-
                          • Message Length: 0-65536
                            • 
-
                          • Tag Length: 16-16
                            • 
-
                          • 
-
                        • AES-192:
                          • 
-
                          • 
-
                          • Block Sizes: Full, Partial
                            • 
-
                          • Message Length: 0-65536
                            • 
-
                          • Tag Length: 16-16
                            • 
-
                          • 
-
                        • AES-256:
                          • 
-
                          • 
-
                          • Block Sizes: Full, Partial
                            • 
-
                          • Message Length: 0-65536
                            • 
-
                          • Tag Length: 16-16
                            • 
-
                          • 
-
                        • 
-
                      • 
-
                    • AES-CTR:
                      • 
-
                      • 
-
                      • Counter Source: Internal
                        • 
-
                      • Key Lengths: 128, 192, 256 (bits)
                        • 
-
                      • 
-
                    • AES-ECB:
                      • 
-
                      • 
-
                      • Modes: Decrypt, Encrypt
                        • 
-
                      • Key Lengths: 128, 192, 256 (bits)
                        • 
-
                      • 
-
                    • AES-GCM:
                      • 
-
                      • 
-
                      • Modes: Decrypt, Encrypt
                        • 
-
                      • Key Lengths: 128, 192, 256 (bits)
                        • 
-
                      • Tag Lengths: 96, 104, 112, 120, 128 (bits)
                        • 
-
                      • Plain Text Lengths: 0, 8, 1016, 1024 (bits)
                        • 
-
                      • Additional authenticated data lengths: 0, 8, 1016, 1024 (bits)
                        • 
-
                      • 96 bit IV supported
                        • 
-
                      • 
-
                    • AES-XTS:
                      • 
-
                      • 
-
                      • Key Size: 128:
                        • 
-
                        • 
-
                        • Modes: Decrypt, Encrypt
                          • 
-
                        • Block Sizes: Full
                          • 
-
                        • 
-
                      • Key Size: 256:
                        • 
-
                        • 
-
                        • Modes: Decrypt, Encrypt
                          • 
-
                        • Block Sizes: Full
                          • 
-
                        • 
-
                      • 
-
                    Microsoft Surface Hub SymCrypt Cryptographic Implementations #4902
                    
-
                    Version 10.0.15063.674
                      
-
                    • AES-CBC:
                      • 
-
                      • 
-
                      • Modes: Decrypt, Encrypt
                        • 
-
                      • Key Lengths: 128, 192, 256 (bits)
                        • 
-
                      • 
-
                    • AES-CCM:
                      • 
-
                      • 
-
                      • Key Lengths: 128, 192, 256 (bits)
                        • 
-
                      • Tag Lengths: 32, 48, 64, 80, 96, 112, 128 (bits)
                        • 
-
                      • IV Lengths: 56, 64, 72, 80, 88, 96, 104 (bits)
                        • 
-
                      • Plain Text Length: 0-32
                        • 
-
                      • Additional authenticated data length: 0-65536
                        • 
-
                      • 
-
                    • AES-CFB128:
                      • 
-
                      • 
-
                      • Modes: Decrypt, Encrypt
                        • 
-
                      • Key Lengths: 128, 192, 256 (bits)
                        • 
-
                      • 
-
                    • AES-CFB8:
                      • 
-
                      • 
-
                      • Modes: Decrypt, Encrypt
                        • 
-
                      • Key Lengths: 128, 192, 256 (bits)
                        • 
-
                      • 
-
                    • AES-CMAC:
                      • 
-
                      • 
-
                      • Generation:
                        • 
-
                        • 
-
                        • AES-128:
                          • 
-
                          • 
-
                          • Block Sizes: Full, Partial
                            • 
-
                          • Message Length: 0-65536
                            • 
-
                          • Tag Length: 16-16
                            • 
-
                          • 
-
                        • AES-192:
                          • 
-
                          • 
-
                          • Block Sizes: Full, Partial
                            • 
-
                          • Message Length: 0-65536
                            • 
-
                          • Tag Length: 16-16
                            • 
-
                          • 
-
                        • AES-256:
                          • 
-
                          • 
-
                          • Block Sizes: Full, Partial
                            • 
-
                          • Message Length: 0-65536
                            • 
-
                          • Tag Length: 16-16
                            • 
-
                          • 
-
                        • 
-
                      • Verification:
                        • 
-
                        • 
-
                        • AES-128:
                          • 
-
                          • 
-
                          • Block Sizes: Full, Partial
                            • 
-
                          • Message Length: 0-65536
                            • 
-
                          • Tag Length: 16-16
                            • 
-
                          • 
-
                        • AES-192:
                          • 
-
                          • 
-
                          • Block Sizes: Full, Partial
                            • 
-
                          • Message Length: 0-65536
                            • 
-
                          • Tag Length: 16-16
                            • 
-
                          • 
-
                        • AES-256:
                          • 
-
                          • 
-
                          • Block Sizes: Full, Partial
                            • 
-
                          • Message Length: 0-65536
                            • 
-
                          • Tag Length: 16-16
                            • 
-
                          • 
-
                        • 
-
                      • 
-
                    • AES-CTR:
                      • 
-
                      • 
-
                      • Counter Source: Internal
                        • 
-
                      • Key Lengths: 128, 192, 256 (bits)
                        • 
-
                      • 
-
                    • AES-ECB:
                      • 
-
                      • 
-
                      • Modes: Decrypt, Encrypt
                        • 
-
                      • Key Lengths: 128, 192, 256 (bits)
                        • 
-
                      • 
-
                    • AES-GCM:
                      • 
-
                      • 
-
                      • Modes: Decrypt, Encrypt
                        • 
-
                      • Key Lengths: 128, 192, 256 (bits)
                        • 
-
                      • Tag Lengths: 96, 104, 112, 120, 128 (bits)
                        • 
-
                      • Plain Text Lengths: 0, 8, 1016, 1024 (bits)
                        • 
-
                      • Additional authenticated data lengths: 0, 8, 1016, 1024 (bits)
                        • 
-
                      • 96 bit IV supported
                        • 
-
                      • 
-
                    • AES-XTS:
                      • 
-
                      • 
-
                      • Key Size: 128:
                        • 
-
                        • 
-
                        • Modes: Decrypt, Encrypt
                          • 
-
                        • Block Sizes: Full
                          • 
-
                        • 
-
                      • Key Size: 256:
                        • 
-
                        • 
-
                        • Modes: Decrypt, Encrypt
                          • 
-
                        • Block Sizes: Full
                          • 
-
                        • 
-
                      • 
-
                    Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #4901
                    
-
                    Version 10.0.15254
                      
-
                    • AES-CBC:
                      • 
-
                      • 
-
                      • Modes: Decrypt, Encrypt
                        • 
-
                      • Key Lengths: 128, 192, 256 (bits)
                        • 
-
                      • 
-
                    • AES-CCM:
                      • 
-
                      • 
-
                      • Key Lengths: 128, 192, 256 (bits)
                        • 
-
                      • Tag Lengths: 32, 48, 64, 80, 96, 112, 128 (bits)
                        • 
-
                      • IV Lengths: 56, 64, 72, 80, 88, 96, 104 (bits)
                        • 
-
                      • Plain Text Length: 0-32
                        • 
-
                      • Additional authenticated data length: 0-65536
                        • 
-
                      • 
-
                    • AES-CFB128:
                      • 
-
                      • 
-
                      • Modes: Decrypt, Encrypt
                        • 
-
                      • Key Lengths: 128, 192, 256 (bits)
                        • 
-
                      • 
-
                    • AES-CFB8:
                      • 
-
                      • 
-
                      • Modes: Decrypt, Encrypt
                        • 
-
                      • Key Lengths: 128, 192, 256 (bits)
                        • 
-
                      • 
-
                    • AES-CMAC:
                      • 
-
                      • 
-
                      • Generation:
                        • 
-
                        • 
-
                        • AES-128:
                          • 
-
                          • 
-
                          • Block Sizes: Full, Partial
                            • 
-
                          • Message Length: 0-65536
                            • 
-
                          • Tag Length: 16-16
                            • 
-
                          • 
-
                        • AES-192:
                          • 
-
                          • 
-
                          • Block Sizes: Full, Partial
                            • 
-
                          • Message Length: 0-65536
                            • 
-
                          • Tag Length: 16-16
                            • 
-
                          • 
-
                        • AES-256:
                          • 
-
                          • 
-
                          • Block Sizes: Full, Partial
                            • 
-
                          • Message Length: 0-65536
                            • 
-
                          • Tag Length: 16-16
                            • 
-
                          • 
-
                        • 
-
                      • Verification:
                        • 
-
                        • 
-
                        • AES-128:
                          • 
-
                          • 
-
                          • Block Sizes: Full, Partial
                            • 
-
                          • Message Length: 0-65536
                            • 
-
                          • Tag Length: 16-16
                            • 
-
                          • 
-
                        • AES-192:
                          • 
-
                          • 
-
                          • Block Sizes: Full, Partial
                            • 
-
                          • Message Length: 0-65536
                            • 
-
                          • Tag Length: 16-16
                            • 
-
                          • 
-
                        • AES-256:
                          • 
-
                          • 
-
                          • Block Sizes: Full, Partial
                            • 
-
                          • Message Length: 0-65536
                            • 
-
                          • Tag Length: 16-16
                            • 
-
                          • 
-
                        • 
-
                      • 
-
                    • AES-CTR:
                      • 
-
                      • 
-
                      • Counter Source: Internal
                        • 
-
                      • Key Lengths: 128, 192, 256 (bits)
                        • 
-
                      • 
-
                    • AES-ECB:
                      • 
-
                      • 
-
                      • Modes: Decrypt, Encrypt
                        • 
-
                      • Key Lengths: 128, 192, 256 (bits)
                        • 
-
                      • 
-
                    • AES-GCM:
                      • 
-
                      • 
-
                      • Modes: Decrypt, Encrypt
                        • 
-
                      • IV Generation: External
                        • 
-
                      • Key Lengths: 128, 192, 256 (bits)
                        • 
-
                      • Tag Lengths: 96, 104, 112, 120, 128 (bits)
                        • 
-
                      • Plain Text Lengths: 0, 8, 1016, 1024 (bits)
                        • 
-
                      • Additional authenticated data lengths: 0, 8, 1016, 1024 (bits)
                        • 
-
                      • 96 bit IV supported
                        • 
-
                      • 
-
                    • AES-XTS:
                      • 
-
                      • 
-
                      • Key Size: 128:
                        • 
-
                        • 
-
                        • Modes: Decrypt, Encrypt
                          • 
-
                        • Block Sizes: Full
                          • 
-
                        • 
-
                      • Key Size: 256:
                        • 
-
                        • 
-
                        • Modes: Decrypt, Encrypt
                          • 
-
                        • Block Sizes: Full
                          • 
-
                        • 
-
                      • 
-
                    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #4897
                    
-
                    Version 10.0.16299
                    AES-KW:
                    
-
                      
-
                    • Modes: Decrypt, Encrypt
                      • 
-
                    • CIPHK transformation direction: Forward
                      • 
-
                    • Key Lengths: 128, 192, 256 (bits)
                      • 
-
                    • Plain Text Lengths: 128, 192, 256, 320, 2048 (bits)
                      • 
-
                    
-
                    AES validation number 4902
                    Microsoft Surface Hub Cryptography Next Generation (CNG) Implementations #4900
                    
-
                    Version 10.0.15063.674
                    AES-KW:
                    
-
                      
-
                    • Modes: Decrypt, Encrypt
                      • 
-
                    • CIPHK transformation direction: Forward
                      • 
-
                    • Key Lengths: 128, 192, 256 (bits)
                      • 
-
                    • Plain Text Lengths: 128, 192, 256, 320, 2048 (bits)
                      • 
-
                    
-
                    AES validation number 4901
                    Windows 10 Mobile (version 1709) Cryptography Next Generation (CNG) Implementations #4899
                    
-
                    Version 10.0.15254
                    AES-KW:
                    
-
                      
-
                    • Modes: Decrypt, Encrypt
                      • 
-
                    • CIPHK transformation direction: Forward
                      • 
-
                    • Key Lengths: 128, 192, 256 (bits)
                      • 
-
                    • Plain Text Lengths: 128, 192, 256, 320, 2048 (bits)
                      • 
-
                    
-
                    AES validation number 4897
                    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); Cryptography Next Generation (CNG) Implementations #4898
                    
-
                    Version 10.0.16299
                    AES-CCM:
                    
-
                      
-
                    • Key Lengths: 256 (bits)
                      • 
-
                    • Tag Lengths: 128 (bits)
                      • 
-
                    • IV Lengths: 96 (bits)
                      • 
-
                    • Plain Text Length: 0-32
                      • 
-
                    • Additional authenticated data length: 0-65536
                      • 
-
                    
-
                    AES validation number 4902
                    Microsoft Surface Hub BitLocker(R) Cryptographic Implementations #4896
                    
-
                    Version 10.0.15063.674
                    AES-CCM:
                    
-
                      
-
                    • Key Lengths: 256 (bits)
                      • 
-
                    • Tag Lengths: 128 (bits)
                      • 
-
                    • IV Lengths: 96 (bits)
                      • 
-
                    • Plain Text Length: 0-32
                      • 
-
                    • Additional authenticated data length: 0-65536
                      • 
-
                    
-
                    AES validation number 4901
                    Windows 10 Mobile (version 1709) BitLocker(R) Cryptographic Implementations #4895
                    
-
                    Version 10.0.15254
                    AES-CCM:
                    
-
                      
-
                    • Key Lengths: 256 (bits)
                      • 
-
                    • Tag Lengths: 128 (bits)
                      • 
-
                    • IV Lengths: 96 (bits)
                      • 
-
                    • Plain Text Length: 0-32
                      • 
-
                    • Additional authenticated data length: 0-65536
                      • 
-
                    
-
                    AES validation number 4897
                    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); BitLocker(R) Cryptographic Implementations #4894
                    
-
                    Version 10.0.16299
                    CBC (e/d; 128, 192, 256);
                    
-
                    CFB128 (e/d; 128, 192, 256);
                    
-
                    OFB (e/d; 128, 192, 256);
                    
-
                    CTR (int only; 128, 192, 256)
                    Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations #4627
                    
-
                    Version 10.0.15063
                    KW (AE, AD, AES-128, AES-192, AES-256, FWD, 128, 256, 192, 320, 2048)
                    
-
                    AES validation number 4624
                    Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile Cryptography Next Generation (CNG) Implementations #4626
                    
-
                    Version 10.0.15063
                    CCM (KS: 256) (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 12 (Tag Length(s): 16)
                    
-
                    AES validation number 4624
                    
-
                     
                    Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile BitLocker(R) Cryptographic Implementations #4625
                    
-
                    Version 10.0.15063
                    ECB (e/d; 128, 192, 256);
                    
-
                    CBC (e/d; 128, 192, 256);
                    
-
                    CFB8 (e/d; 128, 192, 256);
                    
-
                    CFB128 (e/d; 128, 192, 256);
                    
-
                    CTR (int only; 128, 192, 256)
                    
-
                    CCM (KS: 128, 192, 256) (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16)
                    
-
                    CMAC (Generation/Verification) (KS: 128; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 16 Max: 16) (KS: 192; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 16 Max: 16) (KS: 256; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 16 Max: 16)
                    
-
                    GCM (KS: AES_128(e/d) Tag Length(s): 128 120 112 104 96) (KS: AES_192(e/d) Tag Length(s): 128 120 112 104 96)
                    
-
                    (KS: AES_256(e/d) Tag Length(s): 128 120 112 104 96)
                    
-
                    IV Generated: (External); PT Lengths Tested: (0, 1024, 8, 1016); Additional authenticated data lengths tested: (0, 1024, 8, 1016); 96 bit IV supported
                    
-
                    GMAC supported
                    
-
                    XTS((KS: XTS_128((e/d)(f)) KS: XTS_256((e/d)(f))
                    Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #4624
                    
-
                    Version 10.0.15063
                    ECB (e/d; 128, 192, 256);
                    
-
                    CBC (e/d; 128, 192, 256);
                    Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #4434
                    
-
                    Version 7.00.2872
                    ECB (e/d; 128, 192, 256);
                    
-
                    CBC (e/d; 128, 192, 256);
                    Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #4433
                    
-
                    Version 8.00.6246
                    ECB (e/d; 128, 192, 256);
                    
-
                    CBC (e/d; 128, 192, 256);
                    
-
                    CTR (int only; 128, 192, 256)
                    Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #4431
                    
-
                    Version 7.00.2872
                    ECB (e/d; 128, 192, 256);
                    
-
                    CBC (e/d; 128, 192, 256);
                    
-
                    CTR (int only; 128, 192, 256)
                    Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #4430
                    
-
                    Version 8.00.6246
                    CBC (e/d; 128, 192, 256);
                    
-
                    CFB128 (e/d; 128, 192, 256);
                    
-
                    OFB (e/d; 128, 192, 256);
                    
-
                    CTR (int only; 128, 192, 256)
                    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #4074
                    
-
                    Version 10.0.14393
                    ECB (e/d; 128, 192, 256); CBC (e/d; 128, 192, 256); CFB8 (e/d; 128, 192, 256); CFB128 (e/d; 128, 192, 256); CTR (int only; 128, 192, 256)
                    
-
                    CCM (KS: 128, 192, 256) (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16)
                    
-
                    CMAC (Generation/Verification) (KS: 128; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) (KS: 192; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) (KS: 256; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16)
                    
-
                    GCM (KS: AES_128(e/d) Tag Length(s): 128 120 112 104 96) (KS: AES_192(e/d) Tag Length(s): 128 120 112 104 96)
                    
-(KS: AES_256(e/d) Tag Length(s): 128 120 112 104 96)
                    
-IV Generated:  (Externally); PT Lengths Tested:  (0, 1024, 8, 1016); Additional authenticated data lengths tested:  (0, 1024, 8, 1016); IV Lengths Tested: (0, 0); 96 bit IV supported
                    
-GMAC supported
                    
-
                    XTS((KS: XTS_128((e/d)(f)) KS: XTS_256((e/d)(f))
                    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update SymCrypt Cryptographic Implementations #4064
                    
-
                    Version 10.0.14393
                    ECB (e/d; 128, 192, 256);
                    
-
                    CBC (e/d; 128, 192, 256);
                    
-
                    CFB8 (e/d; 128, 192, 256);
                    
-
                     
                    		Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update RSA32 Algorithm Implementations #4063
                    
-Version 10.0.14393
                    KW  (AE, AD, AES-128, AES-192, AES-256, FWD, 128, 192, 256, 320, 2048)
                    
-
                    AES validation number 4064
                    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update Cryptography Next Generation (CNG) Implementations #4062
                    
-
                    Version 10.0.14393
                    CCM (KS: 256) (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 12 (Tag Length(s): 16)
                    
-
                    AES validation number 4064
                    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update BitLocker® Cryptographic Implementations #4061
                    
-
                    Version 10.0.14393
                    KW  (AE, AD, AES-128, AES-192, AES-256, FWD, 128, 256, 192, 320, 2048)
                    
-
                    AES validation number 3629
                    Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” Cryptography Next Generation (CNG) Implementations #3652
                    
-
                    Version 10.0.10586
                    CCM (KS: 256) (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 12 (Tag Length(s): 16)
                    
-
                    AES validation number 3629
                    Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” BitLocker® Cryptographic Implementations #3653
                    
-
                    Version 10.0.10586
                    ECB (e/d; 128, 192, 256);
                    
-
                    CBC (e/d; 128, 192, 256);
                    
-
                    CFB8 (e/d; 128, 192, 256);
                    
-
                     
                    		Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” RSA32 Algorithm Implementations #3630
                    
-Version 10.0.10586
                    ECB (e/d; 128, 192, 256); CBC (e/d; 128, 192, 256); CFB8 (e/d; 128, 192, 256); CFB128 (e/d; 128, 192, 256); CTR (int only; 128, 192, 256)
                    
-
                    CCM (KS: 128, 192, 256) (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16)
                    
-
                    CMAC (Generation/Verification) (KS: 128; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) (KS: 192; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) (KS: 256; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16)
                    
-
                    GCM (KS: AES_128(e/d) Tag Length(s): 128 120 112 104 96) (KS: AES_192(e/d) Tag Length(s): 128 120 112 104 96)
                    
-(KS: AES_256(e/d) Tag Length(s): 128 120 112 104 96)
                    
-IV Generated:  (Externally); PT Lengths Tested:  (0, 1024, 8, 1016); Additional authenticated data lengths tested:  (0, 1024, 8, 1016); IV Lengths Tested: (0, 0); 96 bit IV supported
                    
-GMAC supported
                    
-
                    XTS((KS: XTS_128((e/d) (f)) KS: XTS_256((e/d) (f))
                    Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” SymCrypt Cryptographic Implementations #3629
                    
-
                    
-
                    
-
                    Version 10.0.10586
                    KW  (AE, AD, AES-128, AES-192, AES-256, FWD, 128, 256, 192, 320, 2048)
                    
-
                    AES validation number 3497
                    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update Cryptography Next Generation (CNG) Implementations #3507
                    
-
                    Version 10.0.10240
                    CCM (KS: 256) (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 12 (Tag Length(s): 16)
                    
-
                    AES validation number 3497
                    Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 BitLocker® Cryptographic Implementations #3498
                    
-
                    Version 10.0.10240
                    ECB (e/d; 128, 192, 256); CBC (e/d; 128, 192, 256); CFB8 (e/d; 128, 192, 256); CFB128 (e/d; 128, 192, 256); CTR (int only; 128, 192, 256)
                    
-
                    CCM (KS: 128, 192, 256) (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16)
                    
-
                    CMAC(Generation/Verification) (KS: 128; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) (KS: 192; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) (KS: 256; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16)
                    
-
                    GCM (KS: AES_128(e/d) Tag Length(s): 128 120 112 104 96) (KS: AES_192(e/d) Tag Length(s): 128 120 112 104 96)
                    
-(KS: AES_256(e/d) Tag Length(s): 128 120 112 104 96)
                    
-IV Generated:  (Externally); PT Lengths Tested:  (0, 1024, 8, 1016); Additional authenticated data lengths tested:  (0, 1024, 8, 1016); IV Lengths Tested:  (0, 0); 96 bit IV supported
                    
-GMAC supported
                    
-
                    XTS((KS: XTS_128((e/d)(f)) KS: XTS_256((e/d)(f))
                    		Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 SymCrypt Cryptographic Implementations #3497
                    
-Version 10.0.10240
                    ECB (e/d; 128, 192, 256);
                    
-
                    CBC (e/d; 128, 192, 256);
                    
-
                    CFB8 (e/d; 128, 192, 256);
                    
-
                     
                    		Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 RSA32 Algorithm Implementations #3476
                    
-Version 10.0.10240
                    ECB (e/d; 128, 192, 256);
                    
-
                    CBC (e/d; 128, 192, 256);
                    
-
                    CFB8 (e/d; 128, 192, 256);
                    
-
                     
                    Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry RSA32 Algorithm Implementations #2853
                    
-
                    Version 6.3.9600
                    CCM (KS: 256) (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 12 (Tag Length(s): 16)
                    
-
                    AES validation number 2832
                    Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 BitLocker Cryptographic Implementations #2848
                    
-
                    Version 6.3.9600
                    CCM (KS: 128, 192, 256) (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 0 (Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16)
                    
-
                    CMAC (Generation/Verification) (KS: 128; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) (KS: 192; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) (KS: 256; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16)
                    
-
                    GCM (KS: AES_128(e/d) Tag Length(s): 128 120 112 104 96) (KS: AES_192(e/d) Tag Length(s): 128 120 112 104 96)
                    
-
                    (KS: AES_256(e/d) Tag Length(s): 128 120 112 104 96)
                    
-
                    IV Generated:  (Externally); PT Lengths Tested:  (0, 128, 1024, 8, 1016); Additional authenticated data lengths tested:  (0, 128, 1024, 8, 1016); IV Lengths Tested:  (8, 1024); 96 bit IV supported;
                    
-OtherIVLen_Supported
                    
-GMAC supported
                    Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 SymCrypt Cryptographic Implementations #2832
                    
-
                    Version 6.3.9600
                    CCM (KS: 128, 192, 256) (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16)
                    
-AES validation number 2197
                    
-
                    CMAC (Generation/Verification) (KS: 128; Block Size(s); Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 16 Max: 16) (KS: 192; Block Size(s); Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 16 Max: 16) (KS: 256; Block Size(s); Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 16 Max: 16)
                    
-AES validation number 2197
                    
-
                    GCM(KS: AES_128(e/d) Tag Length(s): 128 120 112 104 96) (KS: AES_192(e/d) Tag Length(s): 128 120 112 104 96)
                    
-(KS: AES_256(e/d) Tag Length(s): 128 120 112 104 96)
                    
-IV Generated: (Externally); PT Lengths Tested: (0, 128, 1024, 8, 1016); Additional authenticated data lengths tested: (0, 128, 1024, 8, 1016); IV Lengths Tested: (8, 1024); 96 bit IV supported
                    
-GMAC supported
                    		Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations #2216
                    CCM (KS: 256) (Assoc. Data Len Range: 0 - 0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 12 (Tag Length(s): 16)
                    
-
                    AES validation number 2196
                    		Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 BitLocker® Cryptographic Implementations #2198
                    ECB (e/d; 128, 192, 256);
                    
-
                    CBC (e/d; 128, 192, 256);
                    
-
                    CFB8 (e/d; 128, 192, 256);
                    
-
                    CFB128 (e/d; 128, 192, 256);
                    
-
                    CTR (int only; 128, 192, 256)
                    		Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Next Generation Symmetric Cryptographic Algorithms Implementations (SYMCRYPT) #2197
                    ECB (e/d; 128, 192, 256);
                    
-
                    CBC (e/d; 128, 192, 256);
                    
-
                    CFB8 (e/d; 128, 192, 256);
                    
-
                     
                    		Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Symmetric Algorithm Implementations (RSA32) #2196
                    CCM (KS: 128, 192, 256) (Assoc. Data Len Range: 0 – 0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16)
                    
-AES validation number 1168
                    Windows Server 2008 R2 and SP1 CNG algorithms #1187
                    
-
                    Windows 7 Ultimate and SP1 CNG algorithms #1178
                    CCM (KS: 128, 256) (Assoc. Data Len Range: 0 - 8) (Payload Length Range: 4 - 32 (Nonce Length(s): 7 8 12 13 (Tag Length(s): 4 6 8 14 16)
                    
-AES validation number 1168                    		Windows 7 Ultimate and SP1 and Windows Server 2008 R2 and SP1 BitLocker Algorithm Implementations #1177
                    ECB (e/d; 128, 192, 256);
                    
-
                    CBC (e/d; 128, 192, 256);
                    
-
                    CFB8 (e/d; 128, 192, 256);
                    
-
                     
                    		Windows 7 and SP1 and Windows Server 2008 R2 and SP1 Symmetric Algorithm Implementation #1168
                    GCM
                    
-
                    GMAC
                    		Windows 7 and SP1 and Windows Server 2008 R2 and SP1 Symmetric Algorithm Implementation #1168, vendor-affirmed
                    CCM (KS: 128, 256) (Assoc. Data Len Range: 0 - 8) (Payload Length Range: 4 - 32 (Nonce Length(s): 7 8 12 13 (Tag Length(s): 4 6 8 14 16)Windows Vista Ultimate SP1 and Windows Server 2008 BitLocker Algorithm Implementations #760
                    CCM (KS: 128, 192, 256) (Assoc. Data Len Range: 0 - 0, 2^16) (Payload Length Range: 1 - 32 (Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16)
                    Windows Server 2008 CNG algorithms #757
                    
-
                    Windows Vista Ultimate SP1 CNG algorithms #756
                    CBC (e/d; 128, 256);
                    
-
                    CCM (KS: 128, 256) (Assoc. Data Len Range: 0 - 8) (Payload Length Range: 4 - 32 (Nonce Length(s): 7 8 12 13 (Tag Length(s): 4 6 8 14 16)
                    Windows Vista Ultimate BitLocker Drive Encryption #715
                    
-
                    Windows Vista Ultimate BitLocker Drive Encryption #424
                    ECB (e/d; 128, 192, 256);
                    
-
                    CBC (e/d; 128, 192, 256);
                    
-
                    CFB8 (e/d; 128, 192, 256);
                    Windows Vista Ultimate SP1 and Windows Server 2008 Symmetric Algorithm Implementation #739
                    
-
                    Windows Vista Symmetric Algorithm Implementation #553
                    ECB (e/d; 128, 192, 256);
                    
-
                    CBC (e/d; 128, 192, 256);
                    
-
                    CTR (int only; 128, 192, 256)
                    		Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll) #2023
                    ECB (e/d; 128, 192, 256);
                    
-
                    CBC (e/d; 128, 192, 256);
                    Windows Embedded Compact 7 Enhanced Cryptographic Provider (RSAENH) #2024
                    
-
                    Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #818
                    
-
                    Windows XP Professional SP3 Enhanced Cryptographic Provider (RSAENH) #781
                    
-
                    Windows 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #548
                    
-
                    Windows CE 6.0 and Windows CE 6.0 R2 and Windows Mobile Enhanced Cryptographic Provider (RSAENH) #516
                    
-
                    Windows CE and Windows Mobile 6, 6.1, and 6.5 Enhanced Cryptographic Provider (RSAENH) #507
                    
-
                    Windows Server 2003 SP1 Enhanced Cryptographic Provider (RSAENH) #290
                    
-
                    Windows CE 5.0 and 5.1 Enhanced Cryptographic Provider (RSAENH) #224
                    
-
                    Windows Server 2003 Enhanced Cryptographic Provider (RSAENH) #80
                    
-
                    Windows XP, SP1, and SP2 Enhanced Cryptographic Provider (RSAENH) #33
                    
-
-
-### Deterministic Random Bit Generator (DRBG)
-
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    



                    Modes / States / Key SizesAlgorithm Implementation and Certificate #
                      
-
                    • Counter:
                      • 
-
                      • 
-
                      • Modes: AES-256
                        • 
-
                      • Derivation Function States: Derivation Function not used
                        • 
-
                      • Prediction Resistance Modes: Not Enabled
                        • 
-
                      • 
-
                    
-
                    Prerequisite: AES #4904
                    Microsoft Surface Hub Virtual TPM Implementations #1734
                    
-
                    Version 10.0.15063.674
                      
-
                    • Counter:
                      • 
-
                      • 
-
                      • Modes: AES-256
                        • 
-
                      • Derivation Function States: Derivation Function not used
                        • 
-
                      • Prediction Resistance Modes: Not Enabled
                        • 
-
                      • 
-
                    
-
                    Prerequisite: AES #4903
                    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations #1733
                    
-
                    Version 10.0.16299
                      
-
                    • Counter:
                      • 
-
                      • 
-
                      • Modes: AES-256
                        • 
-
                      • Derivation Function States: Derivation Function used
                        • 
-
                      • Prediction Resistance Modes: Not Enabled
                        • 
-
                      • 
-
                    
-
                    Prerequisite: AES #4902
                    Microsoft Surface Hub SymCrypt Cryptographic Implementations #1732
                    
-
                    Version 10.0.15063.674
                      
-
                    • Counter:
                      • 
-
                      • 
-
                      • Modes: AES-256
                        • 
-
                      • Derivation Function States: Derivation Function used
                        • 
-
                      • Prediction Resistance Modes: Not Enabled
                        • 
-
                      • 
-
                    
-
                    Prerequisite: AES #4901
                    Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #1731
                    
-
                    Version 10.0.15254
                      
-
                    • Counter:
                      • 
-
                      • 
-
                      • Modes: AES-256
                        • 
-
                      • Derivation Function States: Derivation Function used
                        • 
-
                      • Prediction Resistance Modes: Not Enabled
                        • 
-
                      • 
-
                    
-
                    Prerequisite: AES #4897
                    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #1730
                    
-
                    Version 10.0.16299
                    CTR_DRBG: [Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: (AES-256) (AES validation number 4627)]
                    Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations #1556
                    
-
                    Version 10.0.15063
                    CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: (AES-256) (AES validation number 4624)]
                    Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #1555
                    
-
                    Version 10.0.15063
                    CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: (AES-256) (AES validation number 4434)]
                    Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #1433
                    
-
                    Version 7.00.2872
                    CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: (AES-256) (AES validation number 4433)]
                    Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #1432
                    
-
                    Version 8.00.6246
                    CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: (AES-256) (AES validation number 4431)]
                    Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1430
                    
-
                    Version 7.00.2872
                    CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: (AES-256) (AES validation number 4430)]
                    Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1429
                    
-
                    Version 8.00.6246
                    CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: (AES-256) (AES validation number 4074)]
                    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #1222
                    
-
                    Version 10.0.14393
                    CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: (AES-256) (AES validation number 4064)]
                    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update SymCrypt Cryptographic Implementations #1217
                    
-
                    Version 10.0.14393
                    CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: (AES-256) (AES validation number 3629)]
                    Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub SymCrypt Cryptographic Implementations #955
                    
-
                    Version 10.0.10586
                    CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: (AES-256) (AES validation number 3497)]
                    Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 SymCrypt Cryptographic Implementations #868
                    
-
                    Version 10.0.10240
                    CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: (AES-256) (AES validation number 2832)]
                    Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 SymCrypt Cryptographic Implementations #489
                    
-
                    Version 6.3.9600
                    CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: (AES-256) (AES validation number 2197)]Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Next Generation Symmetric Cryptographic Algorithms Implementations (SYMCRYPT) #258
                    CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: (AES-256) (AES validation number 2023)]Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll) #193
                    CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: (AES-256) (AES validation number 1168)]Windows 7 Ultimate and SP1 and Windows Server 2008 R2 and SP1 RNG Library #23
                    DRBG (SP 800–90)Windows Vista Ultimate SP1, vendor-affirmed
                    
-
-
-#### Digital Signature Algorithm (DSA)
-
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    



                    Modes / States / Key SizesAlgorithm Implementation and Certificate #
                      
-
                    • DSA:
                      • 
-
                      • 
-
                      • 186-4:
                        • 
-
                        • 
-
                        • PQGGen:
                          • 
-
                          • 
-
                          • L = 2048, N = 256 SHA: SHA-256
                            • 
-
                          • L = 3072, N = 256 SHA: SHA-256
                            • 
-
                          • 
-
                        • PQGVer:
                          • 
-
                          • 
-
                          • L = 2048, N = 256 SHA: SHA-256
                            • 
-
                          • L = 3072, N = 256 SHA: SHA-256
                            • 
-
                          • 
-
                        • SigGen:
                          • 
-
                          • 
-
                          • L = 2048, N = 256 SHA: SHA-256
                            • 
-
                          • L = 3072, N = 256 SHA: SHA-256
                            • 
-
                          • 
-
                        • SigVer:
                          • 
-
                          • 
-
                          • L = 2048, N = 256 SHA: SHA-256
                            • 
-
                          • L = 3072, N = 256 SHA: SHA-256
                            • 
-
                          • 
-
                        • KeyPair:
                          • 
-
                          • 
-
                          • L = 2048, N = 256
                            • 
-
                          • L = 3072, N = 256
                            • 
-
                          • 
-
                        • 
-
                      • 
-
                    
-
                    Prerequisite: SHS #4011, DRBG #1732
                    Microsoft Surface Hub SymCrypt Cryptographic Implementations #1303
                    
-
                    Version 10.0.15063.674
                      
-
                    • DSA:
                      • 
-
                      • 
-
                      • 186-4:
                        • 
-
                        • 
-
                        • PQGGen:
                          • 
-
                          • 
-
                          • L = 2048, N = 256 SHA: SHA-256
                            • 
-
                          • L = 3072, N = 256 SHA: SHA-256
                            • 
-
                          • 
-
                        • PQGVer:
                          • 
-
                          • 
-
                          • L = 2048, N = 256 SHA: SHA-256
                            • 
-
                          • L = 3072, N = 256 SHA: SHA-256
                            • 
-
                          • 
-
                        • SigGen:
                          • 
-
                          • 
-
                          • L = 2048, N = 256 SHA: SHA-256
                            • 
-
                          • L = 3072, N = 256 SHA: SHA-256
                            • 
-
                          • 
-
                        • SigVer:
                          • 
-
                          • 
-
                          • L = 2048, N = 256 SHA: SHA-256
                            • 
-
                          • L = 3072, N = 256 SHA: SHA-256
                            • 
-
                          • 
-
                        • KeyPair:
                          • 
-
                          • 
-
                          •  
                            • 
-
                          •  
                            • 
-
                          • L = 2048, N = 256
                            • 
-
                          • L = 3072, N = 256
                            • 
-
                          • 
-
                        • 
-
                      • 
-
                    
-
                    Prerequisite: SHS #4010, DRBG #1731
                    Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #1302
                    
-
                    Version 10.0.15254
                      
-
                    • DSA:
                      • 
-
                      • 
-
                      • 186-4:
                        • 
-
                        • 
-
                        • PQGGen:
                          • 
-
                          • 
-
                          • L = 2048, N = 256 SHA: SHA-256
                            • 
-
                          • L = 3072, N = 256 SHA: SHA-256
                            • 
-
                          • 
-
                        • PQGVer:
                          • 
-
                          • 
-
                          • L = 2048, N = 256 SHA: SHA-256
                            • 
-
                          • L = 3072, N = 256 SHA: SHA-256
                            • 
-
                          • 
-
                        • SigGen:
                          • 
-
                          • 
-
                          • L = 2048, N = 256 SHA: SHA-256
                            • 
-
                          • L = 3072, N = 256 SHA: SHA-256
                            • 
-
                          • 
-
                        • SigVer:
                          • 
-
                          • 
-
                          • L = 2048, N = 256 SHA: SHA-256
                            • 
-
                          • L = 3072, N = 256 SHA: SHA-256
                            • 
-
                          • 
-
                        • KeyPair:
                          • 
-
                          • 
-
                          • L = 2048, N = 256
                            • 
-
                          • L = 3072, N = 256
                            • 
-
                          • 
-
                        • 
-
                      • 
-
                    
-
                    Prerequisite: SHS #4009, DRBG #1730
                    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #1301
                    
-
                    Version 10.0.16299
                    FIPS186-4:
                    
-
                    PQG(gen)PARMS TESTED:   [(2048,256)SHA(256); (3072,256) SHA(256)]
                    
-
                    PQG(ver)PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256)]
                    
-
                    KeyPairGen:   [(2048,256); (3072,256)]
                    
-
                    SIG(gen)PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256)]
                    
-
                    SIG(ver)PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256)]
                    
-
                    SHS: validation number 3790
                    
-
                    DRBG: validation number  1555
                    Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #1223
                    
-
                    Version 10.0.15063
                    FIPS186-4:
                    
-PQG(ver)PARMS TESTED:                       [(1024,160) SHA(1)]
                    
-SIG(ver)PARMS TESTED:   [(1024,160) SHA(1)]
                    
-SHS: validation number  3649
                    Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1188
                    
-
                    Version 7.00.2872
                    FIPS186-4:
                    
-PQG(ver)PARMS TESTED:                       [(1024,160) SHA(1)]
                    
-SIG(ver)PARMS TESTED:   [(1024,160) SHA(1)]
                    
-SHS: validation number 3648
                    Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1187
                    
-
                    Version 8.00.6246
                    FIPS186-4:
                    
-PQG(gen)                    PARMS TESTED: [
                    
-(2048,256)SHA(256); (3072,256) SHA(256)]
                    
-PQG(ver)PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256)]
                    
-KeyPairGen:    [(2048,256); (3072,256)]
                    
-SIG(gen)PARMS TESTED:   [(2048,256)
                    
-SHA(256); (3072,256) SHA(256)]
                    
-SIG(ver)PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256)]
                    
-
                    SHS: validation number  3347
                    
-DRBG: validation number  1217
                    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update MsBignum Cryptographic Implementations #1098
                    
-
                    Version 10.0.14393
                    FIPS186-4:
                    
-PQG(gen)                    PARMS TESTED:   [(2048,256)SHA(256); (3072,256) SHA(256)] PQG(ver)PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256)]
                    
-KeyPairGen:    [(2048,256); (3072,256)] SIG(gen)PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256)]
                    
-SIG(ver)PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256)]
                    
-
                    SHS: validation number  3047
                    
-DRBG: validation number  955
                    Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” MsBignum Cryptographic Implementations #1024
                    
-
                    Version 10.0.10586
                    FIPS186-4:
                    
-PQG(gen)                    PARMS TESTED:   [(2048,256)SHA(256); (3072,256) SHA(256)]
                    
-PQG(ver)PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256)]
                    
-KeyPairGen:    [(2048,256); (3072,256)]
                    
-SIG(gen)PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256)] SIG(ver)PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256)]
                    
-
                    SHS: validation number  2886
                    
-DRBG: validation number  868
                    Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 MsBignum Cryptographic Implementations #983
                    
-
                    Version 10.0.10240
                    FIPS186-4:
                    
-PQG(gen)                    PARMS TESTED:   [
                    
-(2048,256)SHA(256); (3072,256) SHA(256)]
                    
-PQG(ver)PARMS TESTED:   [(2048,256)
                    
-SHA(256); (3072,256) SHA(256)]
                    
-KeyPairGen:    [(2048,256); (3072,256)]
                    
-SIG(gen)PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256)]
                    
-SIG(ver)PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256)]
                    
-
                    SHS: validation number  2373
                    
-DRBG: validation number  489
                    Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations #855
                    
-
                    Version 6.3.9600
                    FIPS186-2:
                    
-PQG(ver) MOD(1024);
                    
-SIG(ver) MOD(1024);
                    
-SHS: #1903
                    
-DRBG: #258
                    
-
                    FIPS186-4:
                    
-PQG(gen)PARMS TESTED                    : [(2048,256)SHA(256); (3072,256) SHA(256)]
                    
-PQG(ver)PARMS TESTED: [(2048,256) SHA(256); (3072,256) SHA(256)]
                    
-SIG(gen)PARMS TESTED: [(2048,256) SHA(256); (3072,256) SHA(256)]
                    
-SIG(ver)PARMS TESTED: [(2048,256) SHA(256); (3072,256) SHA(256)]
                    
-SHS: #1903
                    
-DRBG: #258
                    
-Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical DSA List validation number 687.
                    		Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations #687
                    FIPS186-2:
                    
-PQG(ver)                     MOD(1024);
                    
-SIG(ver) MOD(1024);
                    
-SHS: #1902
                    
-DRBG: #258
                    
-Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical DSA List validation number 686.                    		Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 DSS and Diffie-Hellman Enhanced Cryptographic Provider (DSSENH) #686
                    FIPS186-2:
                    
-SIG(ver)                     MOD(1024);
                    
-SHS: validation number  1773
                    
-DRBG: validation number  193
                    
-Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical DSA List validation number 645.                    		Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll) #645
                    FIPS186-2:
                    
-SIG(ver)                     MOD(1024);
                    
-SHS: validation number  1081
                    
-DRBG: validation number  23
                    
-Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical DSA List validation number 391. See Historical DSA List validation number 386.
                    Windows Server 2008 R2 and SP1 CNG algorithms #391
                    
-
                    Windows 7 Ultimate and SP1 CNG algorithms #386
                    FIPS186-2:
                    
-SIG(ver)                     MOD(1024);
                    
-SHS: validation number  1081
                    
-RNG: validation number  649
                    
-Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical DSA List validation number 390. See Historical DSA List validation number 385.
                    Windows Server 2008 R2 and SP1 Enhanced DSS (DSSENH) #390
                    
-
                    Windows 7 Ultimate and SP1 Enhanced DSS (DSSENH) #385
                    FIPS186-2:
                    
-SIG(ver)                     MOD(1024);
                    
-SHS: validation number  753
                    
-Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical DSA List validation number 284. See Historical DSA List validation number 283.
                    Windows Server 2008 CNG algorithms #284
                    
-
                    Windows Vista Ultimate SP1 CNG algorithms #283
                    FIPS186-2:
                    
-SIG(ver)                     MOD(1024);
                    
-SHS: validation number  753
                    
-RNG: validation number  435
                    
-Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical DSA List validation number 282. See Historical DSA List validation number 281.
                    Windows Server 2008 Enhanced DSS (DSSENH) #282
                    
-
                    Windows Vista Ultimate SP1 Enhanced DSS (DSSENH) #281
                    FIPS186-2:
                    
-SIG(ver)                     MOD(1024);
                    
-SHS: validation number  618
                    
-RNG: validation number  321
                    
-Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical DSA List validation number 227. See Historical DSA List validation number 226.
                    Windows Vista CNG algorithms #227
                    
-
                    Windows Vista Enhanced DSS (DSSENH) #226
                    FIPS186-2:
                    
-SIG(ver)                     MOD(1024);
                    
-SHS: validation number  784
                    
-RNG: validation number  448
                    
-Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical DSA List validation number 292.                    		Windows XP Professional SP3 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) #292
                    FIPS186-2:
                    
-SIG(ver)                     MOD(1024);
                    
-SHS: validation number  783
                    
-RNG: validation number  447
                    
-Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical DSA List validation number 291.                    		Windows XP Professional SP3 Enhanced Cryptographic Provider (RSAENH) #291
                    FIPS186-2:
                    
-PQG(gen)                     MOD(1024);
                    
-PQG(ver) MOD(1024);
                    
-KEYGEN(Y) MOD(1024);
                    
-SIG(gen) MOD(1024);
                    
-SIG(ver) MOD(1024);
                    
-SHS: validation number  611
                    
-RNG: validation number  314                    		Windows 2003 SP2 Enhanced DSS and Diffie-Hellman Cryptographic Provider #221
                    FIPS186-2:
                    
-PQG(gen)                     MOD(1024);
                    
-PQG(ver) MOD(1024);
                    
-KEYGEN(Y) MOD(1024);
                    
-SIG(gen) MOD(1024);
                    
-SIG(ver) MOD(1024);
                    
-SHS: validation number  385                    		Windows Server 2003 SP1 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) #146
                    FIPS186-2:
                    
-PQG(ver)                     MOD(1024);
                    
-KEYGEN(Y) MOD(1024);
                    
-SIG(gen) MOD(1024);
                    
-SIG(ver) MOD(1024);
                    
-SHS: validation number  181
                    
-
                    
-                    		Windows Server 2003 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) #95
                    FIPS186-2:
                    
-PQG(gen)                     MOD(1024);
                    
-PQG(ver) MOD(1024);
                    
-KEYGEN(Y) MOD(1024);
                    
-SIG(gen) MOD(1024);
                    
-SHS: SHA-1 (BYTE)
                    
-SIG(ver) MOD(1024);
                    
-SHS: SHA-1 (BYTE)
                    Windows 2000 DSSENH.DLL #29
                    
-
                    Windows 2000 DSSBASE.DLL #28
                    
-
                    Windows NT 4 SP6 DSSENH.DLL #26
                    
-
                    Windows NT 4 SP6 DSSBASE.DLL #25
                    FIPS186-2: PRIME;
                    
-FIPS186-2:
                    
-
                    KEYGEN(Y):
                    
-SHS: SHA-1 (BYTE)
                    
-
                    SIG(gen):
                    
-SIG(ver)                     MOD(1024);
                    
-SHS: SHA-1 (BYTE)
                    		Windows NT 4.0 SP4 Microsoft Enhanced DSS and Diffie-Hellman Cryptographic Provider #17
                    
-
-
-#### Elliptic Curve Digital Signature Algorithm (ECDSA)
-
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    



                    Modes / States / Key SizesAlgorithm Implementation and Certificate #
                      
-
                    • ECDSA:
                      • 
-
                      • 
-
                      • 186-4:
                        • 
-
                        • 
-
                        • Key Pair Generation:
                          • 
-
                          • 
-
                          • Curves: P-256, P-384, P-521
                            • 
-
                          • Generation Methods: Extra Random Bits
                            • 
-
                          • 
-
                        • Public Key Validation:
                          • 
-
                          • 
-
                          • Curves: P-256, P-384, P-521
                            • 
-
                          • 
-
                        • Signature Generation:
                          • 
-
                          • 
-
                          • P-256 SHA: SHA-256
                            • 
-
                          • P-384 SHA: SHA-384
                            • 
-
                          • P-521 SHA: SHA-512
                            • 
-
                          • 
-
                        • Signature Verification:
                          • 
-
                          • 
-
                          • P-256 SHA: SHA-256
                            • 
-
                          • P-384 SHA: SHA-384
                            • 
-
                          • P-521 SHA: SHA-512
                            • 
-
                          • 
-
                        • 
-
                      • 
-
                    
-
                    Prerequisite: SHS #2373, DRBG #489
                    Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations #1263
                    
-
                    Version 6.3.9600
                      
-
                    • ECDSA:
                      • 
-
                      • 
-
                      • 186-4:
                        • 
-
                        • 
-
                        • Key Pair Generation:
                          • 
-
                          • 
-
                          • Curves: P-256, P-384
                            • 
-
                          • Generation Methods: Testing Candidates
                            • 
-
                          • 
-
                        • 
-
                      • 
-
                    
-
                    Prerequisite: SHS #4011, DRBG #1734
                    Microsoft Surface Hub Virtual TPM Implementations #1253
                    
-
                    Version 10.0.15063.674
                      
-
                    • ECDSA:
                      • 
-
                      • 
-
                      • 186-4:
                        • 
-
                        • 
-
                        • Key Pair Generation:
                          • 
-
                          • 
-
                          • Curves: P-256, P-384
                            • 
-
                          • Generation Methods: Testing Candidates
                            • 
-
                          • 
-
                        • 
-
                      • 
-
                    
-
                    Prerequisite: SHS #4009, DRBG #1733
                    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations #1252
                    
-
                    Version 10.0.16299
                      
-
                    • ECDSA:
                      • 
-
                      • 
-
                      • 186-4:
                        • 
-
                        • 
-
                        • Key Pair Generation:
                          • 
-
                          • 
-
                          • Curves: P-256, P-384, P-521
                            • 
-
                          • Generation Methods: Extra Random Bits
                            • 
-
                          • 
-
                        • Public Key Validation:
                          • 
-
                          • 
-
                          • Curves: P-256, P-384, P-521
                            • 
-
                          • 
-
                        • Signature Generation:
                          • 
-
                          • 
-
                          • P-256 SHA: SHA-256
                            • 
-
                          • P-384 SHA: SHA-384
                            • 
-
                          • P-521 SHA: SHA-512
                            • 
-
                          • 
-
                        • Signature Verification:
                          • 
-
                          • 
-
                          • P-256 SHA: SHA-256
                            • 
-
                          • P-384 SHA: SHA-384
                            • 
-
                          • P-521 SHA: SHA-512
                            • 
-
                          • 
-
                        • 
-
                      • 
-
                    
-
                    Prerequisite: SHS #4011, DRBG #1732
                    Microsoft Surface Hub MsBignum Cryptographic Implementations #1251
                    
-
                    Version 10.0.15063.674
                      
-
                    • ECDSA:
                      • 
-
                      • 
-
                      • 186-4:
                        • 
-
                        • 
-
                        • Key Pair Generation:
                          • 
-
                          • 
-
                          • Curves: P-256, P-384, P-521
                            • 
-
                          • Generation Methods: Extra Random Bits
                            • 
-
                          • 
-
                        • Public Key Validation:
                          • 
-
                          • 
-
                          • Curves: P-256, P-384, P-521
                            • 
-
                          • 
-
                        • Signature Generation:
                          • 
-
                          • 
-
                          • P-256 SHA: SHA-256
                            • 
-
                          • P-384 SHA: SHA-384
                            • 
-
                          • P-521 SHA: SHA-512
                            • 
-
                          • 
-
                        • Signature Verification:
                          • 
-
                          • 
-
                          • P-256 SHA: SHA-256
                            • 
-
                          • P-384 SHA: SHA-384
                            • 
-
                          • P-521 SHA: SHA-512
                            • 
-
                          • 
-
                        • 
-
                      • 
-
                    
-
                    Prerequisite: SHS #4011, DRBG #1732
                    Microsoft Surface Hub SymCrypt Cryptographic Implementations #1250
                    
-
                    Version 10.0.15063.674
                      
-
                    • ECDSA:
                      • 
-
                      • 
-
                      • 186-4:
                        • 
-
                        • 
-
                        • Key Pair Generation:
                          • 
-
                          • 
-
                          • Curves: P-256, P-384, P-521
                            • 
-
                          • Generation Methods: Extra Random Bits
                            • 
-
                          • 
-
                        • Public Key Validation:
                          • 
-
                          • 
-
                          • Curves: P-256, P-384, P-521
                            • 
-
                          • 
-
                        • Signature Generation:
                          • 
-
                          • 
-
                          • P-256 SHA: SHA-256
                            • 
-
                          • P-384 SHA: SHA-384
                            • 
-
                          • P-521 SHA: SHA-512
                            • 
-
                          • 
-
                        • Signature Verification:
                          • 
-
                          • 
-
                          • P-256 SHA: SHA-256
                            • 
-
                          • P-384 SHA: SHA-384
                            • 
-
                          • P-521 SHA: SHA-512
                            • 
-
                          • 
-
                        • 
-
                      • 
-
                    
-
                    Prerequisite: SHS #4010, DRBG #1731
                    Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #1249
                    
-
                    Version 10.0.15254
                      
-
                    • ECDSA:
                      • 
-
                      • 
-
                      • 186-4:
                        • 
-
                        • 
-
                        • Key Pair Generation:
                          • 
-
                          • 
-
                          • Curves: P-256, P-384, P-521
                            • 
-
                          • Generation Methods: Extra Random Bits
                            • 
-
                          • 
-
                        • Public Key Validation:
                          • 
-
                          • 
-
                          • Curves: P-256, P-384, P-521
                            • 
-
                          • 
-
                        • Signature Generation:
                          • 
-
                          • 
-
                          • P-256 SHA: SHA-256
                            • 
-
                          • P-384 SHA: SHA-384
                            • 
-
                          • P-521 SHA: SHA-512
                            • 
-
                          • 
-
                        • Signature Verification:
                          • 
-
                          • 
-
                          • P-256 SHA: SHA-256
                            • 
-
                          • P-384 SHA: SHA-384
                            • 
-
                          • P-521 SHA: SHA-512
                            • 
-
                          • 
-
                        • 
-
                      • 
-
                    
-
                    Prerequisite: SHS #4010, DRBG #1731
                    Windows 10 Mobile (version 1709) MsBignum Cryptographic Implementations #1248
                    
-
                    Version 10.0.15254
                      
-
                    • ECDSA:
                      • 
-
                      • 
-
                      • 186-4:
                        • 
-
                        • 
-
                        • Key Pair Generation:
                          • 
-
                          • 
-
                          • Curves: P-256, P-384, P-521
                            • 
-
                          • Generation Methods: Extra Random Bits
                            • 
-
                          • 
-
                        • Public Key Validation:
                          • 
-
                          • 
-
                          • Curves: P-256, P-384, P-521
                            • 
-
                          • 
-
                        • Signature Generation:
                          • 
-
                          • 
-
                          • P-256 SHA: SHA-256
                            • 
-
                          • P-384 SHA: SHA-384
                            • 
-
                          • P-521 SHA: SHA-512
                            • 
-
                          • 
-
                        • Signature Verification:
                          • 
-
                          • 
-
                          • P-256 SHA: SHA-256
                            • 
-
                          • P-384 SHA: SHA-384
                            • 
-
                          • P-521 SHA: SHA-512
                            • 
-
                          • 
-
                        • 
-
                      • 
-
                    
-
                    Prerequisite: SHS #4009, DRBG #1730
                    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); MsBignum Cryptographic Implementations #1247
                    
-
                    Version 10.0.16299
                      
-
                    • ECDSA:
                      • 
-
                      • 
-
                      • 186-4:
                        • 
-
                        • 
-
                        • Key Pair Generation:
                          • 
-
                          • 
-
                          • Curves: P-256, P-384, P-521
                            • 
-
                          • Generation Methods: Extra Random Bits
                            • 
-
                          • 
-
                        • Public Key Validation:
                          • 
-
                          • 
-
                          • Curves: P-256, P-384, P-521
                            • 
-
                          • 
-
                        • Signature Generation:
                          • 
-
                          • 
-
                          • P-256 SHA: SHA-256
                            • 
-
                          • P-384 SHA: SHA-384
                            • 
-
                          • P-521 SHA: SHA-512
                            • 
-
                          • 
-
                        • Signature Verification:
                          • 
-
                          • 
-
                          • P-256 SHA: SHA-256
                            • 
-
                          • P-384 SHA: SHA-384
                            • 
-
                          • P-521 SHA: SHA-512
                            • 
-
                          • 
-
                        • 
-
                      • 
-
                    
-
                    Prerequisite: SHS #4009, DRBG #1730
                    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #1246
                    
-
                    Version 10.0.16299
                    FIPS186-4:
                    
-PKG: CURVES                    (P-256 P-384 TestingCandidates)
                    
-SHS: validation number 3790
                    
-DRBG: validation number  1555
                    Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations #1136
                    
-
                    Version 10.0.15063
                    FIPS186-4:
                    
-PKG: CURVES                    (P-256 P-384 P-521 ExtraRandomBits)
                    
-PKV: CURVES(P-256 P-384 P-521)
                    
-SigGen: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)
                    
-SigVer: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512))
                    
-SHS: validation number 3790
                    
-DRBG: validation number  1555
                    Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile MsBignum Cryptographic Implementations #1135
                    
-
                    Version 10.0.15063
                    FIPS186-4:
                    
-PKG: CURVES                    (P-256 P-384 P-521 ExtraRandomBits)
                    
-PKV: CURVES(P-256 P-384 P-521)
                    
-SigGen: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)
                    
-SigVer: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512))
                    
-SHS: validation number 3790
                    
-DRBG: validation number  1555
                    Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #1133
                    
-
                    Version 10.0.15063
                    FIPS186-4:
                    
-PKG: CURVES                    (P-256 P-384 P-521 ExtraRandomBits)
                    
-PKV: CURVES(P-256 P-384 P-521)
                    
-SigGen: CURVES(P-256: (SHA-1, 256) P-384: (SHA-1, 384) P-521: (SHA-1, 512) SIG(gen) with SHA-1 affirmed for use with protocols only.
                    
-SigVer: CURVES(P-256: (SHA-1, 256) P-384: (SHA-1, 384) P-521: (SHA-1, 512))
                    
-SHS:validation number  3649
                    
-DRBG:validation number  1430
                    Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1073
                    
-
                    Version 7.00.2872
                    FIPS186-4:
                    
-PKG: CURVES                    (P-256 P-384 P-521 ExtraRandomBits)
                    
-PKV: CURVES(P-256 P-384 P-521)
                    
-SigGen: CURVES(P-256: (SHA-1, 256) P-384: (SHA-1, 384) P-521: (SHA-1, 512) SIG(gen) with SHA-1 affirmed for use with protocols only.
                    
-SigVer: CURVES(P-256: (SHA-1, 256) P-384: (SHA-1, 384) P-521: (SHA-1, 512))
                    
-SHS:validation number 3648
                    
-DRBG:validation number  1429
                    Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1072
                    
-
                    Version 8.00.6246
                    FIPS186-4:
                    
-PKG: CURVES                    (P-256 P-384 TestingCandidates)
                    
-PKV: CURVES(P-256 P-384)
                    
-SigGen: CURVES(P-256: (SHA-1, 256) P-384: (SHA-1, 256, 384) SIG(gen) with SHA-1 affirmed for use with protocols only.
                    
-SigVer: CURVES(P-256: (SHA-1, 256) P-384: (SHA-1, 256, 384))
                    
-
                    SHS: validation number  3347
                    
-DRBG: validation number  1222
                    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #920
                    
-
                    Version 10.0.14393
                    FIPS186-4:
                    
-PKG: CURVES                    (P-256 P-384 P-521 ExtraRandomBits)
                    
-PKV: CURVES(P-256 P-384 P-521)
                    
-SigGen: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)
                    
-SigVer: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512))
                    
-
                    SHS: validation number  3347
                    
-DRBG: validation number  1217
                    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update MsBignum Cryptographic Implementations #911
                    
-
                    Version 10.0.14393
                    FIPS186-4:
                    
-PKG: CURVES                    (P-256 P-384 P-521 ExtraRandomBits)
                    
-SigGen: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)
                    
-SigVer: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512))
                    
-
                    SHS: validation number  3047
                    
-DRBG: validation number  955
                    Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” MsBignum Cryptographic Implementations #760
                    
-
                    Version 10.0.10586
                    FIPS186-4:
                    
-PKG: CURVES                    (P-256 P-384 P-521 ExtraRandomBits)
                    
-SigGen: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)
                    
-SigVer: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512))
                    
-
                    SHS: validation number  2886
                    
-DRBG: validation number  868
                    Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 MsBignum Cryptographic Implementations #706
                    
-
                    Version 10.0.10240
                    FIPS186-4:
                    
-PKG: CURVES                    (P-256 P-384 P-521 ExtraRandomBits)
                    
-SigGen: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)
                    
-SigVer: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512))
                    
-
                    SHS: validation number 2373
                    
-DRBG: validation number  489
                    Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations #505
                    
-
                    Version 6.3.9600
                    FIPS186-2:
                    
-PKG: CURVES                    (P-256 P-384 P-521)
                    
-SHS: #1903
                    
-DRBG: #258
                    
-SIG(ver): CURVES(P-256 P-384 P-521)
                    
-SHS: #1903
                    
-DRBG: #258
                    
-
                    FIPS186-4:
                    
-PKG: CURVES                    (P-256 P-384 P-521 ExtraRandomBits)
                    
-SigGen: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)
                    
-SigVer: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512))
                    
-SHS: #1903
                    
-DRBG: #258
                    
-Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical ECDSA List validation number 341.
                    		Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations #341
                    FIPS186-2:
                    
-PKG: CURVES                    (P-256 P-384 P-521)
                    
-SHS: validation number 1773
                    
-DRBG: validation number  193
                    
-SIG(ver): CURVES(P-256 P-384 P-521)
                    
-SHS: validation number 1773
                    
-DRBG: validation number  193
                    
-
                    FIPS186-4:
                    
-PKG: CURVES                    (P-256 P-384 P-521 ExtraRandomBits)
                    
-SigGen: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)
                    
-SigVer: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512))
                    
-SHS: validation number 1773
                    
-DRBG: validation number  193
                    
-Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical ECDSA List validation number 295.
                    		Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll) #295
                    FIPS186-2:
                    
-PKG: CURVES                    (P-256 P-384 P-521)
                    
-SHS: validation number 1081
                    
-DRBG: validation number  23
                    
-SIG(ver): CURVES(P-256 P-384 P-521)
                    
-SHS: validation number 1081
                    
-DRBG: validation number  23
                    
-Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical ECDSA List validation number 142. See Historical ECDSA List validation number 141.
                    Windows Server 2008 R2 and SP1 CNG algorithms #142
                    
-
                    Windows 7 Ultimate and SP1 CNG algorithms #141
                    FIPS186-2:
                    
-PKG: CURVES                    (P-256 P-384 P-521)
                    
-SHS: validation number 753
                    
-SIG(ver): CURVES(P-256 P-384 P-521)
                    
-SHS: validation number 753
                    
-Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical ECDSA List validation number 83. See Historical ECDSA List validation number 82.
                    Windows Server 2008 CNG algorithms #83
                    
-
                    Windows Vista Ultimate SP1 CNG algorithms #82
                    FIPS186-2:
                    
-PKG: CURVES                    (P-256 P-384 P-521)
                    
-SHS: validation number 618
                    
-RNG: validation number  321
                    
-SIG(ver): CURVES(P-256 P-384 P-521)
                    
-SHS: validation number 618
                    
-RNG: validation number  321
                    
-Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical ECDSA List validation number 60.                    		Windows Vista CNG algorithms #60
                    
-
-
-#### Keyed-Hash Message Authentication Code (HMAC)
-
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    



                    Modes / States / Key SizesAlgorithm Implementation and Certificate #
                      
-
                    • HMAC-SHA-1:
                      • 
-
                      • 
-
                      • Key Sizes &lt; Block Size
                        • 
-
                      • Key Sizes &gt; Block Size
                        • 
-
                      • Key Sizes = Block Size
                        • 
-
                      • 
-
                    • HMAC-SHA2-256:
                      • 
-
                      • 
-
                      • Key Sizes &lt; Block Size
                        • 
-
                      • Key Sizes &gt; Block Size
                        • 
-
                      • Key Sizes = Block Size
                        • 
-
                      • 
-
                    • HMAC-SHA2-384:
                      • 
-
                      • 
-
                      • Key Sizes &lt; Block Size
                        • 
-
                      • Key Sizes &gt; Block Size
                        • 
-
                      • Key Sizes = Block Size
                        • 
-
                      • 
-
                    
-
                    Prerequisite: SHS #4011
                    Microsoft Surface Hub Virtual TPM Implementations #3271
                    
-
                    Version 10.0.15063.674
                      
-
                    • HMAC-SHA-1:
                      • 
-
                      • 
-
                      • Key Sizes &lt; Block Size
                        • 
-
                      • Key Sizes &gt; Block Size
                        • 
-
                      • Key Sizes = Block Size
                        • 
-
                      • 
-
                    • HMAC-SHA2-256:
                      • 
-
                      • 
-
                      • Key Sizes &lt; Block Size
                        • 
-
                      • Key Sizes &gt; Block Size
                        • 
-
                      • Key Sizes = Block Size
                        • 
-
                      • 
-
                    • HMAC-SHA2-384:
                      • 
-
                      • 
-
                      • Key Sizes &lt; Block Size
                        • 
-
                      • Key Sizes &gt; Block Size
                        • 
-
                      • Key Sizes = Block Size
                        • 
-
                      • 
-
                    
-
                    Prerequisite: SHS #4009
                    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations #3270
                    
-
                    Version 10.0.16299
                      
-
                    • HMAC-SHA-1:
                      • 
-
                      • 
-
                      • Key Sizes &lt; Block Size
                        • 
-
                      • Key Sizes &gt; Block Size
                        • 
-
                      • Key Sizes = Block Size
                        • 
-
                      • 
-
                    • HMAC-SHA2-256:
                      • 
-
                      • 
-
                      • Key Sizes &lt; Block Size
                        • 
-
                      • Key Sizes &gt; Block Size
                        • 
-
                      • Key Sizes = Block Size
                        • 
-
                      • 
-
                    • HMAC-SHA2-384:
                      • 
-
                      • 
-
                      • Key Sizes &lt; Block Size
                        • 
-
                      • Key Sizes &gt; Block Size
                        • 
-
                      • Key Sizes = Block Size
                        • 
-
                      • 
-
                    • HMAC-SHA2-512:
                      • 
-
                      • 
-
                      • Key Sizes &lt; Block Size
                        • 
-
                      • Key Sizes &gt; Block Size
                        • 
-
                      • Key Sizes = Block Size
                        • 
-
                      • 
-
                    
-
                    Prerequisite: SHS #4011
                    Microsoft Surface Hub SymCrypt Cryptographic Implementations #3269
                    
-
                    Version 10.0.15063.674
                      
-
                    • HMAC-SHA-1:
                      • 
-
                      • 
-
                      • Key Sizes &lt; Block Size
                        • 
-
                      • Key Sizes &gt; Block Size
                        • 
-
                      • Key Sizes = Block Size
                        • 
-
                      • 
-
                    • HMAC-SHA2-256:
                      • 
-
                      • 
-
                      • Key Sizes &lt; Block Size
                        • 
-
                      • Key Sizes &gt; Block Size
                        • 
-
                      • Key Sizes = Block Size
                        • 
-
                      • 
-
                    • HMAC-SHA2-384:
                      • 
-
                      • 
-
                      • Key Sizes &lt; Block Size
                        • 
-
                      • Key Sizes &gt; Block Size
                        • 
-
                      • Key Sizes = Block Size
                        • 
-
                      • 
-
                    • HMAC-SHA2-512:
                      • 
-
                      • 
-
                      • Key Sizes &lt; Block Size
                        • 
-
                      • Key Sizes &gt; Block Size
                        • 
-
                      • Key Sizes = Block Size
                        • 
-
                      • 
-
                    
-
                    Prerequisite: SHS #4010
                    Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #3268
                    
-
                    Version 10.0.15254
                      
-
                    • HMAC-SHA-1:
                      • 
-
                      • 
-
                      • Key Sizes &lt; Block Size
                        • 
-
                      • Key Sizes &gt; Block Size
                        • 
-
                      • Key Sizes = Block Size
                        • 
-
                      • 
-
                    • HMAC-SHA2-256:
                      • 
-
                      • 
-
                      • Key Sizes &lt; Block Size
                        • 
-
                      • Key Sizes &gt; Block Size
                        • 
-
                      • Key Sizes = Block Size
                        • 
-
                      • 
-
                    • HMAC-SHA2-384:
                      • 
-
                      • 
-
                      • Key Sizes &lt; Block Size
                        • 
-
                      • Key Sizes &gt; Block Size
                        • 
-
                      • Key Sizes = Block Size
                        • 
-
                      • 
-
                    • HMAC-SHA2-512:
                      • 
-
                      • 
-
                      • Key Sizes &lt; Block Size
                        • 
-
                      • Key Sizes &gt; Block Size
                        • 
-
                      • Key Sizes = Block Size
                        • 
-
                      • 
-
                    
-
                    Prerequisite: SHS #4009
                    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #3267
                    
-
                    Version 10.0.16299
                    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS validation number 3790
                    
-
                    HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS validation number 3790
                    
-
                    HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS validation number 3790
                    Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations #3062
                    
-
                    Version 10.0.15063
                    HMAC-SHA1(Key Sizes Ranges Tested: KSBS) SHS validation number 3790
                    
-
                    HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS validation number 3790
                    
-
                    HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS validation number 3790
                    
-
                    HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHS validation number 3790
                    Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #3061
                    
-
                    Version 10.0.15063
                    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS validation number 3652
                    
-
                    HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS validation number 3652
                    
-
                    HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS validation number 3652
                    
-
                    HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSvalidation number 3652
                    Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #2946
                    
-
                    Version 7.00.2872
                    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS validation number 3651
                    
-
                    HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS validation number 3651
                    
-
                    HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS validation number 3651
                    
-
                    HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSvalidation number 3651
                    Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #2945
                    
-
                    Version 8.00.6246
                    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS validation number  3649
                    
-
                    HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS validation number  3649
                    
-
                    HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS validation number  3649
                    
-
                    HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSvalidation number  3649
                    Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #2943
                    
-
                    Version 7.00.2872
                    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS validation number 3648
                    
-
                    HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS validation number 3648
                    
-
                    HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS validation number 3648
                    
-
                    HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSvalidation number 3648
                    Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #2942
                    
-
                    Version 8.00.6246
                    HMAC-SHA1 (Key Sizes Ranges Tested:  KSBS)
                    
-SHS validation number  3347
                    
-
                    HMAC-SHA256 (Key Size Ranges Tested:  KSBS)
                    
-SHS validation number  3347
                    
-
                    HMAC-SHA384 (Key Size Ranges Tested:  KSBS)
                    
-SHS validation number  3347
                    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #2661
                    
-
                    Version 10.0.14393
                    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS validation number  3347
                    
-
                    HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS validation number  3347
                    
-
                    HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS validation number  3347
                    
-
                    HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHS validation number  3347
                    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update SymCrypt Cryptographic Implementations #2651
                    
-
                    Version 10.0.14393
                    HMAC-SHA1 (Key Sizes Ranges Tested:  KSBS)
                    
-SHS validation number  3047
                    
-
                    HMAC-SHA256 (Key Size Ranges Tested:  KSBS)
                    
-SHS validation number  3047
                    
-
                    HMAC-SHA384 (Key Size Ranges Tested:  KSBS)
                    
-SHS validation number  3047
                    
-
                    HMAC-SHA512 (Key Size Ranges Tested:  KSBS)
                    
-SHS validation number  3047
                    Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” SymCrypt Cryptographic Implementations #2381
                    
-
                    Version 10.0.10586
                    HMAC-SHA1 (Key Sizes Ranges Tested:  KSBS)
                    
-SHSvalidation number  2886
                    
-
                    HMAC-SHA256 (Key Size Ranges Tested:  KSBS)
                    
-SHSvalidation number  2886
                    
-
                    HMAC-SHA384 (Key Size Ranges Tested:  KSBS)
                    
- SHSvalidation number  2886
                    
-
                    HMAC-SHA512 (Key Size Ranges Tested:  KSBS)
                    
-SHSvalidation number  2886
                    Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 SymCrypt Cryptographic Implementations #2233
                    
-
                    Version 10.0.10240
                    HMAC-SHA1 (Key Sizes Ranges Tested:  KSBS)
                    
-SHS validation number 2373
                    
-
                    HMAC-SHA256 (Key Size Ranges Tested:  KSBS)
                    
-SHS validation number 2373
                    
-
                    HMAC-SHA384 (Key Size Ranges Tested:  KSBS)
                    
-SHS validation number 2373
                    
-
                    HMAC-SHA512 (Key Size Ranges Tested:  KSBS)
                    
-SHS validation number 2373
                    Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 SymCrypt Cryptographic Implementations #1773
                    
-
                    Version 6.3.9600
                    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS validation number 2764
                    
-
                    HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS validation number 2764
                    
-
                    HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS validation number 2764
                    
-
                    HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHS validation number 2764
                    Windows CE and Windows Mobile, and Windows Embedded Handheld Enhanced Cryptographic Provider (RSAENH) #2122
                    
-
                    Version 5.2.29344
                    HMAC-SHA1 (Key Sizes Ranges Tested: KS#1902
                    
-
                    HMAC-SHA256 (Key Size Ranges Tested: KS#1902
                    		Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 BitLocker® Cryptographic Implementations #1347
                    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS#1902
                    
-
                    HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS#1902
                    
-
                    HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS#1902
                    
-
                    HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHS#1902
                    		Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Enhanced Cryptographic Provider (RSAENH) #1346
                    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS)
                    
-
                    SHS#1903
                    
-
                    HMAC-SHA256 (Key Size Ranges Tested: KSBS)
                    
-
                    SHS#1903
                    
-
                    HMAC-SHA384 (Key Size Ranges Tested: KSBS)
                    
-
                    SHS#1903
                    
-
                    HMAC-SHA512 (Key Size Ranges Tested: KSBS)
                    
-
                    SHS#1903
                    		Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Next Generation Symmetric Cryptographic Algorithms Implementations (SYMCRYPT) #1345
                    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSvalidation number 1773
                    
-
                    HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHSvalidation number 1773
                    
-
                    Tinker HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSvalidation number 1773
                    
-
                    HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSvalidation number 1773
                    		Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll) #1364
                    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSvalidation number 1774
                    
-
                    HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHSvalidation number 1774
                    
-
                    HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSvalidation number 1774
                    
-
                    HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSvalidation number 1774
                    		Windows Embedded Compact 7 Enhanced Cryptographic Provider (RSAENH) #1227
                    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSvalidation number 1081
                    
-
                    HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHSvalidation number 1081
                    
-
                    HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSvalidation number 1081
                    
-
                    HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSvalidation number 1081
                    Windows Server 2008 R2 and SP1 CNG algorithms #686
                    
-
                    Windows 7 and SP1 CNG algorithms #677
                    
-
                    Windows Server 2008 R2 Enhanced Cryptographic Provider (RSAENH) #687
                    
-
                    Windows 7 Enhanced Cryptographic Provider (RSAENH) #673
                    HMAC-SHA1(Key Sizes Ranges Tested: KSvalidation number 1081
                    
-
                    HMAC-SHA256 (Key Size Ranges Tested: KSvalidation number 1081
                    		Windows 7 and SP1 and Windows Server 2008 R2 and SP1 BitLocker Algorithm Implementations #675
                    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSvalidation number 816
                    
-
                    HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHSvalidation number 816
                    
-
                    HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSvalidation number 816
                    
-
                    HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSvalidation number 816
                    		Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #452
                    HMAC-SHA1 (Key Sizes Ranges Tested: KSvalidation number 753
                    
-
                    HMAC-SHA256 (Key Size Ranges Tested: KSvalidation number 753
                    		Windows Vista Ultimate SP1 and Windows Server 2008 BitLocker Algorithm Implementations #415
                    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSvalidation number 753
                    
-
                    HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHSvalidation number 753
                    
-
                    HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSvalidation number 753
                    
-
                    HMAC-SHA512 (Key Size Ranges Tested: KSBS)SHS validation number 753
                    Windows Server 2008 Enhanced Cryptographic Provider (RSAENH) #408
                    
-
                    Windows Vista Enhanced Cryptographic Provider (RSAENH) #407
                    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS)SHSvalidation number 618
                    
-
                    HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHSvalidation number 618
                    
-
                    HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSvalidation number 618
                    
-
                    HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSvalidation number 618
                    		Windows Vista Enhanced Cryptographic Provider (RSAENH) #297
                    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSvalidation number 785
                    Windows XP Professional SP3 Kernel Mode Cryptographic Module (fips.sys) #429
                    
-
                    Windows XP, vendor-affirmed
                    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSvalidation number 783
                    
-
                    HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHSvalidation number 783
                    
-
                    HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSvalidation number 783
                    
-
                    HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSvalidation number 783
                    		Windows XP Professional SP3 Enhanced Cryptographic Provider (RSAENH) #428
                    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSvalidation number 613
                    
-
                    HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHSvalidation number 613
                    
-
                    HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSvalidation number 613
                    
-
                    HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSvalidation number 613
                    		Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #289
                    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSvalidation number 610Windows Server 2003 SP2 Kernel Mode Cryptographic Module (fips.sys) #287
                    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSvalidation number 753
                    
-
                    HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHSvalidation number 753
                    
-
                    HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSvalidation number 753
                    
-
                    HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSvalidation number 753
                    Windows Server 2008 CNG algorithms #413
                    
-
                    Windows Vista Ultimate SP1 CNG algorithms #412
                    HMAC-SHA1 (Key Sizes Ranges Tested: KSvalidation number 737
                    
-
                    HMAC-SHA256 (Key Size Ranges Tested: KSvalidation number 737
                    		Windows Vista Ultimate BitLocker Drive Encryption #386
                    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSvalidation number 618
                    
-
                    HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHSvalidation number 618
                    
-
                    HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSvalidation number 618
                    
-
                    HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSvalidation number 618
                    		Windows Vista CNG algorithms #298
                    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSvalidation number 589
                    
-
                    HMAC-SHA256 (Key Size Ranges Tested: KSBS)SHSvalidation number 589
                    
-
                    HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSvalidation number 589
                    
-
                    HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSvalidation number 589
                    		Windows CE 6.0 and Windows CE 6.0 R2 and Windows Mobile Enhanced Cryptographic Provider (RSAENH) #267
                    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSvalidation number 578
                    
-
                    HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHSvalidation number 578
                    
-
                    HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSvalidation number 578
                    
-
                    HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSvalidation number 578
                    		Windows CE and Windows Mobile 6.0 and Windows Mobil 6.5 Enhanced Cryptographic Provider (RSAENH) #260
                    HMAC-SHA1 (Key Sizes Ranges Tested: KSvalidation number 495
                    
-
                    HMAC-SHA256 (Key Size Ranges Tested: KSvalidation number 495
                    		Windows Vista BitLocker Drive Encryption #199
                    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSvalidation number 364
                    Windows Server 2003 SP1 Enhanced Cryptographic Provider (RSAENH) #99
                    
-
                    Windows XP, vendor-affirmed
                    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSvalidation number 305
                    
-
                    HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHSvalidation number 305
                    
-
                    HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSvalidation number 305
                    
-
                    HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSvalidation number 305
                    		Windows CE 5.00 and Windows CE 5.01 Enhanced Cryptographic Provider (RSAENH) #31
                    
-
-
-#### Key Agreement Scheme (KAS)
-
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    



                    Modes / States / Key SizesAlgorithm Implementation and Certificate #
                      
-
                    • KAS ECC:
                      • 
-
                      • 
-
                      • Functions: Domain Parameter Generation, Domain Parameter Validation, Full Public Key Validation, Key Pair Generation, Public Key Regeneration
                        • 
-
                      • Schemes:
                        • 
-
                        • 
-
                        • Full Unified:
                          • 
-
                          • 
-
                          • Key Agreement Roles: Initiator, Responder
                            • 
-
                          • KDFs: Concatenation
                            • 
-
                          • Parameter Sets:
                            • 
-
                            • 
-
                            • EC:
                              • 
-
                              • 
-
                              • Curve: P-256
                                • 
-
                              • SHA: SHA-256
                                • 
-
                              • MAC: HMAC
                                • 
-
                              • 
-
                            • ED:
                              • 
-
                              • 
-
                              • Curve: P-384
                                • 
-
                              • SHA: SHA-384
                                • 
-
                              • MAC: HMAC
                                • 
-
                              • 
-
                            • 
-
                          • 
-
                        • 
-
                      • 
-
                    
-
                    Prerequisite: SHS #4011, ECDSA #1253, DRBG #1734
                    Microsoft Surface Hub Virtual TPM Implementations #150
                    
-
                    Version 10.0.15063.674
                      
-
                    • KAS ECC:
                      • 
-
                      • 
-
                      • Functions: Domain Parameter Generation, Domain Parameter Validation, Full Public Key Validation, Key Pair Generation, Public Key Regeneration
                        • 
-
                      • Schemes:
                        • 
-
                        • 
-
                        • Full Unified:
                          • 
-
                          • 
-
                          • Key Agreement Roles: Initiator, Responder
                            • 
-
                          • KDFs: Concatenation
                            • 
-
                          • Parameter Sets:
                            • 
-
                            • 
-
                            • EC:
                              • 
-
                              • 
-
                              • Curve: P-256
                                • 
-
                              • SHA: SHA-256
                                • 
-
                              • MAC: HMAC
                                • 
-
                              • 
-
                            • ED:
                              • 
-
                              • 
-
                              • Curve: P-384
                                • 
-
                              • SHA: SHA-384
                                • 
-
                              • MAC: HMAC
                                • 
-
                              • 
-
                            • 
-
                          • 
-
                        • 
-
                      • 
-
                    
-
                    Prerequisite: SHS #4009, ECDSA #1252, DRBG #1733
                    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations #149
                    
-
                    Version 10.0.16299
                      
-
                    • KAS ECC:
                      • 
-
                      • 
-
                      • Functions: Domain Parameter Generation, Domain Parameter Validation, Key Pair Generation, Partial Public Key Validation, Public Key Regeneration
                        • 
-
                      • Schemes:
                        • 
-
                        • 
-
                        • Ephemeral Unified:
                          • 
-
                          • 
-
                          • Key Agreement Roles: Initiator, Responder
                            • 
-
                          • KDFs: Concatenation
                            • 
-
                          • Parameter Sets:
                            • 
-
                            • 
-
                            • EC:
                              • 
-
                              • 
-
                              • Curve: P-256
                                • 
-
                              • SHA: SHA-256
                                • 
-
                              • MAC: HMAC
                                • 
-
                              • 
-
                            • ED:
                              • 
-
                              • 
-
                              • Curve: P-384
                                • 
-
                              • SHA: SHA-384
                                • 
-
                              • MAC: HMAC
                                • 
-
                              • 
-
                            • EE:
                              • 
-
                              • 
-
                              • Curve: P-521
                                • 
-
                              • SHA: SHA-512
                                • 
-
                              • MAC: HMAC
                                • 
-
                              • 
-
                            • 
-
                          • 
-
                        • One-Pass DH:
                          • 
-
                          • 
-
                          • Key Agreement Roles: Initiator, Responder
                            • 
-
                          • Parameter Sets:
                            • 
-
                            • 
-
                            • EC:
                              • 
-
                              • 
-
                              • Curve: P-256
                                • 
-
                              • SHA: SHA-256
                                • 
-
                              • MAC: HMAC
                                • 
-
                              • 
-
                            • ED:
                              • 
-
                              • 
-
                              • Curve: P-384
                                • 
-
                              • SHA: SHA-384
                                • 
-
                              • MAC: HMAC
                                • 
-
                              • 
-
                            • EE:
                              • 
-
                              • 
-
                              • Curve: P-521
                                • 
-
                              • SHA: SHA-512
                                • 
-
                              • MAC: HMAC
                                • 
-
                              • 
-
                            • 
-
                          • 
-
                        • Static Unified:
                          • 
-
                          • 
-
                          • Key Agreement Roles: Initiator, Responder
                            • 
-
                          • Parameter Sets:
                            • 
-
                            • 
-
                            • EC:
                              • 
-
                              • 
-
                              • Curve: P-256
                                • 
-
                              • SHA: SHA-256
                                • 
-
                              • MAC: HMAC
                                • 
-
                              • 
-
                            • ED:
                              • 
-
                              • 
-
                              • Curve: P-384
                                • 
-
                              • SHA: SHA-384
                                • 
-
                              • MAC: HMAC
                                • 
-
                              • 
-
                            • EE:
                              • 
-
                              • 
-
                              • Curve: P-521
                                • 
-
                              • SHA: SHA-512
                                • 
-
                              • MAC: HMAC
                                • 
-
                              • 
-
                            • 
-
                          • 
-
                        • 
-
                      • 
-
                    
-
                    Prerequisite: SHS #4011, ECDSA #1250, DRBG #1732
                    
-
                      
-
                    • KAS FFC:
                      • 
-
                      • 
-
                      • Functions: Domain Parameter Generation, Domain Parameter Validation, Key Pair Generation, Partial Public Key Validation
                        • 
-
                      • Schemes:
                        • 
-
                        • 
-
                        • dhEphem:
                          • 
-
                          • 
-
                          • Key Agreement Roles: Initiator, Responder
                            • 
-
                          • Parameter Sets:
                            • 
-
                            • 
-
                            • FB:
                              • 
-
                              • 
-
                              • SHA: SHA-256
                                • 
-
                              • MAC: HMAC
                                • 
-
                              • 
-
                            • FC:
                              • 
-
                              • 
-
                              • SHA: SHA-256
                                • 
-
                              • MAC: HMAC
                                • 
-
                              • 
-
                            • 
-
                          • 
-
                        • dhOneFlow:
                          • 
-
                          • 
-
                          • Key Agreement Roles: Initiator, Responder
                            • 
-
                          • Parameter Sets:
                            • 
-
                            • 
-
                            • FB:
                              • 
-
                              • 
-
                              • SHA: SHA-256
                                • 
-
                              • MAC: HMAC
                                • 
-
                              • 
-
                            • FC:
                              • 
-
                              • 
-
                              • SHA: SHA-256
                                • 
-
                              • MAC: HMAC
                                • 
-
                              • 
-
                            • 
-
                          • 
-
                        • dhStatic:
                          • 
-
                          • 
-
                          • Key Agreement Roles: Initiator, Responder
                            • 
-
                          • Parameter Sets:
                            • 
-
                            • 
-
                            • FB:
                              • 
-
                              • 
-
                              • SHA: SHA-256
                                • 
-
                              • MAC: HMAC
                                • 
-
                              • 
-
                            • FC:
                              • 
-
                              • 
-
                              • SHA: SHA-256
                                • 
-
                              • MAC: HMAC
                                • 
-
                              • 
-
                            • 
-
                          • 
-
                        • 
-
                      • 
-
                    
-
                    Prerequisite: SHS #4011, DSA #1303, DRBG #1732
                    Microsoft Surface Hub SymCrypt Cryptographic Implementations #148
                    
-
                    Version 10.0.15063.674
                      
-
                    • KAS ECC:
                      • 
-
                      • 
-
                      • Functions: Domain Parameter Generation, Domain Parameter Validation, Key Pair Generation, Partial Public Key Validation, Public Key Regeneration
                        • 
-
                      • Schemes:
                        • 
-
                        • 
-
                        • Ephemeral Unified:
                          • 
-
                          • 
-
                          • Key Agreement Roles: Initiator, Responder
                            • 
-
                          • KDFs: Concatenation
                            • 
-
                          • Parameter Sets:
                            • 
-
                            • 
-
                            • EC:
                              • 
-
                              • 
-
                              • Curve: P-256
                                • 
-
                              • SHA: SHA-256
                                • 
-
                              • MAC: HMAC
                                • 
-
                              • 
-
                            • ED:
                              • 
-
                              • 
-
                              • Curve: P-384
                                • 
-
                              • SHA: SHA-384
                                • 
-
                              • MAC: HMAC
                                • 
-
                              • 
-
                            • EE:
                              • 
-
                              • 
-
                              • Curve: P-521
                                • 
-
                              • SHA: SHA-512
                                • 
-
                              • MAC: HMAC
                                • 
-
                              • 
-
                            • 
-
                          • 
-
                        • One-Pass DH:
                          • 
-
                          • 
-
                          • Key Agreement Roles: Initiator, Responder
                            • 
-
                          • Parameter Sets:
                            • 
-
                            • 
-
                            • EC:
                              • 
-
                              • 
-
                              • Curve: P-256
                                • 
-
                              • SHA: SHA-256
                                • 
-
                              • MAC: HMAC
                                • 
-
                              • 
-
                            • ED:
                              • 
-
                              • 
-
                              • Curve: P-384
                                • 
-
                              • SHA: SHA-384
                                • 
-
                              • MAC: HMAC
                                • 
-
                              • 
-
                            • EE:
                              • 
-
                              • 
-
                              • Curve: P-521
                                • 
-
                              • SHA: SHA-512
                                • 
-
                              • MAC: HMAC
                                • 
-
                              • 
-
                            • 
-
                          • 
-
                        • Static Unified:
                          • 
-
                          • 
-
                          • Key Agreement Roles: Initiator, Responder
                            • 
-
                          • Parameter Sets:
                            • 
-
                            • 
-
                            • EC:
                              • 
-
                              • 
-
                              • Curve: P-256
                                • 
-
                              • SHA: SHA-256
                                • 
-
                              • MAC: HMAC
                                • 
-
                              • 
-
                            • ED:
                              • 
-
                              • 
-
                              • Curve: P-384
                                • 
-
                              • SHA: SHA-384
                                • 
-
                              • MAC: HMAC
                                • 
-
                              • 
-
                            • EE:
                              • 
-
                              • 
-
                              • Curve: P-521
                                • 
-
                              • SHA: SHA-512
                                • 
-
                              • MAC: HMAC
                                • 
-
                              • 
-
                            • 
-
                          • 
-
                        • 
-
                      • 
-
                    
-
                    Prerequisite: SHS #4010, ECDSA #1249, DRBG #1731
                    
-
                      
-
                    • KAS FFC:
                      • 
-
                      • 
-
                      • Functions: Domain Parameter Generation, Domain Parameter Validation, Key Pair Generation, Partial Public Key Validation
                        • 
-
                      • Schemes:
                        • 
-
                        • 
-
                        • dhEphem:
                          • 
-
                          • 
-
                          • Key Agreement Roles: Initiator, Responder
                            • 
-
                          • Parameter Sets:
                            • 
-
                            • 
-
                            • FB:
                              • 
-
                              • 
-
                              • SHA: SHA-256
                                • 
-
                              • MAC: HMAC
                                • 
-
                              • 
-
                            • FC:
                              • 
-
                              • 
-
                              • SHA: SHA-256
                                • 
-
                              • MAC: HMAC
                                • 
-
                              • 
-
                            • 
-
                          • 
-
                        • dhOneFlow:
                          • 
-
                          • 
-
                          • Key Agreement Roles: Initiator, Responder
                            • 
-
                          • Parameter Sets:
                            • 
-
                            • 
-
                            • FB:
                              • 
-
                              • 
-
                              • SHA: SHA-256
                                • 
-
                              • MAC: HMAC
                                • 
-
                              • 
-
                            • FC:
                              • 
-
                              • 
-
                              • SHA: SHA-256
                                • 
-
                              • MAC: HMAC
                                • 
-
                              • 
-
                            • 
-
                          • 
-
                        • dhStatic:
                          • 
-
                          • 
-
                          • Key Agreement Roles: Initiator, Responder
                            • 
-
                          • Parameter Sets:
                            • 
-
                            • 
-
                            • FB:
                              • 
-
                              • 
-
                              • SHA: SHA-256
                                • 
-
                              • MAC: HMAC
                                • 
-
                              • 
-
                            • FC:
                              • 
-
                              • 
-
                              • SHA: SHA-256
                                • 
-
                              • MAC: HMAC
                                • 
-
                              • 
-
                            • 
-
                          • 
-
                        • 
-
                      • 
-
                    
-
                    Prerequisite: SHS #4010, DSA #1302, DRBG #1731
                    Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #147
                    
-
                    Version 10.0.15254
                      
-
                    • KAS ECC:
                      • 
-
                      • 
-
                      • Functions: Domain Parameter Generation, Domain Parameter Validation, Key Pair Generation, Partial Public Key Validation, Public Key Regeneration
                        • 
-
                      • Schemes:
                        • 
-
                        • 
-
                        • Ephemeral Unified:
                          • 
-
                          • 
-
                          • Key Agreement Roles: Initiator, Responder
                            • 
-
                          • KDFs: Concatenation
                            • 
-
                          • Parameter Sets:
                            • 
-
                            • 
-
                            • EC:
                              • 
-
                              • 
-
                              • Curve: P-256
                                • 
-
                              • SHA: SHA-256
                                • 
-
                              • MAC: HMAC
                                • 
-
                              • 
-
                            • ED:
                              • 
-
                              • 
-
                              • Curve: P-384
                                • 
-
                              • SHA: SHA-384
                                • 
-
                              • MAC: HMAC
                                • 
-
                              • 
-
                            • EE:
                              • 
-
                              • 
-
                              • Curve: P-521
                                • 
-
                              • SHA: SHA-512
                                • 
-
                              • MAC: HMAC
                                • 
-
                              • 
-
                            • 
-
                          • 
-
                        • One-Pass DH:
                          • 
-
                          • 
-
                          • Key Agreement Roles: Initiator, Responder
                            • 
-
                          • Parameter Sets:
                            • 
-
                            • 
-
                            • EC:
                              • 
-
                              • 
-
                              • Curve: P-256
                                • 
-
                              • SHA: SHA-256
                                • 
-
                              • MAC: HMAC
                                • 
-
                              • 
-
                            • ED:
                              • 
-
                              • 
-
                              • Curve: P-384
                                • 
-
                              • SHA: SHA-384
                                • 
-
                              • MAC: HMAC
                                • 
-
                              • 
-
                            • EE:
                              • 
-
                              • 
-
                              • Curve: P-521
                                • 
-
                              • SHA: SHA-512
                                • 
-
                              • MAC: HMAC
                                • 
-
                              • 
-
                            • 
-
                          • 
-
                        • Static Unified:
                          • 
-
                          • 
-
                          • Key Agreement Roles: Initiator, Responder
                            • 
-
                          • Parameter Sets:
                            • 
-
                            • 
-
                            • EC:
                              • 
-
                              • 
-
                              • Curve: P-256
                                • 
-
                              • SHA: SHA-256
                                • 
-
                              • MAC: HMAC
                                • 
-
                              • 
-
                            • ED:
                              • 
-
                              • 
-
                              • Curve: P-384
                                • 
-
                              • SHA: SHA-384
                                • 
-
                              • MAC: HMAC
                                • 
-
                              • 
-
                            • EE:
                              • 
-
                              • 
-
                              • Curve: P-521
                                • 
-
                              • SHA: SHA-512
                                • 
-
                              • MAC: HMAC
                                • 
-
                              • 
-
                            • 
-
                          • 
-
                        • 
-
                      • 
-
                    
-
                    Prerequisite: SHS #4009, ECDSA #1246, DRBG #1730
                    
-
                      
-
                    • KAS FFC:
                      • 
-
                      • 
-
                      • Functions: Domain Parameter Generation, Domain Parameter Validation, Key Pair Generation, Partial Public Key Validation
                        • 
-
                      • Schemes:
                        • 
-
                        • 
-
                        • dhEphem:
                          • 
-
                          • 
-
                          • Key Agreement Roles: Initiator, Responder
                            • 
-
                          • Parameter Sets:
                            • 
-
                            • 
-
                            • FB:
                              • 
-
                              • 
-
                              • SHA: SHA-256
                                • 
-
                              • MAC: HMAC
                                • 
-
                              • 
-
                            • FC:
                              • 
-
                              • 
-
                              • SHA: SHA-256
                                • 
-
                              • MAC: HMAC
                                • 
-
                              • 
-
                            • 
-
                          • 
-
                        • dhOneFlow:
                          • 
-
                          • 
-
                          • Key Agreement Roles: Initiator, Responder
                            • 
-
                          • Parameter Sets:
                            • 
-
                            • 
-
                            • FB:
                              • 
-
                              • 
-
                              • SHA: SHA-256
                                • 
-
                              • MAC: HMAC
                                • 
-
                              • 
-
                            • FC:
                              • 
-
                              • 
-
                              • SHA: SHA-256
                                • 
-
                              • MAC: HMAC
                                • 
-
                              • 
-
                            • 
-
                          • 
-
                        • dhStatic:
                          • 
-
                          • 
-
                          • Key Agreement Roles: Initiator, Responder
                            • 
-
                          • Parameter Sets:
                            • 
-
                            • 
-
                            • FB:
                              • 
-
                              • 
-
                              • SHA: SHA-256
                                • 
-
                              • MAC: HMAC
                                • 
-
                              • 
-
                            • FC:
                              • 
-
                              • 
-
                              • SHA: SHA-256
                                • 
-
                              • MAC: HMAC
                                • 
-
                              • 
-
                            • 
-
                          • 
-
                        • 
-
                      • 
-
                    
-
                    Prerequisite: SHS #4009, DSA #1301, DRBG #1730
                    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #146
                    
-
                    Version 10.0.16299
                    ECC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Full Validation   Key Regeneration) SCHEMES [FullUnified (EC: P-256   SHA256   HMAC) (ED: P-384   SHA384   HMAC)]
                    
-
                    SHS validation number 3790
                    
-DSA validation number 1135
                    
-DRBG validation number 1556
                    Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations #128
                    
-
                    Version 10.0.15063
                    FFC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation) SCHEMES [dhEphem (KARole(s): Initiator / Responder)
                    
-(FB: SHA256) (FC: SHA256)]
                    
-[dhOneFlow (FB: SHA256) (FC: SHA256)] [dhStatic (No_KC &lt; KARole(s): Initiator / Responder&gt;) (FB: SHA256 HMAC) (FC: SHA256   HMAC)]
                    
-SHS validation number 3790
                    
-DSA validation number 1223
                    
-DRBG validation number 1555
                    
-
                    ECC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation) SCHEMES [EphemeralUnified (No_KC &lt; KARole(s): Initiator / Responder&gt;) (EC: P-256   SHA256   HMAC) (ED: P-384   SHA384   HMAC) (EE: P-521 HMAC (SHA512, HMAC_SHA512)))]
                    
-[OnePassDH (No_KC &lt; KARole(s): Initiator / Responder&gt;) (EC: P-256   SHA256   HMAC) (ED: P-384   SHA384   HMAC) (EE: P-521   HMAC (SHA512, HMAC_SHA512))]
                    
-[StaticUnified (No_KC &lt; KARole(s): Initiator / Responder&gt;) (EC: P-256   SHA256   HMAC) (ED: P-384   SHA384   HMAC) (EE: P-521   HMAC (SHA512, HMAC_SHA512))]
                    
-
                    
-SHS validation number 3790
                    
-ECDSA validation number 1133
                    
-DRBG validation number 1555
                    Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #127
                    
-
                    Version 10.0.15063
                    FFC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation) SCHEMES [dhEphem (KARole(s): Initiator / Responder)
                    
-(FB: SHA256) (FC: SHA256)]
                    
-[dhOneFlow (KARole(s): Initiator / Responder) (FB: SHA256) (FC: SHA256)] [dhStatic (No_KC &lt; KARole(s): Initiator / Responder&gt;) (FB: SHA256 HMAC) (FC: SHA256   HMAC)]
                    
-SHS validation number  3649
                    
-DSA validation number 1188
                    
-DRBG validation number 1430
                    
-
                    ECC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation   Key Regeneration) SCHEMES [EphemeralUnified (No_KC &lt; KARole(s): Initiator / Responder&gt;) (EC: P-256   SHA256   HMAC) (ED: P-384   SHA384   HMAC) (EE: P-521 HMAC (SHA512, HMAC_SHA512)))]
                    
-[OnePassDH (No_KC &lt; KARole(s): Initiator / Responder&gt;) (EC: P-256   SHA256   HMAC) (ED: P-384   SHA384   HMAC) (EE: P-521   HMAC (SHA512, HMAC_SHA512))]
                    
-[StaticUnified (No_KC &lt; KARole(s): Initiator / Responder&gt;) (EC: P-256   SHA256   HMAC) (ED: P-384   SHA384   HMAC) (EE: P-521   HMAC (SHA512, HMAC_SHA512))]
                    Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #115
                    
-
                    Version 7.00.2872
                    FFC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation) SCHEMES [dhEphem (KARole(s): Initiator / Responder)
                    
-(FB: SHA256) (FC: SHA256)]
                    
-[dhHybridOneFlow (No_KC &lt; KARole(s): Initiator / Responder&gt;) (FB:SHA256 HMAC) (FC: SHA256   HMAC)]
                    
-[dhStatic (No_KC &lt; KARole(s): Initiator / Responder&gt;) (FB:SHA256 HMAC) (FC: SHA256   HMAC)]
                    
-SHS validation number 3648
                    
-DSA validation number 1187
                    
-DRBG validation number 1429
                    
-
                    ECC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation   Key Regeneration) SCHEMES [EphemeralUnified (No_KC) (EC: P-256   SHA256   HMAC) (ED: P-384   SHA384   HMAC) (EE: P-521 HMAC (SHA512, HMAC_SHA512)))]
                    
-[OnePassDH (No_KC &lt; KARole(s): Initiator / Responder&gt;) (EC: P-256   SHA256   HMAC) (ED: P-384   SHA384   HMAC) (EE: P-521   HMAC (SHA512, HMAC_SHA512))]
                    
-[StaticUnified (No_KC &lt; KARole(s): Initiator / Responder&gt;) (EC: P-256   SHA256   HMAC) (ED: P-384   SHA384   HMAC) (EE: P-521   HMAC (SHA512, HMAC_SHA512))]
                    
-
                    
-SHS validation number 3648
                    
-ECDSA validation number 1072
                    
-DRBG validation number 1429
                    Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #114
                    
-
                    Version 8.00.6246
                    ECC:  (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Full Validation   Key Regeneration)
                    
-SCHEMES  [FullUnified  (No_KC  &lt; KARole(s): Initiator / Responder &gt; &lt; KDF: CONCAT &gt;) (EC:  P-256   SHA256   HMAC) (ED:  P-384   SHA384   HMAC)]
                    
-
                    SHS validation number  3347 ECDSA validation number 920 DRBG validation number 1222
                    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #93
                    
-
                    Version 10.0.14393
                    FFC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation)
                    
-SCHEMES  [dhEphem  (KARole(s): Initiator / Responder)
                    
-(FB: SHA256) (FC: SHA256)]
                    
-[dhOneFlow (KARole(s): Initiator / Responder) (FB:  SHA256) (FC:  SHA256)] [dhStatic (No_KC  &lt; KARole(s): Initiator / Responder &gt;) (FB:  SHA256 HMAC) (FC:  SHA256   HMAC)]
                    
-
                    SHS validation number  3347 DSA validation number 1098 DRBG validation number 1217
                    
-
                    ECC:  (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation   Key Regeneration) SCHEMES  [EphemeralUnified (No_KC  &lt; KARole(s): Initiator / Responder &gt;) (EC:  P-256   SHA256   HMAC) (ED:  P-384   SHA384   HMAC) (EE:  P-521 HMAC (SHA512, HMAC_SHA512)))]
                    
-[OnePassDH  (No_KC  &lt; KARole(s): Initiator / Responder &gt;) (EC:  P-256   SHA256   HMAC) (ED:  P-384   SHA384   HMAC) (EE:  P-521   HMAC (SHA512, HMAC_SHA512))]
                    
-[StaticUnified (No_KC  &lt; KARole(s): Initiator / Responder &gt;) (EC:  P-256   SHA256   HMAC) (ED:  P-384   SHA384   HMAC) (EE:  P-521   HMAC (SHA512, HMAC_SHA512))]
                    
-
                    SHS validation number  3347 DSA validation number 1098 ECDSA validation number 911 DRBG validation number 1217 HMAC validation number 2651
                    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update Cryptography Next Generation (CNG) Implementations #92
                    
-
                    Version 10.0.14393
                    FFC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation) SCHEMES  [dhEphem  (KARole(s): Initiator / Responder)
                    
-(FB: SHA256) (FC: SHA256)]
                    
-[dhOneFlow (KARole(s): Initiator / Responder) (FB:  SHA256) (FC:  SHA256)] [dhStatic (No_KC  &lt; KARole(s): Initiator / Responder &gt;) (FB:  SHA256 HMAC) (FC:  SHA256   HMAC)]
                    
-
                    SHS validation number  3047 DSA validation number 1024 DRBG validation number 955
                    
-
                    ECC:  (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation   Key Regeneration) SCHEMES  [EphemeralUnified (No_KC  &lt; KARole(s): Initiator / Responder &gt;) (EC:  P-256   SHA256   HMAC) (ED:  P-384   SHA384   HMAC) (EE:  P-521 HMAC (SHA512, HMAC_SHA512)))]
                    
-[OnePassDH  (No_KC  &lt; KARole(s): Initiator / Responder &gt;) (EC:  P-256   SHA256   HMAC) (ED:  P-384   SHA384   HMAC) (EE:  P-521   HMAC (SHA512, HMAC_SHA512))]
                    
-[StaticUnified (No_KC  &lt; KARole(s): Initiator / Responder &gt;) (EC:  P-256   SHA256   HMAC) (ED:  P-384   SHA384   HMAC) (EE:  P-521   HMAC (SHA512, HMAC_SHA512))]
                    
-
                    SHS validation number  3047 ECDSA validation number 760 DRBG validation number 955
                    Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub Cryptography Next Generation (CNG) Implementations #72
                    
-
                    Version 10.0.10586
                    FFC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation) SCHEMES  [dhEphem  (KARole(s): Initiator / Responder)
                    
-(FB: SHA256) (FC: SHA256)]
                    
-[dhOneFlow (KARole(s): Initiator / Responder) (FB:  SHA256) (FC:  SHA256)] [dhStatic (No_KC  &lt; KARole(s): Initiator / Responder &gt;) (FB:  SHA256 HMAC) (FC:  SHA256   HMAC)]
                    
-
                    SHS validation number  2886 DSA validation number 983 DRBG validation number 868
                    
-
                    ECC:  (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation   Key Regeneration) SCHEMES  [EphemeralUnified (No_KC  &lt; KARole(s): Initiator / Responder &gt;) (EC:  P-256   SHA256   HMAC) (ED:  P-384   SHA384   HMAC) (EE:  P-521 HMAC (SHA512, HMAC_SHA512)))]
                    
-[OnePassDH  (No_KC  &lt; KARole(s): Initiator / Responder &gt;) (EC:  P-256   SHA256   HMAC) (ED:  P-384   SHA384   HMAC) (EE:  P-521   HMAC (SHA512, HMAC_SHA512))]
                    
-[StaticUnified (No_KC  &lt; KARole(s): Initiator / Responder &gt;) (EC:  P-256   SHA256   HMAC) (ED:  P-384   SHA384   HMAC) (EE:  P-521   HMAC (SHA512, HMAC_SHA512))]
                    
-
                    SHS validation number  2886 ECDSA validation number 706 DRBG validation number 868
                    Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 Cryptography Next Generation (CNG) Implementations #64
                    
-
                    Version 10.0.10240
                    FFC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation) SCHEMES  [dhEphem  (KARole(s): Initiator / Responder)
                    
-(FB: SHA256) (FC: SHA256)]
                    
-[dhOneFlow (KARole(s): Initiator / Responder) (FB:  SHA256) (FC:  SHA256)] [dhStatic (No_KC  &lt; KARole(s): Initiator / Responder &gt;) (FB:  SHA256 HMAC) (FC:  SHA256   HMAC)]
                    
-
                    SHS validation number 2373 DSA validation number 855 DRBG validation number 489
                    
-
                    ECC:  (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation   Key Regeneration) SCHEMES  [EphemeralUnified (No_KC  &lt; KARole(s): Initiator / Responder &gt;) (EC:  P-256   SHA256   HMAC) (ED:  P-384   SHA384   HMAC) (EE:  P-521 HMAC (SHA512, HMAC_SHA512)))]
                    
-[OnePassDH  (No_KC  &lt; KARole(s): Initiator / Responder &gt;) (EC:  P-256   SHA256   HMAC) (ED:  P-384   SHA384   HMAC) (EE:  P-521   HMAC (SHA512, HMAC_SHA512))]
                    
-[StaticUnified (No_KC  &lt; KARole(s): Initiator / Responder &gt;) (EC:  P-256   SHA256   HMAC) (ED:  P-384   SHA384   HMAC) (EE:  P-521   HMAC (SHA512, HMAC_SHA512))]
                    
-
                    SHS validation number 2373 ECDSA validation number 505 DRBG validation number 489
                    Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 Cryptography Next Generation Cryptographic Implementations #47
                    
-
                    Version 6.3.9600
                    FFC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Partial Validation) SCHEMES [dhEphem (KARole(s): Initiator / Responder)
                    
-(FA: SHA256) (FB: SHA256) (FC: SHA256)]
                    
-[dhOneFlow (KARole(s): Initiator / Responder) (FA: SHA256) (FB: SHA256) (FC: SHA256)]
                    
-[dhStatic (No_KC &lt; KARole(s): Initiator / Responder&gt;) (FA: SHA256 HMAC) (FB: SHA256 HMAC) (FC: SHA256 HMAC)]
                    
-SHS #1903 DSA validation number 687 DRBG #258
                    
-
                    ECC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Partial Validation Key Regeneration) SCHEMES [EphemeralUnified (No_KC &lt; KARole(s): Initiator / Responder&gt;) (EC: P-256 SHA256 HMAC) (ED: P-384 SHA384 HMAC) (EE: P-521 HMAC (SHA512, HMAC_SHA512)))]
                    
-[OnePassDH(No_KC &lt; KARole(s): Initiator / Responder&gt;) (EC: P-256 SHA256) (ED: P-384 SHA384) (EE: P-521 (SHA512, HMAC_SHA512)))]
                    
-[StaticUnified (No_KC &lt; KARole(s): Initiator / Responder&gt;) (EC: P-256 SHA256 HMAC) (ED: P-384 SHA384 HMAC) (EE: P-521 HMAC (SHA512, HMAC_SHA512))]
                    
-
                    
-SHS #1903 ECDSA validation number 341 DRBG #258
                    		Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations #36
                    KAS (SP 800–56A)
                    
-
                    key agreement
                    
-
                    key establishment methodology provides 80 bits to 256 bits of encryption strength
                    Windows 7 and SP1, vendor-affirmed
                    
-
                    Windows Server 2008 R2 and SP1, vendor-affirmed
                    
-
-
-SP 800-108 Key-Based Key Derivation Functions (KBKDF)
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    Modes / States / Key SizesAlgorithm Implementation and Certificate #
                      
-
                    • Counter:
                      • 
-
                      • 
-
                      • MACs: HMAC-SHA-1, HMAC-SHA-256, HMAC-SHA-384
                        • 
-
                      • 
-
                    
-
                    MAC prerequisite: HMAC #3271
                    
-
                    
-
                      
-
                    • Counter Location: Before Fixed Data
                      • 
-
                    • R Length: 32 (bits)
                      • 
-
                    • SPs used to generate K: SP 800-56A, SP 800-90A
                      • 
-
                    
-
                    
-
                    K prerequisite: DRBG #1734, KAS #150
                    Microsoft Surface Hub Virtual TPM Implementations #161
                    
-
                    Version 10.0.15063.674
                      
-
                    • Counter:
                      • 
-
                      • 
-
                      • MACs: HMAC-SHA-1, HMAC-SHA-256, HMAC-SHA-384
                        • 
-
                      • 
-
                    
-
                    MAC prerequisite: HMAC #3270
                    
-
                    
-
                      
-
                    • Counter Location: Before Fixed Data
                      • 
-
                    • R Length: 32 (bits)
                      • 
-
                    • SPs used to generate K: SP 800-56A, SP 800-90A
                      • 
-
                    
-
                    
-
                    K prerequisite: DRBG #1733, KAS #149
                    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations #160
                    
-
                    Version 10.0.16299
                      
-
                    • Counter:
                      • 
-
                      • 
-
                      • MACs: CMAC-AES-128, CMAC-AES-192, CMAC-AES-256, HMAC-SHA-1, HMAC-SHA-256, HMAC-SHA-384, HMAC-SHA-512
                        • 
-
                      • 
-
                    
-
                    MAC prerequisite: AES #4902, HMAC #3269
                    
-
                    
-
                      
-
                    • Counter Location: Before Fixed Data
                      • 
-
                    • R Length: 32 (bits)
                      • 
-
                    • SPs used to generate K: SP 800-56A, SP 800-90A
                      • 
-
                    • K prerequisite: KAS #148
                      • 
-
                    
-
                    Microsoft Surface Hub Cryptography Next Generation (CNG) Implementations #159
                    
-
                    Version 10.0.15063.674
                      
-
                    • Counter:
                      • 
-
                      • 
-
                      • MACs: CMAC-AES-128, CMAC-AES-192, CMAC-AES-256, HMAC-SHA-1, HMAC-SHA-256, HMAC-SHA-384, HMAC-SHA-512
                        • 
-
                      • 
-
                    
-
                    MAC prerequisite: AES #4901, HMAC #3268
                    
-
                    
-
                      
-
                    • Counter Location: Before Fixed Data
                      • 
-
                    • R Length: 32 (bits)
                      • 
-
                    • SPs used to generate K: SP 800-56A, SP 800-90A
                      • 
-
                    
-
                    
-
                    K prerequisite: KAS #147
                    Windows 10 Mobile (version 1709) Cryptography Next Generation (CNG) Implementations #158
                    
-
                    Version 10.0.15254
                      
-
                    • Counter:
                      • 
-
                      • 
-
                      • MACs: CMAC-AES-128, CMAC-AES-192, CMAC-AES-256, HMAC-SHA-1, HMAC-SHA-256, HMAC-SHA-384, HMAC-SHA-512
                        • 
-
                      • 
-
                    
-
                    MAC prerequisite: AES #4897, HMAC #3267
                    
-
                    
-
                      
-
                    • Counter Location: Before Fixed Data
                      • 
-
                    • R Length: 32 (bits)
                      • 
-
                    • SPs used to generate K: SP 800-56A, SP 800-90A
                      • 
-
                    
-
                    
-
                    K prerequisite: KAS #146
                    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); Cryptography Next Generation (CNG) Implementations #157
                    
-
                    Version 10.0.16299
                    CTR_Mode: (Llength(Min0 Max0) MACSupported([HMACSHA1] [HMACSHA256] [HMACSHA384]) LocationCounter([BeforeFixedData]) rlength([32]))
                    
-
                    
-KAS validation number 128
                    
-DRBG validation number 1556
                    
-MAC validation number 3062
                    Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations #141
                    
-
                    Version 10.0.15063
                    CTR_Mode: (Llength(Min20 Max64) MACSupported([CMACAES128] [CMACAES192] [CMACAES256] [HMACSHA1] [HMACSHA256] [HMACSHA384] [HMACSHA512]) LocationCounter([BeforeFixedData]) rlength([32]))
                    
-
                    
-KAS validation number 127
                    
-AES validation number 4624
                    
-DRBG validation number 1555
                    
-MAC validation number 3061
                    Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile Cryptography Next Generation (CNG) Implementations #140
                    
-
                    Version 10.0.15063
                    CTR_Mode:  (Llength(Min20 Max64) MACSupported([HMACSHA1] [HMACSHA256] [HMACSHA384]) LocationCounter([BeforeFixedData]) rlength([32]))
                    
-
                    KAS validation number 93 DRBG validation number 1222 MAC validation number 2661
                    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #102
                    
-
                    Version 10.0.14393
                    CTR_Mode:  (Llength(Min20 Max64) MACSupported([CMACAES128] [CMACAES192] [CMACAES256] [HMACSHA1] [HMACSHA256] [HMACSHA384] [HMACSHA512]) LocationCounter([BeforeFixedData]) rlength([32]))
                    
-
                    KAS validation number 92 AES validation number 4064 DRBG validation number 1217 MAC validation number 2651
                    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update Cryptography Next Generation (CNG) Implementations #101
                    
-
                    Version 10.0.14393
                    CTR_Mode:  (Llength(Min20 Max64) MACSupported([CMACAES128] [CMACAES192] [CMACAES256] [HMACSHA1] [HMACSHA256] [HMACSHA384] [HMACSHA512]) LocationCounter([BeforeFixedData]) rlength([32]))
                    
-
                    KAS validation number 72 AES validation number 3629 DRBG validation number 955 MAC validation number 2381
                    Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” Cryptography Next Generation (CNG) Implementations #72
                    
-
                    Version 10.0.10586
                    CTR_Mode:  (Llength(Min20 Max64) MACSupported([CMACAES128] [CMACAES192] [CMACAES256] [HMACSHA1] [HMACSHA256] [HMACSHA384] [HMACSHA512]) LocationCounter([BeforeFixedData]) rlength([32]))
                    
-
                    KAS validation number 64 AES validation number 3497 RBG validation number 868 MAC validation number 2233
                    Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 Cryptography Next Generation (CNG) Implementations #66
                    
-
                    Version 10.0.10240
                    CTR_Mode:  (Llength(Min0 Max0) MACSupported([HMACSHA1] [HMACSHA256] [HMACSHA512]) LocationCounter([BeforeFixedData]) rlength([32]))
                    
-
                    DRBG validation number 489 MAC validation number 1773
                    Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 Cryptography Next Generation Cryptographic Implementations #30
                    
-
                    Version 6.3.9600
                    CTR_Mode: (Llength(Min0 Max4) MACSupported([HMACSHA1] [HMACSHA256] [HMACSHA512]) LocationCounter([BeforeFixedData]) rlength([32]))
                    
-
                    DRBG #258 HMAC validation number 1345
                    		Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations #3
                    
-
-
-Random Number Generator (RNG)
-
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    



                    Modes / States / Key SizesAlgorithm Implementation and Certificate #
                    FIPS 186-2 General Purpose
                    
-
                    [(x-Original); (SHA-1)]
                    		Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations #1110
                    FIPS 186-2
                    
-[(x-Original); (SHA-1)]
                    Windows Embedded Compact 7 Enhanced Cryptographic Provider (RSAENH) #1060
                    
-
                    Windows CE 6.0 and Windows CE 6.0 R2 and Windows Mobile Enhanced Cryptographic Provider (RSAENH) #292
                    
-
                    Windows CE and Windows Mobile 6.0 and Windows Mobile 6.5 Enhanced Cryptographic Provider (RSAENH) #286
                    
-
                    Windows CE 5.00 and Window CE 5.01 Enhanced Cryptographic Provider (RSAENH) #66
                    FIPS 186-2
                    
-[(x-Change Notice); (SHA-1)]
                    
-
                    FIPS 186-2 General Purpose
                    
-[(x-Change Notice); (SHA-1)]
                    Windows 7 and SP1 and Windows Server 2008 R2 and SP1 RNG Library #649
                    
-
                    Windows Vista Ultimate SP1 and Windows Server 2008 RNG Implementation #435
                    
-
                    Windows Vista RNG implementation #321
                    FIPS 186-2 General Purpose
                    
-[(x-Change Notice); (SHA-1)]
                    Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #470
                    
-
                    Windows XP Professional SP3 Kernel Mode Cryptographic Module (fips.sys) #449
                    
-
                    Windows XP Professional SP3 Enhanced Cryptographic Provider (RSAENH) #447
                    
-
                    Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #316
                    
-
                    Windows Server 2003 SP2 Kernel Mode Cryptographic Module (fips.sys) #313
                    FIPS 186-2
                    
-[(x-Change Notice); (SHA-1)]
                    Windows XP Professional SP3 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) #448
                    
-
                    Windows Server 2003 SP2 Enhanced DSS and Diffie-Hellman Cryptographic Provider #314
                    
-
-
-#### RSA
-
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    



                    Modes / States / Key SizesAlgorithm Implementation and Certificate #
                    RSA:
                    
-
                      
-
                    • 186-4:
                      • 
-
                      • 
-
                      • Signature Generation PKCS1.5:
                        • 
-
                        • 
-
                        • Mod 2048 SHA: SHA-1, SHA-256, SHA-384
                          • 
-
                        • 
-
                      • Signature Generation PSS:
                        • 
-
                        • 
-
                        • Mod 2048:
                          • 
-
                          • 
-
                          • SHA-1: Salt Length: 160 (bits)
                            • 
-
                          • SHA-256: Salt Length: 256 (bits)
                            • 
-
                          • SHA-384: Salt Length: 384 (bits)
                            • 
-
                          • 
-
                        • 
-
                      • Signature Verification PKCS1.5:
                        • 
-
                        • 
-
                        • Mod 1024 SHA: SHA-1, SHA-256, SHA-384
                          • 
-
                        • Mod 2048 SHA: SHA-1, SHA-256, SHA-384
                          • 
-
                        • 
-
                      • Signature Verification PSS:
                        • 
-
                        • 
-
                        • Mod 2048:
                          • 
-
                          • 
-
                          • SHA-1: Salt Length: 160 (bits)
                            • 
-
                          • SHA-256: Salt Length: 256 (bits)
                            • 
-
                          • SHA-384: Salt Length: 384 (bits)
                            • 
-
                          • 
-
                        • Mod 3072:
                          • 
-
                          • 
-
                          • SHA-1: Salt Length: 160 (bits)
                            • 
-
                          • SHA-256: Salt Length: 256 (bits)
                            • 
-
                          • SHA-384: Salt Length: 384 (bits)
                            • 
-
                          • 
-
                        • 
-
                      • 
-
                    
-
                    Prerequisite: SHS #4011, DRBG #1734
                    Microsoft Surface Hub Virtual TPM Implementations #2677
                    
-
                    Version 10.0.15063.674
                    RSA:
                    
-
                      
-
                    • 186-4:
                      • 
-
                      • 
-
                      • Signature Generation PKCS1.5:
                        • 
-
                        • 
-
                        • Mod 2048 SHA: SHA-1, SHA-256, SHA-384
                          • 
-
                        • 
-
                      • Signature Generation PSS:
                        • 
-
                        • 
-
                        • Mod 2048:
                          • 
-
                          • 
-
                          • SHA-1: Salt Length: 240 (bits)
                            • 
-
                          • SHA-256: Salt Length: 256 (bits)
                            • 
-
                          • SHA-384: Salt Length: 384 (bits)
                            • 
-
                          • 
-
                        • 
-
                      • Signature Verification PKCS1.5:
                        • 
-
                        • 
-
                        • Mod 1024 SHA: SHA-1, SHA-256, SHA-384
                          • 
-
                        • Mod 2048 SHA: SHA-1, SHA-256, SHA-384
                          • 
-
                        • 
-
                      • Signature Verification PSS:
                        • 
-
                        • 
-
                        • Mod 1024:
                          • 
-
                          • 
-
                          • SHA-1: Salt Length: 160 (bits)
                            • 
-
                          • SHA-256: Salt Length: 256 (bits)
                            • 
-
                          • SHA-384: Salt Length: 384 (bits)
                            • 
-
                          • 
-
                        • Mod 2048:
                          • 
-
                          • 
-
                          • SHA-1: Salt Length: 160 (bits)
                            • 
-
                          • SHA-256: Salt Length: 256 (bits)
                            • 
-
                          • SHA-384: Salt Length: 384 (bits)
                            • 
-
                          • 
-
                        • 
-
                      • 
-
                    
-
                    Prerequisite: SHS #4009, DRBG #1733
                    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations #2676
                    
-
                    Version 10.0.16299
                    RSA:
                    
-
                      
-
                    • 186-4:
                      • 
-
                      • 
-
                      • Key Generation:
                        • 
-
                      • Signature Verification PKCS1.5:
                        • 
-
                        • 
-
                        • Mod 1024 SHA: SHA-1, SHA-256, SHA-384, SHA-512
                          • 
-
                        • Mod 2048 SHA: SHA-1, SHA-256, SHA-384, SHA-512
                          • 
-
                        • Mod 3072 SHA: SHA-1, SHA-256, SHA-384, SHA-512
                          • 
-
                        • 
-
                      • 
-
                    
-
                    Prerequisite: SHS #4011, DRBG #1732
                    Microsoft Surface Hub RSA32 Algorithm Implementations #2675
                    
-
                    Version 10.0.15063.674
                    RSA:
                    
-
                      
-
                    • 186-4:
                      • 
-
                      • 
-
                      • Signature Verification PKCS1.5:
                        • 
-
                        • 
-
                        • Mod 1024 SHA: SHA-1, SHA-256, SHA-384, SHA-512
                          • 
-
                        • Mod 2048 SHA: SHA-1, SHA-256, SHA-384, SHA-512
                          • 
-
                        • Mod 3072 SHA: SHA-1, SHA-256, SHA-384, SHA-512
                          • 
-
                        • 
-
                      • 
-
                    
-
                    Prerequisite: SHS #4009, DRBG #1730
                    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); RSA32 Algorithm Implementations #2674
                    
-
                    Version 10.0.16299
                    RSA:
                    
-
                      
-
                    • 186-4:
                      • 
-
                      • 
-
                      • Signature Verification PKCS1.5:
                        • 
-
                        • 
-
                        • Mod 1024 SHA: SHA-1, SHA-256, SHA-384, SHA-512
                          • 
-
                        • Mod 2048 SHA: SHA-1, SHA-256, SHA-384, SHA-512
                          • 
-
                        • Mod 3072 SHA: SHA-1, SHA-256, SHA-384, SHA-512
                          • 
-
                        • 
-
                      • 
-
                    
-
                    Prerequisite: SHS #4010, DRBG #1731
                    Windows 10 Mobile (version 1709) RSA32 Algorithm Implementations #2673
                    
-
                    Version 10.0.15254
                    RSA:
                    
-
                      
-
                    • 186-4:
                      • 
-
                      • 
-
                      • Key Generation:
                        • 
-
                        • 
-
                        • Public Key Exponent: Fixed (10001)
                          • 
-
                        • Provable Primes with Conditions:
                          • 
-
                          • 
-
                          • Mod lengths: 2048, 3072 (bits)
                            • 
-
                          • Primality Tests: C.3
                            • 
-
                          • 
-
                        • 
-
                      • Signature Generation PKCS1.5:
                        • 
-
                        • 
-
                        • Mod 2048 SHA: SHA-1, SHA-256, SHA-384, SHA-512
                          • 
-
                        • Mod 3072 SHA: SHA-1, SHA-256, SHA-384, SHA-512
                          • 
-
                        • 
-
                      • Signature Generation PSS:
                        • 
-
                        • 
-
                        • Mod 2048:
                          • 
-
                          • 
-
                          • SHA-1: Salt Length: 160 (bits)
                            • 
-
                          • SHA-256: Salt Length: 256 (bits)
                            • 
-
                          • SHA-384: Salt Length: 384 (bits)
                            • 
-
                          • SHA-512: Salt Length: 512 (bits)
                            • 
-
                          • 
-
                        • Mod 3072:
                          • 
-
                          • 
-
                          • SHA-1: Salt Length: 160 (bits)
                            • 
-
                          • SHA-256: Salt Length: 256 (bits)
                            • 
-
                          • SHA-384: Salt Length: 384 (bits)
                            • 
-
                          • SHA-512: Salt Length: 512 (bits)
                            • 
-
                          • 
-
                        • 
-
                      • Signature Verification PKCS1.5:
                        • 
-
                        • 
-
                        • Mod 1024 SHA: SHA-1, SHA-256, SHA-384, SHA-512
                          • 
-
                        • Mod 2048 SHA: SHA-1, SHA-256, SHA-384, SHA-512
                          • 
-
                        • Mod 3072 SHA: SHA-1, SHA-256, SHA-384, SHA-512
                          • 
-
                        • 
-
                      • Signature Verification PSS:
                        • 
-
                        • 
-
                        • Mod 1024:
                          • 
-
                          • 
-
                          • SHA-1: Salt Length: 160 (bits)
                            • 
-
                          • SHA-256: Salt Length: 256 (bits)
                            • 
-
                          • SHA-384: Salt Length: 384 (bits)
                            • 
-
                          • SHA-512: Salt Length: 496 (bits)
                            • 
-
                          • 
-
                        • Mod 2048:
                          • 
-
                          • 
-
                          • SHA-1: Salt Length: 160 (bits)
                            • 
-
                          • SHA-256: Salt Length: 256 (bits)
                            • 
-
                          • SHA-384: Salt Length: 384 (bits)
                            • 
-
                          • SHA-512: Salt Length: 512 (bits)
                            • 
-
                          • 
-
                        • Mod 3072:
                          • 
-
                          • 
-
                          • SHA-1: Salt Length: 160 (bits)
                            • 
-
                          • SHA-256: Salt Length: 256 (bits)
                            • 
-
                          • SHA-384: Salt Length: 384 (bits)
                            • 
-
                          • SHA-512: Salt Length: 512 (bits)
                            • 
-
                          • 
-
                        • 
-
                      • 
-
                    
-
                    Prerequisite: SHS #4011, DRBG #1732
                    Microsoft Surface Hub MsBignum Cryptographic Implementations #2672
                    
-
                    Version 10.0.15063.674
                    RSA:
                    
-
                      
-
                    • 186-4:
                      • 
-
                      • 
-
                      • Key Generation:
                        • 
-
                        • 
-
                        • Probable Random Primes:
                          • 
-
                          • 
-
                          • Mod lengths: 2048, 3072 (bits)
                            • 
-
                          • Primality Tests: C.2
                            • 
-
                          • 
-
                        • 
-
                      • Signature Generation PKCS1.5:
                        • 
-
                        • 
-
                        • Mod 2048 SHA: SHA-1, SHA-256, SHA-384, SHA-512
                          • 
-
                        • Mod 3072 SHA: SHA-1, SHA-256, SHA-384, SHA-512
                          • 
-
                        • 
-
                      • Signature Generation PSS:
                        • 
-
                        • 
-
                        • Mod 2048:
                          • 
-
                          • 
-
                          • SHA-1: Salt Length: 160 (bits)
                            • 
-
                          • SHA-256: Salt Length: 256 (bits)
                            • 
-
                          • SHA-384: Salt Length: 384 (bits)
                            • 
-
                          • SHA-512: Salt Length: 512 (bits)
                            • 
-
                          • 
-
                        • Mod 3072:
                          • 
-
                          • 
-
                          • SHA-1: Salt Length: 160 (bits)
                            • 
-
                          • SHA-256: Salt Length: 256 (bits)
                            • 
-
                          • SHA-384: Salt Length: 384 (bits)
                            • 
-
                          • SHA-512: Salt Length: 512 (bits)
                            • 
-
                          • 
-
                        • 
-
                      • Signature Verification PKCS1.5:
                        • 
-
                        • 
-
                        • Mod 1024 SHA: SHA-1, SHA-256, SHA-384, SHA-512
                          • 
-
                        • Mod 2048 SHA: SHA-1, SHA-256, SHA-384, SHA-512
                          • 
-
                        • Mod 3072 SHA: SHA-1, SHA-256, SHA-384, SHA-512
                          • 
-
                        • 
-
                      • Signature Verification PSS:
                        • 
-
                        • 
-
                        • Mod 1024:
                          • 
-
                          • 
-
                          • SHA-1: Salt Length: 160 (bits)
                            • 
-
                          • SHA-256: Salt Length: 256 (bits)
                            • 
-
                          • SHA-384: Salt Length: 384 (bits)
                            • 
-
                          • SHA-512: Salt Length: 496 (bits)
                            • 
-
                          • 
-
                        • Mod 2048:
                          • 
-
                          • 
-
                          • SHA-1: Salt Length: 160 (bits)
                            • 
-
                          • SHA-256: Salt Length: 256 (bits)
                            • 
-
                          • SHA-384: Salt Length: 384 (bits)
                            • 
-
                          • SHA-512: Salt Length: 512 (bits)
                            • 
-
                          • 
-
                        • Mod 3072:
                          • 
-
                          • 
-
                          • SHA-1: Salt Length: 160 (bits)
                            • 
-
                          • SHA-256: Salt Length: 256 (bits)
                            • 
-
                          • SHA-384: Salt Length: 384 (bits)
                            • 
-
                          • SHA-512: Salt Length: 512 (bits)
                            • 
-
                          • 
-
                        • 
-
                      • 
-
                    
-
                    Prerequisite: SHS #4011, DRBG #1732
                    Microsoft Surface Hub SymCrypt Cryptographic Implementations #2671
                    
-
                    Version 10.0.15063.674
                    RSA:
                    
-
                      
-
                    • 186-4:
                      • 
-
                      • 
-
                      • Key Generation:
                        • 
-
                        • 
-
                        • Probable Random Primes:
                          • 
-
                          • 
-
                          • Mod lengths: 2048, 3072 (bits)
                            • 
-
                          • Primality Tests: C.2
                            • 
-
                          • 
-
                        • 
-
                      • Signature Generation PKCS1.5:
                        • 
-
                        • 
-
                        • Mod 2048 SHA: SHA-1, SHA-256, SHA-384, SHA-512
                          • 
-
                        • Mod 3072 SHA: SHA-1, SHA-256, SHA-384, SHA-512
                          • 
-
                        • 
-
                      • Signature Generation PSS:
                        • 
-
                        • 
-
                        • Mod 2048:
                          • 
-
                          • 
-
                          • SHA-1: Salt Length: 160 (bits)
                            • 
-
                          • SHA-256: Salt Length: 256 (bits)
                            • 
-
                          • SHA-384: Salt Length: 384 (bits)
                            • 
-
                          • SHA-512: Salt Length: 512 (bits)
                            • 
-
                          • 
-
                        • Mod 3072:
                          • 
-
                          • 
-
                          • SHA-1: Salt Length: 160 (bits)
                            • 
-
                          • SHA-256: Salt Length: 256 (bits)
                            • 
-
                          • SHA-384: Salt Length: 384 (bits)
                            • 
-
                          • SHA-512: Salt Length: 512 (bits)
                            • 
-
                          • 
-
                        • 
-
                      • Signature Verification PKCS1.5:
                        • 
-
                        • 
-
                        • Mod 1024 SHA: SHA-1, SHA-256, SHA-384, SHA-512
                          • 
-
                        • Mod 2048 SHA: SHA-1, SHA-256, SHA-384, SHA-512
                          • 
-
                        • Mod 3072 SHA: SHA-1, SHA-256, SHA-384, SHA-512
                          • 
-
                        • 
-
                      • Signature Verification PSS:
                        • 
-
                        • 
-
                        • Mod 1024:
                          • 
-
                          • 
-
                          • SHA-1: Salt Length: 160 (bits)
                            • 
-
                          • SHA-256: Salt Length: 256 (bits)
                            • 
-
                          • SHA-384: Salt Length: 384 (bits)
                            • 
-
                          • SHA-512: Salt Length: 496 (bits)
                            • 
-
                          • 
-
                        • Mod 2048:
                          • 
-
                          • 
-
                          • SHA-1: Salt Length: 160 (bits)
                            • 
-
                          • SHA-256: Salt Length: 256 (bits)
                            • 
-
                          • SHA-384: Salt Length: 384 (bits)
                            • 
-
                          • SHA-512: Salt Length: 512 (bits)
                            • 
-
                          • 
-
                        • Mod 3072:
                          • 
-
                          • 
-
                          • SHA-1: Salt Length: 160 (bits)
                            • 
-
                          • SHA-256: Salt Length: 256 (bits)
                            • 
-
                          • SHA-384: Salt Length: 384 (bits)
                            • 
-
                          • SHA-512: Salt Length: 512 (bits)
                            • 
-
                          • 
-
                        • 
-
                      • 
-
                    
-
                    Prerequisite: SHS #4010, DRBG #1731
                    Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #2670
                    
-
                    Version 10.0.15254
                    RSA:
                    
-
                      
-
                    • 186-4:
                      • 
-
                      • 
-
                      • Key Generation:
                        • 
-
                        • 
-
                        • Public Key Exponent: Fixed (10001)
                          • 
-
                        • Provable Primes with Conditions:
                          • 
-
                          • 
-
                          • Mod lengths: 2048, 3072 (bits)
                            • 
-
                          • Primality Tests: C.3
                            • 
-
                          • 
-
                        • 
-
                      • Signature Generation PKCS1.5:
                        • 
-
                        • 
-
                        • Mod 2048 SHA: SHA-1, SHA-256, SHA-384, SHA-512
                          • 
-
                        • Mod 3072 SHA: SHA-1, SHA-256, SHA-384, SHA-512
                          • 
-
                        • 
-
                      • Signature Generation PSS:
                        • 
-
                        • 
-
                        • Mod 2048:
                          • 
-
                          • 
-
                          • SHA-1: Salt Length: 160 (bits)
                            • 
-
                          • SHA-256: Salt Length: 256 (bits)
                            • 
-
                          • SHA-384: Salt Length: 384 (bits)
                            • 
-
                          • SHA-512: Salt Length: 512 (bits)
                            • 
-
                          • 
-
                        • Mod 3072:
                          • 
-
                          • 
-
                          • SHA-1: Salt Length: 160 (bits)
                            • 
-
                          • SHA-256: Salt Length: 256 (bits)
                            • 
-
                          • SHA-384: Salt Length: 384 (bits)
                            • 
-
                          • SHA-512: Salt Length: 512 (bits)
                            • 
-
                          • 
-
                        • 
-
                      • Signature Verification PKCS1.5:
                        • 
-
                        • 
-
                        • Mod 1024 SHA: SHA-1, SHA-256, SHA-384, SHA-512
                          • 
-
                        • Mod 2048 SHA: SHA-1, SHA-256, SHA-384, SHA-512
                          • 
-
                        • Mod 3072 SHA: SHA-1, SHA-256, SHA-384, SHA-512
                          • 
-
                        • 
-
                      • Signature Verification PSS:
                        • 
-
                        • 
-
                        • Mod 1024:
                          • 
-
                          • 
-
                          • SHA-1: Salt Length: 160 (bits)
                            • 
-
                          • SHA-256: Salt Length: 256 (bits)
                            • 
-
                          • SHA-384: Salt Length: 384 (bits)
                            • 
-
                          • SHA-512: Salt Length: 496 (bits)
                            • 
-
                          • 
-
                        • Mod 2048:
                          • 
-
                          • 
-
                          • SHA-1: Salt Length: 160 (bits)
                            • 
-
                          • SHA-256: Salt Length: 256 (bits)
                            • 
-
                          • SHA-384: Salt Length: 384 (bits)
                            • 
-
                          • SHA-512: Salt Length: 512 (bits)
                            • 
-
                          • 
-
                        • Mod 3072:
                          • 
-
                          • 
-
                          • SHA-1: Salt Length: 160 (bits)
                            • 
-
                          • SHA-256: Salt Length: 256 (bits)
                            • 
-
                          • SHA-384: Salt Length: 384 (bits)
                            • 
-
                          • SHA-512: Salt Length: 512 (bits)
                            • 
-
                          • 
-
                        • 
-
                      • 
-
                    
-
                    Prerequisite: SHS #4010, DRBG #1731
                    Windows 10 Mobile (version 1709) MsBignum Cryptographic Implementations #2669
                    
-
                    Version 10.0.15254
                      
-
                    • 186-4:
                      • 
-
                      • 
-
                      • Key Generation:
                        • 
-
                        • 
-
                        • Public Key Exponent: Fixed (10001)
                          • 
-
                        • Provable Primes with Conditions:
                          • 
-
                          • 
-
                          • Mod lengths: 2048, 3072 (bits)
                            • 
-
                          • Primality Tests: C.3
                            • 
-
                          • 
-
                        • 
-
                      • Signature Generation PKCS1.5:
                        • 
-
                        • 
-
                        • Mod 2048 SHA: SHA-1, SHA-256, SHA-384, SHA-512
                          • 
-
                        • Mod 3072 SHA: SHA-1, SHA-256, SHA-384, SHA-512
                          • 
-
                        • 
-
                      • Signature Generation PSS:
                        • 
-
                        • 
-
                        • Mod 2048:
                          • 
-
                          • 
-
                          • SHA-1: Salt Length: 160 (bits)
                            • 
-
                          • SHA-256: Salt Length: 256 (bits)
                            • 
-
                          • SHA-384: Salt Length: 384 (bits)
                            • 
-
                          • SHA-512: Salt Length: 512 (bits)
                            • 
-
                          • 
-
                        • Mod 3072:
                          • 
-
                          • 
-
                          • SHA-1: Salt Length: 160 (bits)
                            • 
-
                          • SHA-256: Salt Length: 256 (bits)
                            • 
-
                          • SHA-384: Salt Length: 384 (bits)
                            • 
-
                          • SHA-512: Salt Length: 512 (bits)
                            • 
-
                          • 
-
                        • 
-
                      • Signature Verification PKCS1.5:
                        • 
-
                        • 
-
                        • Mod 1024 SHA: SHA-1, SHA-256, SHA-384, SHA-512
                          • 
-
                        • Mod 2048 SHA: SHA-1, SHA-256, SHA-384, SHA-512
                          • 
-
                        • Mod 3072 SHA: SHA-1, SHA-256, SHA-384, SHA-512
                          • 
-
                        • 
-
                      • Signature Verification PSS:
                        • 
-
                        • 
-
                        • Mod 1024:
                          • 
-
                          • 
-
                          • SHA-1: Salt Length: 160 (bits)
                            • 
-
                          • SHA-256: Salt Length: 256 (bits)
                            • 
-
                          • SHA-384: Salt Length: 384 (bits)
                            • 
-
                          • SHA-512: Salt Length: 496 (bits)
                            • 
-
                          • 
-
                        • Mod 2048:
                          • 
-
                          • 
-
                          • SHA-1: Salt Length: 160 (bits)
                            • 
-
                          • SHA-256: Salt Length: 256 (bits)
                            • 
-
                          • SHA-384: Salt Length: 384 (bits)
                            • 
-
                          • SHA-512: Salt Length: 512 (bits)
                            • 
-
                          • 
-
                        • Mod 3072:
                          • 
-
                          • 
-
                          • SHA-1: Salt Length: 160 (bits)
                            • 
-
                          • SHA-256: Salt Length: 256 (bits)
                            • 
-
                          • SHA-384: Salt Length: 384 (bits)
                            • 
-
                          • SHA-512: Salt Length: 512 (bits)
                            • 
-
                          • 
-
                        • 
-
                      • 
-
                    
-
                    Prerequisite: SHS #4009, DRBG #1730
                    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); MsBignum Cryptographic Implementations #2668
                    
-
                    Version 10.0.16299
                      
-
                    • 186-4:
                      • 
-
                      • 
-
                      • Key Generation:
                        • 
-
                        • 
-
                        • Probable Random Primes:
                          • 
-
                          • 
-
                          • Mod lengths: 2048, 3072 (bits)
                            • 
-
                          • Primality Tests: C.2
                            • 
-
                          • 
-
                        • 
-
                      • Signature Generation PKCS1.5:
                        • 
-
                        • 
-
                        • Mod 2048 SHA: SHA-1, SHA-256, SHA-384, SHA-512
                          • 
-
                        • Mod 3072 SHA: SHA-1, SHA-256, SHA-384, SHA-512
                          • 
-
                        • 
-
                      • Signature Generation PSS:
                        • 
-
                        • 
-
                        • Mod 2048:
                          • 
-
                          • 
-
                          • SHA-1: Salt Length: 160 (bits)
                            • 
-
                          • SHA-256: Salt Length: 256 (bits)
                            • 
-
                          • SHA-384: Salt Length: 384 (bits)
                            • 
-
                          • SHA-512: Salt Length: 512 (bits)
                            • 
-
                          • 
-
                        • Mod 3072:
                          • 
-
                          • 
-
                          • SHA-1: Salt Length: 160 (bits)
                            • 
-
                          • SHA-256: Salt Length: 256 (bits)
                            • 
-
                          • SHA-384: Salt Length: 384 (bits)
                            • 
-
                          • SHA-512: Salt Length: 512 (bits)
                            • 
-
                          • 
-
                        • 
-
                      • Signature Verification PKCS1.5:
                        • 
-
                        • 
-
                        • Mod 1024 SHA: SHA-1, SHA-256, SHA-384, SHA-512
                          • 
-
                        • Mod 2048 SHA: SHA-1, SHA-256, SHA-384, SHA-512
                          • 
-
                        • Mod 3072 SHA: SHA-1, SHA-256, SHA-384, SHA-512
                          • 
-
                        • 
-
                      • Signature Verification PSS:
                        • 
-
                        • 
-
                        • Mod 1024:
                          • 
-
                          • 
-
                          • SHA-1: Salt Length: 160 (bits)
                            • 
-
                          • SHA-256: Salt Length: 256 (bits)
                            • 
-
                          • SHA-384: Salt Length: 384 (bits)
                            • 
-
                          • SHA-512: Salt Length: 496 (bits)
                            • 
-
                          • 
-
                        • Mod 2048:
                          • 
-
                          • 
-
                          • SHA-1: Salt Length: 160 (bits)
                            • 
-
                          • SHA-256: Salt Length: 256 (bits)
                            • 
-
                          • SHA-384: Salt Length: 384 (bits)
                            • 
-
                          • SHA-512: Salt Length: 512 (bits)
                            • 
-
                          • 
-
                        • Mod 3072:
                          • 
-
                          • 
-
                          • SHA-1: Salt Length: 160 (bits)
                            • 
-
                          • SHA-256: Salt Length: 256 (bits)
                            • 
-
                          • SHA-384: Salt Length: 384 (bits)
                            • 
-
                          • SHA-512: Salt Length: 512 (bits)
                            • 
-
                          • 
-
                        • 
-
                      • 
-
                    
-
                    Prerequisite: SHS #4009, DRBG #1730
                    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #2667
                    
-
                    Version 10.0.16299
                    FIPS186-4:
                    
-ALG[RSASSA-PKCS1_V1_5]                     SIG(gen) (2048 SHA(1, 256, 384)) SIG(gen) with SHA-1 affirmed for use with protocols only.
                    
-                     SIG(Ver) (1024 SHA(1, 256, 384)) (2048 SHA(1, 256, 384))
                    
-[RSASSA-PSS]: Sig(Gen): (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48))) SIG(gen) with SHA-1 affirmed for use with protocols only.
                    
-                     Sig(Ver): (1024 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48))) (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48)))
                    
-SHA validation number 3790
                    Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations #2524
                    
-
                    Version 10.0.15063
                    FIPS186-4:
                    
-ALG[RSASSA-PKCS1_V1_5]                     SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))
                    
-SHA validation number 3790
                    Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile RSA32 Algorithm Implementations #2523
                    
-
                    Version 10.0.15063
                    FIPS186-4:
                    
-186-4KEY(gen):                     FIPS186-4_Fixed_e (10001);
                    
-PGM(ProbPrimeCondition): 2048, 3072 PPTT:(C.3)
                    
-ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512)) SIG(gen) with SHA-1 affirmed for use with protocols only.
                    
-                     SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))
                    
-[RSASSA-PSS]: Sig(Gen): (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) SIG(gen) with SHA-1 affirmed for use with protocols only.
                    
-                     Sig(Ver): (1024 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(62))) (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64)))
                    
-SHA validation number 3790
                    
-DRBG: validation number  1555
                    Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile MsBignum Cryptographic Implementations #2522
                    
-
                    Version 10.0.15063
                    FIPS186-4:
                    
-186-4KEY(gen):
                    
-PGM(ProbRandom:                     (2048, 3072) PPTT:(C.2)
                    
-ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512)) SIG(gen) with SHA-1 affirmed for use with protocols only.
                    
-                     SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))
                    
-[RSASSA-PSS]: Sig(Gen): (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) SIG(gen) with SHA-1 affirmed for use with protocols only.
                    
-                     Sig(Ver): (1024 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(62))) (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64)))
                    
-SHA validation number 3790
                    Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #2521
                    
-
                    Version 10.0.15063
                    FIPS186-2:
                    
-ALG[ANSIX9.31]:
                    
-SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 3652
                    
-ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 4096, SHS: SHA-256validation number 3652, SHA-384validation number 3652, SHA-512validation number 3652
                    
-SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 3652, SHA-256validation number 3652, SHA-384validation number 3652, SHA-512validation number 3652
                    
-
                    FIPS186-4:
                    
-ALG[ANSIX9.31]                     Sig(Gen): (2048 SHA(1)) (3072 SHA(1))
                    
-SIG(gen) with SHA-1 affirmed for use with protocols only.                     Sig(Ver): (1024 SHA(1)) (2048 SHA(1)) (3072 SHA(1))
                    
-ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512)) SIG(gen) with SHA-1 affirmed for use with protocols only.
                    
-                     SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))
                    
-SHA validation number 3652
                    Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #2415
                    
-
                    Version 7.00.2872
                    FIPS186-2:
                    
-ALG[ANSIX9.31]:
                    
-SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 3651
                    
-ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 4096, SHS: SHA-256validation number 3651, SHA-384validation number 3651, SHA-512validation number 3651
                    
-SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 3651, SHA-256validation number 3651, SHA-384validation number 3651, SHA-512validation number 3651
                    
-
                    FIPS186-4:
                    
-ALG[ANSIX9.31]                     Sig(Gen): (2048 SHA(1)) (3072 SHA(1))
                    
-SIG(gen) with SHA-1 affirmed for use with protocols only.                     Sig(Ver): (1024 SHA(1)) (2048 SHA(1)) (3072 SHA(1))
                    
-ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512)) SIG(gen) with SHA-1 affirmed for use with protocols only.
                    
-                     SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))
                    
-SHA validation number 3651
                    Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #2414
                    
-
                    Version 8.00.6246
                    FIPS186-2:
                    
-ALG[RSASSA-PKCS1_V1_5]:                     SIG(gen) 4096, SHS: SHA-256validation number  3649, SHA-384validation number  3649, SHA-512validation number  3649
                    
-SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number  3649, SHA-256validation number  3649, SHA-384validation number  3649, SHA-512validation number  3649
                    
-
                    FIPS186-4:
                    
-186-4KEY(gen):                     FIPS186-4_Fixed_e (10001);
                    
-PGM(ProbRandom: (2048, 3072) PPTT:(C.2)
                    
-ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512)) SIG(gen) with SHA-1 affirmed for use with protocols only.
                    
-                     SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))
                    
-SHA validation number  3649
                    
-DRBG: validation number  1430
                    Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #2412
                    
-
                    Version 7.00.2872
                    FIPS186-2:
                    
-ALG[RSASSA-PKCS1_V1_5]:                     SIG(gen) 4096, SHS: SHA-256validation number 3648, SHA-384validation number 3648, SHA-512validation number 3648
                    
-SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 3648, SHA-256validation number 3648, SHA-384validation number 3648, SHA-512validation number 3648
                    
-
                    FIPS186-4:
                    
-186-4KEY(gen):                     FIPS186-4_Fixed_e (10001);
                    
-PGM(ProbRandom: (2048, 3072) PPTT:(C.2)
                    
-ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512)) SIG(gen) with SHA-1 affirmed for use with protocols only.
                    
-                     SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))
                    
-SHA validation number 3648
                    
-DRBG: validation number  1429
                    Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #2411
                    
-
                    Version 8.00.6246
                    FIPS186-4:
                    
-ALG[RSASSA-PKCS1_V1_5]                     SIG(gen) (2048 SHA(1, 256, 384)) SIG(gen) with SHA-1 affirmed for use with protocols only.
                    
-SIG(Ver) (1024 SHA(1, 256, 384)) (2048 SHA(1, 256, 384))
                    
-[RSASSA-PSS]: Sig(Gen): (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48))) SIG(gen) with SHA-1 affirmed for use with protocols only.
                    
-Sig(Ver): (1024 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48))) (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48)))
                    
-
                    SHA validation number  3347
                    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #2206
                    
-
                    Version 10.0.14393
                    FIPS186-4:
                    
-186-4KEY(gen):                     FIPS186-4_Fixed_e (10001);
                    
-PGM(ProbPrimeCondition): 2048, 3072 PPTT:(C.3)
                    
-
                    SHA validation number  3347 DRBG: validation number  1217
                    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update RSA Key Generation Implementation #2195
                    
-
                    Version 10.0.14393
                    FIPS186-4:
                    
-ALG[RSASSA-PKCS1_V1_5]                     SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))
                    
-
                    SHA validation number 3346
                    soft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update RSA32 Algorithm Implementations #2194
                    
-
                    Version 10.0.14393
                    FIPS186-4:
                    
-ALG[RSASSA-PKCS1_V1_5]                     SIG(gen) (2048 SHA(256, 384, 512)) (3072 SHA(256, 384, 512))
                    
-SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))
                    
-
                    SHA validation number  3347 DRBG: validation number  1217
                    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update MsBignum Cryptographic Implementations #2193
                    
-
                    Version 10.0.14393
                    FIPS186-4:
                    
-[RSASSA-PSS]: Sig(Gen):                     (2048 SHA(256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64)))
                    
-
                    Sig(Ver): (1024 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(62))) (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64)))
                    
-
                    SHA validation number  3347 DRBG: validation number  1217
                    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update Cryptography Next Generation (CNG) Implementations #2192
                    
-
                    Version 10.0.14393
                    FIPS186-4:
                    
-186-4KEY(gen)                    :  FIPS186-4_Fixed_e (10001);
                    
-PGM(ProbPrimeCondition): 2048, 3072 PPTT:(C.3)
                    
-
                    SHA validation number  3047 DRBG: validation number  955
                    Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” RSA Key Generation Implementation #1889
                    
-
                    Version 10.0.10586
                    FIPS186-4:
                    
-ALG[RSASSA-PKCS1_V1_5]                     SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))
                    
-
                    SHA validation number 3048
                    Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub RSA32 Algorithm Implementations #1871
                    
-
                    Version 10.0.10586
                    FIPS186-4:
                    
-ALG[RSASSA-PKCS1_V1_5]                     SIG(gen) (2048 SHA(256, 384, 512)) (3072 SHA(256, 384, 512))
                    
-SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))
                    
-
                    SHA validation number  3047
                    Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub MsBignum Cryptographic Implementations #1888
                    
-
                    Version 10.0.10586
                    FIPS186-4:
                    
-[RSASSA-PSS]: Sig(Gen)                    : (2048 SHA(256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64)))
                    
-Sig(Ver): (1024 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(62))) (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64)))
                    
-
                    SHA validation number  3047
                    Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub Cryptography Next Generation (CNG) Implementations #1887
                    
-
                    Version 10.0.10586
                    FIPS186-4:
                    
-186-4KEY(gen):                     FIPS186-4_Fixed_e (10001);
                    
-PGM(ProbPrimeCondition): 2048, 3072 PPTT:(C.3)
                    
-
                    SHA validation number  2886 DRBG: validation number  868
                    Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 RSA Key Generation Implementation #1798
                    
-
                    Version 10.0.10240
                    FIPS186-4:
                    
-ALG[RSASSA-PKCS1_V1_5]                     SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))
                    
-
                    SHA validation number 2871
                    Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 RSA32 Algorithm Implementations #1784
                    
-
                    Version 10.0.10240
                    FIPS186-4:
                    
-ALG[RSASSA-PKCS1_V1_5]                     SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))
                    
-
                    SHA validation number 2871
                    Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 MsBignum Cryptographic Implementations #1783
                    
-
                    Version 10.0.10240
                    FIPS186-4:
                    
-[RSASSA-PSS]:                     Sig(Gen): (2048 SHA(256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64)))
                    
-Sig(Ver): (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64)))
                    
-
                    SHA validation number  2886
                    Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 Cryptography Next Generation (CNG) Implementations #1802
                    
-
                    Version 10.0.10240
                    FIPS186-4:
                    
-186-4KEY(gen):                     FIPS186-4_Fixed_e;
                    
-PGM(ProbPrimeCondition): 2048, 3072 PPTT:(C.3)
                    
-
                    SHA validation number 2373 DRBG: validation number  489
                    Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 RSA Key Generation Implementation #1487
                    
-
                    Version 6.3.9600
                    FIPS186-4:
                    
-ALG[RSASSA-PKCS1_V1_5]                     SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))
                    
-
                    SHA validation number 2373
                    Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry RSA32 Algorithm Implementations #1494
                    
-
                    Version 6.3.9600
                    FIPS186-4:
                    
-ALG[RSASSA-PKCS1_V1_5                    ] SIG(gen) (2048 SHA(256, 384, 512)) (3072 SHA(256, 384, 512))
                    
-SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))
                    
-
                    SHA validation number 2373
                    Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations #1493
                    
-
                    Version 6.3.9600
                    FIPS186-4:
                    
-[RSASSA-PSS]:                     Sig(Gen): (2048 SHA(256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64)))
                    
- Sig(Ver): (1024 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(62))) (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64)))
                    
-
                    SHA validation number 2373
                    Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 Cryptography Next Generation Cryptographic Implementations #1519
                    
-
                    Version 6.3.9600
                    FIPS186-4:
                    
-ALG[RSASSA-PKCS1_V1_5]                     SIG(gen) (2048 SHA(256, 384, 512-256)) (3072 SHA(256, 384, 512-256))
                    
-SIG(Ver) (1024 SHA(1, 256, 384, 512-256)) (2048 SHA(1, 256, 384, 512-256)) (3072 SHA(1, 256, 384, 512-256))
                    
-[RSASSA-PSS]: Sig(Gen): (2048 SHA(256, 384, 512)) (3072 SHA(256, 384, 512))
                    
-Sig(Ver): (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512, 512))
                    
-SHA #1903
                    
-
                    Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List validation number 1134.
                    		Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations #1134
                    FIPS186-4:
                    
-186-4KEY(gen):                     FIPS186-4_Fixed_e, FIPS186-4_Fixed_e_Value
                    
-PGM(ProbPrimeCondition): 2048, 3072 PPTT:(C.3)
                    
-SHA #1903 DRBG: #258                    		Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 RSA Key Generation Implementation #1133
                    FIPS186-2:
                    
-ALG[ANSIX9.31]:                     Key(gen)(MOD: 2048, 3072, 4096 PubKey Values: 65537 DRBG: #258
                    
-ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256#1902, SHA-384#1902, SHA-512#1902,
                    
-SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1#1902, SHA-256#1902, SHA-#1902, SHA-512#1902,
                    
-Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List validation number 1132.                    		Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Enhanced Cryptographic Provider (RSAENH) #1132
                    FIPS186-2:
                    
-ALG[ANSIX9.31]:
                    
-SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 1774
                    
-ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256validation number 1774, SHA-384validation number 1774, SHA-512validation number 1774,
                    
-SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 1774, SHA-256validation number 1774, SHA-384validation number 1774, SHA-512validation number 1774,
                    
-Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List validation number 1052.                    		Windows Embedded Compact 7 Enhanced Cryptographic Provider (RSAENH) #1052
                    FIPS186-2:
                    
-ALG[ANSIX9.31]:                     Key(gen)(MOD: 2048, 3072, 4096 PubKey Values: 65537 DRBG: validation number  193
                    
-ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256validation number 1773, SHA-384validation number 1773, SHA-512validation number 1773,
                    
-SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 1773, SHA-256validation number 1773, SHA-384validation number 1773, SHA-512validation number 1773,
                    
-Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List validation number 1051.                    		Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1051
                    FIPS186-2:
                    
-ALG[RSASSA-PKCS1_V1_5]:                     SIG(gen) 2048, 3072, 4096, SHS: SHA-256validation number 1081, SHA-384validation number 1081, SHA-512validation number 1081,
                    
-SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 1081, SHA-256validation number 1081, SHA-384validation number 1081, SHA-512validation number 1081,
                    
-Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List validation number 568.                    		Windows Server 2008 R2 and SP1 Enhanced Cryptographic Provider (RSAENH) #568
                    FIPS186-2:
                    
-ALG[RSASSA-PKCS1_V1_5]:                     SIG(gen) 2048, 3072, 4096, SHS: SHA-256validation number 1081, SHA-384validation number 1081, SHA-512validation number 1081,
                    
-SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 1081, SHA-256validation number 1081, SHA-384validation number 1081, SHA-512validation number 1081,
                    
-ALG[RSASSA-PSS]: SIG(gen); 2048, 3072, 4096, SHS: SHA-256validation number 1081, SHA-384validation number 1081, SHA-512validation number 1081
                    
-SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 1081, SHA-256validation number 1081, SHA-384validation number 1081, SHA-512validation number 1081
                    
-Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List validation number 567. See Historical RSA List validation number 560.
                    Windows Server 2008 R2 and SP1 CNG algorithms #567
                    
-
                    Windows 7 and SP1 CNG algorithms #560
                    FIPS186-2:
                    
-ALG[ANSIX9.31]:                     Key(gen)(MOD: 2048, 3072, 4096 PubKey Values: 65537 DRBG: validation number  23
                    
-Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List validation number 559.                    		Windows 7 and SP1 and Server 2008 R2 and SP1 RSA Key Generation Implementation #559
                    FIPS186-2:
                    
-ALG[RSASSA-PKCS1_V1_5]:                     SIG(gen) 2048, 3072, 4096, SHS: SHA-256validation number 1081, SHA-384validation number 1081, SHA-512validation number 1081,
                    
-SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 1081, SHA-256validation number 1081, SHA-384validation number 1081, SHA-512validation number 1081,
                    
-Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List validation number 557.                    		Windows 7 and SP1 Enhanced Cryptographic Provider (RSAENH) #557
                    FIPS186-2:
                    
-ALG[ANSIX9.31]:
                    
-ALG[RSASSA-PKCS1_V1_5]:                     SIG(gen) 2048, 3072, 4096, SHS: SHA-256validation number 816, SHA-384validation number 816, SHA-512validation number 816,
                    
-SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 816, SHA-256validation number 816, SHA-384validation number 816, SHA-512validation number 816,
                    
-Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List validation number 395.                    		Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #395
                    FIPS186-2:
                    
-ALG[ANSIX9.31]:
                    
-SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 783
                    
-ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256validation number 783, SHA-384validation number 783, SHA-512validation number 783,
                    
-Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List validation number 371.                    		Windows XP Professional SP3 Enhanced Cryptographic Provider (RSAENH) #371
                    FIPS186-2:
                    
-ALG[RSASSA-PKCS1_V1_5]:                     SIG(gen) 2048, 3072, 4096, SHS: SHA-256validation number 753, SHA-384validation number 753, SHA-512validation number 753,
                    
-SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 753, SHA-256validation number 753, SHA-384validation number 753, SHA-512validation number 753,
                    
-ALG[RSASSA-PSS]: SIG(gen); 2048, 3072, 4096, SHS: SHA-256validation number 753, SHA-384validation number 753, SHA-512validation number 753
                    
-SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 753, SHA-256validation number 753, SHA-384validation number 753, SHA-512validation number 753
                    
-Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List validation number 358. See Historical RSA List validation number 357.
                    Windows Server 2008 CNG algorithms #358
                    
-
                    Windows Vista SP1 CNG algorithms #357
                    FIPS186-2:
                    
-ALG[ANSIX9.31]:
                    
-SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 753
                    
-ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256validation number 753, SHA-384validation number 753, SHA-512validation number 753,
                    
-SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 753, SHA-256validation number 753, SHA-384validation number 753, SHA-512validation number 753,
                    
-Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List validation number 355. See Historical RSA List validation number 354.
                    Windows Server 2008 Enhanced Cryptographic Provider (RSAENH) #355
                    
-
                    Windows Vista SP1 Enhanced Cryptographic Provider (RSAENH) #354
                    FIPS186-2:
                    
-ALG[ANSIX9.31]:                     Key(gen)(MOD: 2048, 3072, 4096 PubKey Values: 65537
                    
-Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List validation number 353.                    		Windows Vista SP1 and Windows Server 2008 RSA Key Generation Implementation #353
                    FIPS186-2:
                    
-ALG[ANSIX9.31]:                     Key(gen)(MOD: 2048, 3072, 4096 PubKey Values: 65537 RNG: validation number  321
                    
-Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List validation number 258.                    		Windows Vista RSA key generation implementation #258
                    FIPS186-2:
                    
-ALG[RSASSA-PKCS1_V1_5]:                     SIG(gen) 2048, 3072, 4096, SHS: SHA-256validation number 618, SHA-384validation number 618, SHA-512validation number 618,
                    
-SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 618, SHA-256validation number 618, SHA-384validation number 618, SHA-512validation number 618,
                    
-ALG[RSASSA-PSS]: SIG(gen); 2048, 3072, 4096, SHS: SHA-256validation number 618, SHA-384validation number 618, SHA-512validation number 618
                    
-SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 618, SHA-256validation number 618, SHA-384validation number 618, SHA-512validation number 618
                    
-Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List validation number 257.                    		Windows Vista CNG algorithms #257
                    FIPS186-2:
                    
-ALG[RSASSA-PKCS1_V1_5]:                     SIG(gen) 2048, 3072, 4096, SHS: SHA-256validation number 618, SHA-384validation number 618, SHA-512validation number 618,
                    
-SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 618, SHA-256validation number 618, SHA-384validation number 618, SHA-512validation number 618,
                    
-Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List validation number 255.                    		Windows Vista Enhanced Cryptographic Provider (RSAENH) #255
                    FIPS186-2:
                    
-ALG[ANSIX9.31]:
                    
-SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 613
                    
-ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256validation number 613, SHA-384validation number 613, SHA-512validation number 613,
                    
-SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 613, SHA-256validation number 613, SHA-384validation number 613, SHA-512validation number 613,
                    
-Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List validation number 245.                    		Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #245
                    FIPS186-2:
                    
-ALG[ANSIX9.31]:
                    
-SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 589
                    
-ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256validation number 589, SHA-384validation number 589, SHA-512validation number 589,
                    
-SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 589, SHA-256validation number 589, SHA-384validation number 589, SHA-512validation number 589,
                    
-Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List validation number 230.                    		Windows CE 6.0 and Windows CE 6.0 R2 and Windows Mobile Enhanced Cryptographic Provider (RSAENH) #230
                    FIPS186-2:
                    
-ALG[ANSIX9.31]:
                    
-SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 578
                    
-ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256validation number 578, SHA-384validation number 578, SHA-512validation number 578,
                    
-SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 578, SHA-256validation number 578, SHA-384validation number 578, SHA-512validation number 578,
                    
-Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List validation number 222.                    		Windows CE and Windows Mobile 6 and Windows Mobile 6.1 Enhanced Cryptographic Provider (RSAENH) #222
                    FIPS186-2:
                    
-ALG[RSASSA-PKCS1_V1_5]:
                    
-SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 364
                    
-Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List validation number 81.                    		Windows Server 2003 SP1 Enhanced Cryptographic Provider (RSAENH) #81
                    FIPS186-2:
                    
-ALG[ANSIX9.31]:
                    
-SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 305
                    
-ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256validation number 305, SHA-384validation number 305, SHA-512validation number 305,
                    
-SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 305, SHA-256validation number 305, SHA-384validation number 305, SHA-512validation number 305,
                    
-Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List validation number 52.                    		Windows CE 5.00 and Windows CE 5.01 Enhanced Cryptographic Provider (RSAENH) #52
                    FIPS186-2:
                    
-
                    – PKCS#1 v1.5, signature generation, and verification
                    
-
                    – Mod sizes: 1024, 1536, 2048, 3072, 4096
                    
-
                    – SHS: SHA–1/256/384/512
                    Windows XP, vendor-affirmed
                    
-
                    Windows 2000, vendor-affirmed
                    
-
-
-#### Secure Hash Standard (SHS)
-
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    



                    Modes / States / Key SizesAlgorithm Implementation and Certificate #
                      
-
                    • SHA-1:
                      • 
-
                      • 
-
                      • Supports Empty Message
                        • 
-
                      • 
-
                    • SHA-256:
                      • 
-
                      • 
-
                      • Supports Empty Message
                        • 
-
                      • 
-
                    • SHA-384:
                      • 
-
                      • 
-
                      • Supports Empty Message
                        • 
-
                      • 
-
                    • SHA-512:
                      • 
-
                      • 
-
                      • Supports Empty Message
                        • 
-
                      • 
-
                    Microsoft Surface Hub SymCrypt Cryptographic Implementations #4011
                    
-
                    Version 10.0.15063.674
                      
-
                    • SHA-1:
                      • 
-
                      • 
-
                      • Supports Empty Message
                        • 
-
                      • 
-
                    • SHA-256:
                      • 
-
                      • 
-
                      • Supports Empty Message
                        • 
-
                      • 
-
                    • SHA-384:
                      • 
-
                      • 
-
                      • Supports Empty Message
                        • 
-
                      • 
-
                    • SHA-512:
                      • 
-
                      • 
-
                      • Supports Empty Message
                        • 
-
                      • 
-
                    Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #4010
                    
-
                    Version 10.0.15254
                      
-
                    • SHA-1:
                      • 
-
                      • 
-
                      • Supports Empty Message
                        • 
-
                      • 
-
                    • SHA-256:
                      • 
-
                      • 
-
                      • Supports Empty Message
                        • 
-
                      • 
-
                    • SHA-384:
                      • 
-
                      • 
-
                      • Supports Empty Message
                        • 
-
                      • 
-
                    • SHA-512:
                      • 
-
                      • 
-
                      • Supports Empty Message
                        • 
-
                      • 
-
                    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #4009
                    
-
                    Version 10.0.16299
                    SHA-1      (BYTE-only)
                    
-SHA-256  (BYTE-only)
                    
-SHA-384  (BYTE-only)
                    
-SHA-512  (BYTE-only)
                    Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #3790
                    
-
                    Version 10.0.15063
                    SHA-1      (BYTE-only)
                    
-SHA-256  (BYTE-only)
                    
-SHA-384  (BYTE-only)
                    
-SHA-512  (BYTE-only)
                    Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #3652
                    
-
                    Version 7.00.2872
                    SHA-1      (BYTE-only)
                    
-SHA-256  (BYTE-only)
                    
-SHA-384  (BYTE-only)
                    
-SHA-512  (BYTE-only)
                    Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #3651
                    
-
                    Version 8.00.6246
                    SHA-1      (BYTE-only)
                    
-SHA-256  (BYTE-only)
                    
-SHA-384  (BYTE-only)
                    
-SHA-512  (BYTE-only)
                    Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #3649
                    
-
                    Version 7.00.2872
                    SHA-1      (BYTE-only)
                    
-SHA-256  (BYTE-only)
                    
-SHA-384  (BYTE-only)
                    
-SHA-512  (BYTE-only)
                    Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #3648
                    
-
                    Version 8.00.6246
                    SHA-1 (BYTE-only)
                    
-SHA-256 (BYTE-only)
                    
-SHA-384 (BYTE-only)
                    
-SHA-512 (BYTE-only)                    		Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update SymCrypt Cryptographic Implementations #3347
                    
-Version 10.0.14393
                    SHA-1 (BYTE-only)
                    
-SHA-256 (BYTE-only)
                    
-SHA-384 (BYTE-only)
                    
-SHA-512 (BYTE-only)                    		Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update RSA32 Algorithm Implementations #3346
                    
-Version 10.0.14393
                    SHA-1 (BYTE-only)
                    
-SHA-256 (BYTE-only)
                    
-SHA-384 (BYTE-only)
                    
-SHA-512 (BYTE-only)                    		Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub RSA32 Algorithm Implementations #3048
                    
-Version 10.0.10586
                    SHA-1 (BYTE-only)
                    
-SHA-256 (BYTE-only)
                    
-SHA-384 (BYTE-only)
                    
-SHA-512 (BYTE-only)                    		Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub SymCrypt Cryptographic Implementations #3047
                    
-Version 10.0.10586
                    SHA-1 (BYTE-only)
                    
-SHA-256 (BYTE-only)
                    
-SHA-384 (BYTE-only)
                    
-SHA-512 (BYTE-only)                    		Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 SymCrypt Cryptographic Implementations #2886
                    
-Version 10.0.10240
                    SHA-1 (BYTE-only)
                    
-SHA-256 (BYTE-only)
                    
-SHA-384 (BYTE-only)
                    
-SHA-512 (BYTE-only)                    		Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 RSA32 Algorithm Implementations #2871
                    
-Version 10.0.10240
                    SHA-1 (BYTE-only)
                    
-SHA-256 (BYTE-only)
                    
-SHA-384 (BYTE-only)
                    
-SHA-512 (BYTE-only)                    		Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry RSA32 Algorithm Implementations #2396
                    
-Version 6.3.9600
                    SHA-1 (BYTE-only)
                    
-SHA-256 (BYTE-only)
                    
-SHA-384 (BYTE-only)
                    
-SHA-512 (BYTE-only)                    		Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 SymCrypt Cryptographic Implementations #2373
                    
-Version 6.3.9600
                    SHA-1 (BYTE-only)
                    
-
                    SHA-256 (BYTE-only)
                    
-
                    SHA-384 (BYTE-only)
                    
-
                    SHA-512 (BYTE-only)
                    
-
                    Implementation does not support zero-length (null) messages.
                    Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Next Generation Symmetric Cryptographic Algorithms Implementations (SYMCRYPT) #1903
                    
-
                    Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Symmetric Algorithm Implementations (RSA32) #1902
                    SHA-1 (BYTE-only)
                    
-SHA-256 (BYTE-only)
                    
-SHA-384 (BYTE-only)
                    
-SHA-512 (BYTE-only)
                    Windows Embedded Compact 7 Enhanced Cryptographic Provider (RSAENH) #1774
                    
-
                    Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll) #1773
                    SHA-1 (BYTE-only)
                    
-SHA-256 (BYTE-only)
                    
-SHA-384 (BYTE-only)
                    
-SHA-512 (BYTE-only)
                    Windows 7 and SP1 and Windows Server 2008 R2 and SP1 Symmetric Algorithm Implementation #1081
                    
-
                    Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #816
                    SHA-1 (BYTE-only)
                    Windows XP Professional SP3 Kernel Mode Cryptographic Module (fips.sys) #785
                    
-
                    Windows XP Professional SP3 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) #784
                    SHA-1 (BYTE-only)
                    
-SHA-256 (BYTE-only)
                    
-SHA-384 (BYTE-only)
                    
-SHA-512 (BYTE-only)                    		Windows XP Professional SP3 Enhanced Cryptographic Provider (RSAENH) #783
                    SHA-1 (BYTE-only)
                    
-SHA-256 (BYTE-only)
                    
-SHA-384 (BYTE-only)
                    
-SHA-512 (BYTE-only)
                    Windows Vista SP1 and Windows Server 2008 Symmetric Algorithm Implementation #753
                    
-
                    Windows Vista Symmetric Algorithm Implementation #618
                    SHA-1 (BYTE-only)
                    
-SHA-256 (BYTE-only)
                    Windows Vista BitLocker Drive Encryption #737
                    
-
                    Windows Vista Beta 2 BitLocker Drive Encryption #495
                    SHA-1 (BYTE-only)
                    
-SHA-256 (BYTE-only)
                    
-SHA-384 (BYTE-only)
                    
-SHA-512 (BYTE-only)
                    Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #613
                    
-
                    Windows Server 2003 SP1 Enhanced Cryptographic Provider (RSAENH) #364
                    SHA-1 (BYTE-only)
                    Windows Server 2003 SP2 Enhanced DSS and Diffie-Hellman Cryptographic Provider #611
                    
-
                    Windows Server 2003 SP2 Kernel Mode Cryptographic Module (fips.sys) #610
                    
-
                    Windows Server 2003 SP1 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) #385
                    
-
                    Windows Server 2003 SP1 Kernel Mode Cryptographic Module (fips.sys) #371
                    
-
                    Windows Server 2003 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) #181
                    
-
                    Windows Server 2003 Kernel Mode Cryptographic Module (fips.sys) #177
                    
-
                    Windows Server 2003 Enhanced Cryptographic Provider (RSAENH) #176
                    SHA-1 (BYTE-only)
                    
-SHA-256 (BYTE-only)
                    
-SHA-384 (BYTE-only)
                    
-SHA-512 (BYTE-only)
                    Windows CE 6.0 and Windows CE 6.0 R2 and Windows Mobile Enhanced Cryptographic Provider (RSAENH) #589
                    
-
                    Windows CE and Windows Mobile 6 and Windows Mobile 6.5 Enhanced Cryptographic Provider (RSAENH) #578
                    
-
                    Windows CE 5.00 and Windows CE 5.01 Enhanced Cryptographic Provider (RSAENH) #305
                    SHA-1 (BYTE-only)
                    Windows XP Microsoft Enhanced Cryptographic Provider #83
                    
-
                    Crypto Driver for Windows 2000 (fips.sys) #35
                    
-
                    Windows 2000 Microsoft Outlook Cryptographic Provider (EXCHCSP.DLL) SR-1A (3821) #32
                    
-
                    Windows 2000 RSAENH.DLL #24
                    
-
                    Windows 2000 RSABASE.DLL #23
                    
-
                    Windows NT 4 SP6 RSAENH.DLL #21
                    
-
                    Windows NT 4 SP6 RSABASE.DLL #20
                    
-
-
-#### Triple DES
-
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    



                    Modes / States / Key SizesAlgorithm Implementation and Certificate #
                      
-
                    • TDES-CBC:
                      • 
-
                      • 
-
                      • Modes: Decrypt, Encrypt
                        • 
-
                      • Keying Option: 1
                        • 
-
                      • 
-
                    • TDES-CFB64:
                      • 
-
                      • 
-
                      • Modes: Decrypt, Encrypt
                        • 
-
                      • Keying Option: 1
                        • 
-
                      • 
-
                    • TDES-CFB8:
                      • 
-
                      • 
-
                      • Modes: Decrypt, Encrypt
                        • 
-
                      • Keying Option: 1
                        • 
-
                      • 
-
                    • TDES-ECB:
                      • 
-
                      • 
-
                      • Modes: Decrypt, Encrypt
                        • 
-
                      • Keying Option: 1
                        • 
-
                      • 
-
                    Microsoft Surface Hub SymCrypt Cryptographic Implementations #2558
                    
-
                    Version 10.0.15063.674
                      
-
                    • TDES-CBC:
                      • 
-
                      • 
-
                      • Modes: Decrypt, Encrypt
                        • 
-
                      • Keying Option: 1
                        • 
-
                      • 
-
                    • TDES-CFB64:
                      • 
-
                      • 
-
                      • Modes: Decrypt, Encrypt
                        • 
-
                      • Keying Option: 1
                        • 
-
                      • 
-
                    • TDES-CFB8:
                      • 
-
                      • 
-
                      • Modes: Decrypt, Encrypt
                        • 
-
                      • Keying Option: 1
                        • 
-
                      • 
-
                    • TDES-ECB:
                      • 
-
                      • 
-
                      • Modes: Decrypt, Encrypt
                        • 
-
                      • Keying Option: 1
                        • 
-
                      • 
-
                    Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #2557
                    
-
                    Version 10.0.15254
                      
-
                    • TDES-CBC:
                      • 
-
                      • 
-
                      • Modes: Decrypt, Encrypt
                        • 
-
                      • Keying Option: 1
                        • 
-
                      • 
-
                    • TDES-CFB64:
                      • 
-
                      • 
-
                      • Modes: Decrypt, Encrypt
                        • 
-
                      • Keying Option: 1
                        • 
-
                      • 
-
                    • TDES-CFB8:
                      • 
-
                      • 
-
                      • Modes: Decrypt, Encrypt
                        • 
-
                      • Keying Option: 1
                        • 
-
                      • 
-
                    • TDES-ECB:
                      • 
-
                      • 
-
                      • Modes: Decrypt, Encrypt
                        • 
-
                      • Keying Option: 1
                        • 
-
                      • 
-
                    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #2556
                    
-
                    Version 10.0.16299
                    TECB(KO 1 e/d); TCBC(KO 1 e/d); TCFB8(KO 1 e/d); TCFB64(KO 1 e/d)
                    Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #2459
                    
-
                    Version 10.0.15063
                    TECB(KO 1 e/d);
                    
-
                    TCBC(KO 1 e/d)
                    Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #2384
                    
-
                    Version 8.00.6246
                    TECB(KO 1 e/d);
                    
-
                    TCBC(KO 1 e/d)
                    Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #2383
                    
-
                    Version 8.00.6246
                    TECB(KO 1 e/d);
                    
-
                    TCBC(KO 1 e/d);
                    
-
                    CTR (int only)
                    Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #2382
                    
-
                    Version 7.00.2872
                    TECB(KO 1 e/d);
                    
-
                    TCBC(KO 1 e/d)
                    Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #2381
                    
-
                    Version 8.00.6246
                    TECB(KO 1 e/d);
                    
-
                    TCBC(KO 1 e/d);
                    
-
                    TCFB8(KO 1 e/d);
                    
-
                    TCFB64(KO 1 e/d)
                    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update SymCrypt Cryptographic Implementations #2227
                    
-
                    
-
                    
-
                    Version 10.0.14393
                    TECB(KO 1 e/d);
                    
-
                    TCBC(KO 1 e/d);
                    
-
                    TCFB8(KO 1 e/d);
                    
-
                    TCFB64(KO 1 e/d)
                    Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub SymCrypt Cryptographic Implementations #2024
                    
-
                    
-
                    
-
                    Version 10.0.10586
                    TECB(KO 1 e/d);
                    
-
                    TCBC(KO 1 e/d);
                    
-
                    TCFB8(KO 1 e/d);
                    
-
                    TCFB64(KO 1 e/d)
                    Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 SymCrypt Cryptographic Implementations #1969
                    
-
                    
-
                    
-
                    Version 10.0.10240
                    TECB(KO 1 e/d);
                    
-
                    TCBC(KO 1 e/d);
                    
-
                    TCFB8(KO 1 e/d);
                    
-
                    TCFB64(KO 1 e/d)
                    Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 SymCrypt Cryptographic Implementations #1692
                    
-
                    Version 6.3.9600
                    TECB(e/d; KO 1, 2);
                    
-
                    TCBC(e/d; KO 1, 2);
                    
-
                    TCFB8(e/d; KO 1, 2);
                    
-
                    TCFB64(e/d; KO 1, 2)
                    		Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Next Generation Symmetric Cryptographic Algorithms Implementations (SYMCRYPT) #1387
                    TECB(e/d; KO 1, 2);
                    
-
                    TCBC(e/d; KO 1, 2);
                    
-
                    TCFB8(e/d; KO 1, 2)
                    		Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Symmetric Algorithm Implementations (RSA32) #1386
                    TECB(e/d; KO 1, 2);
                    
-
                    TCBC(e/d; KO 1, 2);
                    
-
                    TCFB8(e/d; KO 1, 2)
                    		Windows 7 and SP1 and Windows Server 2008 R2 and SP1 Symmetric Algorithm Implementation #846
                    TECB(e/d; KO 1, 2);
                    
-
                    TCBC(e/d; KO 1, 2);
                    
-
                    TCFB8(e/d; KO 1, 2)
                    		Windows Vista SP1 and Windows Server 2008 Symmetric Algorithm Implementation #656
                    TECB(e/d; KO 1, 2);
                    
-
                    TCBC(e/d; KO 1, 2);
                    
-
                    TCFB8(e/d; KO 1, 2)
                    		Windows Vista Symmetric Algorithm Implementation #549
                    Triple DES MAC
                    Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 #1386, vendor-affirmed
                    
-
                    Windows 7 and SP1 and Windows Server 2008 R2 and SP1 #846, vendor-affirmed
                    TECB(e/d; KO 1, 2);
                    
-
                    TCBC(e/d; KO 1, 2)
                    Windows Embedded Compact 7 Enhanced Cryptographic Provider (RSAENH) #1308
                    
-
                    Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll) #1307
                    
-
                    Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #691
                    
-
                    Windows XP Professional SP3 Kernel Mode Cryptographic Module (fips.sys) #677
                    
-
                    Windows XP Professional SP3 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) #676
                    
-
                    Windows XP Professional SP3 Enhanced Cryptographic Provider (RSAENH) #675
                    
-
                    Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #544
                    
-
                    Windows Server 2003 SP2 Enhanced DSS and Diffie-Hellman Cryptographic Provider #543
                    
-
                    Windows Server 2003 SP2 Kernel Mode Cryptographic Module (fips.sys) #542
                    
-
                    Windows CE 6.0 and Window CE 6.0 R2 and Windows Mobile Enhanced Cryptographic Provider (RSAENH) #526
                    
-
                    Windows CE and Windows Mobile 6 and Windows Mobile 6.1 and Windows Mobile 6.5 Enhanced Cryptographic Provider (RSAENH) #517
                    
-
                    Windows Server 2003 SP1 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) #381
                    
-
                    Windows Server 2003 SP1 Kernel Mode Cryptographic Module (fips.sys) #370
                    
-
                    Windows Server 2003 SP1 Enhanced Cryptographic Provider (RSAENH) #365
                    
-
                    Windows CE 5.00 and Windows CE 5.01 Enhanced Cryptographic Provider (RSAENH) #315
                    
-
                    Windows Server 2003 Kernel Mode Cryptographic Module (fips.sys) #201
                    
-
                    Windows Server 2003 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) #199
                    
-
                    Windows Server 2003 Enhanced Cryptographic Provider (RSAENH) #192
                    
-
                    Windows XP Microsoft Enhanced Cryptographic Provider #81
                    
-
                    Windows 2000 Microsoft Outlook Cryptographic Provider (EXCHCSP.DLL) SR-1A (3821) #18
                    
-
                    Crypto Driver for Windows 2000 (fips.sys) #16
                    
-
-
-#### SP 800-132 Password-Based Key Derivation Function (PBKDF)
-
-
-  
-    
-    
-  
-  
-    
-    
-  
-  
-    
-    
-  
-
                    
-      Modes / States / Key Sizes
-    
-      Algorithm Implementation and Certificate #
-    
                    
-      PBKDF (vendor affirmed)
-      
                     Kernel Mode Cryptographic Primitives Library (cng.sys) Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows 10 Mobile, Windows Server 2016 Standard, Windows Server 2016 Datacenter, Windows Storage Server 2016 #2937
                    (Software Version: 10.0.14393)
                    
-      
                    Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows 10 Mobile, Windows Server 2016 Standard, Windows Server 2016 Datacenter, Windows Storage Server 2016 #2936
                    (Software Version: 10.0.14393)
                    
-      
                    Code Integrity (ci.dll) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows 10 Mobile, Windows Server 2016 Standard, Windows Server 2016 Datacenter, Windows Storage Server 2016 #2935
                    (Software Version: 10.0.14393)
                    
-      
                    Boot Manager in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows 10 Mobile, Windows Server 2016 Standard, Windows Server 2016 Datacenter, Windows Storage Server 2016 #2931
                    (Software Version: 10.0.14393)
                    
-    
                    
-      PBKDF (vendor affirmed)
-      
                    Kernel Mode Cryptographic Primitives Library (cng.sys) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows 10 Mobile, Windows Server 2016 Standard, Windows Server 2016 Datacenter, Windows Storage Server 2016 #2936
                    (Software Version: 10.0.14393)
                    
-      
                    Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG), vendor-affirmed
                    
-    
                    
-
-
-#### Component Validation List
-
-
----
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                    



                    Publication / Component Validated / DescriptionImplementation and Certificate #
                      
-
                    • ECDSA SigGen:
                      • 
-
                      • 
-
                      • P-256 SHA: SHA-256
                        • 
-
                      • P-384 SHA: SHA-384
                        • 
-
                      • P-521 SHA: SHA-512
                        • 
-
                      • 
-
                    
-
                    Prerequisite: DRBG #489
                    Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations #1540
                    
-
                    Version 6.3.9600
                      
-
                    • RSASP1:
                      • 
-
                      • 
-
                      • Modulus Size: 2048 (bits)
                        • 
-
                      • Padding Algorithms: PKCS 1.5
                        • 
-
                      • 
-
                    Microsoft Surface Hub Virtual TPM Implementations #1519
                    
-
                    Version 10.0.15063.674
                      
-
                    • RSASP1:
                      • 
-
                      • 
-
                      • Modulus Size: 2048 (bits)
                        • 
-
                      • Padding Algorithms: PKCS 1.5
                        • 
-
                      • 
-
                    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations #1518
                    
-
                    Version 10.0.16299
                      
-
                    • RSADP:
                      • 
-
                      • 
-
                      • Modulus Size: 2048 (bits)
                        • 
-
                      • 
-
                    Microsoft Surface Hub MsBignum Cryptographic Implementations #1517
                    
-
                    Version 10.0.15063.674
                      
-
                    • RSASP1:
                      • 
-
                      • 
-
                      • Modulus Size: 2048 (bits)
                        • 
-
                      • Padding Algorithms: PKCS 1.5
                        • 
-
                      • 
-
                    Microsoft Surface Hub MsBignum Cryptographic Implementations #1516
                    
-
                    Version 10.0.15063.674
                      
-
                    • ECDSA SigGen:
                      • 
-
                      • 
-
                      • P-256 SHA: SHA-256
                        • 
-
                      • P-384 SHA: SHA-384
                        • 
-
                      • P-521 SHA: SHA-512
                        • 
-
                      • 
-
                    
-
                     Prerequisite: DRBG #1732
                    Microsoft Surface Hub MsBignum Cryptographic Implementations #1515
                    
-
                    Version 10.0.15063.674
                      
-
                    • ECDSA SigGen:
                      • 
-
                      • 
-
                      • P-256 SHA: SHA-256
                        • 
-
                      • P-384 SHA: SHA-384
                        • 
-
                      • P-521 SHA: SHA-512
                        • 
-
                      • 
-
                    
-
                    Prerequisite: DRBG #1732
                    Microsoft Surface Hub SymCrypt Cryptographic Implementations #1514
                    
-
                    Version 10.0.15063.674
                      
-
                    • RSADP:
                      • 
-
                      • 
-
                      • Modulus Size: 2048 (bits)
                        • 
-
                      • 
-
                    Microsoft Surface Hub SymCrypt Cryptographic Implementations #1513
                    
-
                    Version 10.0.15063.674
                      
-
                    • RSASP1:
                      • 
-
                      • 
-
                      • Modulus Size: 2048 (bits)
                        • 
-
                      • Padding Algorithms: PKCS 1.5
                        • 
-
                      • 
-
                    Microsoft Surface Hub SymCrypt Cryptographic Implementations #1512
                    
-
                    Version 10.0.15063.674
                      
-
                    • IKEv1:
                      • 
-
                      • 
-
                      • Methods: Digital Signature, Pre-shared Key, Public Key Encryption
                        • 
-
                      • Pre-shared Key Length: 64-2048
                        • 
-
                      • Diffie-Hellman shared secrets:
                        • 
-
                        • 
-
                        • Diffie-Hellman shared secret:
                          • 
-
                          • 
-
                          • Length: 2048 (bits)
                            • 
-
                          • SHA Functions: SHA-256
                            • 
-
                          • 
-
                        • Diffie-Hellman shared secret:
                          • 
-
                          • 
-
                          • Length: 256 (bits)
                            • 
-
                          • SHA Functions: SHA-256
                            • 
-
                          • 
-
                        • Diffie-Hellman shared secret:
                          • 
-
                          • 
-
                          • Length: 384 (bits)
                            • 
-
                          • SHA Functions: SHA-384
                            • 
-
                          • 
-
                        • 
-
                      • 
-
                    
-
                    Prerequisite: SHS #4011, HMAC #3269
                    
-
                      
-
                    • IKEv2:
                      • 
-
                      • 
-
                      • Derived Keying Material length: 192-1792
                        • 
-
                      • Diffie-Hellman shared secrets:
                        • 
-
                        • 
-
                        • Diffie-Hellman shared secret:
                          • 
-
                          • 
-
                          • Length: 2048 (bits)
                            • 
-
                          • SHA Functions: SHA-256
                            • 
-
                          • 
-
                        • Diffie-Hellman shared secret:
                          • 
-
                          • 
-
                          • Length: 256 (bits)
                            • 
-
                          • SHA Functions: SHA-256
                            • 
-
                          • 
-
                        • Diffie-Hellman shared secret:
                          • 
-
                          • 
-
                          • Length: 384 (bits)
                            • 
-
                          • SHA Functions: SHA-384
                            • 
-
                          • 
-
                        • 
-
                      • 
-
                    
-
                    Prerequisite: SHS #4011, HMAC #3269
                    
-
                      
-
                    • TLS:
                      • 
-
                      • 
-
                      • Supports TLS 1.0/1.1
                        • 
-
                      • Supports TLS 1.2:
                        • 
-
                        • 
-
                        • SHA Functions: SHA-256, SHA-384
                          • 
-
                        • 
-
                      • 
-
                    
-
                    Prerequisite: SHS #4011, HMAC #3269
                    Microsoft Surface Hub SymCrypt Cryptographic Implementations #1511
                    
-
                    Version 10.0.15063.674
                      
-
                    • ECDSA SigGen:
                      • 
-
                      • 
-
                      • P-256 SHA: SHA-256
                        • 
-
                      • P-384 SHA: SHA-384
                        • 
-
                      • P-521 SHA: SHA-512
                        • 
-
                      • 
-
                    
-
                    Prerequisite: DRBG #1731
                    Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #1510
                    
-
                    Version 10.0.15254
                      
-
                    • RSADP:
                      • 
-
                      • 
-
                      • Modulus Size: 2048 (bits)
                        • 
-
                      • 
-
                    Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #1509
                    
-
                    Version 10.0.15254
                      
-
                    • RSASP1:
                      • 
-
                      • 
-
                      • Modulus Size: 2048 (bits)
                        • 
-
                      • Padding Algorithms: PKCS 1.5
                        • 
-
                      • 
-
                    Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #1508
                    
-
                    Version 10.0.15254
                      
-
                    • IKEv1:
                      • 
-
                      • 
-
                      • Methods: Digital Signature, Pre-shared Key, Public Key Encryption
                        • 
-
                      • Pre-shared Key Length: 64-2048
                        • 
-
                      • Diffie-Hellman shared secrets:
                        • 
-
                        • 
-
                        • Diffie-Hellman shared secret:
                          • 
-
                          • 
-
                          • Length: 2048 (bits)
                            • 
-
                          • SHA Functions: SHA-256
                            • 
-
                          • 
-
                        • Diffie-Hellman shared secret:
                          • 
-
                          • 
-
                          • Length: 256 (bits)
                            • 
-
                          • SHA Functions: SHA-256
                            • 
-
                          • 
-
                        • Diffie-Hellman shared secret:
                          • 
-
                          • 
-
                          • Length: 384 (bits)
                            • 
-
                          • SHA Functions: SHA-384
                            • 
-
                          • 
-
                        • 
-
                      • 
-
                    
-
                    Prerequisite: SHS #4010, HMAC #3268
                    
-
                      
-
                    • IKEv2:
                      • 
-
                      • 
-
                      • Derived Keying Material length: 192-1792
                        • 
-
                      • Diffie-Hellman shared secrets:
                        • 
-
                        • 
-
                        • Diffie-Hellman shared secret:
                          • 
-
                          • 
-
                          • Length: 2048 (bits)
                            • 
-
                          • SHA Functions: SHA-256
                            • 
-
                          • 
-
                        • Diffie-Hellman shared secret:
                          • 
-
                          • 
-
                          • Length: 256 (bits)
                            • 
-
                          • SHA Functions: SHA-256
                            • 
-
                          • 
-
                        • Diffie-Hellman shared secret:
                          • 
-
                          • 
-
                          • Length: 384 (bits)
                            • 
-
                          • SHA Functions: SHA-384
                            • 
-
                          • 
-
                        • 
-
                      • 
-
                    
-
                    Prerequisite: SHS #4010, HMAC #3268
                    
-
                      
-
                    • TLS:
                      • 
-
                      • 
-
                      • Supports TLS 1.0/1.1
                        • 
-
                      • Supports TLS 1.2:
                        • 
-
                        • 
-
                        • SHA Functions: SHA-256, SHA-384
                          • 
-
                        • 
-
                      • 
-
                    
-
                    Prerequisite: SHS #4010, HMAC #3268
                    Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #1507
                    
-
                    Version 10.0.15254
                      
-
                    • ECDSA SigGen:
                      • 
-
                      • 
-
                      • P-256 SHA: SHA-256
                        • 
-
                      • P-384 SHA: SHA-384
                        • 
-
                      • P-521 SHA: SHA-512
                        • 
-
                      • 
-
                    
-
                    Prerequisite: DRBG #1731
                    Windows 10 Mobile (version 1709) MsBignum Cryptographic Implementations #1506
                    
-
                    Version 10.0.15254
                      
-
                    • RSADP:
                      • 
-
                      • 
-
                      • Modulus Size: 2048 (bits)
                        • 
-
                      • 
-
                    Windows 10 Mobile (version 1709) MsBignum Cryptographic Implementations #1505
                    
-
                    Version 10.0.15254
                      
-
                    • RSASP1:
                      • 
-
                      • 
-
                      • Modulus Size: 2048 (bits)
                        • 
-
                      • Padding Algorithms: PKCS 1.5
                        • 
-
                      • 
-
                    Windows 10 Mobile (version 1709) MsBignum Cryptographic Implementations #1504
                    
-
                    Version 10.0.15254
                      
-
                    • ECDSA SigGen:
                      • 
-
                      • 
-
                      • P-256 SHA: SHA-256
                        • 
-
                      • P-384 SHA: SHA-384
                        • 
-
                      • P-521 SHA: SHA-512
                        • 
-
                      • 
-
                    
-
                    Prerequisite: DRBG #1730
                    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); MsBignum Cryptographic Implementations #1503
                    
-
                    Version 10.0.16299
                      
-
                    • RSADP:
                      • 
-
                      • 
-
                      • Modulus Size: 2048 (bits)
                        • 
-
                      • 
-
                    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); MsBignum Cryptographic Implementations #1502
                    
-
                    Version 10.0.16299
                      
-
                    • RSASP1:
                      • 
-
                      • 
-
                      • Modulus Size: 2048 (bits)
                        • 
-
                      • Padding Algorithms: PKCS 1.5
                        • 
-
                      • 
-
                    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); MsBignum Cryptographic Implementations #1501
                    
-
                    Version 10.0.16299
                      
-
                    • ECDSA SigGen:
                      • 
-
                      • 
-
                      • P-256 SHA: SHA-256
                        • 
-
                      • P-384 SHA: SHA-384
                        • 
-
                      • P-521 SHA: SHA-512
                        • 
-
                      • 
-
                    
-
                    Prerequisite: DRBG #1730
                    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #1499
                    
-
                    Version 10.0.16299
                      
-
                    • RSADP:
                      • 
-
                      • 
-
                      • Modulus Size: 2048 (bits)
                        • 
-
                      • 
-
                    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #1498
                    
-
                    Version 10.0.16299
                    
-
                     
                      
-
                    • RSASP1:
                      • 
-
                      • 
-
                      • Modulus Size: 2048 (bits)
                        • 
-
                      • Padding Algorithms: PKCS 1.5
                        • 
-
                      • 
-
                    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations  #1497
                    
-
                    Version 10.0.16299
                      
-
                    • IKEv1:
                      • 
-
                      • 
-
                      • Methods: Digital Signature, Pre-shared Key, Public Key Encryption
                        • 
-
                      • Pre-shared Key Length: 64-2048
                        • 
-
                      • Diffie-Hellman shared secrets:
                        • 
-
                        • 
-
                        • Diffie-Hellman shared secret:
                          • 
-
                          • 
-
                          • Length: 2048 (bits)
                            • 
-
                          • SHA Functions: SHA-256
                            • 
-
                          • 
-
                        • Diffie-Hellman shared secret:
                          • 
-
                          • 
-
                          • Length: 256 (bits)
                            • 
-
                          • SHA Functions: SHA-256
                            • 
-
                          • 
-
                        • Diffie-Hellman shared secret:
                          • 
-
                          • 
-
                          • Length: 384 (bits)
                            • 
-
                          • SHA Functions: SHA-384
                            • 
-
                          • 
-
                        • 
-
                      • 
-
                    
-
                    Prerequisite: SHS #4009, HMAC #3267
                    
-
                      
-
                    • IKEv2:
                      • 
-
                      • 
-
                      • Derived Keying Material length: 192-1792
                        • 
-
                      • Diffie-Hellman shared secrets:
                        • 
-
                        • 
-
                        • Diffie-Hellman shared secret:
                          • 
-
                          • 
-
                          • Length: 2048 (bits)
                            • 
-
                          • SHA Functions: SHA-256
                            • 
-
                          • 
-
                        • Diffie-Hellman shared secret:
                          • 
-
                          • 
-
                          • Length: 256 (bits)
                            • 
-
                          • SHA Functions: SHA-256
                            • 
-
                          • 
-
                        • Diffie-Hellman shared secret:
                          • 
-
                          • 
-
                          • Length: 384 (bits)
                            • 
-
                          • SHA Functions: SHA-384
                            • 
-
                          • 
-
                        • 
-
                      • 
-
                    
-
                    Prerequisite: SHS #4009, HMAC #3267
                    
-
                      
-
                    • TLS:
                      • 
-
                      • 
-
                      • Supports TLS 1.0/1.1
                        • 
-
                      • Supports TLS 1.2:
                        • 
-
                        • 
-
                        • SHA Functions: SHA-256, SHA-384
                          • 
-
                        • 
-
                      • 
-
                    
-
                    Prerequisite: SHS #4009, HMAC #3267
                    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations  #1496
                    
-
                    Version 10.0.16299
                    FIPS186-4 ECDSA
                    
-
                    Signature Generation of hash sized messages
                    
-
                    ECDSA SigGen Component: CURVES(P-256 P-384 P-521)
                    Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile MsBignum Cryptographic Implementations #1284
                    
-Version 10.0. 15063
                    
-
                    Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #1279
                    
-Version 10.0. 15063
                    
-
                    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update MsBignum Cryptographic Implementations #922
                    
-Version 10.0.14393
                    
-
                    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #894
                    
-Version 10.0.14393icrosoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” MsBignum Cryptographic Implementations #666
                    
-Version 10.0.10586
                    
-
                    Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations #288
                    
-Version 6.3.9600
                    FIPS186-4 RSA; PKCS#1 v2.1
                    
-
                    RSASP1 Signature Primitive
                    
-
                    RSASP1: (Mod2048: PKCS1.5 PKCSPSS)
                    Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations #1285
                    
-Version 10.0.15063
                    
-
                    Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile MsBignum Cryptographic Implementations #1282
                    
-Version 10.0.15063
                    
-
                    Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #1280
                    
-Version 10.0.15063
                    
-
                    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #893
                    
-Version 10.0.14393
                    
-
                    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update MsBignum Cryptographic Implementations #888
                    
-Version 10.0.14393
                    
-
                    Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” MsBignum Cryptographic Implementations #665
                    
-Version 10.0.10586
                    
-
                    Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 MsBignum Cryptographic Implementations #572
                    
-Version  10.0.10240
                    
-
                    Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry MsBignum Cryptographic Implementations #289
                    
-Version 6.3.9600
                    FIPS186-4 RSA; RSADP
                    
-
                    RSADP Primitive
                    
-
                    RSADP: (Mod2048)
                    Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile MsBignum Cryptographic Implementations #1283
                    
-Version 10.0.15063
                    
-
                    Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #1281
                    
-Version 10.0.15063
                    
-
                    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #895
                    
-Version 10.0.14393
                    
-
                    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update Cryptography Next Generation (CNG) Implementations #887
                    
-Version 10.0.14393
                    
-
                    Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” Cryptography Next Generation (CNG) Implementations #663
                    
-Version 10.0.10586
                    
-
                    Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 Cryptography Next Generation (CNG) Implementations #576
                    
-Version  10.0.10240
                    SP800-135
                    
-
                    Section 4.1.1, IKEv1 Section 4.1.2, IKEv2 Section 4.2, TLS
                    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations  #1496
                    
-
                    Version 10.0.16299
                    
-
                    Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #1278
                    
-Version 10.0.15063
                    
-
                    Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1140
                    
-Version 7.00.2872
                    
-
                    Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1139
                    
-Version 8.00.6246
                    
-
                    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update BcryptPrimitives and NCryptSSLp #886
                    
-Version 10.0.14393
                    
-
                    Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” BCryptPrimitives and NCryptSSLp #664
                    
-Version 10.0.10586
                    
-
                    Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 BCryptPrimitives and NCryptSSLp #575
                    
-Version  10.0.10240
                    
-
                    Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 BCryptPrimitives and NCryptSSLp #323
                    
-Version 6.3.9600
                    
-
-## Contact
-
-fips@microsoft.com
-
-## References
-
-* [FIPS 140-2, Security Requirements for Cryptographic Modules](http://csrc.nist.gov/publications/fips/fips140-2/fips1402.pdf))
-* [Cryptographic Module Validation Program (CMVP) FAQ](http://csrc.nist.gov/groups/stm/cmvp/documents/cmvpfaq.pdf)
-* [SP 800-57 - Recommendation for Key Management – Part 1: General (Revised)](https://csrc.nist.gov/publications/detail/sp/800-57-part-1/rev-5/final)
+---
+title: Federal Information Processing Standard (FIPS) 140 Validation
+description: Learn how Microsoft products and cryptographic modules follow the U.S. Federal government standard FIPS 140.
+ms.prod: m365-security
+audience: ITPro
+author: dansimp
+ms.author: dansimp
+manager: dansimp
+ms.collection: M365-identity-device-management
+ms.topic: article
+ms.localizationpriority: medium
+ms.reviewer: 
+ms.technology: windows-sec
+---
+
+# FIPS 140-2 Validation
+
+## FIPS 140-2 standard overview
+
+The Federal Information Processing Standard (FIPS) Publication 140-2 is a U.S. government standard. FIPS is based on Section 5131 of the Information Technology Management Reform Act of 1996. It defines the minimum security requirements for cryptographic modules in IT products.
+
+The [Cryptographic Module Validation Program (CMVP)](https://csrc.nist.gov/Projects/cryptographic-module-validation-program) is a joint effort of the U.S. National Institute of Standards and Technology (NIST) and the Canadian Centre for Cyber Security (CCCS). It validates cryptographic modules against the Security Requirements for Cryptographic Modules (part of FIPS 140-2) and related FIPS cryptography standards. The FIPS 140-2 security requirements cover 11 areas related to the design and implementation of a cryptographic module. The NIST Information Technology Laboratory operates a related program that validates the FIPS approved cryptographic algorithms in the module.
+
+## Microsoft’s approach to FIPS 140-2 validation
+
+Microsoft maintains an active commitment to meeting the requirements of the FIPS 140-2 standard, having validated cryptographic modules against it since it was first established in 2001.  Microsoft validates its cryptographic modules under the NIST CMVP, as described above.  Multiple Microsoft products, including Windows 10, Windows Server, and many cloud services, use these cryptographic modules.
+
+## Using Windows in a FIPS 140-2 approved mode of operation
+
+Windows 10 and Windows Server may be configured to run in a FIPS 140-2 approved mode of operation, commonly referred to as "FIPS mode."  If you turn on FIPS mode, the Cryptographic Primitives Library (bcryptprimitives.dll) and Kernel Mode Cryptographic Primitives Library (CNG.sys) modules will run self-tests before Windows runs cryptographic operations. These self-tests are run according to FIPS 140-2 Section 4.9. They ensure that the modules are functioning properly.
+
+The Cryptographic Primitives Library and the Kernel Mode Cryptographic Primitives Library are the only modules affected by FIPS mode. FIPS mode won't prevent Windows and its subsystems from using non-FIPS validated cryptographic algorithms. FIPS mode is merely advisory for applications or components other than the Cryptographic Primitives Library and the Kernel Mode Cryptographic Primitives Library.
+
+US government regulations continue to mandate FIPS mode for government devices running Windows. Other customers should decide for themselves if FIPS mode is right for them. There are many applications and protocols that use FIPS mode policy to determine which cryptographic functionality to run. Customers seeking to follow the FIPS 140-2 standard should research the configuration settings of their applications and protocols. This research will help ensure that they can be configured to use FIPS 140-2 validated cryptography.
+
+Achieving this FIPS 140-2 approved mode of operation of Windows requires administrators to complete all four steps outlined below.
+
+### Step 1: Ensure FIPS 140-2 validated cryptographic modules are installed
+
+Administrators must ensure that all cryptographic modules installed are FIPS 140-2 validated.  Tables listing validated modules, organized by operating system release, are available later in this article.
+
+### Step 2: Ensure all security policies for all cryptographic modules are followed
+
+Each of the cryptographic modules has a defined security policy that must be met for the module to operate in its FIPS 140-2 approved mode.  The security policy may be found in each module’s published Security Policy Document (SPD).  The SPDs for each module may be found in the table of validated modules at the end of this article.  Select the module version number to view the published SPD for the module. 
+
+### Step 3: Enable the FIPS security policy
+
+Windows provides the security policy setting, *System cryptography: Use FIPS-compliant algorithms for encryption, hashing, and signing*. This setting is used by some Microsoft products to determine whether to run in FIPS mode.  When this policy is turned on, the validated cryptographic modules in Windows will also operate in FIPS mode.  This policy may be set using Local Security Policy, as part of Group Policy, or through a Modern Device Management (MDM) solution.   For more information on the policy, see [System cryptography: Use FIPS-compliant algorithms for encryption, hashing, and signing](./security-policy-settings/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing.md).  
+
+### Step 4: Ensure that only FIPS validated cryptographic algorithms are used
+
+FIPS mode is enforced at the level of the application or service. It is not enforced by the operating system or by individual cryptographic modules. Applications or services running in FIPS mode must follow the security policies of validated modules. They must not use a cryptographic algorithm that isn't FIPS-compliant.
+
+In short, an application or service is running in FIPS mode if it:
+
+* Checks for the policy flag
+* Enforces security policies of validated modules
+
+## Frequently asked questions
+
+### How long does it take to certify a cryptographic module?
+
+Microsoft begins certification of cryptographic modules after each major feature release of Windows 10 and Windows Server. The duration of each evaluation varies, depending on many factors.
+
+### When does Microsoft undertake a FIPS 140 validation?
+
+The cadence for starting module validation aligns with the feature updates of Windows 10 and Windows Server.  As the software industry evolves, operating systems release more frequently. Microsoft completes validation work on major releases but, in between releases, seeks to minimize the changes to the cryptographic modules.  
+
+### What is the difference between *FIPS 140 validated* and *FIPS 140 compliant*?
+
+*FIPS 140 validated* means that the cryptographic module, or a product that embeds the module, has been validated ("certified") by the CMVP as meeting the FIPS 140-2 requirements. *FIPS 140 compliant* is an industry term for IT products that rely on FIPS 140 validated products for cryptographic functionality.
+
+### How do I know if a Windows service or application is FIPS 140-2 validated?
+
+The cryptographic modules used in Windows are validated through the CMVP. They aren't validated by individual services, applications, hardware peripherals, or other solutions.  Any compliant solution must call a FIPS 140-2 validated cryptographic module in the underlying OS, and the OS must be configured to run in FIPS mode.  Contact the vendor of the service, application, or product for information on whether it calls a validated cryptographic module.
+
+### What does *When operated in FIPS mode* mean on a certificate?
+
+This label means that certain configuration and security rules must be followed to use the cryptographic module in compliance with its FIPS 140-2 security policy. Each module has its own security policy—a precise specification of the security rules under which it will operate—and employs approved cryptographic algorithms, cryptographic key management, and authentication techniques. The security rules are defined in the Security Policy Document (SPD) for each module.
+
+### What is the relationship between FIPS 140-2 and Common Criteria?
+
+FIPS 140-2 and Common Criteria are two separate security standards with different, but complementary, purposes. FIPS 140-2 is designed specifically for validating software and hardware cryptographic modules. Common Criteria are designed to evaluate security functions in IT software and hardware products. Common Criteria evaluations often rely on FIPS 140-2 validations to provide assurance that basic cryptographic functionality is implemented properly.
+
+### How does FIPS 140 relate to Suite B?
+
+Suite B is a set of cryptographic algorithms defined by the U.S. National Security Agency (NSA) as part of its Cryptographic Modernization Program. The set of Suite B cryptographic algorithms are to be used for both unclassified information and most classified information. The Suite B cryptographic algorithms are a subset of the FIPS approved cryptographic algorithms allowed by the FIPS 140-2 standard.
+
+### Is SMB3 (Server Message Block) FIPS 140 compliant in Windows?
+
+SMB3 can be FIPS 140 compliant, if Windows is configured to operate in FIPS 140 mode on both client and server.  In FIPS mode, SMB3 relies on the underlying Windows FIPS 140 validated cryptographic modules for cryptographic operations.
+
+## Microsoft FIPS 140-2 validated cryptographic modules
+
+The following tables identify the cryptographic modules used in an operating system, organized by release.
+
+## Modules used by Windows
+
+##### Windows 10 Fall 2018 Update (Version 1809)
+
+Validated Editions: Home, Pro, Enterprise, Education
+
+
++++++
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                    





                    Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
                    Cryptographic Primitives Library10.0.17763#3197See Security Policy and Certificate page for algorithm information
                    Kernel Mode Cryptographic Primitives Library10.0.17763#3196See Security Policy and Certificate page for algorithm information
                    Code Integrity10.0.17763#3644See Security Policy and Certificate page for algorithm information
                    Windows OS Loader10.0.17763#3615See Security Policy and Certificate page for algorithm information
                    Secure Kernel Code Integrity10.0.17763#3651See Security Policy and Certificate page for algorithm information
                    BitLocker Dump Filter10.0.17763#3092See Security Policy and Certificate page for algorithm information
                    Boot Manager10.0.17763#3089See Security Policy and Certificate page for algorithm information
                    Virtual TPM10.0.17763#3690See Security Policy and Certificate page for algorithm information
                    
+
+##### Windows 10 Spring 2018 Update (Version 1803)
+
+Validated Editions: Home, Pro, Enterprise, Education
+
+
++++++
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                    





                    Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
                    Cryptographic Primitives Library10.0.17134#3197See Security Policy and Certificate page for algorithm information
                    Kernel Mode Cryptographic Primitives Library10.0.17134#3196See Security Policy and Certificate page for algorithm information
                    Code Integrity10.0.17134#3195See Security Policy and Certificate page for algorithm information
                    Windows OS Loader10.0.17134#3480See Security Policy and Certificate page for algorithm information
                    Secure Kernel Code Integrity10.0.17134#3096See Security Policy and Certificate page for algorithm information
                    BitLocker Dump Filter10.0.17134#3092See Security Policy and Certificate page for algorithm information
                    Boot Manager10.0.17134#3089See Security Policy and Certificate page for algorithm information
                    
+
+##### Windows 10 Fall Creators Update (Version 1709)
+
+Validated Editions: Home, Pro, Enterprise, Education, S, Surface Hub, Mobile
+
+
++++++
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                    





                    Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
                    Cryptographic Primitives Library10.0.16299#3197See Security Policy and Certificate page for algorithm information
                    Kernel Mode Cryptographic Primitives Library10.0.16299#3196See Security Policy and Certificate page for algorithm information
                    Code Integrity10.0.16299#3195See Security Policy and Certificate page for algorithm information
                    Windows OS Loader10.0.16299#3194See Security Policy and Certificate page for algorithm information
                    Secure Kernel Code Integrity10.0.16299#3096See Security Policy and Certificate page for algorithm information
                    BitLocker Dump Filter10.0.16299#3092See Security Policy and Certificate page for algorithm information
                    Windows Resume10.0.16299#3091See Security Policy and Certificate page for algorithm information
                    Boot Manager10.0.16299#3089See Security Policy and Certificate page for algorithm information
                    
+
+##### Windows 10 Creators Update (Version 1703)
+
+Validated Editions: Home, Pro, Enterprise, Education, S, Surface Hub, Mobile
+
+
++
++++
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                    




                    Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
                    Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll)10.0.15063#3095
                    FIPS approved algorithms: AES (Cert. #4624); CKG (vendor affirmed); CVL (Certs. #1278 and #1281); DRBG (Cert. #1555); DSA (Cert. #1223); ECDSA (Cert. #1133); HMAC (Cert. #3061); KAS (Cert. #127); KBKDF (Cert. #140); KTS (AES Cert. #4626; key establishment methodology provides between 128 bits and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #2521 and #2522); SHS (Cert. #3790); Triple-DES (Cert. #2459)
                    
+
                    
+Other algorithms: HMAC-MD5; MD5; DES; Legacy CAPI KDF; MD2; MD4; RC2; RC4; RSA (encrypt/decrypt)
                    
+
                    Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. #1133); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #2521); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. #1281); SP800-135 - Section 4.1.1, IKEv1 Section 4.1.2, IKEv2 Section 4.2, TLS (Cert. #1278)
                    Kernel Mode Cryptographic Primitives Library (cng.sys)10.0.15063#3094
                    #3094
                    
+
                    FIPS approved algorithms: AES (Certs. #4624 and #4626); CKG (vendor affirmed); CVL (Certs. #1278 and #1281); DRBG (Cert. #1555); DSA (Cert. #1223); ECDSA (Cert. #1133); HMAC (Cert. #3061); KAS (Cert. #127); KBKDF (Cert. #140); KTS (AES Cert. #4626; key establishment methodology provides between 128 bits and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #2521 and #2523); SHS (Cert. #3790); Triple-DES (Cert. #2459)
                    
+
                    
+Other algorithms: HMAC-MD5; MD5; NDRNG; DES; Legacy CAPI KDF; MD2; MD4; RC2; RC4; RSA (encrypt/decrypt)
                    
+
                    Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert.#1133); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert.#2521); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert.#1281)
                    Boot Manager10.0.15063#3089
                    FIPS approved algorithms: AES (Certs. #4624 and #4625); CKG (vendor affirmed); HMAC (Cert. #3061); PBKDF (vendor affirmed); RSA (Cert. #2523); SHS (Cert. #3790)
                    
+
                    Other algorithms: PBKDF (vendor affirmed); VMK KDF (vendor affirmed)
                    Windows OS Loader10.0.15063#3090
                    FIPS approved algorithms: AES (Certs. #4624 and #4625); RSA (Cert. #2523); SHS (Cert. #3790)
                    
+
                    Other algorithms: NDRNG
                    Windows Resume[1]10.0.15063#3091FIPS approved algorithms: AES (Certs. #4624 and #4625); RSA (Cert. #2523); SHS (Cert. #3790)
                    BitLocker® Dump Filter[2]10.0.15063#3092FIPS approved algorithms: AES (Certs. #4624 and #4625); RSA (Cert. #2522); SHS (Cert. #3790)
                    Code Integrity (ci.dll)10.0.15063#3093
                    FIPS approved algorithms: AES (Cert. #4624); RSA (Certs. #2522 and #2523); SHS (Cert. #3790)
                    
+
                    Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v1.5 - RSASP1 Signature Primitive (Cert. #1282)
                    Secure Kernel Code Integrity (skci.dll)[3]10.0.15063#3096
                    FIPS approved algorithms: AES (Cert. #4624); RSA (Certs. #2522 and #2523); SHS (Cert. #3790)
                    
+
                    Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v1.5 - RSASP1 Signature Primitive (Cert. #1282)
                    
+
+
+\[1\] Applies only to Home, Pro, Enterprise, Education, and S.
+
+\[2\] Applies only to Pro, Enterprise, Education, S, Mobile, and Surface Hub
+
+\[3\] Applies only to Pro, Enterprise, Education, and S
+
+##### Windows 10 Anniversary Update (Version 1607)
+
+Validated Editions: Home, Pro, Enterprise, Enterprise LTSB, Mobile
+
+
++++++
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                    





                    Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
                    Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll)10.0.14393#2937
                    FIPS approved algorithms: AES (Cert. #4064); DRBG (Cert. #1217); DSA (Cert. #1098); ECDSA (Cert. #911); HMAC (Cert. #2651); KAS (Cert. #92); KBKDF (Cert. #101); KTS (AES Cert. #4062; key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #2192, #2193, and #2195); SHS (Cert. #3347); Triple-DES (Cert. #2227)
                    
+
                    
+Other algorithms: HMAC-MD5; MD5; DES; Legacy CAPI KDF; MD2; MD4; RC2; RC4; RSA (encrypt/decrypt)
                    
+
                    Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. #922); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #888); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. #887); SP800-135 - Section 4.1.1, IKEv1 Section 4.1.2, IKEv2 Section 4.2, TLS (Cert. #886)
                    Kernel Mode Cryptographic Primitives Library (cng.sys)10.0.14393#2936
                    FIPS approved algorithms: AES (Cert. #4064); DRBG (Cert. #1217); DSA (Cert. #1098); ECDSA (Cert. #911); HMAC (Cert. #2651); KAS (Cert. #92); KBKDF (Cert. #101); KTS (AES Cert. #4062; key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #2192, #2193, and #2195); SHS (Cert. #3347); Triple-DES (Cert. #2227)
                    
+
                    
+Other algorithms: HMAC-MD5; MD5; NDRNG; DES; Legacy CAPI KDF; MD2; MD4; RC2; RC4; RSA (encrypt/decrypt)
                    
+
                    Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. #922); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #888); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. #887)
                    Boot Manager10.0.14393#2931
                    FIPS approved algorithms: AES (Certs. #4061 and #4064); HMAC (Cert. #2651); PBKDF (vendor affirmed); RSA (Cert. #2193); SHS (Cert. #3347)
                    
+
                    Other algorithms: MD5; PBKDF (non-compliant); VMK KDF
                    BitLocker® Windows OS Loader (winload)10.0.14393#2932FIPS approved algorithms: AES (Certs. #4061 and #4064); RSA (Cert. #2193); SHS (Cert. #3347)
                    
+
                    
+Other algorithms: NDRNG; MD5
                    BitLocker® Windows Resume (winresume)[1]10.0.14393#2933FIPS approved algorithms: AES (Certs. #4061 and #4064); RSA (Cert. #2193); SHS (Cert. #3347)
                    
+
                    
+Other algorithms: MD5
                    BitLocker® Dump Filter (dumpfve.sys)[2]10.0.14393#2934FIPS approved algorithms: AES (Certs. #4061 and #4064)
                    Code Integrity (ci.dll)10.0.14393#2935
                    FIPS approved algorithms: RSA (Cert. #2193); SHS (Cert. #3347)
                    
+
                    
+Other algorithms: AES (non-compliant); MD5
                    
+
                    Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #888)
                    Secure Kernel Code Integrity (skci.dll)[3]10.0.14393#2938
                    FIPS approved algorithms: RSA (Certs. #2193); SHS (Certs. #3347)
                    
+
                    
+Other algorithms: MD5
                    
+
                    Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #888)
                    
+
+
+\[1\] Applies only to Home, Pro, Enterprise, and Enterprise LTSB
+
+\[2\] Applies only to Pro, Enterprise, Enterprise LTSB, and Mobile
+
+\[3\] Applies only to Pro, Enterprise, and Enterprise LTSB
+
+##### Windows 10 November 2015 Update (Version 1511)
+
+Validated Editions: Home, Pro, Enterprise, Enterprise LTSB, Mobile, Surface Hub
+
+
++++++
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                    





                    Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
                    Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll)10.0.10586#2606
                    FIPS approved algorithms: AES (Certs. #3629); DRBG (Certs. #955); DSA (Certs. #1024); ECDSA (Certs. #760); HMAC (Certs. #2381); KAS (Certs. #72; key agreement; key establishment methodology provides between 112 bits and 256 bits of encryption strength); KBKDF (Certs. #72); KTS (AES Certs. #3653; key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #1887, #1888, and #1889); SHS (Certs. #3047); Triple-DES (Certs. #2024)
                    
+
                    
+Other algorithms: DES; HMAC-MD5; Legacy CAPI KDF; MD2; MD4; MD5; RC2; RC4; RSA (encrypt/decrypt)
                    
+
                    Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. #666); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #665); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. #663); SP800-135 - Section 4.1.1, IKEv1 Section 4.1.2, IKEv2 Section 4.2, TLS (Cert. #664)
                    Kernel Mode Cryptographic Primitives Library (cng.sys)10.0.10586#2605
                    FIPS approved algorithms: AES (Certs. #3629); DRBG (Certs. #955); DSA (Certs.  #1024); ECDSA (Certs. #760); HMAC (Certs. #2381); KAS (Certs. #72; key agreement; key establishment methodology provides between 112 bits and 256 bits of encryption strength); KBKDF (Certs. #72); KTS (AES Certs. #3653; key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #1887, #1888, and #1889); SHS (Certs. #3047); Triple-DES (Certs. #2024)
                    
+
                    
+Other algorithms: DES; HMAC-MD5; Legacy CAPI KDF; MD2; MD4; MD5; RC2; RC4; RSA (encrypt/decrypt)
                    
+
                    Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. #666); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #665); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. #663)
                    Boot Manager[4]10.0.10586#2700FIPS approved algorithms: AES (Certs. #3653); HMAC (Cert. #2381); PBKDF (vendor affirmed); RSA (Cert. #1871); SHS (Certs. #3047 and #3048)
                    
+
                    
+Other algorithms: MD5; KDF (non-compliant); PBKDF (non-compliant)
                    BitLocker® Windows OS Loader (winload)[5]10.0.10586#2701FIPS approved algorithms: AES (Certs. #3629 and #3653); RSA (Cert. #1871); SHS (Cert. #3048)
                    
+
                    
+Other algorithms: MD5; NDRNG
                    BitLocker® Windows Resume (winresume)[6]10.0.10586#2702FIPS approved algorithms: AES (Certs. #3653); RSA (Cert. #1871); SHS (Cert. #3048)
                    
+
                    
+Other algorithms: MD5
                    BitLocker® Dump Filter (dumpfve.sys)[7]10.0.10586#2703FIPS approved algorithms: AES (Certs. #3653)
                    Code Integrity (ci.dll)10.0.10586#2604
                    FIPS approved algorithms: RSA (Certs. #1871); SHS (Certs. #3048)
                    
+
                    
+Other algorithms: AES (non-compliant); MD5
                    
+
                    Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #665)
                    Secure Kernel Code Integrity (skci.dll)[8]10.0.10586#2607
                    FIPS approved algorithms: RSA (Certs. #1871); SHS (Certs. #3048)
                    
+
                    
+Other algorithms: MD5
                    
+
                    Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #665)
                    
+
+
+\[4\] Applies only to Home, Pro, Enterprise, Mobile, and Surface Hub
+
+\[5\] Applies only to Home, Pro, Enterprise, Mobile, and Surface Hub
+
+\[6\] Applies only to Home, Pro, and Enterprise
+
+\[7\] Applies only to Pro, Enterprise, Mobile, and Surface Hub
+
+\[8\] Applies only to Enterprise and Enterprise LTSB
+
+##### Windows 10 (Version 1507)
+
+Validated Editions: Home, Pro, Enterprise, Enterprise LTSB, Mobile, and Surface Hub
+
+
++++++
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                    





                    Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
                    Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll)10.0.10240#2606
                    FIPS approved algorithms: AES (Certs. #3497); DRBG (Certs. #868); DSA (Certs. #983); ECDSA (Certs. #706); HMAC (Certs. #2233); KAS (Certs. #64; key agreement; key establishment methodology provides between 112 bits and 256 bits of encryption strength); KBKDF (Certs. #66); KTS (AES Certs. #3507; key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #1783, #1798, and #1802); SHS (Certs. #2886); Triple-DES (Certs. #1969)
                    
+
                    
+Other algorithms: DES; HMAC-MD5; Legacy CAPI KDF; MD2; MD4; MD5; RC2; RC4; RSA (encrypt/decrypt)
                    
+
                    Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #572); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. #576); SP800-135 - Section 4.1.1, IKEv1 Section 4.1.2, IKEv2 Section 4.2, TLS (Cert. #575)
                    Kernel Mode Cryptographic Primitives Library (cng.sys)10.0.10240#2605
                    FIPS approved algorithms: AES (Certs. #3497); DRBG (Certs. #868); DSA (Certs. #983); ECDSA (Certs. #706); HMAC (Certs. #2233); KAS (Certs. #64; key agreement; key establishment methodology provides between 112 bits and 256 bits of encryption strength); KBKDF (Certs. #66); KTS (AES Certs. #3507; key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #1783, #1798, and #1802); SHS (Certs. #2886); Triple-DES (Certs. #1969)
                    
+
                    
+Other algorithms: DES; HMAC-MD5; Legacy CAPI KDF; MD2; MD4; MD5; RC2; RC4; RSA (encrypt/decrypt)
                    
+
                    Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #572); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. #576)
                    Boot Manager[9]10.0.10240#2600FIPS approved algorithms: AES (Cert. #3497); HMAC (Cert. #2233); KTS (AES Cert. #3498); PBKDF (vendor affirmed); RSA (Cert. #1784); SHS (Certs. #2871 and #2886)
                    
+
                    
+Other algorithms: MD5; KDF (non-compliant); PBKDF (non-compliant)
                    BitLocker® Windows OS Loader (winload)[10]10.0.10240#2601FIPS approved algorithms: AES (Certs. #3497 and #3498); RSA (Cert. #1784); SHS (Cert. #2871)
                    
+
                    
+Other algorithms: MD5; NDRNG
                    BitLocker® Windows Resume (winresume)[11]10.0.10240#2602FIPS approved algorithms: AES (Certs. #3497 and #3498); RSA (Cert. #1784); SHS (Cert. #2871)
                    
+
                    
+Other algorithms: MD5
                    BitLocker® Dump Filter (dumpfve.sys)[12]10.0.10240#2603FIPS approved algorithms: AES (Certs. #3497 and #3498)
                    Code Integrity (ci.dll)10.0.10240#2604
                    FIPS approved algorithms: RSA (Certs. #1784); SHS (Certs. #2871)
                    
+
                    
+Other algorithms: AES (non-compliant); MD5
                    
+
                    Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #572)
                    Secure Kernel Code Integrity (skci.dll)[13]10.0.10240#2607
                    FIPS approved algorithms: RSA (Certs. #1784); SHS (Certs. #2871)
                    
+
                    
+Other algorithms: MD5
                    
+
                    Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #572)
                    
+
+
+\[9\] Applies only to Home, Pro, Enterprise, and Enterprise LTSB
+
+\[10\] Applies only to Home, Pro, Enterprise, and Enterprise LTSB
+
+\[11\] Applies only to Home, Pro, Enterprise, and Enterprise LTSB
+
+\[12\] Applies only to Pro, Enterprise, and Enterprise LTSB
+
+\[13\] Applies only to Enterprise and Enterprise LTSB
+
+##### Windows 8.1
+
+Validated Editions: RT, Pro, Enterprise, Phone, Embedded
+
+
++++++
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                    





                    Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
                    Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll)6.3.9600 6.3.9600.17031#2357
                    FIPS approved algorithms: AES (Cert. #2832); DRBG (Certs. #489); DSA (Cert. #855); ECDSA (Cert. #505); HMAC (Cert. #1773); KAS (Cert. #47); KBKDF (Cert. #30); PBKDF (vendor affirmed); RSA (Certs. #1487, #1493, and #1519); SHS (Cert. #2373); Triple-DES (Cert. #1692)
                    
+
                    
+Other algorithms: AES (Cert. #2832, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); AES-GCM encryption (non-compliant); DES; HMAC MD5; Legacy CAPI KDF; MD2; MD4; MD5; NDRNG; RC2; RC4; RSA (encrypt/decrypt)#2832, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); AES-GCM encryption (non-compliant); DES; HMAC MD5; Legacy CAPI KDF; MD2; MD4; MD5; NDRNG; RC2; RC4; RSA (encrypt/decrypt)
                    
+
                    Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. #288); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #289); SP800-135 - Section 4.1.1, IKEv1 Section 4.1.2, IKEv2 Section 4.2, TLS (Cert. #323)
                    Kernel Mode Cryptographic Primitives Library (cng.sys)6.3.9600 6.3.9600.17042#2356
                    FIPS approved algorithms: AES (Cert. #2832); DRBG (Certs. #489); ECDSA (Cert. #505); HMAC (Cert. #1773); KAS (Cert. #47); KBKDF (Cert. #30); PBKDF (vendor affirmed); RSA (Certs. #1487, #1493, and #1519); SHS (Cert. # 2373); Triple-DES (Cert. #1692)
                    
+
                    
+Other algorithms: AES (Cert. #2832, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); AES-GCM encryption (non-compliant); DES; HMAC MD5; Legacy CAPI KDF; MD2; MD4; MD5; NDRNG; RC2; RC4; RSA (encrypt/decrypt)
                    
+
                    Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. #288); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #289)
                    Boot Manager6.3.9600 6.3.9600.17031#2351FIPS approved algorithms: AES (Cert. #2832); HMAC (Cert. #1773); PBKDF (vendor affirmed); RSA (Cert. #1494); SHS (Certs. # 2373 and #2396)
                    
+
                    
+Other algorithms: MD5; KDF (non-compliant); PBKDF (non-compliant)
                    BitLocker® Windows OS Loader (winload)6.3.9600 6.3.9600.17031#2352FIPS approved algorithms: AES (Cert. #2832); RSA (Cert. #1494); SHS (Cert. #2396)
                    
+
                    
+Other algorithms: MD5; NDRNG
                    BitLocker® Windows Resume (winresume)[14]6.3.9600 6.3.9600.17031#2353FIPS approved algorithms: AES (Cert. #2832); RSA (Cert. #1494); SHS (Certs. # 2373 and #2396)
                    
+
                    
+Other algorithms: MD5
                    BitLocker® Dump Filter (dumpfve.sys)6.3.9600 6.3.9600.17031#2354FIPS approved algorithms: AES (Cert. #2832)
                    
+
                    
+Other algorithms: N/A
                    Code Integrity (ci.dll)6.3.9600 6.3.9600.17031#2355#2355
                    FIPS approved algorithms: RSA (Cert. #1494); SHS (Cert. # 2373)
                    
+
                    
+Other algorithms: MD5
                    
+
                    Validated Component Implementations: PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #289)
                    
+
+
+\[14\] Applies only to Pro, Enterprise, and Embedded 8.
+
+##### Windows 8
+
+Validated Editions: RT, Home, Pro, Enterprise, Phone
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                    Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
                    Cryptographic Primitives Library (BCRYPTPRIMITIVES.DLL)6.2.9200#1892FIPS approved algorithms: AES (Certs. #2197 and #2216); DRBG (Certs. #258); DSA (Cert. #687); ECDSA (Cert. #341); HMAC (Cert. #1345); KAS (Cert. #36); KBKDF (Cert. #3); PBKDF (vendor affirmed); RSA (Certs. #1133 and #1134); SHS (Cert. #1903); Triple-DES (Cert. #1387)
                    
+
                    
+Other algorithms: AES (Cert. #2197, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)#258); DSA (Cert.); ECDSA (Cert.); HMAC (Cert.); KAS (Cert); KBKDF (Cert.); PBKDF (vendor affirmed); RSA (Certs.  and); SHS (Cert.); Triple-DES (Cert.)
                    
+
                    
+
                    Kernel Mode Cryptographic Primitives Library (cng.sys)6.2.9200#1891FIPS approved algorithms: AES (Certs. #2197 and #2216); DRBG (Certs. #258 and #259); ECDSA (Cert. #341); HMAC (Cert. #1345); KAS (Cert. #36); KBKDF (Cert. #3); PBKDF (vendor affirmed); RNG (Cert. #1110); RSA (Certs. #1133 and #1134); SHS (Cert. #1903); Triple-DES (Cert. #1387)
                    
+
                    
+Other algorithms: AES (Cert. #2197, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)#258 and); ECDSA (Cert.); HMAC (Cert.); KAS (Cert.); KBKDF (Cert.); PBKDF (vendor affirmed); RNG (Cert.); RSA (Certs.  and); SHS (Cert.); Triple-DES (Cert.)
                    
+
                    
+Other algorithms: AES (Certificate, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)
                    Boot Manager6.2.9200#1895FIPS approved algorithms: AES (Certs. #2196 and #2198); HMAC (Cert. #1347); RSA (Cert. #1132); SHS (Cert. #1903)
                    
+
                    
+Other algorithms: MD5
                    BitLocker® Windows OS Loader (WINLOAD)6.2.9200#1896FIPS approved algorithms: AES (Certs. #2196 and #2198); RSA (Cert. #1132); SHS (Cert. #1903)
                    
+
                    
+Other algorithms: AES (Cert. #2197; non-compliant); MD5; Non-Approved RNG
                    BitLocker® Windows Resume (WINRESUME)[15]6.2.9200#1898FIPS approved algorithms: AES (Certs. #2196 and #2198); RSA (Cert. #1132); SHS (Cert. #1903)
                    
+
                    
+Other algorithms: MD5
                    BitLocker® Dump Filter (DUMPFVE.SYS)6.2.9200#1899FIPS approved algorithms: AES (Certs. #2196 and #2198)
                    
+
                    
+Other algorithms: N/A
                    Code Integrity (CI.DLL)6.2.9200#1897FIPS approved algorithms: RSA (Cert. #1132); SHS (Cert. #1903)
                    
+
                    
+Other algorithms: MD5
                    Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH.DLL)6.2.9200#1893FIPS approved algorithms: DSA (Cert. #686); SHS (Cert. #1902); Triple-DES (Cert. #1386); Triple-DES MAC (Triple-DES Cert. #1386, vendor affirmed)
                    
+
                    
+Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman; MD5; RC2; RC2 MAC; RC4; Triple-DES (Cert. #1386, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)#1902); Triple-DES (Cert.); Triple-DES MAC (Triple-DES Certificate, vendor affirmed)
                    
+
                    
+Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman; MD5; RC2; RC2 MAC; RC4; Triple-DES (Certificate, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
                    Enhanced Cryptographic Provider (RSAENH.DLL)6.2.9200#1894FIPS approved algorithms: AES (Cert. #2196); HMAC (Cert. #1346); RSA (Cert. #1132); SHS (Cert. #1902); Triple-DES (Cert. #1386)
                    
+
                    
+Other algorithms: AES (Cert. #2196, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Triple-DES (Cert. #1386, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
                    
+
+
+\[15\] Applies only to Home and Pro
+
+**Windows 7**
+
+Validated Editions: Windows 7, Windows 7 SP1
+
+
++++++
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                    





                    Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
                    Cryptographic Primitives Library (BCRYPTPRIMITIVES.DLL)
                    6.1.7600.16385
                    
+
                    6.1.7601.17514
                    		1329FIPS approved algorithms: AES (Certs. #1168 and #1178); AES GCM (Cert. #1168, vendor-affirmed); AES GMAC (Cert. #1168, vendor-affirmed); DRBG (Certs. #23 and #24); DSA (Cert. #386); ECDSA (Cert. #141); HMAC (Cert. #677); KAS (SP 800-56A, vendor affirmed, key agreement; key establishment methodology provides 80 bits to 256 bits of encryption strength); RNG (Cert. #649); RSA (Certs. #559 and #560); SHS (Cert. #1081); Triple-DES (Cert. #846)
                    
+
                    
+Other algorithms: AES (Cert. #1168, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4#559 and); SHS (Cert.); Triple-DES (Cert.)
                    
+
                    
+Other algorithms: AES (Certificate, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4
                    Kernel Mode Cryptographic Primitives Library (cng.sys)
                    6.1.7600.16385
                    
+
                    6.1.7600.16915
                    
+
                    6.1.7600.21092
                    
+
                    6.1.7601.17514
                    
+
                    6.1.7601.17725
                    
+
                    6.1.7601.17919
                    
+
                    6.1.7601.21861
                    
+
                    6.1.7601.22076
                    		1328FIPS approved algorithms: AES (Certs. #1168 and #1178); AES GCM (Cert. #1168, vendor-affirmed); AES GMAC (Cert. #1168, vendor-affirmed); DRBG (Certs. #23 and #24); ECDSA (Cert. #141); HMAC (Cert. #677); KAS (SP 800-56A, vendor affirmed, key agreement; key establishment methodology provides 80 bits to 256 bits of encryption strength); RNG (Cert. #649); RSA (Certs. #559 and #560); SHS (Cert. #1081); Triple-DES (Cert. #846)
                    
+
                    
+Other algorithms: AES (Cert. #1168, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4
                    Boot Manager
                    6.1.7600.16385
                    
+
                    6.1.7601.17514
                    		1319FIPS approved algorithms: AES (Certs. #1168 and #1177); HMAC (Cert. #675); RSA (Cert. #557); SHS (Cert. #1081)
                    
+
                    
+Other algorithms: MD5#1168 and); HMAC (Cert.); RSA (Cert.); SHS (Cert.)
                    
+
                    
+Other algorithms: MD5
                    Winload OS Loader (winload.exe)
                    6.1.7600.16385
                    
+
                    6.1.7600.16757
                    
+
                    6.1.7600.20897
                    
+
                    6.1.7600.20916
                    
+
                    6.1.7601.17514
                    
+
                    6.1.7601.17556
                    
+
                    6.1.7601.21655
                    
+
                    6.1.7601.21675
                    		1326FIPS approved algorithms: AES (Certs. #1168 and #1177); RSA (Cert. #557); SHS (Cert. #1081)
                    
+
                    
+Other algorithms: MD5
                    BitLocker™ Drive Encryption
                    6.1.7600.16385
                    
+
                    6.1.7600.16429
                    
+
                    6.1.7600.16757
                    
+
                    6.1.7600.20536
                    
+
                    6.1.7600.20873
                    
+
                    6.1.7600.20897
                    
+
                    6.1.7600.20916
                    
+
                    6.1.7601.17514
                    
+
                    6.1.7601.17556
                    
+
                    6.1.7601.21634
                    
+
                    6.1.7601.21655
                    
+
                    6.1.7601.21675
                    		1332FIPS approved algorithms: AES (Certs. #1168 and #1177); HMAC (Cert. #675); SHS (Cert. #1081)
                    
+
                    
+Other algorithms: Elephant Diffuser
                    Code Integrity (CI.DLL)
                    6.1.7600.16385
                    
+
                    6.1.7600.17122
                    
+
                    6.1.7600.21320
                    
+
                    6.1.7601.17514
                    
+
                    6.1.7601.17950
                    
+
                    6.1.7601.22108
                    		1327FIPS approved algorithms: RSA (Cert. #557); SHS (Cert. #1081)
                    
+
                    
+Other algorithms: MD5
                    Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH.DLL)6.1.7600.16385
                    
+(no change in SP1)                    		1331FIPS approved algorithms: DSA (Cert. #385); RNG (Cert. #649); SHS (Cert. #1081); Triple-DES (Cert. #846); Triple-DES MAC (Triple-DES Cert. #846, vendor affirmed)
                    
+
                    
+Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman; MD5; RC2; RC2 MAC; RC4
                    Enhanced Cryptographic Provider (RSAENH.DLL)6.1.7600.16385
                    
+(no change in SP1)                    		1330FIPS approved algorithms: AES (Cert. #1168); DRBG (Cert. #23); HMAC (Cert. #673); SHS (Cert. #1081); RSA (Certs. #557 and #559); Triple-DES (Cert. #846)
                    
+
                    
+Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 bits and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
                    
+
+
+##### Windows Vista SP1
+
+Validated Editions: Ultimate Edition
+
+
++++++
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                    





                    Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
                    Boot Manager (bootmgr)6.0.6001.18000 and 6.0.6002.18005978FIPS approved algorithms: AES (Certs. #739 and #760); HMAC (Cert. #415); RSA (Cert. #354); SHS (Cert. #753)
                    Winload OS Loader (winload.exe)6.0.6001.18000, 6.0.6001.18027, 6.0.6001.18606, 6.0.6001.22125, 6.0.6001.22861, 6.0.6002.18005, 6.0.6002.18411 and 6.0.6002.22596979FIPS approved algorithms: AES (Certs. #739 and #760); RSA (Cert. #354); SHS (Cert. #753)
                    
+
                    
+Other algorithms: MD5
                    Code Integrity (ci.dll)6.0.6001.18000, 6.0.6001.18023, 6.0.6001.22120, and 6.0.6002.18005980FIPS approved algorithms: RSA (Cert. #354); SHS (Cert. #753)
                    
+
                    
+Other algorithms: MD5
                    Kernel Mode Security Support Provider Interface (ksecdd.sys)6.0.6001.18709, 6.0.6001.18272, 6.0.6001.18796, 6.0.6001.22202, 6.0.6001.22450, 6.0.6001.22987, 6.0.6001.23069, 6.0.6002.18005, 6.0.6002.18051, 6.0.6002.18541, 6.0.6002.18643, 6.0.6002.22152, 6.0.6002.22742, and 6.0.6002.228691000
                    FIPS approved algorithms: AES (Certs. #739 and #756); ECDSA (Cert. #82); HMAC (Cert. #412); RNG (Cert. #435 and SP 800-90 AES-CTR, vendor-affirmed); RSA (Certs. #353 and #357); SHS (Cert. #753); Triple-DES (Cert. #656)#739 and); ECDSA (Cert.); HMAC (Cert.); RNG (Cert.  and SP 800-90 AES-CTR, vendor-affirmed); RSA (Certs.  and); SHS (Cert.); Triple-DES (Cert.)
                    
+
                    Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 bits and 256 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
                    Cryptographic Primitives Library (bcrypt.dll)6.0.6001.22202, 6.0.6002.18005, and 6.0.6002.228721001
                    FIPS approved algorithms: AES (Certs. #739 and #756); DSA (Cert. #283); ECDSA (Cert. #82); HMAC (Cert. #412); RNG (Cert. #435 and SP 800-90, vendor affirmed); RSA (Certs. #353 and #357); SHS (Cert. #753); Triple-DES (Cert. #656)
                    
+
                    Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 bits and 256 bits of encryption strength); MD2; MD4; MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant provides less than 112 bits of encryption strength)
                    Enhanced Cryptographic Provider (RSAENH)6.0.6001.22202 and 6.0.6002.180051002
                    FIPS approved algorithms: AES (Cert. #739); HMAC (Cert. #407); RNG (SP 800-90, vendor affirmed); RSA (Certs. #353 and #354); SHS (Cert. #753); Triple-DES (Cert. #656)
                    
+
                    Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
                    Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH)6.0.6001.18000 and 6.0.6002.180051003
                    FIPS approved algorithms: DSA (Cert. #281); RNG (Cert. #435); SHS (Cert. #753); Triple-DES (Cert. #656); Triple-DES MAC (Triple-DES Cert. #656, vendor affirmed)
                    
+
                    Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RC2; RC2 MAC; RC4
                    
+
+
+##### Windows Vista
+
+Validated Editions: Ultimate Edition
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                    Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
                    Enhanced Cryptographic Provider (RSAENH)6.0.6000.16386893FIPS approved algorithms: AES (Cert. #553); HMAC (Cert. #297); RNG (Cert. #321); RSA (Certs. #255 and #258); SHS (Cert. #618); Triple-DES (Cert. #549)
                    
+
                    
+Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
                    Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH)6.0.6000.16386894FIPS approved algorithms: DSA (Cert. #226); RNG (Cert. #321); SHS (Cert. #618); Triple-DES (Cert. #549); Triple-DES MAC (Triple-DES Cert. #549, vendor affirmed)
                    
+
                    
+Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RC2; RC2 MAC; RC4
                    BitLocker™ Drive Encryption6.0.6000.16386947FIPS approved algorithms: AES (Cert. #715); HMAC (Cert. #386); SHS (Cert. #737)
                    
+
                    
+Other algorithms: Elephant Diffuser
                    Kernel Mode Security Support Provider Interface (ksecdd.sys)6.0.6000.16386, 6.0.6000.16870 and 6.0.6000.21067891FIPS approved algorithms: AES (Cert. #553); ECDSA (Cert. #60); HMAC (Cert. #298); RNG (Cert. #321); RSA (Certs. #257 and #258); SHS (Cert. #618); Triple-DES (Cert. #549)
                    
+
                    
+Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 bits to 256 bits of encryption strength); MD2; MD4; MD5; RC2; RC4; HMAC MD5
                    
+
+
+##### Windows XP SP3
+
+
++++++
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                    





                    Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
                    Kernel Mode Cryptographic Module (FIPS.SYS)5.1.2600.5512997
                    FIPS approved algorithms: HMAC (Cert. #429); RNG (Cert. #449); SHS (Cert. #785); Triple-DES (Cert. #677); Triple-DES MAC (Triple-DES Cert. #677, vendor affirmed)
                    
+
                    Other algorithms: DES; MD5; HMAC MD5
                    Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH)5.1.2600.5507990
                    FIPS approved algorithms: DSA (Cert. #292); RNG (Cert. #448); SHS (Cert. #784); Triple-DES (Cert. #676); Triple-DES MAC (Triple-DES Cert. #676, vendor affirmed)
                    
+
                    Other algorithms: DES; DES40; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits); MD5; RC2; RC4
                    Enhanced Cryptographic Provider (RSAENH)5.1.2600.5507989
                    FIPS approved algorithms: AES (Cert. #781); HMAC (Cert. #428); RNG (Cert. #447); RSA (Cert. #371); SHS (Cert. #783); Triple-DES (Cert. #675); Triple-DES MAC (Triple-DES Cert. #675, vendor affirmed)
                    
+
                    Other algorithms: DES; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits)
                    
+
+
+##### Windows XP SP2
+
+
++++++
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                    





                    Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
                    DSS/Diffie-Hellman Enhanced Cryptographic Provider5.1.2600.2133240
                    FIPS approved algorithms: Triple-DES (Cert. #16); DSA/SHA-1 (Cert. #29)
                    
+
                    Other algorithms: DES (Cert. #66); RC2; RC4; MD5; DES40; Diffie-Hellman (key agreement)
                    Microsoft Enhanced Cryptographic Provider5.1.2600.2161238
                    FIPS approved algorithms: Triple-DES (Cert. #81); AES (Cert. #33); SHA-1 (Cert. #83); RSA (PKCS#1, vendor affirmed); HMAC-SHA-1 (Cert. #83, vendor affirmed)
                    
+
                    Other algorithms: DES (Cert. #156); RC2; RC4; MD5
                    
+
+
+##### Windows XP SP1
+
+
++++++
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                    





                    Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
                    Microsoft Enhanced Cryptographic Provider5.1.2600.1029238
                    FIPS approved algorithms: Triple-DES (Cert. #81); AES (Cert. #33); SHA-1 (Cert. #83); RSA (PKCS#1, vendor affirmed); HMAC-SHA-1 (Cert. #83, vendor affirmed)
                    
+
                    Other algorithms: DES (Cert. #156); RC2; RC4; MD5
                    
+
+
+##### Windows XP
+
+
++++++
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                    





                    Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
                    Kernel Mode Cryptographic Module5.1.2600.0241
                    FIPS approved algorithms: Triple-DES (Cert. #16); DSA/SHA-1 (Cert. #35); HMAC-SHA-1 (Cert. #35, vendor affirmed)
                    
+
                    Other algorithms: DES (Cert. #89)
                    
+
+
+##### Windows 2000 SP3
+
+
++++++
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                    





                    Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
                    Kernel Mode Cryptographic Module (FIPS.SYS)5.0.2195.1569106
                    FIPS approved algorithms: Triple-DES (Cert. #16); SHA-1 (Certs. #35)
                    
+
                    Other algorithms: DES (Certs. #89)
                    Base DSS Cryptographic Provider, Base Cryptographic Provider, DSS/Diffie-Hellman Enhanced Cryptographic Provider, and Enhanced Cryptographic Provider
                    (Base DSS: 5.0.2195.3665 [SP3])
                    
+
                    (Base: 5.0.2195.3839 [SP3])
                    
+
                    (DSS/DH Enh: 5.0.2195.3665 [SP3])
                    
+
                    (Enh: 5.0.2195.3839 [SP3]
                    		103
                    FIPS approved algorithms: Triple-DES (Cert. #16); DSA/SHA-1 (Certs. #28 and #29); RSA (vendor affirmed)
                    
+
                    Other algorithms: DES (Certs. #65, 66, 67 and 68); Diffie-Hellman (key agreement); RC2; RC4; MD2; MD4; MD5
                    
+
+
+##### Windows 2000 SP2
+
+
++++++
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                    





                    Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
                    Kernel Mode Cryptographic Module (FIPS.SYS)5.0.2195.1569106
                    FIPS approved algorithms: Triple-DES (Cert. #16); SHA-1 (Certs. #35)
                    
+
                    Other algorithms: DES (Certs. #89)
                    Base DSS Cryptographic Provider, Base Cryptographic Provider, DSS/Diffie-Hellman Enhanced Cryptographic Provider, and Enhanced Cryptographic Provider
                    (Base DSS:
                    
+
                    5.0.2195.2228 [SP2])
                    
+
                    (Base:
                    
+
                    5.0.2195.2228 [SP2])
                    
+
                    (DSS/DH Enh:
                    
+
                    5.0.2195.2228 [SP2])
                    
+
                    (Enh:
                    
+
                    5.0.2195.2228 [SP2])
                    		103
                    FIPS approved algorithms: Triple-DES (Cert. #16); DSA/SHA-1 (Certs. #28 and #29); RSA (vendor affirmed)
                    
+
                    Other algorithms: DES (Certs. #65, 66, 67 and 68); Diffie-Hellman (key agreement); RC2; RC4; MD2; MD4; MD5
                    
+
+
+##### Windows 2000 SP1
+
+
++++++
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                    





                    Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
                    Base DSS Cryptographic Provider, Base Cryptographic Provider, DSS/Diffie-Hellman Enhanced Cryptographic Provider, and Enhanced Cryptographic Provider
                    (Base DSS: 5.0.2150.1391 [SP1])
                    
+
                    (Base: 5.0.2150.1391 [SP1])
                    
+
                    (DSS/DH Enh: 5.0.2150.1391 [SP1])
                    
+
                    (Enh: 5.0.2150.1391 [SP1])
                    		103
                    FIPS approved algorithms: Triple-DES (Cert. #16); DSA/SHA-1 (Certs. #28 and #29); RSA (vendor affirmed)
                    
+
                    Other algorithms: DES (Certs. #65, 66, 67 and 68); Diffie-Hellman (key agreement); RC2; RC4; MD2; MD4; MD5
                    
+
+
+##### Windows 2000
+
+
++++++
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                    





                    Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
                    Base DSS Cryptographic Provider, Base Cryptographic Provider, DSS/Diffie-Hellman Enhanced Cryptographic Provider, and Enhanced Cryptographic Provider5.0.2150.176
                    FIPS approved algorithms: Triple-DES (vendor affirmed); DSA/SHA-1 (Certs. #28 and 29); RSA (vendor affirmed)
                    
+
                    Other algorithms: DES (Certs. #65, 66, 67 and 68); RC2; RC4; MD2; MD4; MD5; Diffie-Hellman (key agreement)
                    
+
+
+##### Windows 95 and Windows 98
+
+
++++++
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                    





                    Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
                    Base DSS Cryptographic Provider, Base Cryptographic Provider, DSS/Diffie-Hellman Enhanced Cryptographic Provider, and Enhanced Cryptographic Provider5.0.1877.6 and 5.0.1877.775
                    FIPS approved algorithms: Triple-DES (vendor affirmed); SHA-1 (Certs. #20 and 21); DSA/SHA-1 (Certs. #25 and 26); RSA (vendor- affirmed)
                    
+
                    Other algorithms: DES (Certs. #61, 62, 63 and 64); RC2; RC4; MD2; MD4; MD5; Diffie-Hellman (key agreement)
                    
+
+
+##### Windows NT 4.0
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                    Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
                    Base Cryptographic Provider5.0.1877.6 and 5.0.1877.768FIPS approved algorithms: SHA-1 (Certs. #20 and 21); DSA/SHA- 1 (Certs. #25 and 26); RSA (vendor affirmed)
                    
+
                    
+Other algorithms: DES (Certs. #61, 62, 63 and 64); Triple-DES (allowed for US and Canadian Government use); RC2; RC4; MD2; MD4; MD5; Diffie-Hellman (key agreement)
                    
+
+## Modules used by Windows Server
+
+##### Windows Server 2019 (Version 1809)
+
+Validated Editions: Standard, Datacenter
+
+
++++++
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                    





                    Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
                    Cryptographic Primitives Library10.0.17763#3197See Security Policy and Certificate page for algorithm information
                    Kernel Mode Cryptographic Primitives Library10.0.17763#3196See Security Policy and Certificate page for algorithm information
                    Code Integrity10.0.17763#3644See Security Policy and Certificate page for algorithm information
                    Windows OS Loader10.0.17763#3615See Security Policy and Certificate page for algorithm information
                    Secure Kernel Code Integrity10.0.17763#3651See Security Policy and Certificate page for algorithm information
                    BitLocker Dump Filter10.0.17763#3092See Security Policy and Certificate page for algorithm information
                    Boot Manager10.0.17763#3089See Security Policy and Certificate page for algorithm information
                    Virtual TPM10.0.17763#3690See Security Policy and Certificate page for algorithm information
                    
+
+##### Windows Server (Version 1803)
+
+Validated Editions: Standard, Datacenter
+
+
++++++
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                    





                    Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
                    Cryptographic Primitives Library10.0.17134#3197See Security Policy and Certificate page for algorithm information
                    Kernel Mode Cryptographic Primitives Library10.0.17134#3196See Security Policy and Certificate page for algorithm information
                    Code Integrity10.0.17134#3195See Security Policy and Certificate page for algorithm information
                    Windows OS Loader10.0.17134#3480See Security Policy and Certificate page for algorithm information
                    Secure Kernel Code Integrity10.0.17134#3096See Security Policy and Certificate page for algorithm information
                    BitLocker Dump Filter10.0.17134#3092See Security Policy and Certificate page for algorithm information
                    Boot Manager10.0.17134#3089See Security Policy and Certificate page for algorithm information
                    
+
+##### Windows Server (Version 1709)
+
+Validated Editions: Standard, Datacenter
+
+
++++++
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                    





                    Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
                    Cryptographic Primitives Library10.0.16299#3197See Security Policy and Certificate page for algorithm information
                    Kernel Mode Cryptographic Primitives Library10.0.16299#3196See Security Policy and Certificate page for algorithm information
                    Code Integrity10.0.16299#3195See Security Policy and Certificate page for algorithm information
                    Windows OS Loader10.0.16299#3194See Security Policy and Certificate page for algorithm information
                    Secure Kernel Code Integrity10.0.16299#3096See Security Policy and Certificate page for algorithm information
                    BitLocker Dump Filter10.0.16299#3092See Security Policy and Certificate page for algorithm information
                    Windows Resume10.0.16299#3091See Security Policy and Certificate page for algorithm information
                    Boot Manager10.0.16299#3089See Security Policy and Certificate page for algorithm information
                    
+
+##### Windows Server 2016
+
+Validated Editions: Standard, Datacenter, Storage Server
+
+
++++++
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                    





                    Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
                    Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll)10.0.143932937FIPS approved algorithms: AES (Cert. #4064); DRBG (Cert. #1217); DSA (Cert. #1098); ECDSA (Cert. #911); HMAC (Cert. #2651); KAS (Cert. #92); KBKDF (Cert. #101); KTS (AES Cert. #4062; key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #2192, #2193, and #2195); SHS (Cert. #3347); Triple-DES (Cert. #2227)
                    
+
                    
+Other algorithms: HMAC-MD5; MD5; DES; Legacy CAPI KDF; MD2; MD4; RC2; RC4; RSA (encrypt/decrypt)
                    Kernel Mode Cryptographic Primitives Library (cng.sys)10.0.143932936FIPS approved algorithms: AES (Cert. #4064); DRBG (Cert. #1217); DSA (Cert. #1098); ECDSA (Cert. #911); HMAC (Cert. #2651); KAS (Cert. #92); KBKDF (Cert. #101); KTS (AES Cert. #4062; key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #2192, #2193, and #2195); SHS (Cert. #3347); Triple-DES (Cert. #2227)
                    
+
                    
+Other algorithms: HMAC-MD5; MD5; NDRNG; DES; Legacy CAPI KDF; MD2; MD4; RC2; RC4; RSA (encrypt/decrypt)
                    Boot Manager10.0.143932931
                    FIPS approved algorithms: AES (Certs. #4061 and #4064); HMAC (Cert. #2651); PBKDF (vendor affirmed); RSA (Cert. #2193); SHS (Cert. #3347)
                    
+
                    Other algorithms: MD5; PBKDF (non-compliant); VMK KDF
                    BitLocker® Windows OS Loader (winload)10.0.143932932FIPS approved algorithms: AES (Certs. #4061 and #4064); RSA (Cert. #2193); SHS (Cert. #3347)
                    
+
                    
+Other algorithms: NDRNG; MD5
                    BitLocker® Windows Resume (winresume)10.0.143932933FIPS approved algorithms: AES (Certs. #4061 and #4064); RSA (Cert. #2193); SHS (Cert. #3347)
                    
+
                    
+Other algorithms: MD5
                    BitLocker® Dump Filter (dumpfve.sys)10.0.143932934FIPS approved algorithms: AES (Certs. #4061 and #4064)
                    Code Integrity (ci.dll)10.0.143932935FIPS approved algorithms: RSA (Cert. #2193); SHS (Cert. #3347)
                    
+
                    
+Other algorithms: AES (non-compliant); MD5
                    Secure Kernel Code Integrity (skci.dll)10.0.143932938FIPS approved algorithms: RSA (Certs. #2193); SHS (Certs. #3347)
                    
+
                    
+Other algorithms: MD5
                    
+
+
+##### Windows Server 2012 R2
+
+Validated Editions: Server, Storage Server,
+
+**StorSimple 8000 Series, Azure StorSimple Virtual Array Windows Server 2012 R2**
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                    Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
                    Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll)6.3.9600 6.3.9600.170312357FIPS approved algorithms: AES (Cert. #2832); DRBG (Certs. #489); DSA (Cert. #855); ECDSA (Cert. #505); HMAC (Cert. #1773); KAS (Cert. #47); KBKDF (Cert. #30); PBKDF (vendor affirmed); RSA (Certs. #1487, #1493, and #1519); SHS (Cert. #2373); Triple-DES (Cert. #1692)
                    
+
                    
+Other algorithms: AES (Cert. #2832, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); AES-GCM encryption (non-compliant); DES; HMAC MD5; Legacy CAPI KDF; MD2; MD4; MD5; NDRNG; RC2; RC4; RSA (encrypt/decrypt)
                    Kernel Mode Cryptographic Primitives Library (cng.sys)6.3.9600 6.3.9600.170422356FIPS approved algorithms: AES (Cert. #2832); DRBG (Certs. #489); ECDSA (Cert. #505); HMAC (Cert. #1773); KAS (Cert. #47); KBKDF (Cert. #30); PBKDF (vendor affirmed); RSA (Certs. #1487, #1493, and #1519); SHS (Cert. # 2373); Triple-DES (Cert. #1692)
                    
+
                    
+Other algorithms: AES (Cert. #2832, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); AES-GCM encryption (non-compliant); DES; HMAC MD5; Legacy CAPI KDF; MD2; MD4; MD5; NDRNG; RC2; RC4; RSA (encrypt/decrypt)
                    Boot Manager6.3.9600 6.3.9600.170312351FIPS approved algorithms: AES (Cert. #2832); HMAC (Cert. #1773); PBKDF (vendor affirmed); RSA (Cert. #1494); SHS (Certs. # 2373 and #2396)
                    
+
                    
+Other algorithms: MD5; KDF (non-compliant); PBKDF (non-compliant)
                    BitLocker® Windows OS Loader (winload)6.3.9600 6.3.9600.170312352FIPS approved algorithms: AES (Cert. #2832); RSA (Cert. #1494); SHS (Cert. #2396)
                    
+
                    
+Other algorithms: MD5; NDRNG
                    BitLocker® Windows Resume (winresume)[16]6.3.9600 6.3.9600.170312353FIPS approved algorithms: AES (Cert. #2832); RSA (Cert. #1494); SHS (Certs. # 2373 and #2396)
                    
+
                    
+Other algorithms: MD5
                    BitLocker® Dump Filter (dumpfve.sys)[17]6.3.9600 6.3.9600.170312354FIPS approved algorithms: AES (Cert. #2832)
                    
+
                    
+Other algorithms: N/A
                    Code Integrity (ci.dll)6.3.9600 6.3.9600.170312355FIPS approved algorithms: RSA (Cert. #1494); SHS (Cert. # 2373)
                    
+
                    
+Other algorithms: MD5
                    
+
+
+\[16\] Doesn't apply to **Azure StorSimple Virtual Array Windows Server 2012 R2**
+
+\[17\] Doesn't apply to **Azure StorSimple Virtual Array Windows Server 2012 R2**
+
+**Windows Server 2012**
+
+Validated Editions: Server, Storage Server
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                    Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
                    Cryptographic Primitives Library (BCRYPTPRIMITIVES.DLL)6.2.92001892FIPS approved algorithms: AES (Certs. #2197 and #2216); DRBG (Certs. #258); DSA (Cert. #687); ECDSA (Cert. #341); HMAC (Cert. #1345); KAS (Cert. #36); KBKDF (Cert. #3); PBKDF (vendor affirmed); RSA (Certs. #1133 and #1134); SHS (Cert. #1903); Triple-DES (Cert. #1387)
                    
+
                    
+Other algorithms: AES (Cert. #2197, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)#687); ECDSA (Cert.); HMAC (Cert. #); KAS (Cert.); KBKDF (Cert.); PBKDF (vendor affirmed); RSA (Certs.  and); SHS (Cert.); Triple-DES (Cert.)
                    
+
                    
+Other algorithms: AES (Certificate, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)
                    Kernel Mode Cryptographic Primitives Library (cng.sys)6.2.92001891FIPS approved algorithms: AES (Certs. #2197 and #2216); DRBG (Certs. #258 and #259); ECDSA (Cert. #341); HMAC (Cert. #1345); KAS (Cert. #36); KBKDF (Cert. #3); PBKDF (vendor affirmed); RNG (Cert. #1110); RSA (Certs. #1133 and #1134); SHS (Cert. #1903); Triple-DES (Cert. #1387)
                    
+
                    
+Other algorithms: AES (Cert. #2197, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)#1110); RSA (Certs.  and); SHS (Cert.); Triple-DES (Cert.)
                    
+
                    
+Other algorithms: AES (Certificate, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)
                    Boot Manager6.2.92001895FIPS approved algorithms: AES (Certs. #2196 and #2198); HMAC (Cert. #1347); RSA (Cert. #1132); SHS (Cert. #1903)
                    
+
                    
+Other algorithms: MD5
                    BitLocker® Windows OS Loader (WINLOAD)6.2.92001896FIPS approved algorithms: AES (Certs. #2196 and #2198); RSA (Cert. #1132); SHS (Cert. #1903)
                    
+
                    
+Other algorithms: AES (Cert. #2197; non-compliant); MD5; Non-Approved RNG
                    BitLocker® Windows Resume (WINRESUME)6.2.92001898FIPS approved algorithms: AES (Certs. #2196 and #2198); RSA (Cert. #1132); SHS (Cert. #1903)
                    
+
                    
+Other algorithms: MD5
                    BitLocker® Dump Filter (DUMPFVE.SYS)6.2.92001899FIPS approved algorithms: AES (Certs. #2196 and #2198)
                    
+
                    
+Other algorithms: N/A
                    Code Integrity (CI.DLL)6.2.92001897FIPS approved algorithms: RSA (Cert. #1132); SHS (Cert. #1903)
                    
+
                    
+Other algorithms: MD5
                    Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH.DLL)6.2.92001893FIPS approved algorithms: DSA (Cert. #686); SHS (Cert. #1902); Triple-DES (Cert. #1386); Triple-DES MAC (Triple-DES Cert. #1386, vendor affirmed)
                    
+
                    
+Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman; MD5; RC2; RC2 MAC; RC4; Triple-DES (Cert. #1386, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
                    Enhanced Cryptographic Provider (RSAENH.DLL)6.2.92001894FIPS approved algorithms: AES (Cert. #2196); HMAC (Cert. #1346); RSA (Cert. #1132); SHS (Cert. #1902); Triple-DES (Cert. #1386)
                    
+
                    
+Other algorithms: AES (Cert. #2196, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Triple-DES (Cert. #1386, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
                    
+
+
+##### Windows Server 2008 R2
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                    Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
                    Boot Manager (bootmgr)6.1.7600.16385 or 6.1.7601.175141321FIPS approved algorithms: AES (Certs. #1168 and #1177); HMAC (Cert. #675); RSA (Cert. #568); SHS (Cert. #1081)
                    
+
                    
+Other algorithms: MD5
                    Winload OS Loader (winload.exe)6.1.7600.16385, 6.1.7600.16757, 6.1.7600.20897, 6.1.7600.20916, 6.1.7601.17514, 6.1.7601.17556, 6.1.7601.21655 and 6.1.7601.216751333FIPS approved algorithms: AES (Certs. #1168 and #1177); RSA (Cert. #568); SHS (Cert. #1081)
                    
+
                    
+Other algorithms: MD5
                    Code Integrity (ci.dll)6.1.7600.16385, 6.1.7600.17122, 6.1.7600.21320, 6.1.7601.17514, 6.1.7601.17950 and 6.1.7601.221081334FIPS approved algorithms: RSA (Cert. #568); SHS (Cert. #1081)
                    
+
                    
+Other algorithms: MD5
                    Kernel Mode Cryptographic Primitives Library (cng.sys)6.1.7600.16385, 6.1.7600.16915, 6.1.7600.21092, 6.1.7601.17514, 6.1.7601.17919, 6.1.7601.17725, 6.1.7601.21861 and 6.1.7601.220761335FIPS approved algorithms: AES (Certs. #1168 and #1177); AES GCM (Cert. #1168, vendor-affirmed); AES GMAC (Cert. #1168, vendor-affirmed); DRBG (Certs. #23 and #27); ECDSA (Cert. #142); HMAC (Cert. #686); KAS (SP 800-56A, vendor affirmed, key agreement; key establishment methodology provides between 80 bits and 256 bits of encryption strength); RNG (Cert. #649); RSA (Certs. #559 and #567); SHS (Cert. #1081); Triple-DES (Cert. #846)
                    
+
                    
+-Other algorithms: AES (Cert. #1168, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4
                    Cryptographic Primitives Library (bcryptprimitives.dll)66.1.7600.16385 or 6.1.7601.175141336FIPS approved algorithms: AES (Certs. #1168 and #1177); AES GCM (Cert. #1168, vendor-affirmed); AES GMAC (Cert. #1168, vendor-affirmed); DRBG (Certs. #23 and #27); DSA (Cert. #391); ECDSA (Cert. #142); HMAC (Cert. #686); KAS (SP 800-56A, vendor affirmed, key agreement; key establishment methodology provides between 80 bits and 256 bits of encryption strength); RNG (Cert. #649); RSA (Certs. #559 and #567); SHS (Cert. #1081); Triple-DES (Cert. #846)
                    
+
                    
+Other algorithms: AES (Cert. #1168, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; HMAC MD5; MD2; MD4; MD5; RC2; RC4
                    Enhanced Cryptographic Provider (RSAENH)6.1.7600.163851337FIPS approved algorithms: AES (Cert. #1168); DRBG (Cert. #23); HMAC (Cert. #687); SHS (Cert. #1081); RSA (Certs. #559 and #568); Triple-DES (Cert. #846)
                    
+
                    
+Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 bits and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
                    Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH)6.1.7600.163851338FIPS approved algorithms: DSA (Cert. #390); RNG (Cert. #649); SHS (Cert. #1081); Triple-DES (Cert. #846); Triple-DES MAC (Triple-DES Cert. #846, vendor affirmed)
                    
+
                    
+Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman; MD5; RC2; RC2 MAC; RC4
                    BitLocker™ Drive Encryption6.1.7600.16385, 6.1.7600.16429, 6.1.7600.16757, 6.1.7600.20536, 6.1.7600.20873, 6.1.7600.20897, 6.1.7600.20916, 6.1.7601.17514, 6.1.7601.17556, 6.1.7601.21634, 6.1.7601.21655 or 6.1.7601.216751339FIPS approved algorithms: AES (Certs. #1168 and #1177); HMAC (Cert. #675); SHS (Cert. #1081)
                    
+
                    
+Other algorithms: Elephant Diffuser
                    
+
+
+##### Windows Server 2008
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                    Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
                    Boot Manager (bootmgr)6.0.6001.18000, 6.0.6002.18005 and 6.0.6002.224971004FIPS approved algorithms: AES (Certs. #739 and #760); HMAC (Cert. #415); RSA (Cert. #355); SHS (Cert. #753)
                    
+
                    
+Other algorithms: N/A
                    Winload OS Loader (winload.exe)6.0.6001.18000, 6.0.6001.18606, 6.0.6001.22861, 6.0.6002.18005, 6.0.6002.18411, 6.0.6002.22497 and 6.0.6002.225961005FIPS approved algorithms: AES (Certs. #739 and #760); RSA (Cert. #355); SHS (Cert. #753)
                    
+
                    
+Other algorithms: MD5
                    Code Integrity (ci.dll)6.0.6001.18000 and 6.0.6002.180051006FIPS approved algorithms: RSA (Cert. #355); SHS (Cert. #753)
                    
+
                    
+Other algorithms: MD5
                    Kernel Mode Security Support Provider Interface (ksecdd.sys)6.0.6001.18709, 6.0.6001.18272, 6.0.6001.18796, 6.0.6001.22202, 6.0.6001.22450, 6.0.6001.22987, 6.0.6001.23069, 6.0.6002.18005, 6.0.6002.18051, 6.0.6002.18541, 6.0.6002.18643, 6.0.6002.22152, 6.0.6002.22742 and 6.0.6002.228691007FIPS approved algorithms: AES (Certs. #739 and #757); ECDSA (Cert. #83); HMAC (Cert. #413); RNG (Cert. #435 and SP800-90 AES-CTR, vendor affirmed); RSA (Certs. #353 and #358); SHS (Cert. #753); Triple-DES (Cert. #656)
                    
+
                    
+Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 bits and 256 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping: key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)#83); HMAC (Cert.); RNG (Cert.  and SP800-90 AES-CTR, vendor affirmed); RSA (Certs.  and); SHS (Cert.); Triple-DES (Cert.)
                    
+
                    
+Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 bits and 256 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping: key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
                    Cryptographic Primitives Library (bcrypt.dll)6.0.6001.22202, 6.0.6002.18005 and 6.0.6002.228721008FIPS approved algorithms: AES (Certs. #739 and #757); DSA (Cert. #284); ECDSA (Cert. #83); HMAC (Cert. #413); RNG (Cert. #435 and SP800-90, vendor affirmed); RSA (Certs. #353 and #358); SHS (Cert. #753); Triple-DES (Cert. #656)
                    
+
                    
+Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 bits and 256 bits of encryption strength); MD2; MD4; MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant provides less than 112 bits of encryption strength)
                    Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH)6.0.6001.18000 and 6.0.6002.180051009FIPS approved algorithms: DSA (Cert. #282); RNG (Cert. #435); SHS (Cert. #753); Triple-DES (Cert. #656); Triple-DES MAC (Triple-DES Cert. #656, vendor affirmed)
                    
+
                    
+-Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RC2; RC2 MAC; RC4
                    Enhanced Cryptographic Provider (RSAENH)6.0.6001.22202 and 6.0.6002.180051010FIPS approved algorithms: AES (Cert. #739); HMAC (Cert. #408); RNG (SP 800-90, vendor affirmed); RSA (Certs. #353 and #355); SHS (Cert. #753); Triple-DES (Cert. #656)
                    
+
                    
+Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
                    
+
+
+##### Windows Server 2003 SP2
+
+
++++++
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                    





                    Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
                    Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH)5.2.3790.3959875
                    FIPS approved algorithms: DSA (Cert. #221); RNG (Cert. #314); RSA (Cert. #245); SHS (Cert. #611); Triple-DES (Cert. #543)
                    
+
                    Other algorithms: DES; DES40; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RC2; RC4
                    Kernel Mode Cryptographic Module (FIPS.SYS)5.2.3790.3959869
                    FIPS approved algorithms: HMAC (Cert. #287); RNG (Cert. #313); SHS (Cert. #610); Triple-DES (Cert. #542)
                    
+
                    Other algorithms: DES; HMAC-MD5
                    Enhanced Cryptographic Provider (RSAENH)5.2.3790.3959868
                    FIPS approved algorithms: AES (Cert. #548); HMAC (Cert. #289); RNG (Cert. #316); RSA (Cert. #245); SHS (Cert. #613); Triple-DES (Cert. #544)
                    
+
                    Other algorithms: DES; RC2; RC4; MD2; MD4; MD5; RSA (key wrapping; key establishment methodology provides between 112 bits and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
                    
+
+
+##### Windows Server 2003 SP1
+
+
++++++
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                    





                    Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
                    Kernel Mode Cryptographic Module (FIPS.SYS)5.2.3790.1830 [SP1]405
                    FIPS approved algorithms: Triple-DES (Certs. #201[1] and #370[1]); SHS (Certs. #177[1] and #371[2])
                    
+
                    Other algorithms: DES (Cert. #230[1]); HMAC-MD5; HMAC-SHA-1 (non-compliant)
                    
+
                    [1] x86
                    
+[2] SP1 x86, x64, IA64
                    Enhanced Cryptographic Provider (RSAENH)5.2.3790.1830 [Service Pack 1])382
                    FIPS approved algorithms: Triple-DES (Cert. #192[1] and #365[2]); AES (Certs. #80[1] and #290[2]); SHS (Cert. #176[1] and #364[2]); HMAC (Cert. #176, vendor affirmed[1] and #99[2]); RSA (PKCS#1, vendor affirmed[1] and #81[2])
                    
+
                    Other algorithms: DES (Cert. #226[1]); SHA-256[1]; SHA-384[1]; SHA-512[1]; RC2; RC4; MD2; MD4; MD5
                    
+
                    [1] x86
                    
+[2] SP1 x86, x64, IA64
                    Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH)5.2.3790.1830 [Service Pack 1]381
                    FIPS approved algorithms: Triple-DES (Certs. #199[1] and #381[2]); SHA-1 (Certs. #181[1] and #385[2]); DSA (Certs. #95[1] and #146[2]); RSA (Cert. #81)
                    
+
                    Other algorithms: DES (Cert. #229[1]); Diffie-Hellman (key agreement); RC2; RC4; MD5; DES 40
                    
+
                    [1] x86
                    
+[2] SP1 x86, x64, IA64
                    
+
+
+##### Windows Server 2003
+
+
++++++
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                    





                    Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
                    Kernel Mode Cryptographic Module (FIPS.SYS)5.2.3790.0405
                    FIPS approved algorithms: Triple-DES (Certs. #201[1] and #370[1]); SHS (Certs. #177[1] and #371[2])
                    
+
                    Other algorithms: DES (Cert. #230[1]); HMAC-MD5; HMAC-SHA-1 (non-compliant)
                    
+
                    [1] x86
                    
+[2] SP1 x86, x64, IA64
                    Enhanced Cryptographic Provider (RSAENH)5.2.3790.0382
                    FIPS approved algorithms: Triple-DES (Cert. #192[1] and #365[2]); AES (Certs. #80[1] and #290[2]); SHS (Cert. #176[1] and #364[2]); HMAC (Cert. #176, vendor affirmed[1] and #99[2]); RSA (PKCS#1, vendor affirmed[1] and #81[2])
                    
+
                    Other algorithms: DES (Cert. #226[1]); SHA-256[1]; SHA-384[1]; SHA-512[1]; RC2; RC4; MD2; MD4; MD5
                    
+
                    [1] x86
                    
+[2] SP1 x86, x64, IA64
                    Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH)5.2.3790.0381
                    FIPS approved algorithms: Triple-DES (Certs. #199[1] and #381[2]); SHA-1 (Certs. #181[1] and #385[2]); DSA (Certs. #95[1] and #146[2]); RSA (Cert. #81)
                    
+
                    Other algorithms: DES (Cert. #229[1]); Diffie-Hellman (key agreement); RC2; RC4; MD5; DES 40
                    
+
                    [1] x86
                    
+[2] SP1 x86, x64, IA64
                    
+
+
+#### Other Products
+
+##### Windows Embedded Compact 7 and Windows Embedded Compact 8
+
+
++++++
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                    





                    Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
                    Enhanced Cryptographic Provider7.00.2872 [1] and 8.00.6246 [2]2957
                    FIPS approved algorithms: AES (Certs.#4433and#4434); CKG (vendor affirmed); DRBG (Certs.#1432and#1433); HMAC (Certs.#2946and#2945); RSA (Certs.#2414and#2415); SHS (Certs.#3651and#3652); Triple-DES (Certs.#2383and#2384)
                    
+
                    Allowed algorithms: HMAC-MD5, MD5, NDRNG
                    Cryptographic Primitives Library (bcrypt.dll)7.00.2872 [1] and 8.00.6246 [2]2956
                    FIPS approved algorithms: AES (Certs.#4430and#4431); CKG (vendor affirmed); CVL (Certs.#1139and#1140); DRBG (Certs.#1429and#1430); DSA (Certs.#1187and#1188); ECDSA (Certs.#1072and#1073); HMAC (Certs.#2942and#2943); KAS (Certs.#114and#115); RSA (Certs.#2411and#2412); SHS (Certs.#3648and#3649); Triple-DES (Certs.#2381and#2382)
                    
+
                    Allowed algorithms: MD5, NDRNG, RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength
                    
+
+
+
+##### Windows CE 6.0 and Windows Embedded Compact 7
+
+
++++++
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                    





                    Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
                    Enhanced Cryptographic Provider6.00.1937 [1] and 7.00.1687 [2]825
                    FIPS approved algorithms: AES (Certs. #516 [1] and #2024 [2]); HMAC (Certs. #267 [1] and #1227 [2]); RNG (Certs. #292 [1] and #1060 [2]); RSA (Cert. #230 [1] and #1052 [2]); SHS (Certs. #589 [1] and #1774 [2]); Triple-DES (Certs. #526 [1] and #1308 [2])
                    
+
                    Other algorithms: MD5; HMAC-MD5; RC2; RC4; DES
                    
+
+
+##### Outlook Cryptographic Provider
+
+
++++++
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                    





                    Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
                    Outlook Cryptographic Provider (EXCHCSP)SR-1A (3821)110
                    FIPS approved algorithms: Triple-DES (Cert. #18); SHA-1 (Certs. #32); RSA (vendor affirmed)
                    
+
                    Other algorithms: DES (Certs. #91); DES MAC; RC2; MD2; MD5
                    
+
+ 
+
+### Cryptographic Algorithms
+
+The following tables are organized by cryptographic algorithms with their modes, states, and key sizes. For each algorithm implementation (operating system / platform), there is a link to the Cryptographic Algorithm Validation Program (CAVP) issued certificate.
+
+### Advanced Encryption Standard (AES)
+
+
++++
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                    



                    Modes / States / Key SizesAlgorithm Implementation and Certificate #
                      
+
                    • AES-CBC:
                      • 
+
                      • 
+
                      • Modes: Decrypt, Encrypt
                        • 
+
                      • Key Lengths: 128, 192, 256 (bits)
                        • 
+
                      • 
+
                    • AES-CFB128:
                      • 
+
                      • 
+
                      • Modes: Decrypt, Encrypt
                        • 
+
                      • Key Lengths: 128, 192, 256 (bits)
                        • 
+
                      • 
+
                    • AES-CTR:
                      • 
+
                      • 
+
                      • Counter Source: Internal
                        • 
+
                      • Key Lengths: 128, 192, 256 (bits)
                        • 
+
                      • 
+
                    • AES-OFB:
                      • 
+
                      • 
+
                      • Modes: Decrypt, Encrypt
                        • 
+
                      • Key Lengths: 128, 192, 256 (bits)
                        • 
+
                      • 
+
                    Microsoft Surface Hub Virtual TPM Implementations #4904
                    
+
                    Version 10.0.15063.674
                      
+
                    • AES-CBC:
                      • 
+
                      • 
+
                      • Modes: Decrypt, Encrypt
                        • 
+
                      • Key Lengths: 128, 192, 256 (bits)
                        • 
+
                      • 
+
                    • AES-CFB128:
                      • 
+
                      • 
+
                      • Modes: Decrypt, Encrypt
                        • 
+
                      • Key Lengths: 128, 192, 256 (bits)
                        • 
+
                      • 
+
                    • AES-CTR:
                      • 
+
                      • 
+
                      • Counter Source: Internal
                        • 
+
                      • Key Lengths: 128, 192, 256 (bits)
                        • 
+
                      • 
+
                    • AES-OFB:
                      • 
+
                      • 
+
                      • Modes: Decrypt, Encrypt
                        • 
+
                      • Key Lengths: 128, 192, 256 (bits)
                        • 
+
                      • 
+
                    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations #4903
                    
+
                    Version 10.0.16299
                      
+
                    • AES-CBC:
                      • 
+
                      • 
+
                      • Modes: Decrypt, Encrypt
                        • 
+
                      • Key Lengths: 128, 192, 256 (bits)
                        • 
+
                      • 
+
                    • AES-CCM:
                      • 
+
                      • 
+
                      • Key Lengths: 128, 192, 256 (bits)
                        • 
+
                      • Tag Lengths: 32, 48, 64, 80, 96, 112, 128 (bits)
                        • 
+
                      • IV Lengths: 56, 64, 72, 80, 88, 96, 104 (bits)
                        • 
+
                      • Plain Text Length: 0-32
                        • 
+
                      • Additional authenticated data length: 0-65536
                        • 
+
                      • 
+
                    • AES-CFB128:
                      • 
+
                      • 
+
                      • Modes: Decrypt, Encrypt
                        • 
+
                      • Key Lengths: 128, 192, 256 (bits)
                        • 
+
                      • 
+
                    • AES-CFB8:
                      • 
+
                      • 
+
                      • Modes: Decrypt, Encrypt
                        • 
+
                      • Key Lengths: 128, 192, 256 (bits)
                        • 
+
                      • 
+
                    • AES-CMAC:
                      • 
+
                      • 
+
                      • Generation:
                        • 
+
                        • 
+
                        • AES-128:
                          • 
+
                          • 
+
                          • Block Sizes: Full, Partial
                            • 
+
                          • Message Length: 0-65536
                            • 
+
                          • Tag Length: 16-16
                            • 
+
                          • 
+
                        • AES-192:
                          • 
+
                          • 
+
                          • Block Sizes: Full, Partial
                            • 
+
                          • Message Length: 0-65536
                            • 
+
                          • Tag Length: 16-16
                            • 
+
                          • 
+
                        • AES-256:
                          • 
+
                          • 
+
                          • Block Sizes: Full, Partial
                            • 
+
                          • Message Length: 0-65536
                            • 
+
                          • Tag Length: 16-16
                            • 
+
                          • 
+
                        • 
+
                      • Verification:
                        • 
+
                        • 
+
                        • AES-128:
                          • 
+
                          • 
+
                          • Block Sizes: Full, Partial
                            • 
+
                          • Message Length: 0-65536
                            • 
+
                          • Tag Length: 16-16
                            • 
+
                          • 
+
                        • AES-192:
                          • 
+
                          • 
+
                          • Block Sizes: Full, Partial
                            • 
+
                          • Message Length: 0-65536
                            • 
+
                          • Tag Length: 16-16
                            • 
+
                          • 
+
                        • AES-256:
                          • 
+
                          • 
+
                          • Block Sizes: Full, Partial
                            • 
+
                          • Message Length: 0-65536
                            • 
+
                          • Tag Length: 16-16
                            • 
+
                          • 
+
                        • 
+
                      • 
+
                    • AES-CTR:
                      • 
+
                      • 
+
                      • Counter Source: Internal
                        • 
+
                      • Key Lengths: 128, 192, 256 (bits)
                        • 
+
                      • 
+
                    • AES-ECB:
                      • 
+
                      • 
+
                      • Modes: Decrypt, Encrypt
                        • 
+
                      • Key Lengths: 128, 192, 256 (bits)
                        • 
+
                      • 
+
                    • AES-GCM:
                      • 
+
                      • 
+
                      • Modes: Decrypt, Encrypt
                        • 
+
                      • Key Lengths: 128, 192, 256 (bits)
                        • 
+
                      • Tag Lengths: 96, 104, 112, 120, 128 (bits)
                        • 
+
                      • Plain Text Lengths: 0, 8, 1016, 1024 (bits)
                        • 
+
                      • Additional authenticated data lengths: 0, 8, 1016, 1024 (bits)
                        • 
+
                      • 96 bit IV supported
                        • 
+
                      • 
+
                    • AES-XTS:
                      • 
+
                      • 
+
                      • Key Size: 128:
                        • 
+
                        • 
+
                        • Modes: Decrypt, Encrypt
                          • 
+
                        • Block Sizes: Full
                          • 
+
                        • 
+
                      • Key Size: 256:
                        • 
+
                        • 
+
                        • Modes: Decrypt, Encrypt
                          • 
+
                        • Block Sizes: Full
                          • 
+
                        • 
+
                      • 
+
                    Microsoft Surface Hub SymCrypt Cryptographic Implementations #4902
                    
+
                    Version 10.0.15063.674
                      
+
                    • AES-CBC:
                      • 
+
                      • 
+
                      • Modes: Decrypt, Encrypt
                        • 
+
                      • Key Lengths: 128, 192, 256 (bits)
                        • 
+
                      • 
+
                    • AES-CCM:
                      • 
+
                      • 
+
                      • Key Lengths: 128, 192, 256 (bits)
                        • 
+
                      • Tag Lengths: 32, 48, 64, 80, 96, 112, 128 (bits)
                        • 
+
                      • IV Lengths: 56, 64, 72, 80, 88, 96, 104 (bits)
                        • 
+
                      • Plain Text Length: 0-32
                        • 
+
                      • Additional authenticated data length: 0-65536
                        • 
+
                      • 
+
                    • AES-CFB128:
                      • 
+
                      • 
+
                      • Modes: Decrypt, Encrypt
                        • 
+
                      • Key Lengths: 128, 192, 256 (bits)
                        • 
+
                      • 
+
                    • AES-CFB8:
                      • 
+
                      • 
+
                      • Modes: Decrypt, Encrypt
                        • 
+
                      • Key Lengths: 128, 192, 256 (bits)
                        • 
+
                      • 
+
                    • AES-CMAC:
                      • 
+
                      • 
+
                      • Generation:
                        • 
+
                        • 
+
                        • AES-128:
                          • 
+
                          • 
+
                          • Block Sizes: Full, Partial
                            • 
+
                          • Message Length: 0-65536
                            • 
+
                          • Tag Length: 16-16
                            • 
+
                          • 
+
                        • AES-192:
                          • 
+
                          • 
+
                          • Block Sizes: Full, Partial
                            • 
+
                          • Message Length: 0-65536
                            • 
+
                          • Tag Length: 16-16
                            • 
+
                          • 
+
                        • AES-256:
                          • 
+
                          • 
+
                          • Block Sizes: Full, Partial
                            • 
+
                          • Message Length: 0-65536
                            • 
+
                          • Tag Length: 16-16
                            • 
+
                          • 
+
                        • 
+
                      • Verification:
                        • 
+
                        • 
+
                        • AES-128:
                          • 
+
                          • 
+
                          • Block Sizes: Full, Partial
                            • 
+
                          • Message Length: 0-65536
                            • 
+
                          • Tag Length: 16-16
                            • 
+
                          • 
+
                        • AES-192:
                          • 
+
                          • 
+
                          • Block Sizes: Full, Partial
                            • 
+
                          • Message Length: 0-65536
                            • 
+
                          • Tag Length: 16-16
                            • 
+
                          • 
+
                        • AES-256:
                          • 
+
                          • 
+
                          • Block Sizes: Full, Partial
                            • 
+
                          • Message Length: 0-65536
                            • 
+
                          • Tag Length: 16-16
                            • 
+
                          • 
+
                        • 
+
                      • 
+
                    • AES-CTR:
                      • 
+
                      • 
+
                      • Counter Source: Internal
                        • 
+
                      • Key Lengths: 128, 192, 256 (bits)
                        • 
+
                      • 
+
                    • AES-ECB:
                      • 
+
                      • 
+
                      • Modes: Decrypt, Encrypt
                        • 
+
                      • Key Lengths: 128, 192, 256 (bits)
                        • 
+
                      • 
+
                    • AES-GCM:
                      • 
+
                      • 
+
                      • Modes: Decrypt, Encrypt
                        • 
+
                      • Key Lengths: 128, 192, 256 (bits)
                        • 
+
                      • Tag Lengths: 96, 104, 112, 120, 128 (bits)
                        • 
+
                      • Plain Text Lengths: 0, 8, 1016, 1024 (bits)
                        • 
+
                      • Additional authenticated data lengths: 0, 8, 1016, 1024 (bits)
                        • 
+
                      • 96 bit IV supported
                        • 
+
                      • 
+
                    • AES-XTS:
                      • 
+
                      • 
+
                      • Key Size: 128:
                        • 
+
                        • 
+
                        • Modes: Decrypt, Encrypt
                          • 
+
                        • Block Sizes: Full
                          • 
+
                        • 
+
                      • Key Size: 256:
                        • 
+
                        • 
+
                        • Modes: Decrypt, Encrypt
                          • 
+
                        • Block Sizes: Full
                          • 
+
                        • 
+
                      • 
+
                    Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #4901
                    
+
                    Version 10.0.15254
                      
+
                    • AES-CBC:
                      • 
+
                      • 
+
                      • Modes: Decrypt, Encrypt
                        • 
+
                      • Key Lengths: 128, 192, 256 (bits)
                        • 
+
                      • 
+
                    • AES-CCM:
                      • 
+
                      • 
+
                      • Key Lengths: 128, 192, 256 (bits)
                        • 
+
                      • Tag Lengths: 32, 48, 64, 80, 96, 112, 128 (bits)
                        • 
+
                      • IV Lengths: 56, 64, 72, 80, 88, 96, 104 (bits)
                        • 
+
                      • Plain Text Length: 0-32
                        • 
+
                      • Additional authenticated data length: 0-65536
                        • 
+
                      • 
+
                    • AES-CFB128:
                      • 
+
                      • 
+
                      • Modes: Decrypt, Encrypt
                        • 
+
                      • Key Lengths: 128, 192, 256 (bits)
                        • 
+
                      • 
+
                    • AES-CFB8:
                      • 
+
                      • 
+
                      • Modes: Decrypt, Encrypt
                        • 
+
                      • Key Lengths: 128, 192, 256 (bits)
                        • 
+
                      • 
+
                    • AES-CMAC:
                      • 
+
                      • 
+
                      • Generation:
                        • 
+
                        • 
+
                        • AES-128:
                          • 
+
                          • 
+
                          • Block Sizes: Full, Partial
                            • 
+
                          • Message Length: 0-65536
                            • 
+
                          • Tag Length: 16-16
                            • 
+
                          • 
+
                        • AES-192:
                          • 
+
                          • 
+
                          • Block Sizes: Full, Partial
                            • 
+
                          • Message Length: 0-65536
                            • 
+
                          • Tag Length: 16-16
                            • 
+
                          • 
+
                        • AES-256:
                          • 
+
                          • 
+
                          • Block Sizes: Full, Partial
                            • 
+
                          • Message Length: 0-65536
                            • 
+
                          • Tag Length: 16-16
                            • 
+
                          • 
+
                        • 
+
                      • Verification:
                        • 
+
                        • 
+
                        • AES-128:
                          • 
+
                          • 
+
                          • Block Sizes: Full, Partial
                            • 
+
                          • Message Length: 0-65536
                            • 
+
                          • Tag Length: 16-16
                            • 
+
                          • 
+
                        • AES-192:
                          • 
+
                          • 
+
                          • Block Sizes: Full, Partial
                            • 
+
                          • Message Length: 0-65536
                            • 
+
                          • Tag Length: 16-16
                            • 
+
                          • 
+
                        • AES-256:
                          • 
+
                          • 
+
                          • Block Sizes: Full, Partial
                            • 
+
                          • Message Length: 0-65536
                            • 
+
                          • Tag Length: 16-16
                            • 
+
                          • 
+
                        • 
+
                      • 
+
                    • AES-CTR:
                      • 
+
                      • 
+
                      • Counter Source: Internal
                        • 
+
                      • Key Lengths: 128, 192, 256 (bits)
                        • 
+
                      • 
+
                    • AES-ECB:
                      • 
+
                      • 
+
                      • Modes: Decrypt, Encrypt
                        • 
+
                      • Key Lengths: 128, 192, 256 (bits)
                        • 
+
                      • 
+
                    • AES-GCM:
                      • 
+
                      • 
+
                      • Modes: Decrypt, Encrypt
                        • 
+
                      • IV Generation: External
                        • 
+
                      • Key Lengths: 128, 192, 256 (bits)
                        • 
+
                      • Tag Lengths: 96, 104, 112, 120, 128 (bits)
                        • 
+
                      • Plain Text Lengths: 0, 8, 1016, 1024 (bits)
                        • 
+
                      • Additional authenticated data lengths: 0, 8, 1016, 1024 (bits)
                        • 
+
                      • 96 bit IV supported
                        • 
+
                      • 
+
                    • AES-XTS:
                      • 
+
                      • 
+
                      • Key Size: 128:
                        • 
+
                        • 
+
                        • Modes: Decrypt, Encrypt
                          • 
+
                        • Block Sizes: Full
                          • 
+
                        • 
+
                      • Key Size: 256:
                        • 
+
                        • 
+
                        • Modes: Decrypt, Encrypt
                          • 
+
                        • Block Sizes: Full
                          • 
+
                        • 
+
                      • 
+
                    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #4897
                    
+
                    Version 10.0.16299
                    AES-KW:
                    
+
                      
+
                    • Modes: Decrypt, Encrypt
                      • 
+
                    • CIPHK transformation direction: Forward
                      • 
+
                    • Key Lengths: 128, 192, 256 (bits)
                      • 
+
                    • Plain Text Lengths: 128, 192, 256, 320, 2048 (bits)
                      • 
+
                    
+
                    AES validation number 4902
                    Microsoft Surface Hub Cryptography Next Generation (CNG) Implementations #4900
                    
+
                    Version 10.0.15063.674
                    AES-KW:
                    
+
                      
+
                    • Modes: Decrypt, Encrypt
                      • 
+
                    • CIPHK transformation direction: Forward
                      • 
+
                    • Key Lengths: 128, 192, 256 (bits)
                      • 
+
                    • Plain Text Lengths: 128, 192, 256, 320, 2048 (bits)
                      • 
+
                    
+
                    AES validation number 4901
                    Windows 10 Mobile (version 1709) Cryptography Next Generation (CNG) Implementations #4899
                    
+
                    Version 10.0.15254
                    AES-KW:
                    
+
                      
+
                    • Modes: Decrypt, Encrypt
                      • 
+
                    • CIPHK transformation direction: Forward
                      • 
+
                    • Key Lengths: 128, 192, 256 (bits)
                      • 
+
                    • Plain Text Lengths: 128, 192, 256, 320, 2048 (bits)
                      • 
+
                    
+
                    AES validation number 4897
                    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); Cryptography Next Generation (CNG) Implementations #4898
                    
+
                    Version 10.0.16299
                    AES-CCM:
                    
+
                      
+
                    • Key Lengths: 256 (bits)
                      • 
+
                    • Tag Lengths: 128 (bits)
                      • 
+
                    • IV Lengths: 96 (bits)
                      • 
+
                    • Plain Text Length: 0-32
                      • 
+
                    • Additional authenticated data length: 0-65536
                      • 
+
                    
+
                    AES validation number 4902
                    Microsoft Surface Hub BitLocker(R) Cryptographic Implementations #4896
                    
+
                    Version 10.0.15063.674
                    AES-CCM:
                    
+
                      
+
                    • Key Lengths: 256 (bits)
                      • 
+
                    • Tag Lengths: 128 (bits)
                      • 
+
                    • IV Lengths: 96 (bits)
                      • 
+
                    • Plain Text Length: 0-32
                      • 
+
                    • Additional authenticated data length: 0-65536
                      • 
+
                    
+
                    AES validation number 4901
                    Windows 10 Mobile (version 1709) BitLocker(R) Cryptographic Implementations #4895
                    
+
                    Version 10.0.15254
                    AES-CCM:
                    
+
                      
+
                    • Key Lengths: 256 (bits)
                      • 
+
                    • Tag Lengths: 128 (bits)
                      • 
+
                    • IV Lengths: 96 (bits)
                      • 
+
                    • Plain Text Length: 0-32
                      • 
+
                    • Additional authenticated data length: 0-65536
                      • 
+
                    
+
                    AES validation number 4897
                    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); BitLocker(R) Cryptographic Implementations #4894
                    
+
                    Version 10.0.16299
                    CBC (e/d; 128, 192, 256);
                    
+
                    CFB128 (e/d; 128, 192, 256);
                    
+
                    OFB (e/d; 128, 192, 256);
                    
+
                    CTR (int only; 128, 192, 256)
                    Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations #4627
                    
+
                    Version 10.0.15063
                    KW (AE, AD, AES-128, AES-192, AES-256, FWD, 128, 256, 192, 320, 2048)
                    
+
                    AES validation number 4624
                    Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile Cryptography Next Generation (CNG) Implementations #4626
                    
+
                    Version 10.0.15063
                    CCM (KS: 256) (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 12 (Tag Length(s): 16)
                    
+
                    AES validation number 4624
                    
+
                     
                    Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile BitLocker(R) Cryptographic Implementations #4625
                    
+
                    Version 10.0.15063
                    ECB (e/d; 128, 192, 256);
                    
+
                    CBC (e/d; 128, 192, 256);
                    
+
                    CFB8 (e/d; 128, 192, 256);
                    
+
                    CFB128 (e/d; 128, 192, 256);
                    
+
                    CTR (int only; 128, 192, 256)
                    
+
                    CCM (KS: 128, 192, 256) (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16)
                    
+
                    CMAC (Generation/Verification) (KS: 128; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 16 Max: 16) (KS: 192; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 16 Max: 16) (KS: 256; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 16 Max: 16)
                    
+
                    GCM (KS: AES_128(e/d) Tag Length(s): 128 120 112 104 96) (KS: AES_192(e/d) Tag Length(s): 128 120 112 104 96)
                    
+
                    (KS: AES_256(e/d) Tag Length(s): 128 120 112 104 96)
                    
+
                    IV Generated: (External); PT Lengths Tested: (0, 1024, 8, 1016); Additional authenticated data lengths tested: (0, 1024, 8, 1016); 96 bit IV supported
                    
+
                    GMAC supported
                    
+
                    XTS((KS: XTS_128((e/d)(f)) KS: XTS_256((e/d)(f))
                    Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #4624
                    
+
                    Version 10.0.15063
                    ECB (e/d; 128, 192, 256);
                    
+
                    CBC (e/d; 128, 192, 256);
                    Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #4434
                    
+
                    Version 7.00.2872
                    ECB (e/d; 128, 192, 256);
                    
+
                    CBC (e/d; 128, 192, 256);
                    Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #4433
                    
+
                    Version 8.00.6246
                    ECB (e/d; 128, 192, 256);
                    
+
                    CBC (e/d; 128, 192, 256);
                    
+
                    CTR (int only; 128, 192, 256)
                    Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #4431
                    
+
                    Version 7.00.2872
                    ECB (e/d; 128, 192, 256);
                    
+
                    CBC (e/d; 128, 192, 256);
                    
+
                    CTR (int only; 128, 192, 256)
                    Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #4430
                    
+
                    Version 8.00.6246
                    CBC (e/d; 128, 192, 256);
                    
+
                    CFB128 (e/d; 128, 192, 256);
                    
+
                    OFB (e/d; 128, 192, 256);
                    
+
                    CTR (int only; 128, 192, 256)
                    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #4074
                    
+
                    Version 10.0.14393
                    ECB (e/d; 128, 192, 256); CBC (e/d; 128, 192, 256); CFB8 (e/d; 128, 192, 256); CFB128 (e/d; 128, 192, 256); CTR (int only; 128, 192, 256)
                    
+
                    CCM (KS: 128, 192, 256) (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16)
                    
+
                    CMAC (Generation/Verification) (KS: 128; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) (KS: 192; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) (KS: 256; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16)
                    
+
                    GCM (KS: AES_128(e/d) Tag Length(s): 128 120 112 104 96) (KS: AES_192(e/d) Tag Length(s): 128 120 112 104 96)
                    
+(KS: AES_256(e/d) Tag Length(s): 128 120 112 104 96)
                    
+IV Generated:  (Externally); PT Lengths Tested:  (0, 1024, 8, 1016); Additional authenticated data lengths tested:  (0, 1024, 8, 1016); IV Lengths Tested: (0, 0); 96 bit IV supported
                    
+GMAC supported
                    
+
                    XTS((KS: XTS_128((e/d)(f)) KS: XTS_256((e/d)(f))
                    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update SymCrypt Cryptographic Implementations #4064
                    
+
                    Version 10.0.14393
                    ECB (e/d; 128, 192, 256);
                    
+
                    CBC (e/d; 128, 192, 256);
                    
+
                    CFB8 (e/d; 128, 192, 256);
                    
+
                     
                    		Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update RSA32 Algorithm Implementations #4063
                    
+Version 10.0.14393
                    KW  (AE, AD, AES-128, AES-192, AES-256, FWD, 128, 192, 256, 320, 2048)
                    
+
                    AES validation number 4064
                    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update Cryptography Next Generation (CNG) Implementations #4062
                    
+
                    Version 10.0.14393
                    CCM (KS: 256) (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 12 (Tag Length(s): 16)
                    
+
                    AES validation number 4064
                    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update BitLocker® Cryptographic Implementations #4061
                    
+
                    Version 10.0.14393
                    KW  (AE, AD, AES-128, AES-192, AES-256, FWD, 128, 256, 192, 320, 2048)
                    
+
                    AES validation number 3629
                    Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” Cryptography Next Generation (CNG) Implementations #3652
                    
+
                    Version 10.0.10586
                    CCM (KS: 256) (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 12 (Tag Length(s): 16)
                    
+
                    AES validation number 3629
                    Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” BitLocker® Cryptographic Implementations #3653
                    
+
                    Version 10.0.10586
                    ECB (e/d; 128, 192, 256);
                    
+
                    CBC (e/d; 128, 192, 256);
                    
+
                    CFB8 (e/d; 128, 192, 256);
                    
+
                     
                    		Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” RSA32 Algorithm Implementations #3630
                    
+Version 10.0.10586
                    ECB (e/d; 128, 192, 256); CBC (e/d; 128, 192, 256); CFB8 (e/d; 128, 192, 256); CFB128 (e/d; 128, 192, 256); CTR (int only; 128, 192, 256)
                    
+
                    CCM (KS: 128, 192, 256) (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16)
                    
+
                    CMAC (Generation/Verification) (KS: 128; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) (KS: 192; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) (KS: 256; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16)
                    
+
                    GCM (KS: AES_128(e/d) Tag Length(s): 128 120 112 104 96) (KS: AES_192(e/d) Tag Length(s): 128 120 112 104 96)
                    
+(KS: AES_256(e/d) Tag Length(s): 128 120 112 104 96)
                    
+IV Generated:  (Externally); PT Lengths Tested:  (0, 1024, 8, 1016); Additional authenticated data lengths tested:  (0, 1024, 8, 1016); IV Lengths Tested: (0, 0); 96 bit IV supported
                    
+GMAC supported
                    
+
                    XTS((KS: XTS_128((e/d) (f)) KS: XTS_256((e/d) (f))
                    Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” SymCrypt Cryptographic Implementations #3629
                    
+
                    
+
                    
+
                    Version 10.0.10586
                    KW  (AE, AD, AES-128, AES-192, AES-256, FWD, 128, 256, 192, 320, 2048)
                    
+
                    AES validation number 3497
                    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update Cryptography Next Generation (CNG) Implementations #3507
                    
+
                    Version 10.0.10240
                    CCM (KS: 256) (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 12 (Tag Length(s): 16)
                    
+
                    AES validation number 3497
                    Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 BitLocker® Cryptographic Implementations #3498
                    
+
                    Version 10.0.10240
                    ECB (e/d; 128, 192, 256); CBC (e/d; 128, 192, 256); CFB8 (e/d; 128, 192, 256); CFB128 (e/d; 128, 192, 256); CTR (int only; 128, 192, 256)
                    
+
                    CCM (KS: 128, 192, 256) (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16)
                    
+
                    CMAC(Generation/Verification) (KS: 128; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) (KS: 192; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) (KS: 256; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16)
                    
+
                    GCM (KS: AES_128(e/d) Tag Length(s): 128 120 112 104 96) (KS: AES_192(e/d) Tag Length(s): 128 120 112 104 96)
                    
+(KS: AES_256(e/d) Tag Length(s): 128 120 112 104 96)
                    
+IV Generated:  (Externally); PT Lengths Tested:  (0, 1024, 8, 1016); Additional authenticated data lengths tested:  (0, 1024, 8, 1016); IV Lengths Tested:  (0, 0); 96 bit IV supported
                    
+GMAC supported
                    
+
                    XTS((KS: XTS_128((e/d)(f)) KS: XTS_256((e/d)(f))
                    		Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 SymCrypt Cryptographic Implementations #3497
                    
+Version 10.0.10240
                    ECB (e/d; 128, 192, 256);
                    
+
                    CBC (e/d; 128, 192, 256);
                    
+
                    CFB8 (e/d; 128, 192, 256);
                    
+
                     
                    		Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 RSA32 Algorithm Implementations #3476
                    
+Version 10.0.10240
                    ECB (e/d; 128, 192, 256);
                    
+
                    CBC (e/d; 128, 192, 256);
                    
+
                    CFB8 (e/d; 128, 192, 256);
                    
+
                     
                    Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry RSA32 Algorithm Implementations #2853
                    
+
                    Version 6.3.9600
                    CCM (KS: 256) (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 12 (Tag Length(s): 16)
                    
+
                    AES validation number 2832
                    Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 BitLocker Cryptographic Implementations #2848
                    
+
                    Version 6.3.9600
                    CCM (KS: 128, 192, 256) (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 0 (Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16)
                    
+
                    CMAC (Generation/Verification) (KS: 128; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) (KS: 192; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) (KS: 256; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16)
                    
+
                    GCM (KS: AES_128(e/d) Tag Length(s): 128 120 112 104 96) (KS: AES_192(e/d) Tag Length(s): 128 120 112 104 96)
                    
+
                    (KS: AES_256(e/d) Tag Length(s): 128 120 112 104 96)
                    
+
                    IV Generated:  (Externally); PT Lengths Tested:  (0, 128, 1024, 8, 1016); Additional authenticated data lengths tested:  (0, 128, 1024, 8, 1016); IV Lengths Tested:  (8, 1024); 96 bit IV supported;
                    
+OtherIVLen_Supported
                    
+GMAC supported
                    Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 SymCrypt Cryptographic Implementations #2832
                    
+
                    Version 6.3.9600
                    CCM (KS: 128, 192, 256) (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16)
                    
+AES validation number 2197
                    
+
                    CMAC (Generation/Verification) (KS: 128; Block Size(s); Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 16 Max: 16) (KS: 192; Block Size(s); Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 16 Max: 16) (KS: 256; Block Size(s); Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 16 Max: 16)
                    
+AES validation number 2197
                    
+
                    GCM(KS: AES_128(e/d) Tag Length(s): 128 120 112 104 96) (KS: AES_192(e/d) Tag Length(s): 128 120 112 104 96)
                    
+(KS: AES_256(e/d) Tag Length(s): 128 120 112 104 96)
                    
+IV Generated: (Externally); PT Lengths Tested: (0, 128, 1024, 8, 1016); Additional authenticated data lengths tested: (0, 128, 1024, 8, 1016); IV Lengths Tested: (8, 1024); 96 bit IV supported
                    
+GMAC supported
                    		Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations #2216
                    CCM (KS: 256) (Assoc. Data Len Range: 0 - 0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 12 (Tag Length(s): 16)
                    
+
                    AES validation number 2196
                    		Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 BitLocker® Cryptographic Implementations #2198
                    ECB (e/d; 128, 192, 256);
                    
+
                    CBC (e/d; 128, 192, 256);
                    
+
                    CFB8 (e/d; 128, 192, 256);
                    
+
                    CFB128 (e/d; 128, 192, 256);
                    
+
                    CTR (int only; 128, 192, 256)
                    		Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Next Generation Symmetric Cryptographic Algorithms Implementations (SYMCRYPT) #2197
                    ECB (e/d; 128, 192, 256);
                    
+
                    CBC (e/d; 128, 192, 256);
                    
+
                    CFB8 (e/d; 128, 192, 256);
                    
+
                     
                    		Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Symmetric Algorithm Implementations (RSA32) #2196
                    CCM (KS: 128, 192, 256) (Assoc. Data Len Range: 0 – 0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16)
                    
+AES validation number 1168
                    Windows Server 2008 R2 and SP1 CNG algorithms #1187
                    
+
                    Windows 7 Ultimate and SP1 CNG algorithms #1178
                    CCM (KS: 128, 256) (Assoc. Data Len Range: 0 - 8) (Payload Length Range: 4 - 32 (Nonce Length(s): 7 8 12 13 (Tag Length(s): 4 6 8 14 16)
                    
+AES validation number 1168                    		Windows 7 Ultimate and SP1 and Windows Server 2008 R2 and SP1 BitLocker Algorithm Implementations #1177
                    ECB (e/d; 128, 192, 256);
                    
+
                    CBC (e/d; 128, 192, 256);
                    
+
                    CFB8 (e/d; 128, 192, 256);
                    
+
                     
                    		Windows 7 and SP1 and Windows Server 2008 R2 and SP1 Symmetric Algorithm Implementation #1168
                    GCM
                    
+
                    GMAC
                    		Windows 7 and SP1 and Windows Server 2008 R2 and SP1 Symmetric Algorithm Implementation #1168, vendor-affirmed
                    CCM (KS: 128, 256) (Assoc. Data Len Range: 0 - 8) (Payload Length Range: 4 - 32 (Nonce Length(s): 7 8 12 13 (Tag Length(s): 4 6 8 14 16)Windows Vista Ultimate SP1 and Windows Server 2008 BitLocker Algorithm Implementations #760
                    CCM (KS: 128, 192, 256) (Assoc. Data Len Range: 0 - 0, 2^16) (Payload Length Range: 1 - 32 (Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16)
                    Windows Server 2008 CNG algorithms #757
                    
+
                    Windows Vista Ultimate SP1 CNG algorithms #756
                    CBC (e/d; 128, 256);
                    
+
                    CCM (KS: 128, 256) (Assoc. Data Len Range: 0 - 8) (Payload Length Range: 4 - 32 (Nonce Length(s): 7 8 12 13 (Tag Length(s): 4 6 8 14 16)
                    Windows Vista Ultimate BitLocker Drive Encryption #715
                    
+
                    Windows Vista Ultimate BitLocker Drive Encryption #424
                    ECB (e/d; 128, 192, 256);
                    
+
                    CBC (e/d; 128, 192, 256);
                    
+
                    CFB8 (e/d; 128, 192, 256);
                    Windows Vista Ultimate SP1 and Windows Server 2008 Symmetric Algorithm Implementation #739
                    
+
                    Windows Vista Symmetric Algorithm Implementation #553
                    ECB (e/d; 128, 192, 256);
                    
+
                    CBC (e/d; 128, 192, 256);
                    
+
                    CTR (int only; 128, 192, 256)
                    		Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll) #2023
                    ECB (e/d; 128, 192, 256);
                    
+
                    CBC (e/d; 128, 192, 256);
                    Windows Embedded Compact 7 Enhanced Cryptographic Provider (RSAENH) #2024
                    
+
                    Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #818
                    
+
                    Windows XP Professional SP3 Enhanced Cryptographic Provider (RSAENH) #781
                    
+
                    Windows 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #548
                    
+
                    Windows CE 6.0 and Windows CE 6.0 R2 and Windows Mobile Enhanced Cryptographic Provider (RSAENH) #516
                    
+
                    Windows CE and Windows Mobile 6, 6.1, and 6.5 Enhanced Cryptographic Provider (RSAENH) #507
                    
+
                    Windows Server 2003 SP1 Enhanced Cryptographic Provider (RSAENH) #290
                    
+
                    Windows CE 5.0 and 5.1 Enhanced Cryptographic Provider (RSAENH) #224
                    
+
                    Windows Server 2003 Enhanced Cryptographic Provider (RSAENH) #80
                    
+
                    Windows XP, SP1, and SP2 Enhanced Cryptographic Provider (RSAENH) #33
                    
+
+
+### Deterministic Random Bit Generator (DRBG)
+
+
++++
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                    



                    Modes / States / Key SizesAlgorithm Implementation and Certificate #
                      
+
                    • Counter:
                      • 
+
                      • 
+
                      • Modes: AES-256
                        • 
+
                      • Derivation Function States: Derivation Function not used
                        • 
+
                      • Prediction Resistance Modes: Not Enabled
                        • 
+
                      • 
+
                    
+
                    Prerequisite: AES #4904
                    Microsoft Surface Hub Virtual TPM Implementations #1734
                    
+
                    Version 10.0.15063.674
                      
+
                    • Counter:
                      • 
+
                      • 
+
                      • Modes: AES-256
                        • 
+
                      • Derivation Function States: Derivation Function not used
                        • 
+
                      • Prediction Resistance Modes: Not Enabled
                        • 
+
                      • 
+
                    
+
                    Prerequisite: AES #4903
                    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations #1733
                    
+
                    Version 10.0.16299
                      
+
                    • Counter:
                      • 
+
                      • 
+
                      • Modes: AES-256
                        • 
+
                      • Derivation Function States: Derivation Function used
                        • 
+
                      • Prediction Resistance Modes: Not Enabled
                        • 
+
                      • 
+
                    
+
                    Prerequisite: AES #4902
                    Microsoft Surface Hub SymCrypt Cryptographic Implementations #1732
                    
+
                    Version 10.0.15063.674
                      
+
                    • Counter:
                      • 
+
                      • 
+
                      • Modes: AES-256
                        • 
+
                      • Derivation Function States: Derivation Function used
                        • 
+
                      • Prediction Resistance Modes: Not Enabled
                        • 
+
                      • 
+
                    
+
                    Prerequisite: AES #4901
                    Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #1731
                    
+
                    Version 10.0.15254
                      
+
                    • Counter:
                      • 
+
                      • 
+
                      • Modes: AES-256
                        • 
+
                      • Derivation Function States: Derivation Function used
                        • 
+
                      • Prediction Resistance Modes: Not Enabled
                        • 
+
                      • 
+
                    
+
                    Prerequisite: AES #4897
                    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #1730
                    
+
                    Version 10.0.16299
                    CTR_DRBG: [Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: (AES-256) (AES validation number 4627)]
                    Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations #1556
                    
+
                    Version 10.0.15063
                    CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: (AES-256) (AES validation number 4624)]
                    Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #1555
                    
+
                    Version 10.0.15063
                    CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: (AES-256) (AES validation number 4434)]
                    Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #1433
                    
+
                    Version 7.00.2872
                    CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: (AES-256) (AES validation number 4433)]
                    Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #1432
                    
+
                    Version 8.00.6246
                    CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: (AES-256) (AES validation number 4431)]
                    Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1430
                    
+
                    Version 7.00.2872
                    CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: (AES-256) (AES validation number 4430)]
                    Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1429
                    
+
                    Version 8.00.6246
                    CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: (AES-256) (AES validation number 4074)]
                    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #1222
                    
+
                    Version 10.0.14393
                    CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: (AES-256) (AES validation number 4064)]
                    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update SymCrypt Cryptographic Implementations #1217
                    
+
                    Version 10.0.14393
                    CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: (AES-256) (AES validation number 3629)]
                    Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub SymCrypt Cryptographic Implementations #955
                    
+
                    Version 10.0.10586
                    CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: (AES-256) (AES validation number 3497)]
                    Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 SymCrypt Cryptographic Implementations #868
                    
+
                    Version 10.0.10240
                    CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: (AES-256) (AES validation number 2832)]
                    Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 SymCrypt Cryptographic Implementations #489
                    
+
                    Version 6.3.9600
                    CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: (AES-256) (AES validation number 2197)]Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Next Generation Symmetric Cryptographic Algorithms Implementations (SYMCRYPT) #258
                    CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: (AES-256) (AES validation number 2023)]Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll) #193
                    CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: (AES-256) (AES validation number 1168)]Windows 7 Ultimate and SP1 and Windows Server 2008 R2 and SP1 RNG Library #23
                    DRBG (SP 800–90)Windows Vista Ultimate SP1, vendor-affirmed
                    
+
+
+#### Digital Signature Algorithm (DSA)
+
+
++++
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                    



                    Modes / States / Key SizesAlgorithm Implementation and Certificate #
                      
+
                    • DSA:
                      • 
+
                      • 
+
                      • 186-4:
                        • 
+
                        • 
+
                        • PQGGen:
                          • 
+
                          • 
+
                          • L = 2048, N = 256 SHA: SHA-256
                            • 
+
                          • L = 3072, N = 256 SHA: SHA-256
                            • 
+
                          • 
+
                        • PQGVer:
                          • 
+
                          • 
+
                          • L = 2048, N = 256 SHA: SHA-256
                            • 
+
                          • L = 3072, N = 256 SHA: SHA-256
                            • 
+
                          • 
+
                        • SigGen:
                          • 
+
                          • 
+
                          • L = 2048, N = 256 SHA: SHA-256
                            • 
+
                          • L = 3072, N = 256 SHA: SHA-256
                            • 
+
                          • 
+
                        • SigVer:
                          • 
+
                          • 
+
                          • L = 2048, N = 256 SHA: SHA-256
                            • 
+
                          • L = 3072, N = 256 SHA: SHA-256
                            • 
+
                          • 
+
                        • KeyPair:
                          • 
+
                          • 
+
                          • L = 2048, N = 256
                            • 
+
                          • L = 3072, N = 256
                            • 
+
                          • 
+
                        • 
+
                      • 
+
                    
+
                    Prerequisite: SHS #4011, DRBG #1732
                    Microsoft Surface Hub SymCrypt Cryptographic Implementations #1303
                    
+
                    Version 10.0.15063.674
                      
+
                    • DSA:
                      • 
+
                      • 
+
                      • 186-4:
                        • 
+
                        • 
+
                        • PQGGen:
                          • 
+
                          • 
+
                          • L = 2048, N = 256 SHA: SHA-256
                            • 
+
                          • L = 3072, N = 256 SHA: SHA-256
                            • 
+
                          • 
+
                        • PQGVer:
                          • 
+
                          • 
+
                          • L = 2048, N = 256 SHA: SHA-256
                            • 
+
                          • L = 3072, N = 256 SHA: SHA-256
                            • 
+
                          • 
+
                        • SigGen:
                          • 
+
                          • 
+
                          • L = 2048, N = 256 SHA: SHA-256
                            • 
+
                          • L = 3072, N = 256 SHA: SHA-256
                            • 
+
                          • 
+
                        • SigVer:
                          • 
+
                          • 
+
                          • L = 2048, N = 256 SHA: SHA-256
                            • 
+
                          • L = 3072, N = 256 SHA: SHA-256
                            • 
+
                          • 
+
                        • KeyPair:
                          • 
+
                          • 
+
                          •  
                            • 
+
                          •  
                            • 
+
                          • L = 2048, N = 256
                            • 
+
                          • L = 3072, N = 256
                            • 
+
                          • 
+
                        • 
+
                      • 
+
                    
+
                    Prerequisite: SHS #4010, DRBG #1731
                    Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #1302
                    
+
                    Version 10.0.15254
                      
+
                    • DSA:
                      • 
+
                      • 
+
                      • 186-4:
                        • 
+
                        • 
+
                        • PQGGen:
                          • 
+
                          • 
+
                          • L = 2048, N = 256 SHA: SHA-256
                            • 
+
                          • L = 3072, N = 256 SHA: SHA-256
                            • 
+
                          • 
+
                        • PQGVer:
                          • 
+
                          • 
+
                          • L = 2048, N = 256 SHA: SHA-256
                            • 
+
                          • L = 3072, N = 256 SHA: SHA-256
                            • 
+
                          • 
+
                        • SigGen:
                          • 
+
                          • 
+
                          • L = 2048, N = 256 SHA: SHA-256
                            • 
+
                          • L = 3072, N = 256 SHA: SHA-256
                            • 
+
                          • 
+
                        • SigVer:
                          • 
+
                          • 
+
                          • L = 2048, N = 256 SHA: SHA-256
                            • 
+
                          • L = 3072, N = 256 SHA: SHA-256
                            • 
+
                          • 
+
                        • KeyPair:
                          • 
+
                          • 
+
                          • L = 2048, N = 256
                            • 
+
                          • L = 3072, N = 256
                            • 
+
                          • 
+
                        • 
+
                      • 
+
                    
+
                    Prerequisite: SHS #4009, DRBG #1730
                    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #1301
                    
+
                    Version 10.0.16299
                    FIPS186-4:
                    
+
                    PQG(gen)PARMS TESTED:   [(2048,256)SHA(256); (3072,256) SHA(256)]
                    
+
                    PQG(ver)PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256)]
                    
+
                    KeyPairGen:   [(2048,256); (3072,256)]
                    
+
                    SIG(gen)PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256)]
                    
+
                    SIG(ver)PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256)]
                    
+
                    SHS: validation number 3790
                    
+
                    DRBG: validation number  1555
                    Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #1223
                    
+
                    Version 10.0.15063
                    FIPS186-4:
                    
+PQG(ver)PARMS TESTED:                       [(1024,160) SHA(1)]
                    
+SIG(ver)PARMS TESTED:   [(1024,160) SHA(1)]
                    
+SHS: validation number  3649
                    Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1188
                    
+
                    Version 7.00.2872
                    FIPS186-4:
                    
+PQG(ver)PARMS TESTED:                       [(1024,160) SHA(1)]
                    
+SIG(ver)PARMS TESTED:   [(1024,160) SHA(1)]
                    
+SHS: validation number 3648
                    Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1187
                    
+
                    Version 8.00.6246
                    FIPS186-4:
                    
+PQG(gen)                    PARMS TESTED: [
                    
+(2048,256)SHA(256); (3072,256) SHA(256)]
                    
+PQG(ver)PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256)]
                    
+KeyPairGen:    [(2048,256); (3072,256)]
                    
+SIG(gen)PARMS TESTED:   [(2048,256)
                    
+SHA(256); (3072,256) SHA(256)]
                    
+SIG(ver)PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256)]
                    
+
                    SHS: validation number  3347
                    
+DRBG: validation number  1217
                    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update MsBignum Cryptographic Implementations #1098
                    
+
                    Version 10.0.14393
                    FIPS186-4:
                    
+PQG(gen)                    PARMS TESTED:   [(2048,256)SHA(256); (3072,256) SHA(256)] PQG(ver)PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256)]
                    
+KeyPairGen:    [(2048,256); (3072,256)] SIG(gen)PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256)]
                    
+SIG(ver)PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256)]
                    
+
                    SHS: validation number  3047
                    
+DRBG: validation number  955
                    Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” MsBignum Cryptographic Implementations #1024
                    
+
                    Version 10.0.10586
                    FIPS186-4:
                    
+PQG(gen)                    PARMS TESTED:   [(2048,256)SHA(256); (3072,256) SHA(256)]
                    
+PQG(ver)PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256)]
                    
+KeyPairGen:    [(2048,256); (3072,256)]
                    
+SIG(gen)PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256)] SIG(ver)PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256)]
                    
+
                    SHS: validation number  2886
                    
+DRBG: validation number  868
                    Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 MsBignum Cryptographic Implementations #983
                    
+
                    Version 10.0.10240
                    FIPS186-4:
                    
+PQG(gen)                    PARMS TESTED:   [
                    
+(2048,256)SHA(256); (3072,256) SHA(256)]
                    
+PQG(ver)PARMS TESTED:   [(2048,256)
                    
+SHA(256); (3072,256) SHA(256)]
                    
+KeyPairGen:    [(2048,256); (3072,256)]
                    
+SIG(gen)PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256)]
                    
+SIG(ver)PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256)]
                    
+
                    SHS: validation number  2373
                    
+DRBG: validation number  489
                    Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations #855
                    
+
                    Version 6.3.9600
                    FIPS186-2:
                    
+PQG(ver) MOD(1024);
                    
+SIG(ver) MOD(1024);
                    
+SHS: #1903
                    
+DRBG: #258
                    
+
                    FIPS186-4:
                    
+PQG(gen)PARMS TESTED                    : [(2048,256)SHA(256); (3072,256) SHA(256)]
                    
+PQG(ver)PARMS TESTED: [(2048,256) SHA(256); (3072,256) SHA(256)]
                    
+SIG(gen)PARMS TESTED: [(2048,256) SHA(256); (3072,256) SHA(256)]
                    
+SIG(ver)PARMS TESTED: [(2048,256) SHA(256); (3072,256) SHA(256)]
                    
+SHS: #1903
                    
+DRBG: #258
                    
+Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical DSA List validation number 687.
                    		Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations #687
                    FIPS186-2:
                    
+PQG(ver)                     MOD(1024);
                    
+SIG(ver) MOD(1024);
                    
+SHS: #1902
                    
+DRBG: #258
                    
+Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical DSA List validation number 686.                    		Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 DSS and Diffie-Hellman Enhanced Cryptographic Provider (DSSENH) #686
                    FIPS186-2:
                    
+SIG(ver)                     MOD(1024);
                    
+SHS: validation number  1773
                    
+DRBG: validation number  193
                    
+Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical DSA List validation number 645.                    		Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll) #645
                    FIPS186-2:
                    
+SIG(ver)                     MOD(1024);
                    
+SHS: validation number  1081
                    
+DRBG: validation number  23
                    
+Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical DSA List validation number 391. See Historical DSA List validation number 386.
                    Windows Server 2008 R2 and SP1 CNG algorithms #391
                    
+
                    Windows 7 Ultimate and SP1 CNG algorithms #386
                    FIPS186-2:
                    
+SIG(ver)                     MOD(1024);
                    
+SHS: validation number  1081
                    
+RNG: validation number  649
                    
+Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical DSA List validation number 390. See Historical DSA List validation number 385.
                    Windows Server 2008 R2 and SP1 Enhanced DSS (DSSENH) #390
                    
+
                    Windows 7 Ultimate and SP1 Enhanced DSS (DSSENH) #385
                    FIPS186-2:
                    
+SIG(ver)                     MOD(1024);
                    
+SHS: validation number  753
                    
+Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical DSA List validation number 284. See Historical DSA List validation number 283.
                    Windows Server 2008 CNG algorithms #284
                    
+
                    Windows Vista Ultimate SP1 CNG algorithms #283
                    FIPS186-2:
                    
+SIG(ver)                     MOD(1024);
                    
+SHS: validation number  753
                    
+RNG: validation number  435
                    
+Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical DSA List validation number 282. See Historical DSA List validation number 281.
                    Windows Server 2008 Enhanced DSS (DSSENH) #282
                    
+
                    Windows Vista Ultimate SP1 Enhanced DSS (DSSENH) #281
                    FIPS186-2:
                    
+SIG(ver)                     MOD(1024);
                    
+SHS: validation number  618
                    
+RNG: validation number  321
                    
+Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical DSA List validation number 227. See Historical DSA List validation number 226.
                    Windows Vista CNG algorithms #227
                    
+
                    Windows Vista Enhanced DSS (DSSENH) #226
                    FIPS186-2:
                    
+SIG(ver)                     MOD(1024);
                    
+SHS: validation number  784
                    
+RNG: validation number  448
                    
+Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical DSA List validation number 292.                    		Windows XP Professional SP3 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) #292
                    FIPS186-2:
                    
+SIG(ver)                     MOD(1024);
                    
+SHS: validation number  783
                    
+RNG: validation number  447
                    
+Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical DSA List validation number 291.                    		Windows XP Professional SP3 Enhanced Cryptographic Provider (RSAENH) #291
                    FIPS186-2:
                    
+PQG(gen)                     MOD(1024);
                    
+PQG(ver) MOD(1024);
                    
+KEYGEN(Y) MOD(1024);
                    
+SIG(gen) MOD(1024);
                    
+SIG(ver) MOD(1024);
                    
+SHS: validation number  611
                    
+RNG: validation number  314                    		Windows 2003 SP2 Enhanced DSS and Diffie-Hellman Cryptographic Provider #221
                    FIPS186-2:
                    
+PQG(gen)                     MOD(1024);
                    
+PQG(ver) MOD(1024);
                    
+KEYGEN(Y) MOD(1024);
                    
+SIG(gen) MOD(1024);
                    
+SIG(ver) MOD(1024);
                    
+SHS: validation number  385                    		Windows Server 2003 SP1 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) #146
                    FIPS186-2:
                    
+PQG(ver)                     MOD(1024);
                    
+KEYGEN(Y) MOD(1024);
                    
+SIG(gen) MOD(1024);
                    
+SIG(ver) MOD(1024);
                    
+SHS: validation number  181
                    
+
                    
+                    		Windows Server 2003 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) #95
                    FIPS186-2:
                    
+PQG(gen)                     MOD(1024);
                    
+PQG(ver) MOD(1024);
                    
+KEYGEN(Y) MOD(1024);
                    
+SIG(gen) MOD(1024);
                    
+SHS: SHA-1 (BYTE)
                    
+SIG(ver) MOD(1024);
                    
+SHS: SHA-1 (BYTE)
                    Windows 2000 DSSENH.DLL #29
                    
+
                    Windows 2000 DSSBASE.DLL #28
                    
+
                    Windows NT 4 SP6 DSSENH.DLL #26
                    
+
                    Windows NT 4 SP6 DSSBASE.DLL #25
                    FIPS186-2: PRIME;
                    
+FIPS186-2:
                    
+
                    KEYGEN(Y):
                    
+SHS: SHA-1 (BYTE)
                    
+
                    SIG(gen):
                    
+SIG(ver)                     MOD(1024);
                    
+SHS: SHA-1 (BYTE)
                    		Windows NT 4.0 SP4 Microsoft Enhanced DSS and Diffie-Hellman Cryptographic Provider #17
                    
+
+
+#### Elliptic Curve Digital Signature Algorithm (ECDSA)
+
+
++++
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                    



                    Modes / States / Key SizesAlgorithm Implementation and Certificate #
                      
+
                    • ECDSA:
                      • 
+
                      • 
+
                      • 186-4:
                        • 
+
                        • 
+
                        • Key Pair Generation:
                          • 
+
                          • 
+
                          • Curves: P-256, P-384, P-521
                            • 
+
                          • Generation Methods: Extra Random Bits
                            • 
+
                          • 
+
                        • Public Key Validation:
                          • 
+
                          • 
+
                          • Curves: P-256, P-384, P-521
                            • 
+
                          • 
+
                        • Signature Generation:
                          • 
+
                          • 
+
                          • P-256 SHA: SHA-256
                            • 
+
                          • P-384 SHA: SHA-384
                            • 
+
                          • P-521 SHA: SHA-512
                            • 
+
                          • 
+
                        • Signature Verification:
                          • 
+
                          • 
+
                          • P-256 SHA: SHA-256
                            • 
+
                          • P-384 SHA: SHA-384
                            • 
+
                          • P-521 SHA: SHA-512
                            • 
+
                          • 
+
                        • 
+
                      • 
+
                    
+
                    Prerequisite: SHS #2373, DRBG #489
                    Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations #1263
                    
+
                    Version 6.3.9600
                      
+
                    • ECDSA:
                      • 
+
                      • 
+
                      • 186-4:
                        • 
+
                        • 
+
                        • Key Pair Generation:
                          • 
+
                          • 
+
                          • Curves: P-256, P-384
                            • 
+
                          • Generation Methods: Testing Candidates
                            • 
+
                          • 
+
                        • 
+
                      • 
+
                    
+
                    Prerequisite: SHS #4011, DRBG #1734
                    Microsoft Surface Hub Virtual TPM Implementations #1253
                    
+
                    Version 10.0.15063.674
                      
+
                    • ECDSA:
                      • 
+
                      • 
+
                      • 186-4:
                        • 
+
                        • 
+
                        • Key Pair Generation:
                          • 
+
                          • 
+
                          • Curves: P-256, P-384
                            • 
+
                          • Generation Methods: Testing Candidates
                            • 
+
                          • 
+
                        • 
+
                      • 
+
                    
+
                    Prerequisite: SHS #4009, DRBG #1733
                    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations #1252
                    
+
                    Version 10.0.16299
                      
+
                    • ECDSA:
                      • 
+
                      • 
+
                      • 186-4:
                        • 
+
                        • 
+
                        • Key Pair Generation:
                          • 
+
                          • 
+
                          • Curves: P-256, P-384, P-521
                            • 
+
                          • Generation Methods: Extra Random Bits
                            • 
+
                          • 
+
                        • Public Key Validation:
                          • 
+
                          • 
+
                          • Curves: P-256, P-384, P-521
                            • 
+
                          • 
+
                        • Signature Generation:
                          • 
+
                          • 
+
                          • P-256 SHA: SHA-256
                            • 
+
                          • P-384 SHA: SHA-384
                            • 
+
                          • P-521 SHA: SHA-512
                            • 
+
                          • 
+
                        • Signature Verification:
                          • 
+
                          • 
+
                          • P-256 SHA: SHA-256
                            • 
+
                          • P-384 SHA: SHA-384
                            • 
+
                          • P-521 SHA: SHA-512
                            • 
+
                          • 
+
                        • 
+
                      • 
+
                    
+
                    Prerequisite: SHS #4011, DRBG #1732
                    Microsoft Surface Hub MsBignum Cryptographic Implementations #1251
                    
+
                    Version 10.0.15063.674
                      
+
                    • ECDSA:
                      • 
+
                      • 
+
                      • 186-4:
                        • 
+
                        • 
+
                        • Key Pair Generation:
                          • 
+
                          • 
+
                          • Curves: P-256, P-384, P-521
                            • 
+
                          • Generation Methods: Extra Random Bits
                            • 
+
                          • 
+
                        • Public Key Validation:
                          • 
+
                          • 
+
                          • Curves: P-256, P-384, P-521
                            • 
+
                          • 
+
                        • Signature Generation:
                          • 
+
                          • 
+
                          • P-256 SHA: SHA-256
                            • 
+
                          • P-384 SHA: SHA-384
                            • 
+
                          • P-521 SHA: SHA-512
                            • 
+
                          • 
+
                        • Signature Verification:
                          • 
+
                          • 
+
                          • P-256 SHA: SHA-256
                            • 
+
                          • P-384 SHA: SHA-384
                            • 
+
                          • P-521 SHA: SHA-512
                            • 
+
                          • 
+
                        • 
+
                      • 
+
                    
+
                    Prerequisite: SHS #4011, DRBG #1732
                    Microsoft Surface Hub SymCrypt Cryptographic Implementations #1250
                    
+
                    Version 10.0.15063.674
                      
+
                    • ECDSA:
                      • 
+
                      • 
+
                      • 186-4:
                        • 
+
                        • 
+
                        • Key Pair Generation:
                          • 
+
                          • 
+
                          • Curves: P-256, P-384, P-521
                            • 
+
                          • Generation Methods: Extra Random Bits
                            • 
+
                          • 
+
                        • Public Key Validation:
                          • 
+
                          • 
+
                          • Curves: P-256, P-384, P-521
                            • 
+
                          • 
+
                        • Signature Generation:
                          • 
+
                          • 
+
                          • P-256 SHA: SHA-256
                            • 
+
                          • P-384 SHA: SHA-384
                            • 
+
                          • P-521 SHA: SHA-512
                            • 
+
                          • 
+
                        • Signature Verification:
                          • 
+
                          • 
+
                          • P-256 SHA: SHA-256
                            • 
+
                          • P-384 SHA: SHA-384
                            • 
+
                          • P-521 SHA: SHA-512
                            • 
+
                          • 
+
                        • 
+
                      • 
+
                    
+
                    Prerequisite: SHS #4010, DRBG #1731
                    Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #1249
                    
+
                    Version 10.0.15254
                      
+
                    • ECDSA:
                      • 
+
                      • 
+
                      • 186-4:
                        • 
+
                        • 
+
                        • Key Pair Generation:
                          • 
+
                          • 
+
                          • Curves: P-256, P-384, P-521
                            • 
+
                          • Generation Methods: Extra Random Bits
                            • 
+
                          • 
+
                        • Public Key Validation:
                          • 
+
                          • 
+
                          • Curves: P-256, P-384, P-521
                            • 
+
                          • 
+
                        • Signature Generation:
                          • 
+
                          • 
+
                          • P-256 SHA: SHA-256
                            • 
+
                          • P-384 SHA: SHA-384
                            • 
+
                          • P-521 SHA: SHA-512
                            • 
+
                          • 
+
                        • Signature Verification:
                          • 
+
                          • 
+
                          • P-256 SHA: SHA-256
                            • 
+
                          • P-384 SHA: SHA-384
                            • 
+
                          • P-521 SHA: SHA-512
                            • 
+
                          • 
+
                        • 
+
                      • 
+
                    
+
                    Prerequisite: SHS #4010, DRBG #1731
                    Windows 10 Mobile (version 1709) MsBignum Cryptographic Implementations #1248
                    
+
                    Version 10.0.15254
                      
+
                    • ECDSA:
                      • 
+
                      • 
+
                      • 186-4:
                        • 
+
                        • 
+
                        • Key Pair Generation:
                          • 
+
                          • 
+
                          • Curves: P-256, P-384, P-521
                            • 
+
                          • Generation Methods: Extra Random Bits
                            • 
+
                          • 
+
                        • Public Key Validation:
                          • 
+
                          • 
+
                          • Curves: P-256, P-384, P-521
                            • 
+
                          • 
+
                        • Signature Generation:
                          • 
+
                          • 
+
                          • P-256 SHA: SHA-256
                            • 
+
                          • P-384 SHA: SHA-384
                            • 
+
                          • P-521 SHA: SHA-512
                            • 
+
                          • 
+
                        • Signature Verification:
                          • 
+
                          • 
+
                          • P-256 SHA: SHA-256
                            • 
+
                          • P-384 SHA: SHA-384
                            • 
+
                          • P-521 SHA: SHA-512
                            • 
+
                          • 
+
                        • 
+
                      • 
+
                    
+
                    Prerequisite: SHS #4009, DRBG #1730
                    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); MsBignum Cryptographic Implementations #1247
                    
+
                    Version 10.0.16299
                      
+
                    • ECDSA:
                      • 
+
                      • 
+
                      • 186-4:
                        • 
+
                        • 
+
                        • Key Pair Generation:
                          • 
+
                          • 
+
                          • Curves: P-256, P-384, P-521
                            • 
+
                          • Generation Methods: Extra Random Bits
                            • 
+
                          • 
+
                        • Public Key Validation:
                          • 
+
                          • 
+
                          • Curves: P-256, P-384, P-521
                            • 
+
                          • 
+
                        • Signature Generation:
                          • 
+
                          • 
+
                          • P-256 SHA: SHA-256
                            • 
+
                          • P-384 SHA: SHA-384
                            • 
+
                          • P-521 SHA: SHA-512
                            • 
+
                          • 
+
                        • Signature Verification:
                          • 
+
                          • 
+
                          • P-256 SHA: SHA-256
                            • 
+
                          • P-384 SHA: SHA-384
                            • 
+
                          • P-521 SHA: SHA-512
                            • 
+
                          • 
+
                        • 
+
                      • 
+
                    
+
                    Prerequisite: SHS #4009, DRBG #1730
                    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #1246
                    
+
                    Version 10.0.16299
                    FIPS186-4:
                    
+PKG: CURVES                    (P-256 P-384 TestingCandidates)
                    
+SHS: validation number 3790
                    
+DRBG: validation number  1555
                    Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations #1136
                    
+
                    Version 10.0.15063
                    FIPS186-4:
                    
+PKG: CURVES                    (P-256 P-384 P-521 ExtraRandomBits)
                    
+PKV: CURVES(P-256 P-384 P-521)
                    
+SigGen: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)
                    
+SigVer: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512))
                    
+SHS: validation number 3790
                    
+DRBG: validation number  1555
                    Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile MsBignum Cryptographic Implementations #1135
                    
+
                    Version 10.0.15063
                    FIPS186-4:
                    
+PKG: CURVES                    (P-256 P-384 P-521 ExtraRandomBits)
                    
+PKV: CURVES(P-256 P-384 P-521)
                    
+SigGen: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)
                    
+SigVer: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512))
                    
+SHS: validation number 3790
                    
+DRBG: validation number  1555
                    Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #1133
                    
+
                    Version 10.0.15063
                    FIPS186-4:
                    
+PKG: CURVES                    (P-256 P-384 P-521 ExtraRandomBits)
                    
+PKV: CURVES(P-256 P-384 P-521)
                    
+SigGen: CURVES(P-256: (SHA-1, 256) P-384: (SHA-1, 384) P-521: (SHA-1, 512) SIG(gen) with SHA-1 affirmed for use with protocols only.
                    
+SigVer: CURVES(P-256: (SHA-1, 256) P-384: (SHA-1, 384) P-521: (SHA-1, 512))
                    
+SHS:validation number  3649
                    
+DRBG:validation number  1430
                    Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1073
                    
+
                    Version 7.00.2872
                    FIPS186-4:
                    
+PKG: CURVES                    (P-256 P-384 P-521 ExtraRandomBits)
                    
+PKV: CURVES(P-256 P-384 P-521)
                    
+SigGen: CURVES(P-256: (SHA-1, 256) P-384: (SHA-1, 384) P-521: (SHA-1, 512) SIG(gen) with SHA-1 affirmed for use with protocols only.
                    
+SigVer: CURVES(P-256: (SHA-1, 256) P-384: (SHA-1, 384) P-521: (SHA-1, 512))
                    
+SHS:validation number 3648
                    
+DRBG:validation number  1429
                    Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1072
                    
+
                    Version 8.00.6246
                    FIPS186-4:
                    
+PKG: CURVES                    (P-256 P-384 TestingCandidates)
                    
+PKV: CURVES(P-256 P-384)
                    
+SigGen: CURVES(P-256: (SHA-1, 256) P-384: (SHA-1, 256, 384) SIG(gen) with SHA-1 affirmed for use with protocols only.
                    
+SigVer: CURVES(P-256: (SHA-1, 256) P-384: (SHA-1, 256, 384))
                    
+
                    SHS: validation number  3347
                    
+DRBG: validation number  1222
                    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #920
                    
+
                    Version 10.0.14393
                    FIPS186-4:
                    
+PKG: CURVES                    (P-256 P-384 P-521 ExtraRandomBits)
                    
+PKV: CURVES(P-256 P-384 P-521)
                    
+SigGen: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)
                    
+SigVer: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512))
                    
+
                    SHS: validation number  3347
                    
+DRBG: validation number  1217
                    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update MsBignum Cryptographic Implementations #911
                    
+
                    Version 10.0.14393
                    FIPS186-4:
                    
+PKG: CURVES                    (P-256 P-384 P-521 ExtraRandomBits)
                    
+SigGen: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)
                    
+SigVer: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512))
                    
+
                    SHS: validation number  3047
                    
+DRBG: validation number  955
                    Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” MsBignum Cryptographic Implementations #760
                    
+
                    Version 10.0.10586
                    FIPS186-4:
                    
+PKG: CURVES                    (P-256 P-384 P-521 ExtraRandomBits)
                    
+SigGen: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)
                    
+SigVer: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512))
                    
+
                    SHS: validation number  2886
                    
+DRBG: validation number  868
                    Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 MsBignum Cryptographic Implementations #706
                    
+
                    Version 10.0.10240
                    FIPS186-4:
                    
+PKG: CURVES                    (P-256 P-384 P-521 ExtraRandomBits)
                    
+SigGen: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)
                    
+SigVer: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512))
                    
+
                    SHS: validation number 2373
                    
+DRBG: validation number  489
                    Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations #505
                    
+
                    Version 6.3.9600
                    FIPS186-2:
                    
+PKG: CURVES                    (P-256 P-384 P-521)
                    
+SHS: #1903
                    
+DRBG: #258
                    
+SIG(ver): CURVES(P-256 P-384 P-521)
                    
+SHS: #1903
                    
+DRBG: #258
                    
+
                    FIPS186-4:
                    
+PKG: CURVES                    (P-256 P-384 P-521 ExtraRandomBits)
                    
+SigGen: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)
                    
+SigVer: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512))
                    
+SHS: #1903
                    
+DRBG: #258
                    
+Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical ECDSA List validation number 341.
                    		Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations #341
                    FIPS186-2:
                    
+PKG: CURVES                    (P-256 P-384 P-521)
                    
+SHS: validation number 1773
                    
+DRBG: validation number  193
                    
+SIG(ver): CURVES(P-256 P-384 P-521)
                    
+SHS: validation number 1773
                    
+DRBG: validation number  193
                    
+
                    FIPS186-4:
                    
+PKG: CURVES                    (P-256 P-384 P-521 ExtraRandomBits)
                    
+SigGen: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)
                    
+SigVer: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512))
                    
+SHS: validation number 1773
                    
+DRBG: validation number  193
                    
+Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical ECDSA List validation number 295.
                    		Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll) #295
                    FIPS186-2:
                    
+PKG: CURVES                    (P-256 P-384 P-521)
                    
+SHS: validation number 1081
                    
+DRBG: validation number  23
                    
+SIG(ver): CURVES(P-256 P-384 P-521)
                    
+SHS: validation number 1081
                    
+DRBG: validation number  23
                    
+Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical ECDSA List validation number 142. See Historical ECDSA List validation number 141.
                    Windows Server 2008 R2 and SP1 CNG algorithms #142
                    
+
                    Windows 7 Ultimate and SP1 CNG algorithms #141
                    FIPS186-2:
                    
+PKG: CURVES                    (P-256 P-384 P-521)
                    
+SHS: validation number 753
                    
+SIG(ver): CURVES(P-256 P-384 P-521)
                    
+SHS: validation number 753
                    
+Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical ECDSA List validation number 83. See Historical ECDSA List validation number 82.
                    Windows Server 2008 CNG algorithms #83
                    
+
                    Windows Vista Ultimate SP1 CNG algorithms #82
                    FIPS186-2:
                    
+PKG: CURVES                    (P-256 P-384 P-521)
                    
+SHS: validation number 618
                    
+RNG: validation number  321
                    
+SIG(ver): CURVES(P-256 P-384 P-521)
                    
+SHS: validation number 618
                    
+RNG: validation number  321
                    
+Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical ECDSA List validation number 60.                    		Windows Vista CNG algorithms #60
                    
+
+
+#### Keyed-Hash Message Authentication Code (HMAC)
+
+
++++
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                    



                    Modes / States / Key SizesAlgorithm Implementation and Certificate #
                      
+
                    • HMAC-SHA-1:
                      • 
+
                      • 
+
                      • Key Sizes &lt; Block Size
                        • 
+
                      • Key Sizes &gt; Block Size
                        • 
+
                      • Key Sizes = Block Size
                        • 
+
                      • 
+
                    • HMAC-SHA2-256:
                      • 
+
                      • 
+
                      • Key Sizes &lt; Block Size
                        • 
+
                      • Key Sizes &gt; Block Size
                        • 
+
                      • Key Sizes = Block Size
                        • 
+
                      • 
+
                    • HMAC-SHA2-384:
                      • 
+
                      • 
+
                      • Key Sizes &lt; Block Size
                        • 
+
                      • Key Sizes &gt; Block Size
                        • 
+
                      • Key Sizes = Block Size
                        • 
+
                      • 
+
                    
+
                    Prerequisite: SHS #4011
                    Microsoft Surface Hub Virtual TPM Implementations #3271
                    
+
                    Version 10.0.15063.674
                      
+
                    • HMAC-SHA-1:
                      • 
+
                      • 
+
                      • Key Sizes &lt; Block Size
                        • 
+
                      • Key Sizes &gt; Block Size
                        • 
+
                      • Key Sizes = Block Size
                        • 
+
                      • 
+
                    • HMAC-SHA2-256:
                      • 
+
                      • 
+
                      • Key Sizes &lt; Block Size
                        • 
+
                      • Key Sizes &gt; Block Size
                        • 
+
                      • Key Sizes = Block Size
                        • 
+
                      • 
+
                    • HMAC-SHA2-384:
                      • 
+
                      • 
+
                      • Key Sizes &lt; Block Size
                        • 
+
                      • Key Sizes &gt; Block Size
                        • 
+
                      • Key Sizes = Block Size
                        • 
+
                      • 
+
                    
+
                    Prerequisite: SHS #4009
                    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations #3270
                    
+
                    Version 10.0.16299
                      
+
                    • HMAC-SHA-1:
                      • 
+
                      • 
+
                      • Key Sizes &lt; Block Size
                        • 
+
                      • Key Sizes &gt; Block Size
                        • 
+
                      • Key Sizes = Block Size
                        • 
+
                      • 
+
                    • HMAC-SHA2-256:
                      • 
+
                      • 
+
                      • Key Sizes &lt; Block Size
                        • 
+
                      • Key Sizes &gt; Block Size
                        • 
+
                      • Key Sizes = Block Size
                        • 
+
                      • 
+
                    • HMAC-SHA2-384:
                      • 
+
                      • 
+
                      • Key Sizes &lt; Block Size
                        • 
+
                      • Key Sizes &gt; Block Size
                        • 
+
                      • Key Sizes = Block Size
                        • 
+
                      • 
+
                    • HMAC-SHA2-512:
                      • 
+
                      • 
+
                      • Key Sizes &lt; Block Size
                        • 
+
                      • Key Sizes &gt; Block Size
                        • 
+
                      • Key Sizes = Block Size
                        • 
+
                      • 
+
                    
+
                    Prerequisite: SHS #4011
                    Microsoft Surface Hub SymCrypt Cryptographic Implementations #3269
                    
+
                    Version 10.0.15063.674
                      
+
                    • HMAC-SHA-1:
                      • 
+
                      • 
+
                      • Key Sizes &lt; Block Size
                        • 
+
                      • Key Sizes &gt; Block Size
                        • 
+
                      • Key Sizes = Block Size
                        • 
+
                      • 
+
                    • HMAC-SHA2-256:
                      • 
+
                      • 
+
                      • Key Sizes &lt; Block Size
                        • 
+
                      • Key Sizes &gt; Block Size
                        • 
+
                      • Key Sizes = Block Size
                        • 
+
                      • 
+
                    • HMAC-SHA2-384:
                      • 
+
                      • 
+
                      • Key Sizes &lt; Block Size
                        • 
+
                      • Key Sizes &gt; Block Size
                        • 
+
                      • Key Sizes = Block Size
                        • 
+
                      • 
+
                    • HMAC-SHA2-512:
                      • 
+
                      • 
+
                      • Key Sizes &lt; Block Size
                        • 
+
                      • Key Sizes &gt; Block Size
                        • 
+
                      • Key Sizes = Block Size
                        • 
+
                      • 
+
                    
+
                    Prerequisite: SHS #4010
                    Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #3268
                    
+
                    Version 10.0.15254
                      
+
                    • HMAC-SHA-1:
                      • 
+
                      • 
+
                      • Key Sizes &lt; Block Size
                        • 
+
                      • Key Sizes &gt; Block Size
                        • 
+
                      • Key Sizes = Block Size
                        • 
+
                      • 
+
                    • HMAC-SHA2-256:
                      • 
+
                      • 
+
                      • Key Sizes &lt; Block Size
                        • 
+
                      • Key Sizes &gt; Block Size
                        • 
+
                      • Key Sizes = Block Size
                        • 
+
                      • 
+
                    • HMAC-SHA2-384:
                      • 
+
                      • 
+
                      • Key Sizes &lt; Block Size
                        • 
+
                      • Key Sizes &gt; Block Size
                        • 
+
                      • Key Sizes = Block Size
                        • 
+
                      • 
+
                    • HMAC-SHA2-512:
                      • 
+
                      • 
+
                      • Key Sizes &lt; Block Size
                        • 
+
                      • Key Sizes &gt; Block Size
                        • 
+
                      • Key Sizes = Block Size
                        • 
+
                      • 
+
                    
+
                    Prerequisite: SHS #4009
                    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #3267
                    
+
                    Version 10.0.16299
                    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS validation number 3790
                    
+
                    HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS validation number 3790
                    
+
                    HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS validation number 3790
                    Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations #3062
                    
+
                    Version 10.0.15063
                    HMAC-SHA1(Key Sizes Ranges Tested: KSBS) SHS validation number 3790
                    
+
                    HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS validation number 3790
                    
+
                    HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS validation number 3790
                    
+
                    HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHS validation number 3790
                    Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #3061
                    
+
                    Version 10.0.15063
                    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS validation number 3652
                    
+
                    HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS validation number 3652
                    
+
                    HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS validation number 3652
                    
+
                    HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSvalidation number 3652
                    Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #2946
                    
+
                    Version 7.00.2872
                    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS validation number 3651
                    
+
                    HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS validation number 3651
                    
+
                    HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS validation number 3651
                    
+
                    HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSvalidation number 3651
                    Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #2945
                    
+
                    Version 8.00.6246
                    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS validation number  3649
                    
+
                    HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS validation number  3649
                    
+
                    HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS validation number  3649
                    
+
                    HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSvalidation number  3649
                    Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #2943
                    
+
                    Version 7.00.2872
                    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS validation number 3648
                    
+
                    HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS validation number 3648
                    
+
                    HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS validation number 3648
                    
+
                    HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSvalidation number 3648
                    Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #2942
                    
+
                    Version 8.00.6246
                    HMAC-SHA1 (Key Sizes Ranges Tested:  KSBS)
                    
+SHS validation number  3347
                    
+
                    HMAC-SHA256 (Key Size Ranges Tested:  KSBS)
                    
+SHS validation number  3347
                    
+
                    HMAC-SHA384 (Key Size Ranges Tested:  KSBS)
                    
+SHS validation number  3347
                    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #2661
                    
+
                    Version 10.0.14393
                    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS validation number  3347
                    
+
                    HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS validation number  3347
                    
+
                    HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS validation number  3347
                    
+
                    HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHS validation number  3347
                    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update SymCrypt Cryptographic Implementations #2651
                    
+
                    Version 10.0.14393
                    HMAC-SHA1 (Key Sizes Ranges Tested:  KSBS)
                    
+SHS validation number  3047
                    
+
                    HMAC-SHA256 (Key Size Ranges Tested:  KSBS)
                    
+SHS validation number  3047
                    
+
                    HMAC-SHA384 (Key Size Ranges Tested:  KSBS)
                    
+SHS validation number  3047
                    
+
                    HMAC-SHA512 (Key Size Ranges Tested:  KSBS)
                    
+SHS validation number  3047
                    Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” SymCrypt Cryptographic Implementations #2381
                    
+
                    Version 10.0.10586
                    HMAC-SHA1 (Key Sizes Ranges Tested:  KSBS)
                    
+SHSvalidation number  2886
                    
+
                    HMAC-SHA256 (Key Size Ranges Tested:  KSBS)
                    
+SHSvalidation number  2886
                    
+
                    HMAC-SHA384 (Key Size Ranges Tested:  KSBS)
                    
+ SHSvalidation number  2886
                    
+
                    HMAC-SHA512 (Key Size Ranges Tested:  KSBS)
                    
+SHSvalidation number  2886
                    Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 SymCrypt Cryptographic Implementations #2233
                    
+
                    Version 10.0.10240
                    HMAC-SHA1 (Key Sizes Ranges Tested:  KSBS)
                    
+SHS validation number 2373
                    
+
                    HMAC-SHA256 (Key Size Ranges Tested:  KSBS)
                    
+SHS validation number 2373
                    
+
                    HMAC-SHA384 (Key Size Ranges Tested:  KSBS)
                    
+SHS validation number 2373
                    
+
                    HMAC-SHA512 (Key Size Ranges Tested:  KSBS)
                    
+SHS validation number 2373
                    Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 SymCrypt Cryptographic Implementations #1773
                    
+
                    Version 6.3.9600
                    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS validation number 2764
                    
+
                    HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS validation number 2764
                    
+
                    HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS validation number 2764
                    
+
                    HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHS validation number 2764
                    Windows CE and Windows Mobile, and Windows Embedded Handheld Enhanced Cryptographic Provider (RSAENH) #2122
                    
+
                    Version 5.2.29344
                    HMAC-SHA1 (Key Sizes Ranges Tested: KS#1902
                    
+
                    HMAC-SHA256 (Key Size Ranges Tested: KS#1902
                    		Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 BitLocker® Cryptographic Implementations #1347
                    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS#1902
                    
+
                    HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS#1902
                    
+
                    HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS#1902
                    
+
                    HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHS#1902
                    		Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Enhanced Cryptographic Provider (RSAENH) #1346
                    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS)
                    
+
                    SHS#1903
                    
+
                    HMAC-SHA256 (Key Size Ranges Tested: KSBS)
                    
+
                    SHS#1903
                    
+
                    HMAC-SHA384 (Key Size Ranges Tested: KSBS)
                    
+
                    SHS#1903
                    
+
                    HMAC-SHA512 (Key Size Ranges Tested: KSBS)
                    
+
                    SHS#1903
                    		Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Next Generation Symmetric Cryptographic Algorithms Implementations (SYMCRYPT) #1345
                    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSvalidation number 1773
                    
+
                    HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHSvalidation number 1773
                    
+
                    Tinker HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSvalidation number 1773
                    
+
                    HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSvalidation number 1773
                    		Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll) #1364
                    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSvalidation number 1774
                    
+
                    HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHSvalidation number 1774
                    
+
                    HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSvalidation number 1774
                    
+
                    HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSvalidation number 1774
                    		Windows Embedded Compact 7 Enhanced Cryptographic Provider (RSAENH) #1227
                    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSvalidation number 1081
                    
+
                    HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHSvalidation number 1081
                    
+
                    HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSvalidation number 1081
                    
+
                    HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSvalidation number 1081
                    Windows Server 2008 R2 and SP1 CNG algorithms #686
                    
+
                    Windows 7 and SP1 CNG algorithms #677
                    
+
                    Windows Server 2008 R2 Enhanced Cryptographic Provider (RSAENH) #687
                    
+
                    Windows 7 Enhanced Cryptographic Provider (RSAENH) #673
                    HMAC-SHA1(Key Sizes Ranges Tested: KSvalidation number 1081
                    
+
                    HMAC-SHA256 (Key Size Ranges Tested: KSvalidation number 1081
                    		Windows 7 and SP1 and Windows Server 2008 R2 and SP1 BitLocker Algorithm Implementations #675
                    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSvalidation number 816
                    
+
                    HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHSvalidation number 816
                    
+
                    HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSvalidation number 816
                    
+
                    HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSvalidation number 816
                    		Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #452
                    HMAC-SHA1 (Key Sizes Ranges Tested: KSvalidation number 753
                    
+
                    HMAC-SHA256 (Key Size Ranges Tested: KSvalidation number 753
                    		Windows Vista Ultimate SP1 and Windows Server 2008 BitLocker Algorithm Implementations #415
                    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSvalidation number 753
                    
+
                    HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHSvalidation number 753
                    
+
                    HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSvalidation number 753
                    
+
                    HMAC-SHA512 (Key Size Ranges Tested: KSBS)SHS validation number 753
                    Windows Server 2008 Enhanced Cryptographic Provider (RSAENH) #408
                    
+
                    Windows Vista Enhanced Cryptographic Provider (RSAENH) #407
                    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS)SHSvalidation number 618
                    
+
                    HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHSvalidation number 618
                    
+
                    HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSvalidation number 618
                    
+
                    HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSvalidation number 618
                    		Windows Vista Enhanced Cryptographic Provider (RSAENH) #297
                    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSvalidation number 785
                    Windows XP Professional SP3 Kernel Mode Cryptographic Module (fips.sys) #429
                    
+
                    Windows XP, vendor-affirmed
                    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSvalidation number 783
                    
+
                    HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHSvalidation number 783
                    
+
                    HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSvalidation number 783
                    
+
                    HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSvalidation number 783
                    		Windows XP Professional SP3 Enhanced Cryptographic Provider (RSAENH) #428
                    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSvalidation number 613
                    
+
                    HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHSvalidation number 613
                    
+
                    HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSvalidation number 613
                    
+
                    HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSvalidation number 613
                    		Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #289
                    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSvalidation number 610Windows Server 2003 SP2 Kernel Mode Cryptographic Module (fips.sys) #287
                    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSvalidation number 753
                    
+
                    HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHSvalidation number 753
                    
+
                    HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSvalidation number 753
                    
+
                    HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSvalidation number 753
                    Windows Server 2008 CNG algorithms #413
                    
+
                    Windows Vista Ultimate SP1 CNG algorithms #412
                    HMAC-SHA1 (Key Sizes Ranges Tested: KSvalidation number 737
                    
+
                    HMAC-SHA256 (Key Size Ranges Tested: KSvalidation number 737
                    		Windows Vista Ultimate BitLocker Drive Encryption #386
                    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSvalidation number 618
                    
+
                    HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHSvalidation number 618
                    
+
                    HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSvalidation number 618
                    
+
                    HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSvalidation number 618
                    		Windows Vista CNG algorithms #298
                    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSvalidation number 589
                    
+
                    HMAC-SHA256 (Key Size Ranges Tested: KSBS)SHSvalidation number 589
                    
+
                    HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSvalidation number 589
                    
+
                    HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSvalidation number 589
                    		Windows CE 6.0 and Windows CE 6.0 R2 and Windows Mobile Enhanced Cryptographic Provider (RSAENH) #267
                    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSvalidation number 578
                    
+
                    HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHSvalidation number 578
                    
+
                    HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSvalidation number 578
                    
+
                    HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSvalidation number 578
                    		Windows CE and Windows Mobile 6.0 and Windows Mobil 6.5 Enhanced Cryptographic Provider (RSAENH) #260
                    HMAC-SHA1 (Key Sizes Ranges Tested: KSvalidation number 495
                    
+
                    HMAC-SHA256 (Key Size Ranges Tested: KSvalidation number 495
                    		Windows Vista BitLocker Drive Encryption #199
                    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSvalidation number 364
                    Windows Server 2003 SP1 Enhanced Cryptographic Provider (RSAENH) #99
                    
+
                    Windows XP, vendor-affirmed
                    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSvalidation number 305
                    
+
                    HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHSvalidation number 305
                    
+
                    HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSvalidation number 305
                    
+
                    HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSvalidation number 305
                    		Windows CE 5.00 and Windows CE 5.01 Enhanced Cryptographic Provider (RSAENH) #31
                    
+
+
+#### Key Agreement Scheme (KAS)
+
+
++++
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                    



                    Modes / States / Key SizesAlgorithm Implementation and Certificate #
                      
+
                    • KAS ECC:
                      • 
+
                      • 
+
                      • Functions: Domain Parameter Generation, Domain Parameter Validation, Full Public Key Validation, Key Pair Generation, Public Key Regeneration
                        • 
+
                      • Schemes:
                        • 
+
                        • 
+
                        • Full Unified:
                          • 
+
                          • 
+
                          • Key Agreement Roles: Initiator, Responder
                            • 
+
                          • KDFs: Concatenation
                            • 
+
                          • Parameter Sets:
                            • 
+
                            • 
+
                            • EC:
                              • 
+
                              • 
+
                              • Curve: P-256
                                • 
+
                              • SHA: SHA-256
                                • 
+
                              • MAC: HMAC
                                • 
+
                              • 
+
                            • ED:
                              • 
+
                              • 
+
                              • Curve: P-384
                                • 
+
                              • SHA: SHA-384
                                • 
+
                              • MAC: HMAC
                                • 
+
                              • 
+
                            • 
+
                          • 
+
                        • 
+
                      • 
+
                    
+
                    Prerequisite: SHS #4011, ECDSA #1253, DRBG #1734
                    Microsoft Surface Hub Virtual TPM Implementations #150
                    
+
                    Version 10.0.15063.674
                      
+
                    • KAS ECC:
                      • 
+
                      • 
+
                      • Functions: Domain Parameter Generation, Domain Parameter Validation, Full Public Key Validation, Key Pair Generation, Public Key Regeneration
                        • 
+
                      • Schemes:
                        • 
+
                        • 
+
                        • Full Unified:
                          • 
+
                          • 
+
                          • Key Agreement Roles: Initiator, Responder
                            • 
+
                          • KDFs: Concatenation
                            • 
+
                          • Parameter Sets:
                            • 
+
                            • 
+
                            • EC:
                              • 
+
                              • 
+
                              • Curve: P-256
                                • 
+
                              • SHA: SHA-256
                                • 
+
                              • MAC: HMAC
                                • 
+
                              • 
+
                            • ED:
                              • 
+
                              • 
+
                              • Curve: P-384
                                • 
+
                              • SHA: SHA-384
                                • 
+
                              • MAC: HMAC
                                • 
+
                              • 
+
                            • 
+
                          • 
+
                        • 
+
                      • 
+
                    
+
                    Prerequisite: SHS #4009, ECDSA #1252, DRBG #1733
                    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations #149
                    
+
                    Version 10.0.16299
                      
+
                    • KAS ECC:
                      • 
+
                      • 
+
                      • Functions: Domain Parameter Generation, Domain Parameter Validation, Key Pair Generation, Partial Public Key Validation, Public Key Regeneration
                        • 
+
                      • Schemes:
                        • 
+
                        • 
+
                        • Ephemeral Unified:
                          • 
+
                          • 
+
                          • Key Agreement Roles: Initiator, Responder
                            • 
+
                          • KDFs: Concatenation
                            • 
+
                          • Parameter Sets:
                            • 
+
                            • 
+
                            • EC:
                              • 
+
                              • 
+
                              • Curve: P-256
                                • 
+
                              • SHA: SHA-256
                                • 
+
                              • MAC: HMAC
                                • 
+
                              • 
+
                            • ED:
                              • 
+
                              • 
+
                              • Curve: P-384
                                • 
+
                              • SHA: SHA-384
                                • 
+
                              • MAC: HMAC
                                • 
+
                              • 
+
                            • EE:
                              • 
+
                              • 
+
                              • Curve: P-521
                                • 
+
                              • SHA: SHA-512
                                • 
+
                              • MAC: HMAC
                                • 
+
                              • 
+
                            • 
+
                          • 
+
                        • One-Pass DH:
                          • 
+
                          • 
+
                          • Key Agreement Roles: Initiator, Responder
                            • 
+
                          • Parameter Sets:
                            • 
+
                            • 
+
                            • EC:
                              • 
+
                              • 
+
                              • Curve: P-256
                                • 
+
                              • SHA: SHA-256
                                • 
+
                              • MAC: HMAC
                                • 
+
                              • 
+
                            • ED:
                              • 
+
                              • 
+
                              • Curve: P-384
                                • 
+
                              • SHA: SHA-384
                                • 
+
                              • MAC: HMAC
                                • 
+
                              • 
+
                            • EE:
                              • 
+
                              • 
+
                              • Curve: P-521
                                • 
+
                              • SHA: SHA-512
                                • 
+
                              • MAC: HMAC
                                • 
+
                              • 
+
                            • 
+
                          • 
+
                        • Static Unified:
                          • 
+
                          • 
+
                          • Key Agreement Roles: Initiator, Responder
                            • 
+
                          • Parameter Sets:
                            • 
+
                            • 
+
                            • EC:
                              • 
+
                              • 
+
                              • Curve: P-256
                                • 
+
                              • SHA: SHA-256
                                • 
+
                              • MAC: HMAC
                                • 
+
                              • 
+
                            • ED:
                              • 
+
                              • 
+
                              • Curve: P-384
                                • 
+
                              • SHA: SHA-384
                                • 
+
                              • MAC: HMAC
                                • 
+
                              • 
+
                            • EE:
                              • 
+
                              • 
+
                              • Curve: P-521
                                • 
+
                              • SHA: SHA-512
                                • 
+
                              • MAC: HMAC
                                • 
+
                              • 
+
                            • 
+
                          • 
+
                        • 
+
                      • 
+
                    
+
                    Prerequisite: SHS #4011, ECDSA #1250, DRBG #1732
                    
+
                      
+
                    • KAS FFC:
                      • 
+
                      • 
+
                      • Functions: Domain Parameter Generation, Domain Parameter Validation, Key Pair Generation, Partial Public Key Validation
                        • 
+
                      • Schemes:
                        • 
+
                        • 
+
                        • dhEphem:
                          • 
+
                          • 
+
                          • Key Agreement Roles: Initiator, Responder
                            • 
+
                          • Parameter Sets:
                            • 
+
                            • 
+
                            • FB:
                              • 
+
                              • 
+
                              • SHA: SHA-256
                                • 
+
                              • MAC: HMAC
                                • 
+
                              • 
+
                            • FC:
                              • 
+
                              • 
+
                              • SHA: SHA-256
                                • 
+
                              • MAC: HMAC
                                • 
+
                              • 
+
                            • 
+
                          • 
+
                        • dhOneFlow:
                          • 
+
                          • 
+
                          • Key Agreement Roles: Initiator, Responder
                            • 
+
                          • Parameter Sets:
                            • 
+
                            • 
+
                            • FB:
                              • 
+
                              • 
+
                              • SHA: SHA-256
                                • 
+
                              • MAC: HMAC
                                • 
+
                              • 
+
                            • FC:
                              • 
+
                              • 
+
                              • SHA: SHA-256
                                • 
+
                              • MAC: HMAC
                                • 
+
                              • 
+
                            • 
+
                          • 
+
                        • dhStatic:
                          • 
+
                          • 
+
                          • Key Agreement Roles: Initiator, Responder
                            • 
+
                          • Parameter Sets:
                            • 
+
                            • 
+
                            • FB:
                              • 
+
                              • 
+
                              • SHA: SHA-256
                                • 
+
                              • MAC: HMAC
                                • 
+
                              • 
+
                            • FC:
                              • 
+
                              • 
+
                              • SHA: SHA-256
                                • 
+
                              • MAC: HMAC
                                • 
+
                              • 
+
                            • 
+
                          • 
+
                        • 
+
                      • 
+
                    
+
                    Prerequisite: SHS #4011, DSA #1303, DRBG #1732
                    Microsoft Surface Hub SymCrypt Cryptographic Implementations #148
                    
+
                    Version 10.0.15063.674
                      
+
                    • KAS ECC:
                      • 
+
                      • 
+
                      • Functions: Domain Parameter Generation, Domain Parameter Validation, Key Pair Generation, Partial Public Key Validation, Public Key Regeneration
                        • 
+
                      • Schemes:
                        • 
+
                        • 
+
                        • Ephemeral Unified:
                          • 
+
                          • 
+
                          • Key Agreement Roles: Initiator, Responder
                            • 
+
                          • KDFs: Concatenation
                            • 
+
                          • Parameter Sets:
                            • 
+
                            • 
+
                            • EC:
                              • 
+
                              • 
+
                              • Curve: P-256
                                • 
+
                              • SHA: SHA-256
                                • 
+
                              • MAC: HMAC
                                • 
+
                              • 
+
                            • ED:
                              • 
+
                              • 
+
                              • Curve: P-384
                                • 
+
                              • SHA: SHA-384
                                • 
+
                              • MAC: HMAC
                                • 
+
                              • 
+
                            • EE:
                              • 
+
                              • 
+
                              • Curve: P-521
                                • 
+
                              • SHA: SHA-512
                                • 
+
                              • MAC: HMAC
                                • 
+
                              • 
+
                            • 
+
                          • 
+
                        • One-Pass DH:
                          • 
+
                          • 
+
                          • Key Agreement Roles: Initiator, Responder
                            • 
+
                          • Parameter Sets:
                            • 
+
                            • 
+
                            • EC:
                              • 
+
                              • 
+
                              • Curve: P-256
                                • 
+
                              • SHA: SHA-256
                                • 
+
                              • MAC: HMAC
                                • 
+
                              • 
+
                            • ED:
                              • 
+
                              • 
+
                              • Curve: P-384
                                • 
+
                              • SHA: SHA-384
                                • 
+
                              • MAC: HMAC
                                • 
+
                              • 
+
                            • EE:
                              • 
+
                              • 
+
                              • Curve: P-521
                                • 
+
                              • SHA: SHA-512
                                • 
+
                              • MAC: HMAC
                                • 
+
                              • 
+
                            • 
+
                          • 
+
                        • Static Unified:
                          • 
+
                          • 
+
                          • Key Agreement Roles: Initiator, Responder
                            • 
+
                          • Parameter Sets:
                            • 
+
                            • 
+
                            • EC:
                              • 
+
                              • 
+
                              • Curve: P-256
                                • 
+
                              • SHA: SHA-256
                                • 
+
                              • MAC: HMAC
                                • 
+
                              • 
+
                            • ED:
                              • 
+
                              • 
+
                              • Curve: P-384
                                • 
+
                              • SHA: SHA-384
                                • 
+
                              • MAC: HMAC
                                • 
+
                              • 
+
                            • EE:
                              • 
+
                              • 
+
                              • Curve: P-521
                                • 
+
                              • SHA: SHA-512
                                • 
+
                              • MAC: HMAC
                                • 
+
                              • 
+
                            • 
+
                          • 
+
                        • 
+
                      • 
+
                    
+
                    Prerequisite: SHS #4010, ECDSA #1249, DRBG #1731
                    
+
                      
+
                    • KAS FFC:
                      • 
+
                      • 
+
                      • Functions: Domain Parameter Generation, Domain Parameter Validation, Key Pair Generation, Partial Public Key Validation
                        • 
+
                      • Schemes:
                        • 
+
                        • 
+
                        • dhEphem:
                          • 
+
                          • 
+
                          • Key Agreement Roles: Initiator, Responder
                            • 
+
                          • Parameter Sets:
                            • 
+
                            • 
+
                            • FB:
                              • 
+
                              • 
+
                              • SHA: SHA-256
                                • 
+
                              • MAC: HMAC
                                • 
+
                              • 
+
                            • FC:
                              • 
+
                              • 
+
                              • SHA: SHA-256
                                • 
+
                              • MAC: HMAC
                                • 
+
                              • 
+
                            • 
+
                          • 
+
                        • dhOneFlow:
                          • 
+
                          • 
+
                          • Key Agreement Roles: Initiator, Responder
                            • 
+
                          • Parameter Sets:
                            • 
+
                            • 
+
                            • FB:
                              • 
+
                              • 
+
                              • SHA: SHA-256
                                • 
+
                              • MAC: HMAC
                                • 
+
                              • 
+
                            • FC:
                              • 
+
                              • 
+
                              • SHA: SHA-256
                                • 
+
                              • MAC: HMAC
                                • 
+
                              • 
+
                            • 
+
                          • 
+
                        • dhStatic:
                          • 
+
                          • 
+
                          • Key Agreement Roles: Initiator, Responder
                            • 
+
                          • Parameter Sets:
                            • 
+
                            • 
+
                            • FB:
                              • 
+
                              • 
+
                              • SHA: SHA-256
                                • 
+
                              • MAC: HMAC
                                • 
+
                              • 
+
                            • FC:
                              • 
+
                              • 
+
                              • SHA: SHA-256
                                • 
+
                              • MAC: HMAC
                                • 
+
                              • 
+
                            • 
+
                          • 
+
                        • 
+
                      • 
+
                    
+
                    Prerequisite: SHS #4010, DSA #1302, DRBG #1731
                    Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #147
                    
+
                    Version 10.0.15254
                      
+
                    • KAS ECC:
                      • 
+
                      • 
+
                      • Functions: Domain Parameter Generation, Domain Parameter Validation, Key Pair Generation, Partial Public Key Validation, Public Key Regeneration
                        • 
+
                      • Schemes:
                        • 
+
                        • 
+
                        • Ephemeral Unified:
                          • 
+
                          • 
+
                          • Key Agreement Roles: Initiator, Responder
                            • 
+
                          • KDFs: Concatenation
                            • 
+
                          • Parameter Sets:
                            • 
+
                            • 
+
                            • EC:
                              • 
+
                              • 
+
                              • Curve: P-256
                                • 
+
                              • SHA: SHA-256
                                • 
+
                              • MAC: HMAC
                                • 
+
                              • 
+
                            • ED:
                              • 
+
                              • 
+
                              • Curve: P-384
                                • 
+
                              • SHA: SHA-384
                                • 
+
                              • MAC: HMAC
                                • 
+
                              • 
+
                            • EE:
                              • 
+
                              • 
+
                              • Curve: P-521
                                • 
+
                              • SHA: SHA-512
                                • 
+
                              • MAC: HMAC
                                • 
+
                              • 
+
                            • 
+
                          • 
+
                        • One-Pass DH:
                          • 
+
                          • 
+
                          • Key Agreement Roles: Initiator, Responder
                            • 
+
                          • Parameter Sets:
                            • 
+
                            • 
+
                            • EC:
                              • 
+
                              • 
+
                              • Curve: P-256
                                • 
+
                              • SHA: SHA-256
                                • 
+
                              • MAC: HMAC
                                • 
+
                              • 
+
                            • ED:
                              • 
+
                              • 
+
                              • Curve: P-384
                                • 
+
                              • SHA: SHA-384
                                • 
+
                              • MAC: HMAC
                                • 
+
                              • 
+
                            • EE:
                              • 
+
                              • 
+
                              • Curve: P-521
                                • 
+
                              • SHA: SHA-512
                                • 
+
                              • MAC: HMAC
                                • 
+
                              • 
+
                            • 
+
                          • 
+
                        • Static Unified:
                          • 
+
                          • 
+
                          • Key Agreement Roles: Initiator, Responder
                            • 
+
                          • Parameter Sets:
                            • 
+
                            • 
+
                            • EC:
                              • 
+
                              • 
+
                              • Curve: P-256
                                • 
+
                              • SHA: SHA-256
                                • 
+
                              • MAC: HMAC
                                • 
+
                              • 
+
                            • ED:
                              • 
+
                              • 
+
                              • Curve: P-384
                                • 
+
                              • SHA: SHA-384
                                • 
+
                              • MAC: HMAC
                                • 
+
                              • 
+
                            • EE:
                              • 
+
                              • 
+
                              • Curve: P-521
                                • 
+
                              • SHA: SHA-512
                                • 
+
                              • MAC: HMAC
                                • 
+
                              • 
+
                            • 
+
                          • 
+
                        • 
+
                      • 
+
                    
+
                    Prerequisite: SHS #4009, ECDSA #1246, DRBG #1730
                    
+
                      
+
                    • KAS FFC:
                      • 
+
                      • 
+
                      • Functions: Domain Parameter Generation, Domain Parameter Validation, Key Pair Generation, Partial Public Key Validation
                        • 
+
                      • Schemes:
                        • 
+
                        • 
+
                        • dhEphem:
                          • 
+
                          • 
+
                          • Key Agreement Roles: Initiator, Responder
                            • 
+
                          • Parameter Sets:
                            • 
+
                            • 
+
                            • FB:
                              • 
+
                              • 
+
                              • SHA: SHA-256
                                • 
+
                              • MAC: HMAC
                                • 
+
                              • 
+
                            • FC:
                              • 
+
                              • 
+
                              • SHA: SHA-256
                                • 
+
                              • MAC: HMAC
                                • 
+
                              • 
+
                            • 
+
                          • 
+
                        • dhOneFlow:
                          • 
+
                          • 
+
                          • Key Agreement Roles: Initiator, Responder
                            • 
+
                          • Parameter Sets:
                            • 
+
                            • 
+
                            • FB:
                              • 
+
                              • 
+
                              • SHA: SHA-256
                                • 
+
                              • MAC: HMAC
                                • 
+
                              • 
+
                            • FC:
                              • 
+
                              • 
+
                              • SHA: SHA-256
                                • 
+
                              • MAC: HMAC
                                • 
+
                              • 
+
                            • 
+
                          • 
+
                        • dhStatic:
                          • 
+
                          • 
+
                          • Key Agreement Roles: Initiator, Responder
                            • 
+
                          • Parameter Sets:
                            • 
+
                            • 
+
                            • FB:
                              • 
+
                              • 
+
                              • SHA: SHA-256
                                • 
+
                              • MAC: HMAC
                                • 
+
                              • 
+
                            • FC:
                              • 
+
                              • 
+
                              • SHA: SHA-256
                                • 
+
                              • MAC: HMAC
                                • 
+
                              • 
+
                            • 
+
                          • 
+
                        • 
+
                      • 
+
                    
+
                    Prerequisite: SHS #4009, DSA #1301, DRBG #1730
                    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #146
                    
+
                    Version 10.0.16299
                    ECC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Full Validation   Key Regeneration) SCHEMES [FullUnified (EC: P-256   SHA256   HMAC) (ED: P-384   SHA384   HMAC)]
                    
+
                    SHS validation number 3790
                    
+DSA validation number 1135
                    
+DRBG validation number 1556
                    Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations #128
                    
+
                    Version 10.0.15063
                    FFC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation) SCHEMES [dhEphem (KARole(s): Initiator / Responder)
                    
+(FB: SHA256) (FC: SHA256)]
                    
+[dhOneFlow (FB: SHA256) (FC: SHA256)] [dhStatic (No_KC &lt; KARole(s): Initiator / Responder&gt;) (FB: SHA256 HMAC) (FC: SHA256   HMAC)]
                    
+SHS validation number 3790
                    
+DSA validation number 1223
                    
+DRBG validation number 1555
                    
+
                    ECC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation) SCHEMES [EphemeralUnified (No_KC &lt; KARole(s): Initiator / Responder&gt;) (EC: P-256   SHA256   HMAC) (ED: P-384   SHA384   HMAC) (EE: P-521 HMAC (SHA512, HMAC_SHA512)))]
                    
+[OnePassDH (No_KC &lt; KARole(s): Initiator / Responder&gt;) (EC: P-256   SHA256   HMAC) (ED: P-384   SHA384   HMAC) (EE: P-521   HMAC (SHA512, HMAC_SHA512))]
                    
+[StaticUnified (No_KC &lt; KARole(s): Initiator / Responder&gt;) (EC: P-256   SHA256   HMAC) (ED: P-384   SHA384   HMAC) (EE: P-521   HMAC (SHA512, HMAC_SHA512))]
                    
+
                    
+SHS validation number 3790
                    
+ECDSA validation number 1133
                    
+DRBG validation number 1555
                    Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #127
                    
+
                    Version 10.0.15063
                    FFC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation) SCHEMES [dhEphem (KARole(s): Initiator / Responder)
                    
+(FB: SHA256) (FC: SHA256)]
                    
+[dhOneFlow (KARole(s): Initiator / Responder) (FB: SHA256) (FC: SHA256)] [dhStatic (No_KC &lt; KARole(s): Initiator / Responder&gt;) (FB: SHA256 HMAC) (FC: SHA256   HMAC)]
                    
+SHS validation number  3649
                    
+DSA validation number 1188
                    
+DRBG validation number 1430
                    
+
                    ECC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation   Key Regeneration) SCHEMES [EphemeralUnified (No_KC &lt; KARole(s): Initiator / Responder&gt;) (EC: P-256   SHA256   HMAC) (ED: P-384   SHA384   HMAC) (EE: P-521 HMAC (SHA512, HMAC_SHA512)))]
                    
+[OnePassDH (No_KC &lt; KARole(s): Initiator / Responder&gt;) (EC: P-256   SHA256   HMAC) (ED: P-384   SHA384   HMAC) (EE: P-521   HMAC (SHA512, HMAC_SHA512))]
                    
+[StaticUnified (No_KC &lt; KARole(s): Initiator / Responder&gt;) (EC: P-256   SHA256   HMAC) (ED: P-384   SHA384   HMAC) (EE: P-521   HMAC (SHA512, HMAC_SHA512))]
                    Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #115
                    
+
                    Version 7.00.2872
                    FFC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation) SCHEMES [dhEphem (KARole(s): Initiator / Responder)
                    
+(FB: SHA256) (FC: SHA256)]
                    
+[dhHybridOneFlow (No_KC &lt; KARole(s): Initiator / Responder&gt;) (FB:SHA256 HMAC) (FC: SHA256   HMAC)]
                    
+[dhStatic (No_KC &lt; KARole(s): Initiator / Responder&gt;) (FB:SHA256 HMAC) (FC: SHA256   HMAC)]
                    
+SHS validation number 3648
                    
+DSA validation number 1187
                    
+DRBG validation number 1429
                    
+
                    ECC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation   Key Regeneration) SCHEMES [EphemeralUnified (No_KC) (EC: P-256   SHA256   HMAC) (ED: P-384   SHA384   HMAC) (EE: P-521 HMAC (SHA512, HMAC_SHA512)))]
                    
+[OnePassDH (No_KC &lt; KARole(s): Initiator / Responder&gt;) (EC: P-256   SHA256   HMAC) (ED: P-384   SHA384   HMAC) (EE: P-521   HMAC (SHA512, HMAC_SHA512))]
                    
+[StaticUnified (No_KC &lt; KARole(s): Initiator / Responder&gt;) (EC: P-256   SHA256   HMAC) (ED: P-384   SHA384   HMAC) (EE: P-521   HMAC (SHA512, HMAC_SHA512))]
                    
+
                    
+SHS validation number 3648
                    
+ECDSA validation number 1072
                    
+DRBG validation number 1429
                    Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #114
                    
+
                    Version 8.00.6246
                    ECC:  (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Full Validation   Key Regeneration)
                    
+SCHEMES  [FullUnified  (No_KC  &lt; KARole(s): Initiator / Responder &gt; &lt; KDF: CONCAT &gt;) (EC:  P-256   SHA256   HMAC) (ED:  P-384   SHA384   HMAC)]
                    
+
                    SHS validation number  3347 ECDSA validation number 920 DRBG validation number 1222
                    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #93
                    
+
                    Version 10.0.14393
                    FFC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation)
                    
+SCHEMES  [dhEphem  (KARole(s): Initiator / Responder)
                    
+(FB: SHA256) (FC: SHA256)]
                    
+[dhOneFlow (KARole(s): Initiator / Responder) (FB:  SHA256) (FC:  SHA256)] [dhStatic (No_KC  &lt; KARole(s): Initiator / Responder &gt;) (FB:  SHA256 HMAC) (FC:  SHA256   HMAC)]
                    
+
                    SHS validation number  3347 DSA validation number 1098 DRBG validation number 1217
                    
+
                    ECC:  (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation   Key Regeneration) SCHEMES  [EphemeralUnified (No_KC  &lt; KARole(s): Initiator / Responder &gt;) (EC:  P-256   SHA256   HMAC) (ED:  P-384   SHA384   HMAC) (EE:  P-521 HMAC (SHA512, HMAC_SHA512)))]
                    
+[OnePassDH  (No_KC  &lt; KARole(s): Initiator / Responder &gt;) (EC:  P-256   SHA256   HMAC) (ED:  P-384   SHA384   HMAC) (EE:  P-521   HMAC (SHA512, HMAC_SHA512))]
                    
+[StaticUnified (No_KC  &lt; KARole(s): Initiator / Responder &gt;) (EC:  P-256   SHA256   HMAC) (ED:  P-384   SHA384   HMAC) (EE:  P-521   HMAC (SHA512, HMAC_SHA512))]
                    
+
                    SHS validation number  3347 DSA validation number 1098 ECDSA validation number 911 DRBG validation number 1217 HMAC validation number 2651
                    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update Cryptography Next Generation (CNG) Implementations #92
                    
+
                    Version 10.0.14393
                    FFC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation) SCHEMES  [dhEphem  (KARole(s): Initiator / Responder)
                    
+(FB: SHA256) (FC: SHA256)]
                    
+[dhOneFlow (KARole(s): Initiator / Responder) (FB:  SHA256) (FC:  SHA256)] [dhStatic (No_KC  &lt; KARole(s): Initiator / Responder &gt;) (FB:  SHA256 HMAC) (FC:  SHA256   HMAC)]
                    
+
                    SHS validation number  3047 DSA validation number 1024 DRBG validation number 955
                    
+
                    ECC:  (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation   Key Regeneration) SCHEMES  [EphemeralUnified (No_KC  &lt; KARole(s): Initiator / Responder &gt;) (EC:  P-256   SHA256   HMAC) (ED:  P-384   SHA384   HMAC) (EE:  P-521 HMAC (SHA512, HMAC_SHA512)))]
                    
+[OnePassDH  (No_KC  &lt; KARole(s): Initiator / Responder &gt;) (EC:  P-256   SHA256   HMAC) (ED:  P-384   SHA384   HMAC) (EE:  P-521   HMAC (SHA512, HMAC_SHA512))]
                    
+[StaticUnified (No_KC  &lt; KARole(s): Initiator / Responder &gt;) (EC:  P-256   SHA256   HMAC) (ED:  P-384   SHA384   HMAC) (EE:  P-521   HMAC (SHA512, HMAC_SHA512))]
                    
+
                    SHS validation number  3047 ECDSA validation number 760 DRBG validation number 955
                    Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub Cryptography Next Generation (CNG) Implementations #72
                    
+
                    Version 10.0.10586
                    FFC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation) SCHEMES  [dhEphem  (KARole(s): Initiator / Responder)
                    
+(FB: SHA256) (FC: SHA256)]
                    
+[dhOneFlow (KARole(s): Initiator / Responder) (FB:  SHA256) (FC:  SHA256)] [dhStatic (No_KC  &lt; KARole(s): Initiator / Responder &gt;) (FB:  SHA256 HMAC) (FC:  SHA256   HMAC)]
                    
+
                    SHS validation number  2886 DSA validation number 983 DRBG validation number 868
                    
+
                    ECC:  (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation   Key Regeneration) SCHEMES  [EphemeralUnified (No_KC  &lt; KARole(s): Initiator / Responder &gt;) (EC:  P-256   SHA256   HMAC) (ED:  P-384   SHA384   HMAC) (EE:  P-521 HMAC (SHA512, HMAC_SHA512)))]
                    
+[OnePassDH  (No_KC  &lt; KARole(s): Initiator / Responder &gt;) (EC:  P-256   SHA256   HMAC) (ED:  P-384   SHA384   HMAC) (EE:  P-521   HMAC (SHA512, HMAC_SHA512))]
                    
+[StaticUnified (No_KC  &lt; KARole(s): Initiator / Responder &gt;) (EC:  P-256   SHA256   HMAC) (ED:  P-384   SHA384   HMAC) (EE:  P-521   HMAC (SHA512, HMAC_SHA512))]
                    
+
                    SHS validation number  2886 ECDSA validation number 706 DRBG validation number 868
                    Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 Cryptography Next Generation (CNG) Implementations #64
                    
+
                    Version 10.0.10240
                    FFC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation) SCHEMES  [dhEphem  (KARole(s): Initiator / Responder)
                    
+(FB: SHA256) (FC: SHA256)]
                    
+[dhOneFlow (KARole(s): Initiator / Responder) (FB:  SHA256) (FC:  SHA256)] [dhStatic (No_KC  &lt; KARole(s): Initiator / Responder &gt;) (FB:  SHA256 HMAC) (FC:  SHA256   HMAC)]
                    
+
                    SHS validation number 2373 DSA validation number 855 DRBG validation number 489
                    
+
                    ECC:  (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation   Key Regeneration) SCHEMES  [EphemeralUnified (No_KC  &lt; KARole(s): Initiator / Responder &gt;) (EC:  P-256   SHA256   HMAC) (ED:  P-384   SHA384   HMAC) (EE:  P-521 HMAC (SHA512, HMAC_SHA512)))]
                    
+[OnePassDH  (No_KC  &lt; KARole(s): Initiator / Responder &gt;) (EC:  P-256   SHA256   HMAC) (ED:  P-384   SHA384   HMAC) (EE:  P-521   HMAC (SHA512, HMAC_SHA512))]
                    
+[StaticUnified (No_KC  &lt; KARole(s): Initiator / Responder &gt;) (EC:  P-256   SHA256   HMAC) (ED:  P-384   SHA384   HMAC) (EE:  P-521   HMAC (SHA512, HMAC_SHA512))]
                    
+
                    SHS validation number 2373 ECDSA validation number 505 DRBG validation number 489
                    Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 Cryptography Next Generation Cryptographic Implementations #47
                    
+
                    Version 6.3.9600
                    FFC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Partial Validation) SCHEMES [dhEphem (KARole(s): Initiator / Responder)
                    
+(FA: SHA256) (FB: SHA256) (FC: SHA256)]
                    
+[dhOneFlow (KARole(s): Initiator / Responder) (FA: SHA256) (FB: SHA256) (FC: SHA256)]
                    
+[dhStatic (No_KC &lt; KARole(s): Initiator / Responder&gt;) (FA: SHA256 HMAC) (FB: SHA256 HMAC) (FC: SHA256 HMAC)]
                    
+SHS #1903 DSA validation number 687 DRBG #258
                    
+
                    ECC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Partial Validation Key Regeneration) SCHEMES [EphemeralUnified (No_KC &lt; KARole(s): Initiator / Responder&gt;) (EC: P-256 SHA256 HMAC) (ED: P-384 SHA384 HMAC) (EE: P-521 HMAC (SHA512, HMAC_SHA512)))]
                    
+[OnePassDH(No_KC &lt; KARole(s): Initiator / Responder&gt;) (EC: P-256 SHA256) (ED: P-384 SHA384) (EE: P-521 (SHA512, HMAC_SHA512)))]
                    
+[StaticUnified (No_KC &lt; KARole(s): Initiator / Responder&gt;) (EC: P-256 SHA256 HMAC) (ED: P-384 SHA384 HMAC) (EE: P-521 HMAC (SHA512, HMAC_SHA512))]
                    
+
                    
+SHS #1903 ECDSA validation number 341 DRBG #258
                    		Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations #36
                    KAS (SP 800–56A)
                    
+
                    key agreement
                    
+
                    key establishment methodology provides 80 bits to 256 bits of encryption strength
                    Windows 7 and SP1, vendor-affirmed
                    
+
                    Windows Server 2008 R2 and SP1, vendor-affirmed
                    
+
+
+SP 800-108 Key-Based Key Derivation Functions (KBKDF)
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                    Modes / States / Key SizesAlgorithm Implementation and Certificate #
                      
+
                    • Counter:
                      • 
+
                      • 
+
                      • MACs: HMAC-SHA-1, HMAC-SHA-256, HMAC-SHA-384
                        • 
+
                      • 
+
                    
+
                    MAC prerequisite: HMAC #3271
                    
+
                    
+
                      
+
                    • Counter Location: Before Fixed Data
                      • 
+
                    • R Length: 32 (bits)
                      • 
+
                    • SPs used to generate K: SP 800-56A, SP 800-90A
                      • 
+
                    
+
                    
+
                    K prerequisite: DRBG #1734, KAS #150
                    Microsoft Surface Hub Virtual TPM Implementations #161
                    
+
                    Version 10.0.15063.674
                      
+
                    • Counter:
                      • 
+
                      • 
+
                      • MACs: HMAC-SHA-1, HMAC-SHA-256, HMAC-SHA-384
                        • 
+
                      • 
+
                    
+
                    MAC prerequisite: HMAC #3270
                    
+
                    
+
                      
+
                    • Counter Location: Before Fixed Data
                      • 
+
                    • R Length: 32 (bits)
                      • 
+
                    • SPs used to generate K: SP 800-56A, SP 800-90A
                      • 
+
                    
+
                    
+
                    K prerequisite: DRBG #1733, KAS #149
                    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations #160
                    
+
                    Version 10.0.16299
                      
+
                    • Counter:
                      • 
+
                      • 
+
                      • MACs: CMAC-AES-128, CMAC-AES-192, CMAC-AES-256, HMAC-SHA-1, HMAC-SHA-256, HMAC-SHA-384, HMAC-SHA-512
                        • 
+
                      • 
+
                    
+
                    MAC prerequisite: AES #4902, HMAC #3269
                    
+
                    
+
                      
+
                    • Counter Location: Before Fixed Data
                      • 
+
                    • R Length: 32 (bits)
                      • 
+
                    • SPs used to generate K: SP 800-56A, SP 800-90A
                      • 
+
                    • K prerequisite: KAS #148
                      • 
+
                    
+
                    Microsoft Surface Hub Cryptography Next Generation (CNG) Implementations #159
                    
+
                    Version 10.0.15063.674
                      
+
                    • Counter:
                      • 
+
                      • 
+
                      • MACs: CMAC-AES-128, CMAC-AES-192, CMAC-AES-256, HMAC-SHA-1, HMAC-SHA-256, HMAC-SHA-384, HMAC-SHA-512
                        • 
+
                      • 
+
                    
+
                    MAC prerequisite: AES #4901, HMAC #3268
                    
+
                    
+
                      
+
                    • Counter Location: Before Fixed Data
                      • 
+
                    • R Length: 32 (bits)
                      • 
+
                    • SPs used to generate K: SP 800-56A, SP 800-90A
                      • 
+
                    
+
                    
+
                    K prerequisite: KAS #147
                    Windows 10 Mobile (version 1709) Cryptography Next Generation (CNG) Implementations #158
                    
+
                    Version 10.0.15254
                      
+
                    • Counter:
                      • 
+
                      • 
+
                      • MACs: CMAC-AES-128, CMAC-AES-192, CMAC-AES-256, HMAC-SHA-1, HMAC-SHA-256, HMAC-SHA-384, HMAC-SHA-512
                        • 
+
                      • 
+
                    
+
                    MAC prerequisite: AES #4897, HMAC #3267
                    
+
                    
+
                      
+
                    • Counter Location: Before Fixed Data
                      • 
+
                    • R Length: 32 (bits)
                      • 
+
                    • SPs used to generate K: SP 800-56A, SP 800-90A
                      • 
+
                    
+
                    
+
                    K prerequisite: KAS #146
                    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); Cryptography Next Generation (CNG) Implementations #157
                    
+
                    Version 10.0.16299
                    CTR_Mode: (Llength(Min0 Max0) MACSupported([HMACSHA1] [HMACSHA256] [HMACSHA384]) LocationCounter([BeforeFixedData]) rlength([32]))
                    
+
                    
+KAS validation number 128
                    
+DRBG validation number 1556
                    
+MAC validation number 3062
                    Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations #141
                    
+
                    Version 10.0.15063
                    CTR_Mode: (Llength(Min20 Max64) MACSupported([CMACAES128] [CMACAES192] [CMACAES256] [HMACSHA1] [HMACSHA256] [HMACSHA384] [HMACSHA512]) LocationCounter([BeforeFixedData]) rlength([32]))
                    
+
                    
+KAS validation number 127
                    
+AES validation number 4624
                    
+DRBG validation number 1555
                    
+MAC validation number 3061
                    Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile Cryptography Next Generation (CNG) Implementations #140
                    
+
                    Version 10.0.15063
                    CTR_Mode:  (Llength(Min20 Max64) MACSupported([HMACSHA1] [HMACSHA256] [HMACSHA384]) LocationCounter([BeforeFixedData]) rlength([32]))
                    
+
                    KAS validation number 93 DRBG validation number 1222 MAC validation number 2661
                    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #102
                    
+
                    Version 10.0.14393
                    CTR_Mode:  (Llength(Min20 Max64) MACSupported([CMACAES128] [CMACAES192] [CMACAES256] [HMACSHA1] [HMACSHA256] [HMACSHA384] [HMACSHA512]) LocationCounter([BeforeFixedData]) rlength([32]))
                    
+
                    KAS validation number 92 AES validation number 4064 DRBG validation number 1217 MAC validation number 2651
                    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update Cryptography Next Generation (CNG) Implementations #101
                    
+
                    Version 10.0.14393
                    CTR_Mode:  (Llength(Min20 Max64) MACSupported([CMACAES128] [CMACAES192] [CMACAES256] [HMACSHA1] [HMACSHA256] [HMACSHA384] [HMACSHA512]) LocationCounter([BeforeFixedData]) rlength([32]))
                    
+
                    KAS validation number 72 AES validation number 3629 DRBG validation number 955 MAC validation number 2381
                    Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” Cryptography Next Generation (CNG) Implementations #72
                    
+
                    Version 10.0.10586
                    CTR_Mode:  (Llength(Min20 Max64) MACSupported([CMACAES128] [CMACAES192] [CMACAES256] [HMACSHA1] [HMACSHA256] [HMACSHA384] [HMACSHA512]) LocationCounter([BeforeFixedData]) rlength([32]))
                    
+
                    KAS validation number 64 AES validation number 3497 RBG validation number 868 MAC validation number 2233
                    Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 Cryptography Next Generation (CNG) Implementations #66
                    
+
                    Version 10.0.10240
                    CTR_Mode:  (Llength(Min0 Max0) MACSupported([HMACSHA1] [HMACSHA256] [HMACSHA512]) LocationCounter([BeforeFixedData]) rlength([32]))
                    
+
                    DRBG validation number 489 MAC validation number 1773
                    Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 Cryptography Next Generation Cryptographic Implementations #30
                    
+
                    Version 6.3.9600
                    CTR_Mode: (Llength(Min0 Max4) MACSupported([HMACSHA1] [HMACSHA256] [HMACSHA512]) LocationCounter([BeforeFixedData]) rlength([32]))
                    
+
                    DRBG #258 HMAC validation number 1345
                    		Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations #3
                    
+
+
+Random Number Generator (RNG)
+
+
++++
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                    



                    Modes / States / Key SizesAlgorithm Implementation and Certificate #
                    FIPS 186-2 General Purpose
                    
+
                    [(x-Original); (SHA-1)]
                    		Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations #1110
                    FIPS 186-2
                    
+[(x-Original); (SHA-1)]
                    Windows Embedded Compact 7 Enhanced Cryptographic Provider (RSAENH) #1060
                    
+
                    Windows CE 6.0 and Windows CE 6.0 R2 and Windows Mobile Enhanced Cryptographic Provider (RSAENH) #292
                    
+
                    Windows CE and Windows Mobile 6.0 and Windows Mobile 6.5 Enhanced Cryptographic Provider (RSAENH) #286
                    
+
                    Windows CE 5.00 and Windows CE 5.01 Enhanced Cryptographic Provider (RSAENH) #66
                    FIPS 186-2
                    
+[(x-Change Notice); (SHA-1)]
                    
+
                    FIPS 186-2 General Purpose
                    
+[(x-Change Notice); (SHA-1)]
                    Windows 7 and SP1 and Windows Server 2008 R2 and SP1 RNG Library #649
                    
+
                    Windows Vista Ultimate SP1 and Windows Server 2008 RNG Implementation #435
                    
+
                    Windows Vista RNG implementation #321
                    FIPS 186-2 General Purpose
                    
+[(x-Change Notice); (SHA-1)]
                    Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #470
                    
+
                    Windows XP Professional SP3 Kernel Mode Cryptographic Module (fips.sys) #449
                    
+
                    Windows XP Professional SP3 Enhanced Cryptographic Provider (RSAENH) #447
                    
+
                    Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #316
                    
+
                    Windows Server 2003 SP2 Kernel Mode Cryptographic Module (fips.sys) #313
                    FIPS 186-2
                    
+[(x-Change Notice); (SHA-1)]
                    Windows XP Professional SP3 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) #448
                    
+
                    Windows Server 2003 SP2 Enhanced DSS and Diffie-Hellman Cryptographic Provider #314
                    
+
+
+#### RSA
+
+
++++
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                    



                    Modes / States / Key SizesAlgorithm Implementation and Certificate #
                    RSA:
                    
+
                      
+
                    • 186-4:
                      • 
+
                      • 
+
                      • Signature Generation PKCS1.5:
                        • 
+
                        • 
+
                        • Mod 2048 SHA: SHA-1, SHA-256, SHA-384
                          • 
+
                        • 
+
                      • Signature Generation PSS:
                        • 
+
                        • 
+
                        • Mod 2048:
                          • 
+
                          • 
+
                          • SHA-1: Salt Length: 160 (bits)
                            • 
+
                          • SHA-256: Salt Length: 256 (bits)
                            • 
+
                          • SHA-384: Salt Length: 384 (bits)
                            • 
+
                          • 
+
                        • 
+
                      • Signature Verification PKCS1.5:
                        • 
+
                        • 
+
                        • Mod 1024 SHA: SHA-1, SHA-256, SHA-384
                          • 
+
                        • Mod 2048 SHA: SHA-1, SHA-256, SHA-384
                          • 
+
                        • 
+
                      • Signature Verification PSS:
                        • 
+
                        • 
+
                        • Mod 2048:
                          • 
+
                          • 
+
                          • SHA-1: Salt Length: 160 (bits)
                            • 
+
                          • SHA-256: Salt Length: 256 (bits)
                            • 
+
                          • SHA-384: Salt Length: 384 (bits)
                            • 
+
                          • 
+
                        • Mod 3072:
                          • 
+
                          • 
+
                          • SHA-1: Salt Length: 160 (bits)
                            • 
+
                          • SHA-256: Salt Length: 256 (bits)
                            • 
+
                          • SHA-384: Salt Length: 384 (bits)
                            • 
+
                          • 
+
                        • 
+
                      • 
+
                    
+
                    Prerequisite: SHS #4011, DRBG #1734
                    Microsoft Surface Hub Virtual TPM Implementations #2677
                    
+
                    Version 10.0.15063.674
                    RSA:
                    
+
                      
+
                    • 186-4:
                      • 
+
                      • 
+
                      • Signature Generation PKCS1.5:
                        • 
+
                        • 
+
                        • Mod 2048 SHA: SHA-1, SHA-256, SHA-384
                          • 
+
                        • 
+
                      • Signature Generation PSS:
                        • 
+
                        • 
+
                        • Mod 2048:
                          • 
+
                          • 
+
                          • SHA-1: Salt Length: 240 (bits)
                            • 
+
                          • SHA-256: Salt Length: 256 (bits)
                            • 
+
                          • SHA-384: Salt Length: 384 (bits)
                            • 
+
                          • 
+
                        • 
+
                      • Signature Verification PKCS1.5:
                        • 
+
                        • 
+
                        • Mod 1024 SHA: SHA-1, SHA-256, SHA-384
                          • 
+
                        • Mod 2048 SHA: SHA-1, SHA-256, SHA-384
                          • 
+
                        • 
+
                      • Signature Verification PSS:
                        • 
+
                        • 
+
                        • Mod 1024:
                          • 
+
                          • 
+
                          • SHA-1: Salt Length: 160 (bits)
                            • 
+
                          • SHA-256: Salt Length: 256 (bits)
                            • 
+
                          • SHA-384: Salt Length: 384 (bits)
                            • 
+
                          • 
+
                        • Mod 2048:
                          • 
+
                          • 
+
                          • SHA-1: Salt Length: 160 (bits)
                            • 
+
                          • SHA-256: Salt Length: 256 (bits)
                            • 
+
                          • SHA-384: Salt Length: 384 (bits)
                            • 
+
                          • 
+
                        • 
+
                      • 
+
                    
+
                    Prerequisite: SHS #4009, DRBG #1733
                    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations #2676
                    
+
                    Version 10.0.16299
                    RSA:
                    
+
                      
+
                    • 186-4:
                      • 
+
                      • 
+
                      • Key Generation:
                        • 
+
                      • Signature Verification PKCS1.5:
                        • 
+
                        • 
+
                        • Mod 1024 SHA: SHA-1, SHA-256, SHA-384, SHA-512
                          • 
+
                        • Mod 2048 SHA: SHA-1, SHA-256, SHA-384, SHA-512
                          • 
+
                        • Mod 3072 SHA: SHA-1, SHA-256, SHA-384, SHA-512
                          • 
+
                        • 
+
                      • 
+
                    
+
                    Prerequisite: SHS #4011, DRBG #1732
                    Microsoft Surface Hub RSA32 Algorithm Implementations #2675
                    
+
                    Version 10.0.15063.674
                    RSA:
                    
+
                      
+
                    • 186-4:
                      • 
+
                      • 
+
                      • Signature Verification PKCS1.5:
                        • 
+
                        • 
+
                        • Mod 1024 SHA: SHA-1, SHA-256, SHA-384, SHA-512
                          • 
+
                        • Mod 2048 SHA: SHA-1, SHA-256, SHA-384, SHA-512
                          • 
+
                        • Mod 3072 SHA: SHA-1, SHA-256, SHA-384, SHA-512
                          • 
+
                        • 
+
                      • 
+
                    
+
                    Prerequisite: SHS #4009, DRBG #1730
                    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); RSA32 Algorithm Implementations #2674
                    
+
                    Version 10.0.16299
                    RSA:
                    
+
                      
+
                    • 186-4:
                      • 
+
                      • 
+
                      • Signature Verification PKCS1.5:
                        • 
+
                        • 
+
                        • Mod 1024 SHA: SHA-1, SHA-256, SHA-384, SHA-512
                          • 
+
                        • Mod 2048 SHA: SHA-1, SHA-256, SHA-384, SHA-512
                          • 
+
                        • Mod 3072 SHA: SHA-1, SHA-256, SHA-384, SHA-512
                          • 
+
                        • 
+
                      • 
+
                    
+
                    Prerequisite: SHS #4010, DRBG #1731
                    Windows 10 Mobile (version 1709) RSA32 Algorithm Implementations #2673
                    
+
                    Version 10.0.15254
                    RSA:
                    
+
                      
+
                    • 186-4:
                      • 
+
                      • 
+
                      • Key Generation:
                        • 
+
                        • 
+
                        • Public Key Exponent: Fixed (10001)
                          • 
+
                        • Provable Primes with Conditions:
                          • 
+
                          • 
+
                          • Mod lengths: 2048, 3072 (bits)
                            • 
+
                          • Primality Tests: C.3
                            • 
+
                          • 
+
                        • 
+
                      • Signature Generation PKCS1.5:
                        • 
+
                        • 
+
                        • Mod 2048 SHA: SHA-1, SHA-256, SHA-384, SHA-512
                          • 
+
                        • Mod 3072 SHA: SHA-1, SHA-256, SHA-384, SHA-512
                          • 
+
                        • 
+
                      • Signature Generation PSS:
                        • 
+
                        • 
+
                        • Mod 2048:
                          • 
+
                          • 
+
                          • SHA-1: Salt Length: 160 (bits)
                            • 
+
                          • SHA-256: Salt Length: 256 (bits)
                            • 
+
                          • SHA-384: Salt Length: 384 (bits)
                            • 
+
                          • SHA-512: Salt Length: 512 (bits)
                            • 
+
                          • 
+
                        • Mod 3072:
                          • 
+
                          • 
+
                          • SHA-1: Salt Length: 160 (bits)
                            • 
+
                          • SHA-256: Salt Length: 256 (bits)
                            • 
+
                          • SHA-384: Salt Length: 384 (bits)
                            • 
+
                          • SHA-512: Salt Length: 512 (bits)
                            • 
+
                          • 
+
                        • 
+
                      • Signature Verification PKCS1.5:
                        • 
+
                        • 
+
                        • Mod 1024 SHA: SHA-1, SHA-256, SHA-384, SHA-512
                          • 
+
                        • Mod 2048 SHA: SHA-1, SHA-256, SHA-384, SHA-512
                          • 
+
                        • Mod 3072 SHA: SHA-1, SHA-256, SHA-384, SHA-512
                          • 
+
                        • 
+
                      • Signature Verification PSS:
                        • 
+
                        • 
+
                        • Mod 1024:
                          • 
+
                          • 
+
                          • SHA-1: Salt Length: 160 (bits)
                            • 
+
                          • SHA-256: Salt Length: 256 (bits)
                            • 
+
                          • SHA-384: Salt Length: 384 (bits)
                            • 
+
                          • SHA-512: Salt Length: 496 (bits)
                            • 
+
                          • 
+
                        • Mod 2048:
                          • 
+
                          • 
+
                          • SHA-1: Salt Length: 160 (bits)
                            • 
+
                          • SHA-256: Salt Length: 256 (bits)
                            • 
+
                          • SHA-384: Salt Length: 384 (bits)
                            • 
+
                          • SHA-512: Salt Length: 512 (bits)
                            • 
+
                          • 
+
                        • Mod 3072:
                          • 
+
                          • 
+
                          • SHA-1: Salt Length: 160 (bits)
                            • 
+
                          • SHA-256: Salt Length: 256 (bits)
                            • 
+
                          • SHA-384: Salt Length: 384 (bits)
                            • 
+
                          • SHA-512: Salt Length: 512 (bits)
                            • 
+
                          • 
+
                        • 
+
                      • 
+
                    
+
                    Prerequisite: SHS #4011, DRBG #1732
                    Microsoft Surface Hub MsBignum Cryptographic Implementations #2672
                    
+
                    Version 10.0.15063.674
                    RSA:
                    
+
                      
+
                    • 186-4:
                      • 
+
                      • 
+
                      • Key Generation:
                        • 
+
                        • 
+
                        • Probable Random Primes:
                          • 
+
                          • 
+
                          • Mod lengths: 2048, 3072 (bits)
                            • 
+
                          • Primality Tests: C.2
                            • 
+
                          • 
+
                        • 
+
                      • Signature Generation PKCS1.5:
                        • 
+
                        • 
+
                        • Mod 2048 SHA: SHA-1, SHA-256, SHA-384, SHA-512
                          • 
+
                        • Mod 3072 SHA: SHA-1, SHA-256, SHA-384, SHA-512
                          • 
+
                        • 
+
                      • Signature Generation PSS:
                        • 
+
                        • 
+
                        • Mod 2048:
                          • 
+
                          • 
+
                          • SHA-1: Salt Length: 160 (bits)
                            • 
+
                          • SHA-256: Salt Length: 256 (bits)
                            • 
+
                          • SHA-384: Salt Length: 384 (bits)
                            • 
+
                          • SHA-512: Salt Length: 512 (bits)
                            • 
+
                          • 
+
                        • Mod 3072:
                          • 
+
                          • 
+
                          • SHA-1: Salt Length: 160 (bits)
                            • 
+
                          • SHA-256: Salt Length: 256 (bits)
                            • 
+
                          • SHA-384: Salt Length: 384 (bits)
                            • 
+
                          • SHA-512: Salt Length: 512 (bits)
                            • 
+
                          • 
+
                        • 
+
                      • Signature Verification PKCS1.5:
                        • 
+
                        • 
+
                        • Mod 1024 SHA: SHA-1, SHA-256, SHA-384, SHA-512
                          • 
+
                        • Mod 2048 SHA: SHA-1, SHA-256, SHA-384, SHA-512
                          • 
+
                        • Mod 3072 SHA: SHA-1, SHA-256, SHA-384, SHA-512
                          • 
+
                        • 
+
                      • Signature Verification PSS:
                        • 
+
                        • 
+
                        • Mod 1024:
                          • 
+
                          • 
+
                          • SHA-1: Salt Length: 160 (bits)
                            • 
+
                          • SHA-256: Salt Length: 256 (bits)
                            • 
+
                          • SHA-384: Salt Length: 384 (bits)
                            • 
+
                          • SHA-512: Salt Length: 496 (bits)
                            • 
+
                          • 
+
                        • Mod 2048:
                          • 
+
                          • 
+
                          • SHA-1: Salt Length: 160 (bits)
                            • 
+
                          • SHA-256: Salt Length: 256 (bits)
                            • 
+
                          • SHA-384: Salt Length: 384 (bits)
                            • 
+
                          • SHA-512: Salt Length: 512 (bits)
                            • 
+
                          • 
+
                        • Mod 3072:
                          • 
+
                          • 
+
                          • SHA-1: Salt Length: 160 (bits)
                            • 
+
                          • SHA-256: Salt Length: 256 (bits)
                            • 
+
                          • SHA-384: Salt Length: 384 (bits)
                            • 
+
                          • SHA-512: Salt Length: 512 (bits)
                            • 
+
                          • 
+
                        • 
+
                      • 
+
                    
+
                    Prerequisite: SHS #4011, DRBG #1732
                    Microsoft Surface Hub SymCrypt Cryptographic Implementations #2671
                    
+
                    Version 10.0.15063.674
                    RSA:
                    
+
                      
+
                    • 186-4:
                      • 
+
                      • 
+
                      • Key Generation:
                        • 
+
                        • 
+
                        • Probable Random Primes:
                          • 
+
                          • 
+
                          • Mod lengths: 2048, 3072 (bits)
                            • 
+
                          • Primality Tests: C.2
                            • 
+
                          • 
+
                        • 
+
                      • Signature Generation PKCS1.5:
                        • 
+
                        • 
+
                        • Mod 2048 SHA: SHA-1, SHA-256, SHA-384, SHA-512
                          • 
+
                        • Mod 3072 SHA: SHA-1, SHA-256, SHA-384, SHA-512
                          • 
+
                        • 
+
                      • Signature Generation PSS:
                        • 
+
                        • 
+
                        • Mod 2048:
                          • 
+
                          • 
+
                          • SHA-1: Salt Length: 160 (bits)
                            • 
+
                          • SHA-256: Salt Length: 256 (bits)
                            • 
+
                          • SHA-384: Salt Length: 384 (bits)
                            • 
+
                          • SHA-512: Salt Length: 512 (bits)
                            • 
+
                          • 
+
                        • Mod 3072:
                          • 
+
                          • 
+
                          • SHA-1: Salt Length: 160 (bits)
                            • 
+
                          • SHA-256: Salt Length: 256 (bits)
                            • 
+
                          • SHA-384: Salt Length: 384 (bits)
                            • 
+
                          • SHA-512: Salt Length: 512 (bits)
                            • 
+
                          • 
+
                        • 
+
                      • Signature Verification PKCS1.5:
                        • 
+
                        • 
+
                        • Mod 1024 SHA: SHA-1, SHA-256, SHA-384, SHA-512
                          • 
+
                        • Mod 2048 SHA: SHA-1, SHA-256, SHA-384, SHA-512
                          • 
+
                        • Mod 3072 SHA: SHA-1, SHA-256, SHA-384, SHA-512
                          • 
+
                        • 
+
                      • Signature Verification PSS:
                        • 
+
                        • 
+
                        • Mod 1024:
                          • 
+
                          • 
+
                          • SHA-1: Salt Length: 160 (bits)
                            • 
+
                          • SHA-256: Salt Length: 256 (bits)
                            • 
+
                          • SHA-384: Salt Length: 384 (bits)
                            • 
+
                          • SHA-512: Salt Length: 496 (bits)
                            • 
+
                          • 
+
                        • Mod 2048:
                          • 
+
                          • 
+
                          • SHA-1: Salt Length: 160 (bits)
                            • 
+
                          • SHA-256: Salt Length: 256 (bits)
                            • 
+
                          • SHA-384: Salt Length: 384 (bits)
                            • 
+
                          • SHA-512: Salt Length: 512 (bits)
                            • 
+
                          • 
+
                        • Mod 3072:
                          • 
+
                          • 
+
                          • SHA-1: Salt Length: 160 (bits)
                            • 
+
                          • SHA-256: Salt Length: 256 (bits)
                            • 
+
                          • SHA-384: Salt Length: 384 (bits)
                            • 
+
                          • SHA-512: Salt Length: 512 (bits)
                            • 
+
                          • 
+
                        • 
+
                      • 
+
                    
+
                    Prerequisite: SHS #4010, DRBG #1731
                    Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #2670
                    
+
                    Version 10.0.15254
                    RSA:
                    
+
                      
+
                    • 186-4:
                      • 
+
                      • 
+
                      • Key Generation:
                        • 
+
                        • 
+
                        • Public Key Exponent: Fixed (10001)
                          • 
+
                        • Provable Primes with Conditions:
                          • 
+
                          • 
+
                          • Mod lengths: 2048, 3072 (bits)
                            • 
+
                          • Primality Tests: C.3
                            • 
+
                          • 
+
                        • 
+
                      • Signature Generation PKCS1.5:
                        • 
+
                        • 
+
                        • Mod 2048 SHA: SHA-1, SHA-256, SHA-384, SHA-512
                          • 
+
                        • Mod 3072 SHA: SHA-1, SHA-256, SHA-384, SHA-512
                          • 
+
                        • 
+
                      • Signature Generation PSS:
                        • 
+
                        • 
+
                        • Mod 2048:
                          • 
+
                          • 
+
                          • SHA-1: Salt Length: 160 (bits)
                            • 
+
                          • SHA-256: Salt Length: 256 (bits)
                            • 
+
                          • SHA-384: Salt Length: 384 (bits)
                            • 
+
                          • SHA-512: Salt Length: 512 (bits)
                            • 
+
                          • 
+
                        • Mod 3072:
                          • 
+
                          • 
+
                          • SHA-1: Salt Length: 160 (bits)
                            • 
+
                          • SHA-256: Salt Length: 256 (bits)
                            • 
+
                          • SHA-384: Salt Length: 384 (bits)
                            • 
+
                          • SHA-512: Salt Length: 512 (bits)
                            • 
+
                          • 
+
                        • 
+
                      • Signature Verification PKCS1.5:
                        • 
+
                        • 
+
                        • Mod 1024 SHA: SHA-1, SHA-256, SHA-384, SHA-512
                          • 
+
                        • Mod 2048 SHA: SHA-1, SHA-256, SHA-384, SHA-512
                          • 
+
                        • Mod 3072 SHA: SHA-1, SHA-256, SHA-384, SHA-512
                          • 
+
                        • 
+
                      • Signature Verification PSS:
                        • 
+
                        • 
+
                        • Mod 1024:
                          • 
+
                          • 
+
                          • SHA-1: Salt Length: 160 (bits)
                            • 
+
                          • SHA-256: Salt Length: 256 (bits)
                            • 
+
                          • SHA-384: Salt Length: 384 (bits)
                            • 
+
                          • SHA-512: Salt Length: 496 (bits)
                            • 
+
                          • 
+
                        • Mod 2048:
                          • 
+
                          • 
+
                          • SHA-1: Salt Length: 160 (bits)
                            • 
+
                          • SHA-256: Salt Length: 256 (bits)
                            • 
+
                          • SHA-384: Salt Length: 384 (bits)
                            • 
+
                          • SHA-512: Salt Length: 512 (bits)
                            • 
+
                          • 
+
                        • Mod 3072:
                          • 
+
                          • 
+
                          • SHA-1: Salt Length: 160 (bits)
                            • 
+
                          • SHA-256: Salt Length: 256 (bits)
                            • 
+
                          • SHA-384: Salt Length: 384 (bits)
                            • 
+
                          • SHA-512: Salt Length: 512 (bits)
                            • 
+
                          • 
+
                        • 
+
                      • 
+
                    
+
                    Prerequisite: SHS #4010, DRBG #1731
                    Windows 10 Mobile (version 1709) MsBignum Cryptographic Implementations #2669
                    
+
                    Version 10.0.15254
                      
+
                    • 186-4:
                      • 
+
                      • 
+
                      • Key Generation:
                        • 
+
                        • 
+
                        • Public Key Exponent: Fixed (10001)
                          • 
+
                        • Provable Primes with Conditions:
                          • 
+
                          • 
+
                          • Mod lengths: 2048, 3072 (bits)
                            • 
+
                          • Primality Tests: C.3
                            • 
+
                          • 
+
                        • 
+
                      • Signature Generation PKCS1.5:
                        • 
+
                        • 
+
                        • Mod 2048 SHA: SHA-1, SHA-256, SHA-384, SHA-512
                          • 
+
                        • Mod 3072 SHA: SHA-1, SHA-256, SHA-384, SHA-512
                          • 
+
                        • 
+
                      • Signature Generation PSS:
                        • 
+
                        • 
+
                        • Mod 2048:
                          • 
+
                          • 
+
                          • SHA-1: Salt Length: 160 (bits)
                            • 
+
                          • SHA-256: Salt Length: 256 (bits)
                            • 
+
                          • SHA-384: Salt Length: 384 (bits)
                            • 
+
                          • SHA-512: Salt Length: 512 (bits)
                            • 
+
                          • 
+
                        • Mod 3072:
                          • 
+
                          • 
+
                          • SHA-1: Salt Length: 160 (bits)
                            • 
+
                          • SHA-256: Salt Length: 256 (bits)
                            • 
+
                          • SHA-384: Salt Length: 384 (bits)
                            • 
+
                          • SHA-512: Salt Length: 512 (bits)
                            • 
+
                          • 
+
                        • 
+
                      • Signature Verification PKCS1.5:
                        • 
+
                        • 
+
                        • Mod 1024 SHA: SHA-1, SHA-256, SHA-384, SHA-512
                          • 
+
                        • Mod 2048 SHA: SHA-1, SHA-256, SHA-384, SHA-512
                          • 
+
                        • Mod 3072 SHA: SHA-1, SHA-256, SHA-384, SHA-512
                          • 
+
                        • 
+
                      • Signature Verification PSS:
                        • 
+
                        • 
+
                        • Mod 1024:
                          • 
+
                          • 
+
                          • SHA-1: Salt Length: 160 (bits)
                            • 
+
                          • SHA-256: Salt Length: 256 (bits)
                            • 
+
                          • SHA-384: Salt Length: 384 (bits)
                            • 
+
                          • SHA-512: Salt Length: 496 (bits)
                            • 
+
                          • 
+
                        • Mod 2048:
                          • 
+
                          • 
+
                          • SHA-1: Salt Length: 160 (bits)
                            • 
+
                          • SHA-256: Salt Length: 256 (bits)
                            • 
+
                          • SHA-384: Salt Length: 384 (bits)
                            • 
+
                          • SHA-512: Salt Length: 512 (bits)
                            • 
+
                          • 
+
                        • Mod 3072:
                          • 
+
                          • 
+
                          • SHA-1: Salt Length: 160 (bits)
                            • 
+
                          • SHA-256: Salt Length: 256 (bits)
                            • 
+
                          • SHA-384: Salt Length: 384 (bits)
                            • 
+
                          • SHA-512: Salt Length: 512 (bits)
                            • 
+
                          • 
+
                        • 
+
                      • 
+
                    
+
                    Prerequisite: SHS #4009, DRBG #1730
                    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); MsBignum Cryptographic Implementations #2668
                    
+
                    Version 10.0.16299
                      
+
                    • 186-4:
                      • 
+
                      • 
+
                      • Key Generation:
                        • 
+
                        • 
+
                        • Probable Random Primes:
                          • 
+
                          • 
+
                          • Mod lengths: 2048, 3072 (bits)
                            • 
+
                          • Primality Tests: C.2
                            • 
+
                          • 
+
                        • 
+
                      • Signature Generation PKCS1.5:
                        • 
+
                        • 
+
                        • Mod 2048 SHA: SHA-1, SHA-256, SHA-384, SHA-512
                          • 
+
                        • Mod 3072 SHA: SHA-1, SHA-256, SHA-384, SHA-512
                          • 
+
                        • 
+
                      • Signature Generation PSS:
                        • 
+
                        • 
+
                        • Mod 2048:
                          • 
+
                          • 
+
                          • SHA-1: Salt Length: 160 (bits)
                            • 
+
                          • SHA-256: Salt Length: 256 (bits)
                            • 
+
                          • SHA-384: Salt Length: 384 (bits)
                            • 
+
                          • SHA-512: Salt Length: 512 (bits)
                            • 
+
                          • 
+
                        • Mod 3072:
                          • 
+
                          • 
+
                          • SHA-1: Salt Length: 160 (bits)
                            • 
+
                          • SHA-256: Salt Length: 256 (bits)
                            • 
+
                          • SHA-384: Salt Length: 384 (bits)
                            • 
+
                          • SHA-512: Salt Length: 512 (bits)
                            • 
+
                          • 
+
                        • 
+
                      • Signature Verification PKCS1.5:
                        • 
+
                        • 
+
                        • Mod 1024 SHA: SHA-1, SHA-256, SHA-384, SHA-512
                          • 
+
                        • Mod 2048 SHA: SHA-1, SHA-256, SHA-384, SHA-512
                          • 
+
                        • Mod 3072 SHA: SHA-1, SHA-256, SHA-384, SHA-512
                          • 
+
                        • 
+
                      • Signature Verification PSS:
                        • 
+
                        • 
+
                        • Mod 1024:
                          • 
+
                          • 
+
                          • SHA-1: Salt Length: 160 (bits)
                            • 
+
                          • SHA-256: Salt Length: 256 (bits)
                            • 
+
                          • SHA-384: Salt Length: 384 (bits)
                            • 
+
                          • SHA-512: Salt Length: 496 (bits)
                            • 
+
                          • 
+
                        • Mod 2048:
                          • 
+
                          • 
+
                          • SHA-1: Salt Length: 160 (bits)
                            • 
+
                          • SHA-256: Salt Length: 256 (bits)
                            • 
+
                          • SHA-384: Salt Length: 384 (bits)
                            • 
+
                          • SHA-512: Salt Length: 512 (bits)
                            • 
+
                          • 
+
                        • Mod 3072:
                          • 
+
                          • 
+
                          • SHA-1: Salt Length: 160 (bits)
                            • 
+
                          • SHA-256: Salt Length: 256 (bits)
                            • 
+
                          • SHA-384: Salt Length: 384 (bits)
                            • 
+
                          • SHA-512: Salt Length: 512 (bits)
                            • 
+
                          • 
+
                        • 
+
                      • 
+
                    
+
                    Prerequisite: SHS #4009, DRBG #1730
                    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #2667
                    
+
                    Version 10.0.16299
                    FIPS186-4:
                    
+ALG[RSASSA-PKCS1_V1_5]                     SIG(gen) (2048 SHA(1, 256, 384)) SIG(gen) with SHA-1 affirmed for use with protocols only.
                    
+                     SIG(Ver) (1024 SHA(1, 256, 384)) (2048 SHA(1, 256, 384))
                    
+[RSASSA-PSS]: Sig(Gen): (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48))) SIG(gen) with SHA-1 affirmed for use with protocols only.
                    
+                     Sig(Ver): (1024 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48))) (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48)))
                    
+SHA validation number 3790
                    Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations #2524
                    
+
                    Version 10.0.15063
                    FIPS186-4:
                    
+ALG[RSASSA-PKCS1_V1_5]                     SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))
                    
+SHA validation number 3790
                    Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile RSA32 Algorithm Implementations #2523
                    
+
                    Version 10.0.15063
                    FIPS186-4:
                    
+186-4KEY(gen):                     FIPS186-4_Fixed_e (10001);
                    
+PGM(ProbPrimeCondition): 2048, 3072 PPTT:(C.3)
                    
+ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512)) SIG(gen) with SHA-1 affirmed for use with protocols only.
                    
+                     SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))
                    
+[RSASSA-PSS]: Sig(Gen): (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) SIG(gen) with SHA-1 affirmed for use with protocols only.
                    
+                     Sig(Ver): (1024 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(62))) (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64)))
                    
+SHA validation number 3790
                    
+DRBG: validation number  1555
                    Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile MsBignum Cryptographic Implementations #2522
                    
+
                    Version 10.0.15063
                    FIPS186-4:
                    
+186-4KEY(gen):
                    
+PGM(ProbRandom:                     (2048, 3072) PPTT:(C.2)
                    
+ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512)) SIG(gen) with SHA-1 affirmed for use with protocols only.
                    
+                     SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))
                    
+[RSASSA-PSS]: Sig(Gen): (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) SIG(gen) with SHA-1 affirmed for use with protocols only.
                    
+                     Sig(Ver): (1024 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(62))) (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64)))
                    
+SHA validation number 3790
                    Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #2521
                    
+
                    Version 10.0.15063
                    FIPS186-2:
                    
+ALG[ANSIX9.31]:
                    
+SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 3652
                    
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 4096, SHS: SHA-256validation number 3652, SHA-384validation number 3652, SHA-512validation number 3652
                    
+SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 3652, SHA-256validation number 3652, SHA-384validation number 3652, SHA-512validation number 3652
                    
+
                    FIPS186-4:
                    
+ALG[ANSIX9.31]                     Sig(Gen): (2048 SHA(1)) (3072 SHA(1))
                    
+SIG(gen) with SHA-1 affirmed for use with protocols only.                     Sig(Ver): (1024 SHA(1)) (2048 SHA(1)) (3072 SHA(1))
                    
+ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512)) SIG(gen) with SHA-1 affirmed for use with protocols only.
                    
+                     SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))
                    
+SHA validation number 3652
                    Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #2415
                    
+
                    Version 7.00.2872
                    FIPS186-2:
                    
+ALG[ANSIX9.31]:
                    
+SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 3651
                    
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 4096, SHS: SHA-256validation number 3651, SHA-384validation number 3651, SHA-512validation number 3651
                    
+SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 3651, SHA-256validation number 3651, SHA-384validation number 3651, SHA-512validation number 3651
                    
+
                    FIPS186-4:
                    
+ALG[ANSIX9.31]                     Sig(Gen): (2048 SHA(1)) (3072 SHA(1))
                    
+SIG(gen) with SHA-1 affirmed for use with protocols only.                     Sig(Ver): (1024 SHA(1)) (2048 SHA(1)) (3072 SHA(1))
                    
+ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512)) SIG(gen) with SHA-1 affirmed for use with protocols only.
                    
+                     SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))
                    
+SHA validation number 3651
                    Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #2414
                    
+
                    Version 8.00.6246
                    FIPS186-2:
                    
+ALG[RSASSA-PKCS1_V1_5]:                     SIG(gen) 4096, SHS: SHA-256validation number  3649, SHA-384validation number  3649, SHA-512validation number  3649
                    
+SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number  3649, SHA-256validation number  3649, SHA-384validation number  3649, SHA-512validation number  3649
                    
+
                    FIPS186-4:
                    
+186-4KEY(gen):                     FIPS186-4_Fixed_e (10001);
                    
+PGM(ProbRandom: (2048, 3072) PPTT:(C.2)
                    
+ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512)) SIG(gen) with SHA-1 affirmed for use with protocols only.
                    
+                     SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))
                    
+SHA validation number  3649
                    
+DRBG: validation number  1430
                    Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #2412
                    
+
                    Version 7.00.2872
                    FIPS186-2:
                    
+ALG[RSASSA-PKCS1_V1_5]:                     SIG(gen) 4096, SHS: SHA-256validation number 3648, SHA-384validation number 3648, SHA-512validation number 3648
                    
+SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 3648, SHA-256validation number 3648, SHA-384validation number 3648, SHA-512validation number 3648
                    
+
                    FIPS186-4:
                    
+186-4KEY(gen):                     FIPS186-4_Fixed_e (10001);
                    
+PGM(ProbRandom: (2048, 3072) PPTT:(C.2)
                    
+ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512)) SIG(gen) with SHA-1 affirmed for use with protocols only.
                    
+                     SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))
                    
+SHA validation number 3648
                    
+DRBG: validation number  1429
                    Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #2411
                    
+
                    Version 8.00.6246
                    FIPS186-4:
                    
+ALG[RSASSA-PKCS1_V1_5]                     SIG(gen) (2048 SHA(1, 256, 384)) SIG(gen) with SHA-1 affirmed for use with protocols only.
                    
+SIG(Ver) (1024 SHA(1, 256, 384)) (2048 SHA(1, 256, 384))
                    
+[RSASSA-PSS]: Sig(Gen): (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48))) SIG(gen) with SHA-1 affirmed for use with protocols only.
                    
+Sig(Ver): (1024 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48))) (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48)))
                    
+
                    SHA validation number  3347
                    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #2206
                    
+
                    Version 10.0.14393
                    FIPS186-4:
                    
+186-4KEY(gen):                     FIPS186-4_Fixed_e (10001);
                    
+PGM(ProbPrimeCondition): 2048, 3072 PPTT:(C.3)
                    
+
                    SHA validation number  3347 DRBG: validation number  1217
                    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update RSA Key Generation Implementation #2195
                    
+
                    Version 10.0.14393
                    FIPS186-4:
                    
+ALG[RSASSA-PKCS1_V1_5]                     SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))
                    
+
                    SHA validation number 3346
                    soft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update RSA32 Algorithm Implementations #2194
                    
+
                    Version 10.0.14393
                    FIPS186-4:
                    
+ALG[RSASSA-PKCS1_V1_5]                     SIG(gen) (2048 SHA(256, 384, 512)) (3072 SHA(256, 384, 512))
                    
+SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))
                    
+
                    SHA validation number  3347 DRBG: validation number  1217
                    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update MsBignum Cryptographic Implementations #2193
                    
+
                    Version 10.0.14393
                    FIPS186-4:
                    
+[RSASSA-PSS]: Sig(Gen):                     (2048 SHA(256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64)))
                    
+
                    Sig(Ver): (1024 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(62))) (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64)))
                    
+
                    SHA validation number  3347 DRBG: validation number  1217
                    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update Cryptography Next Generation (CNG) Implementations #2192
                    
+
                    Version 10.0.14393
                    FIPS186-4:
                    
+186-4KEY(gen)                    :  FIPS186-4_Fixed_e (10001);
                    
+PGM(ProbPrimeCondition): 2048, 3072 PPTT:(C.3)
                    
+
                    SHA validation number  3047 DRBG: validation number  955
                    Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” RSA Key Generation Implementation #1889
                    
+
                    Version 10.0.10586
                    FIPS186-4:
                    
+ALG[RSASSA-PKCS1_V1_5]                     SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))
                    
+
                    SHA validation number 3048
                    Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub RSA32 Algorithm Implementations #1871
                    
+
                    Version 10.0.10586
                    FIPS186-4:
                    
+ALG[RSASSA-PKCS1_V1_5]                     SIG(gen) (2048 SHA(256, 384, 512)) (3072 SHA(256, 384, 512))
                    
+SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))
                    
+
                    SHA validation number  3047
                    Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub MsBignum Cryptographic Implementations #1888
                    
+
                    Version 10.0.10586
                    FIPS186-4:
                    
+[RSASSA-PSS]: Sig(Gen)                    : (2048 SHA(256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64)))
                    
+Sig(Ver): (1024 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(62))) (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64)))
                    
+
                    SHA validation number  3047
                    Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub Cryptography Next Generation (CNG) Implementations #1887
                    
+
                    Version 10.0.10586
                    FIPS186-4:
                    
+186-4KEY(gen):                     FIPS186-4_Fixed_e (10001);
                    
+PGM(ProbPrimeCondition): 2048, 3072 PPTT:(C.3)
                    
+
                    SHA validation number  2886 DRBG: validation number  868
                    Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 RSA Key Generation Implementation #1798
                    
+
                    Version 10.0.10240
                    FIPS186-4:
                    
+ALG[RSASSA-PKCS1_V1_5]                     SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))
                    
+
                    SHA validation number 2871
                    Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 RSA32 Algorithm Implementations #1784
                    
+
                    Version 10.0.10240
                    FIPS186-4:
                    
+ALG[RSASSA-PKCS1_V1_5]                     SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))
                    
+
                    SHA validation number 2871
                    Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 MsBignum Cryptographic Implementations #1783
                    
+
                    Version 10.0.10240
                    FIPS186-4:
                    
+[RSASSA-PSS]:                     Sig(Gen): (2048 SHA(256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64)))
                    
+Sig(Ver): (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64)))
                    
+
                    SHA validation number  2886
                    Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 Cryptography Next Generation (CNG) Implementations #1802
                    
+
                    Version 10.0.10240
                    FIPS186-4:
                    
+186-4KEY(gen):                     FIPS186-4_Fixed_e;
                    
+PGM(ProbPrimeCondition): 2048, 3072 PPTT:(C.3)
                    
+
                    SHA validation number 2373 DRBG: validation number  489
                    Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 RSA Key Generation Implementation #1487
                    
+
                    Version 6.3.9600
                    FIPS186-4:
                    
+ALG[RSASSA-PKCS1_V1_5]                     SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))
                    
+
                    SHA validation number 2373
                    Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry RSA32 Algorithm Implementations #1494
                    
+
                    Version 6.3.9600
                    FIPS186-4:
                    
+ALG[RSASSA-PKCS1_V1_5                    ] SIG(gen) (2048 SHA(256, 384, 512)) (3072 SHA(256, 384, 512))
                    
+SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))
                    
+
                    SHA validation number 2373
                    Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations #1493
                    
+
                    Version 6.3.9600
                    FIPS186-4:
                    
+[RSASSA-PSS]:                     Sig(Gen): (2048 SHA(256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64)))
                    
+ Sig(Ver): (1024 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(62))) (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64)))
                    
+
                    SHA validation number 2373
                    Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 Cryptography Next Generation Cryptographic Implementations #1519
                    
+
                    Version 6.3.9600
                    FIPS186-4:
                    
+ALG[RSASSA-PKCS1_V1_5]                     SIG(gen) (2048 SHA(256, 384, 512-256)) (3072 SHA(256, 384, 512-256))
                    
+SIG(Ver) (1024 SHA(1, 256, 384, 512-256)) (2048 SHA(1, 256, 384, 512-256)) (3072 SHA(1, 256, 384, 512-256))
                    
+[RSASSA-PSS]: Sig(Gen): (2048 SHA(256, 384, 512)) (3072 SHA(256, 384, 512))
                    
+Sig(Ver): (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512, 512))
                    
+SHA #1903
                    
+
                    Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List validation number 1134.
                    		Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations #1134
                    FIPS186-4:
                    
+186-4KEY(gen):                     FIPS186-4_Fixed_e, FIPS186-4_Fixed_e_Value
                    
+PGM(ProbPrimeCondition): 2048, 3072 PPTT:(C.3)
                    
+SHA #1903 DRBG: #258                    		Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 RSA Key Generation Implementation #1133
                    FIPS186-2:
                    
+ALG[ANSIX9.31]:                     Key(gen)(MOD: 2048, 3072, 4096 PubKey Values: 65537 DRBG: #258
                    
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256#1902, SHA-384#1902, SHA-512#1902,
                    
+SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1#1902, SHA-256#1902, SHA-#1902, SHA-512#1902,
                    
+Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List validation number 1132.                    		Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Enhanced Cryptographic Provider (RSAENH) #1132
                    FIPS186-2:
                    
+ALG[ANSIX9.31]:
                    
+SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 1774
                    
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256validation number 1774, SHA-384validation number 1774, SHA-512validation number 1774,
                    
+SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 1774, SHA-256validation number 1774, SHA-384validation number 1774, SHA-512validation number 1774,
                    
+Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List validation number 1052.                    		Windows Embedded Compact 7 Enhanced Cryptographic Provider (RSAENH) #1052
                    FIPS186-2:
                    
+ALG[ANSIX9.31]:                     Key(gen)(MOD: 2048, 3072, 4096 PubKey Values: 65537 DRBG: validation number  193
                    
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256validation number 1773, SHA-384validation number 1773, SHA-512validation number 1773,
                    
+SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 1773, SHA-256validation number 1773, SHA-384validation number 1773, SHA-512validation number 1773,
                    
+Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List validation number 1051.                    		Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1051
                    FIPS186-2:
                    
+ALG[RSASSA-PKCS1_V1_5]:                     SIG(gen) 2048, 3072, 4096, SHS: SHA-256validation number 1081, SHA-384validation number 1081, SHA-512validation number 1081,
                    
+SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 1081, SHA-256validation number 1081, SHA-384validation number 1081, SHA-512validation number 1081,
                    
+Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List validation number 568.                    		Windows Server 2008 R2 and SP1 Enhanced Cryptographic Provider (RSAENH) #568
                    FIPS186-2:
                    
+ALG[RSASSA-PKCS1_V1_5]:                     SIG(gen) 2048, 3072, 4096, SHS: SHA-256validation number 1081, SHA-384validation number 1081, SHA-512validation number 1081,
                    
+SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 1081, SHA-256validation number 1081, SHA-384validation number 1081, SHA-512validation number 1081,
                    
+ALG[RSASSA-PSS]: SIG(gen); 2048, 3072, 4096, SHS: SHA-256validation number 1081, SHA-384validation number 1081, SHA-512validation number 1081
                    
+SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 1081, SHA-256validation number 1081, SHA-384validation number 1081, SHA-512validation number 1081
                    
+Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List validation number 567. See Historical RSA List validation number 560.
                    Windows Server 2008 R2 and SP1 CNG algorithms #567
                    
+
                    Windows 7 and SP1 CNG algorithms #560
                    FIPS186-2:
                    
+ALG[ANSIX9.31]:                     Key(gen)(MOD: 2048, 3072, 4096 PubKey Values: 65537 DRBG: validation number  23
                    
+Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List validation number 559.                    		Windows 7 and SP1 and Server 2008 R2 and SP1 RSA Key Generation Implementation #559
                    FIPS186-2:
                    
+ALG[RSASSA-PKCS1_V1_5]:                     SIG(gen) 2048, 3072, 4096, SHS: SHA-256validation number 1081, SHA-384validation number 1081, SHA-512validation number 1081,
                    
+SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 1081, SHA-256validation number 1081, SHA-384validation number 1081, SHA-512validation number 1081,
                    
+Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List validation number 557.                    		Windows 7 and SP1 Enhanced Cryptographic Provider (RSAENH) #557
                    FIPS186-2:
                    
+ALG[ANSIX9.31]:
                    
+ALG[RSASSA-PKCS1_V1_5]:                     SIG(gen) 2048, 3072, 4096, SHS: SHA-256validation number 816, SHA-384validation number 816, SHA-512validation number 816,
                    
+SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 816, SHA-256validation number 816, SHA-384validation number 816, SHA-512validation number 816,
                    
+Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List validation number 395.                    		Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #395
                    FIPS186-2:
                    
+ALG[ANSIX9.31]:
                    
+SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 783
                    
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256validation number 783, SHA-384validation number 783, SHA-512validation number 783,
                    
+Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List validation number 371.                    		Windows XP Professional SP3 Enhanced Cryptographic Provider (RSAENH) #371
                    FIPS186-2:
                    
+ALG[RSASSA-PKCS1_V1_5]:                     SIG(gen) 2048, 3072, 4096, SHS: SHA-256validation number 753, SHA-384validation number 753, SHA-512validation number 753,
                    
+SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 753, SHA-256validation number 753, SHA-384validation number 753, SHA-512validation number 753,
                    
+ALG[RSASSA-PSS]: SIG(gen); 2048, 3072, 4096, SHS: SHA-256validation number 753, SHA-384validation number 753, SHA-512validation number 753
                    
+SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 753, SHA-256validation number 753, SHA-384validation number 753, SHA-512validation number 753
                    
+Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List validation number 358. See Historical RSA List validation number 357.
                    Windows Server 2008 CNG algorithms #358
                    
+
                    Windows Vista SP1 CNG algorithms #357
                    FIPS186-2:
                    
+ALG[ANSIX9.31]:
                    
+SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 753
                    
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256validation number 753, SHA-384validation number 753, SHA-512validation number 753,
                    
+SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 753, SHA-256validation number 753, SHA-384validation number 753, SHA-512validation number 753,
                    
+Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List validation number 355. See Historical RSA List validation number 354.
                    Windows Server 2008 Enhanced Cryptographic Provider (RSAENH) #355
                    
+
                    Windows Vista SP1 Enhanced Cryptographic Provider (RSAENH) #354
                    FIPS186-2:
                    
+ALG[ANSIX9.31]:                     Key(gen)(MOD: 2048, 3072, 4096 PubKey Values: 65537
                    
+Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List validation number 353.                    		Windows Vista SP1 and Windows Server 2008 RSA Key Generation Implementation #353
                    FIPS186-2:
                    
+ALG[ANSIX9.31]:                     Key(gen)(MOD: 2048, 3072, 4096 PubKey Values: 65537 RNG: validation number  321
                    
+Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List validation number 258.                    		Windows Vista RSA key generation implementation #258
                    FIPS186-2:
                    
+ALG[RSASSA-PKCS1_V1_5]:                     SIG(gen) 2048, 3072, 4096, SHS: SHA-256validation number 618, SHA-384validation number 618, SHA-512validation number 618,
                    
+SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 618, SHA-256validation number 618, SHA-384validation number 618, SHA-512validation number 618,
                    
+ALG[RSASSA-PSS]: SIG(gen); 2048, 3072, 4096, SHS: SHA-256validation number 618, SHA-384validation number 618, SHA-512validation number 618
                    
+SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 618, SHA-256validation number 618, SHA-384validation number 618, SHA-512validation number 618
                    
+Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List validation number 257.                    		Windows Vista CNG algorithms #257
                    FIPS186-2:
                    
+ALG[RSASSA-PKCS1_V1_5]:                     SIG(gen) 2048, 3072, 4096, SHS: SHA-256validation number 618, SHA-384validation number 618, SHA-512validation number 618,
                    
+SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 618, SHA-256validation number 618, SHA-384validation number 618, SHA-512validation number 618,
                    
+Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List validation number 255.                    		Windows Vista Enhanced Cryptographic Provider (RSAENH) #255
                    FIPS186-2:
                    
+ALG[ANSIX9.31]:
                    
+SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 613
                    
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256validation number 613, SHA-384validation number 613, SHA-512validation number 613,
                    
+SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 613, SHA-256validation number 613, SHA-384validation number 613, SHA-512validation number 613,
                    
+Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List validation number 245.                    		Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #245
                    FIPS186-2:
                    
+ALG[ANSIX9.31]:
                    
+SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 589
                    
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256validation number 589, SHA-384validation number 589, SHA-512validation number 589,
                    
+SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 589, SHA-256validation number 589, SHA-384validation number 589, SHA-512validation number 589,
                    
+Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List validation number 230.                    		Windows CE 6.0 and Windows CE 6.0 R2 and Windows Mobile Enhanced Cryptographic Provider (RSAENH) #230
                    FIPS186-2:
                    
+ALG[ANSIX9.31]:
                    
+SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 578
                    
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256validation number 578, SHA-384validation number 578, SHA-512validation number 578,
                    
+SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 578, SHA-256validation number 578, SHA-384validation number 578, SHA-512validation number 578,
                    
+Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List validation number 222.                    		Windows CE and Windows Mobile 6 and Windows Mobile 6.1 Enhanced Cryptographic Provider (RSAENH) #222
                    FIPS186-2:
                    
+ALG[RSASSA-PKCS1_V1_5]:
                    
+SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 364
                    
+Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List validation number 81.                    		Windows Server 2003 SP1 Enhanced Cryptographic Provider (RSAENH) #81
                    FIPS186-2:
                    
+ALG[ANSIX9.31]:
                    
+SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 305
                    
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256validation number 305, SHA-384validation number 305, SHA-512validation number 305,
                    
+SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 305, SHA-256validation number 305, SHA-384validation number 305, SHA-512validation number 305,
                    
+Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List validation number 52.                    		Windows CE 5.00 and Windows CE 5.01 Enhanced Cryptographic Provider (RSAENH) #52
                    FIPS186-2:
                    
+
                    – PKCS#1 v1.5, signature generation, and verification
                    
+
                    – Mod sizes: 1024, 1536, 2048, 3072, 4096
                    
+
                    – SHS: SHA–1/256/384/512
                    Windows XP, vendor-affirmed
                    
+
                    Windows 2000, vendor-affirmed
                    
+
+
+#### Secure Hash Standard (SHS)
+
+
++++
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                    



                    Modes / States / Key SizesAlgorithm Implementation and Certificate #
                      
+
                    • SHA-1:
                      • 
+
                      • 
+
                      • Supports Empty Message
                        • 
+
                      • 
+
                    • SHA-256:
                      • 
+
                      • 
+
                      • Supports Empty Message
                        • 
+
                      • 
+
                    • SHA-384:
                      • 
+
                      • 
+
                      • Supports Empty Message
                        • 
+
                      • 
+
                    • SHA-512:
                      • 
+
                      • 
+
                      • Supports Empty Message
                        • 
+
                      • 
+
                    Microsoft Surface Hub SymCrypt Cryptographic Implementations #4011
                    
+
                    Version 10.0.15063.674
                      
+
                    • SHA-1:
                      • 
+
                      • 
+
                      • Supports Empty Message
                        • 
+
                      • 
+
                    • SHA-256:
                      • 
+
                      • 
+
                      • Supports Empty Message
                        • 
+
                      • 
+
                    • SHA-384:
                      • 
+
                      • 
+
                      • Supports Empty Message
                        • 
+
                      • 
+
                    • SHA-512:
                      • 
+
                      • 
+
                      • Supports Empty Message
                        • 
+
                      • 
+
                    Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #4010
                    
+
                    Version 10.0.15254
                      
+
                    • SHA-1:
                      • 
+
                      • 
+
                      • Supports Empty Message
                        • 
+
                      • 
+
                    • SHA-256:
                      • 
+
                      • 
+
                      • Supports Empty Message
                        • 
+
                      • 
+
                    • SHA-384:
                      • 
+
                      • 
+
                      • Supports Empty Message
                        • 
+
                      • 
+
                    • SHA-512:
                      • 
+
                      • 
+
                      • Supports Empty Message
                        • 
+
                      • 
+
                    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #4009
                    
+
                    Version 10.0.16299
                    SHA-1      (BYTE-only)
                    
+SHA-256  (BYTE-only)
                    
+SHA-384  (BYTE-only)
                    
+SHA-512  (BYTE-only)
                    Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #3790
                    
+
                    Version 10.0.15063
                    SHA-1      (BYTE-only)
                    
+SHA-256  (BYTE-only)
                    
+SHA-384  (BYTE-only)
                    
+SHA-512  (BYTE-only)
                    Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #3652
                    
+
                    Version 7.00.2872
                    SHA-1      (BYTE-only)
                    
+SHA-256  (BYTE-only)
                    
+SHA-384  (BYTE-only)
                    
+SHA-512  (BYTE-only)
                    Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #3651
                    
+
                    Version 8.00.6246
                    SHA-1      (BYTE-only)
                    
+SHA-256  (BYTE-only)
                    
+SHA-384  (BYTE-only)
                    
+SHA-512  (BYTE-only)
                    Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #3649
                    
+
                    Version 7.00.2872
                    SHA-1      (BYTE-only)
                    
+SHA-256  (BYTE-only)
                    
+SHA-384  (BYTE-only)
                    
+SHA-512  (BYTE-only)
                    Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #3648
                    
+
                    Version 8.00.6246
                    SHA-1 (BYTE-only)
                    
+SHA-256 (BYTE-only)
                    
+SHA-384 (BYTE-only)
                    
+SHA-512 (BYTE-only)                    		Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update SymCrypt Cryptographic Implementations #3347
                    
+Version 10.0.14393
                    SHA-1 (BYTE-only)
                    
+SHA-256 (BYTE-only)
                    
+SHA-384 (BYTE-only)
                    
+SHA-512 (BYTE-only)                    		Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update RSA32 Algorithm Implementations #3346
                    
+Version 10.0.14393
                    SHA-1 (BYTE-only)
                    
+SHA-256 (BYTE-only)
                    
+SHA-384 (BYTE-only)
                    
+SHA-512 (BYTE-only)                    		Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub RSA32 Algorithm Implementations #3048
                    
+Version 10.0.10586
                    SHA-1 (BYTE-only)
                    
+SHA-256 (BYTE-only)
                    
+SHA-384 (BYTE-only)
                    
+SHA-512 (BYTE-only)                    		Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub SymCrypt Cryptographic Implementations #3047
                    
+Version 10.0.10586
                    SHA-1 (BYTE-only)
                    
+SHA-256 (BYTE-only)
                    
+SHA-384 (BYTE-only)
                    
+SHA-512 (BYTE-only)                    		Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 SymCrypt Cryptographic Implementations #2886
                    
+Version 10.0.10240
                    SHA-1 (BYTE-only)
                    
+SHA-256 (BYTE-only)
                    
+SHA-384 (BYTE-only)
                    
+SHA-512 (BYTE-only)                    		Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 RSA32 Algorithm Implementations #2871
                    
+Version 10.0.10240
                    SHA-1 (BYTE-only)
                    
+SHA-256 (BYTE-only)
                    
+SHA-384 (BYTE-only)
                    
+SHA-512 (BYTE-only)                    		Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry RSA32 Algorithm Implementations #2396
                    
+Version 6.3.9600
                    SHA-1 (BYTE-only)
                    
+SHA-256 (BYTE-only)
                    
+SHA-384 (BYTE-only)
                    
+SHA-512 (BYTE-only)                    		Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 SymCrypt Cryptographic Implementations #2373
                    
+Version 6.3.9600
                    SHA-1 (BYTE-only)
                    
+
                    SHA-256 (BYTE-only)
                    
+
                    SHA-384 (BYTE-only)
                    
+
                    SHA-512 (BYTE-only)
                    
+
                    Implementation does not support zero-length (null) messages.
                    Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Next Generation Symmetric Cryptographic Algorithms Implementations (SYMCRYPT) #1903
                    
+
                    Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Symmetric Algorithm Implementations (RSA32) #1902
                    SHA-1 (BYTE-only)
                    
+SHA-256 (BYTE-only)
                    
+SHA-384 (BYTE-only)
                    
+SHA-512 (BYTE-only)
                    Windows Embedded Compact 7 Enhanced Cryptographic Provider (RSAENH) #1774
                    
+
                    Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll) #1773
                    SHA-1 (BYTE-only)
                    
+SHA-256 (BYTE-only)
                    
+SHA-384 (BYTE-only)
                    
+SHA-512 (BYTE-only)
                    Windows 7 and SP1 and Windows Server 2008 R2 and SP1 Symmetric Algorithm Implementation #1081
                    
+
                    Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #816
                    SHA-1 (BYTE-only)
                    Windows XP Professional SP3 Kernel Mode Cryptographic Module (fips.sys) #785
                    
+
                    Windows XP Professional SP3 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) #784
                    SHA-1 (BYTE-only)
                    
+SHA-256 (BYTE-only)
                    
+SHA-384 (BYTE-only)
                    
+SHA-512 (BYTE-only)                    		Windows XP Professional SP3 Enhanced Cryptographic Provider (RSAENH) #783
                    SHA-1 (BYTE-only)
                    
+SHA-256 (BYTE-only)
                    
+SHA-384 (BYTE-only)
                    
+SHA-512 (BYTE-only)
                    Windows Vista SP1 and Windows Server 2008 Symmetric Algorithm Implementation #753
                    
+
                    Windows Vista Symmetric Algorithm Implementation #618
                    SHA-1 (BYTE-only)
                    
+SHA-256 (BYTE-only)
                    Windows Vista BitLocker Drive Encryption #737
                    
+
                    Windows Vista Beta 2 BitLocker Drive Encryption #495
                    SHA-1 (BYTE-only)
                    
+SHA-256 (BYTE-only)
                    
+SHA-384 (BYTE-only)
                    
+SHA-512 (BYTE-only)
                    Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #613
                    
+
                    Windows Server 2003 SP1 Enhanced Cryptographic Provider (RSAENH) #364
                    SHA-1 (BYTE-only)
                    Windows Server 2003 SP2 Enhanced DSS and Diffie-Hellman Cryptographic Provider #611
                    
+
                    Windows Server 2003 SP2 Kernel Mode Cryptographic Module (fips.sys) #610
                    
+
                    Windows Server 2003 SP1 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) #385
                    
+
                    Windows Server 2003 SP1 Kernel Mode Cryptographic Module (fips.sys) #371
                    
+
                    Windows Server 2003 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) #181
                    
+
                    Windows Server 2003 Kernel Mode Cryptographic Module (fips.sys) #177
                    
+
                    Windows Server 2003 Enhanced Cryptographic Provider (RSAENH) #176
                    SHA-1 (BYTE-only)
                    
+SHA-256 (BYTE-only)
                    
+SHA-384 (BYTE-only)
                    
+SHA-512 (BYTE-only)
                    Windows CE 6.0 and Windows CE 6.0 R2 and Windows Mobile Enhanced Cryptographic Provider (RSAENH) #589
                    
+
                    Windows CE and Windows Mobile 6 and Windows Mobile 6.5 Enhanced Cryptographic Provider (RSAENH) #578
                    
+
                    Windows CE 5.00 and Windows CE 5.01 Enhanced Cryptographic Provider (RSAENH) #305
                    SHA-1 (BYTE-only)
                    Windows XP Microsoft Enhanced Cryptographic Provider #83
                    
+
                    Crypto Driver for Windows 2000 (fips.sys) #35
                    
+
                    Windows 2000 Microsoft Outlook Cryptographic Provider (EXCHCSP.DLL) SR-1A (3821) #32
                    
+
                    Windows 2000 RSAENH.DLL #24
                    
+
                    Windows 2000 RSABASE.DLL #23
                    
+
                    Windows NT 4 SP6 RSAENH.DLL #21
                    
+
                    Windows NT 4 SP6 RSABASE.DLL #20
                    
+
+
+#### Triple DES
+
+
++++
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                    



                    Modes / States / Key SizesAlgorithm Implementation and Certificate #
                      
+
                    • TDES-CBC:
                      • 
+
                      • 
+
                      • Modes: Decrypt, Encrypt
                        • 
+
                      • Keying Option: 1
                        • 
+
                      • 
+
                    • TDES-CFB64:
                      • 
+
                      • 
+
                      • Modes: Decrypt, Encrypt
                        • 
+
                      • Keying Option: 1
                        • 
+
                      • 
+
                    • TDES-CFB8:
                      • 
+
                      • 
+
                      • Modes: Decrypt, Encrypt
                        • 
+
                      • Keying Option: 1
                        • 
+
                      • 
+
                    • TDES-ECB:
                      • 
+
                      • 
+
                      • Modes: Decrypt, Encrypt
                        • 
+
                      • Keying Option: 1
                        • 
+
                      • 
+
                    Microsoft Surface Hub SymCrypt Cryptographic Implementations #2558
                    
+
                    Version 10.0.15063.674
                      
+
                    • TDES-CBC:
                      • 
+
                      • 
+
                      • Modes: Decrypt, Encrypt
                        • 
+
                      • Keying Option: 1
                        • 
+
                      • 
+
                    • TDES-CFB64:
                      • 
+
                      • 
+
                      • Modes: Decrypt, Encrypt
                        • 
+
                      • Keying Option: 1
                        • 
+
                      • 
+
                    • TDES-CFB8:
                      • 
+
                      • 
+
                      • Modes: Decrypt, Encrypt
                        • 
+
                      • Keying Option: 1
                        • 
+
                      • 
+
                    • TDES-ECB:
                      • 
+
                      • 
+
                      • Modes: Decrypt, Encrypt
                        • 
+
                      • Keying Option: 1
                        • 
+
                      • 
+
                    Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #2557
                    
+
                    Version 10.0.15254
                      
+
                    • TDES-CBC:
                      • 
+
                      • 
+
                      • Modes: Decrypt, Encrypt
                        • 
+
                      • Keying Option: 1
                        • 
+
                      • 
+
                    • TDES-CFB64:
                      • 
+
                      • 
+
                      • Modes: Decrypt, Encrypt
                        • 
+
                      • Keying Option: 1
                        • 
+
                      • 
+
                    • TDES-CFB8:
                      • 
+
                      • 
+
                      • Modes: Decrypt, Encrypt
                        • 
+
                      • Keying Option: 1
                        • 
+
                      • 
+
                    • TDES-ECB:
                      • 
+
                      • 
+
                      • Modes: Decrypt, Encrypt
                        • 
+
                      • Keying Option: 1
                        • 
+
                      • 
+
                    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #2556
                    
+
                    Version 10.0.16299
                    TECB(KO 1 e/d); TCBC(KO 1 e/d); TCFB8(KO 1 e/d); TCFB64(KO 1 e/d)
                    Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #2459
                    
+
                    Version 10.0.15063
                    TECB(KO 1 e/d);
                    
+
                    TCBC(KO 1 e/d)
                    Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #2384
                    
+
                    Version 8.00.6246
                    TECB(KO 1 e/d);
                    
+
                    TCBC(KO 1 e/d)
                    Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #2383
                    
+
                    Version 8.00.6246
                    TECB(KO 1 e/d);
                    
+
                    TCBC(KO 1 e/d);
                    
+
                    CTR (int only)
                    Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #2382
                    
+
                    Version 7.00.2872
                    TECB(KO 1 e/d);
                    
+
                    TCBC(KO 1 e/d)
                    Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #2381
                    
+
                    Version 8.00.6246
                    TECB(KO 1 e/d);
                    
+
                    TCBC(KO 1 e/d);
                    
+
                    TCFB8(KO 1 e/d);
                    
+
                    TCFB64(KO 1 e/d)
                    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update SymCrypt Cryptographic Implementations #2227
                    
+
                    
+
                    
+
                    Version 10.0.14393
                    TECB(KO 1 e/d);
                    
+
                    TCBC(KO 1 e/d);
                    
+
                    TCFB8(KO 1 e/d);
                    
+
                    TCFB64(KO 1 e/d)
                    Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub SymCrypt Cryptographic Implementations #2024
                    
+
                    
+
                    
+
                    Version 10.0.10586
                    TECB(KO 1 e/d);
                    
+
                    TCBC(KO 1 e/d);
                    
+
                    TCFB8(KO 1 e/d);
                    
+
                    TCFB64(KO 1 e/d)
                    Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 SymCrypt Cryptographic Implementations #1969
                    
+
                    
+
                    
+
                    Version 10.0.10240
                    TECB(KO 1 e/d);
                    
+
                    TCBC(KO 1 e/d);
                    
+
                    TCFB8(KO 1 e/d);
                    
+
                    TCFB64(KO 1 e/d)
                    Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 SymCrypt Cryptographic Implementations #1692
                    
+
                    Version 6.3.9600
                    TECB(e/d; KO 1, 2);
                    
+
                    TCBC(e/d; KO 1, 2);
                    
+
                    TCFB8(e/d; KO 1, 2);
                    
+
                    TCFB64(e/d; KO 1, 2)
                    		Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Next Generation Symmetric Cryptographic Algorithms Implementations (SYMCRYPT) #1387
                    TECB(e/d; KO 1, 2);
                    
+
                    TCBC(e/d; KO 1, 2);
                    
+
                    TCFB8(e/d; KO 1, 2)
                    		Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Symmetric Algorithm Implementations (RSA32) #1386
                    TECB(e/d; KO 1, 2);
                    
+
                    TCBC(e/d; KO 1, 2);
                    
+
                    TCFB8(e/d; KO 1, 2)
                    		Windows 7 and SP1 and Windows Server 2008 R2 and SP1 Symmetric Algorithm Implementation #846
                    TECB(e/d; KO 1, 2);
                    
+
                    TCBC(e/d; KO 1, 2);
                    
+
                    TCFB8(e/d; KO 1, 2)
                    		Windows Vista SP1 and Windows Server 2008 Symmetric Algorithm Implementation #656
                    TECB(e/d; KO 1, 2);
                    
+
                    TCBC(e/d; KO 1, 2);
                    
+
                    TCFB8(e/d; KO 1, 2)
                    		Windows Vista Symmetric Algorithm Implementation #549
                    Triple DES MAC
                    Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 #1386, vendor-affirmed
                    
+
                    Windows 7 and SP1 and Windows Server 2008 R2 and SP1 #846, vendor-affirmed
                    TECB(e/d; KO 1, 2);
                    
+
                    TCBC(e/d; KO 1, 2)
                    Windows Embedded Compact 7 Enhanced Cryptographic Provider (RSAENH) #1308
                    
+
                    Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll) #1307
                    
+
                    Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #691
                    
+
                    Windows XP Professional SP3 Kernel Mode Cryptographic Module (fips.sys) #677
                    
+
                    Windows XP Professional SP3 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) #676
                    
+
                    Windows XP Professional SP3 Enhanced Cryptographic Provider (RSAENH) #675
                    
+
                    Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #544
                    
+
                    Windows Server 2003 SP2 Enhanced DSS and Diffie-Hellman Cryptographic Provider #543
                    
+
                    Windows Server 2003 SP2 Kernel Mode Cryptographic Module (fips.sys) #542
                    
+
                    Windows CE 6.0 and Windows CE 6.0 R2 and Windows Mobile Enhanced Cryptographic Provider (RSAENH) #526
                    
+
                    Windows CE and Windows Mobile 6 and Windows Mobile 6.1 and Windows Mobile 6.5 Enhanced Cryptographic Provider (RSAENH) #517
                    
+
                    Windows Server 2003 SP1 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) #381
                    
+
                    Windows Server 2003 SP1 Kernel Mode Cryptographic Module (fips.sys) #370
                    
+
                    Windows Server 2003 SP1 Enhanced Cryptographic Provider (RSAENH) #365
                    
+
                    Windows CE 5.00 and Windows CE 5.01 Enhanced Cryptographic Provider (RSAENH) #315
                    
+
                    Windows Server 2003 Kernel Mode Cryptographic Module (fips.sys) #201
                    
+
                    Windows Server 2003 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) #199
                    
+
                    Windows Server 2003 Enhanced Cryptographic Provider (RSAENH) #192
                    
+
                    Windows XP Microsoft Enhanced Cryptographic Provider #81
                    
+
                    Windows 2000 Microsoft Outlook Cryptographic Provider (EXCHCSP.DLL) SR-1A (3821) #18
                    
+
                    Crypto Driver for Windows 2000 (fips.sys) #16
                    
+
+
+#### SP 800-132 Password-Based Key Derivation Function (PBKDF)
+
+
+  
+    
+    
+  
+  
+    
+    
+  
+  
+    
+    
+  
+
                    
+      Modes / States / Key Sizes
+    
+      Algorithm Implementation and Certificate #
+    
                    
+      PBKDF (vendor affirmed)
+      
                     Kernel Mode Cryptographic Primitives Library (cng.sys) Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows 10 Mobile, Windows Server 2016 Standard, Windows Server 2016 Datacenter, Windows Storage Server 2016 #2937
                    (Software Version: 10.0.14393)
                    
+      
                    Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows 10 Mobile, Windows Server 2016 Standard, Windows Server 2016 Datacenter, Windows Storage Server 2016 #2936
                    (Software Version: 10.0.14393)
                    
+      
                    Code Integrity (ci.dll) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows 10 Mobile, Windows Server 2016 Standard, Windows Server 2016 Datacenter, Windows Storage Server 2016 #2935
                    (Software Version: 10.0.14393)
                    
+      
                    Boot Manager in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows 10 Mobile, Windows Server 2016 Standard, Windows Server 2016 Datacenter, Windows Storage Server 2016 #2931
                    (Software Version: 10.0.14393)
                    
+    
                    
+      PBKDF (vendor affirmed)
+      
                    Kernel Mode Cryptographic Primitives Library (cng.sys) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows 10 Mobile, Windows Server 2016 Standard, Windows Server 2016 Datacenter, Windows Storage Server 2016 #2936
                    (Software Version: 10.0.14393)
                    
+      
                    Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG), vendor-affirmed
                    
+    
                    
+
+
+#### Component Validation List
+
+
++++
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                    



                    Publication / Component Validated / DescriptionImplementation and Certificate #
                      
+
                    • ECDSA SigGen:
                      • 
+
                      • 
+
                      • P-256 SHA: SHA-256
                        • 
+
                      • P-384 SHA: SHA-384
                        • 
+
                      • P-521 SHA: SHA-512
                        • 
+
                      • 
+
                    
+
                    Prerequisite: DRBG #489
                    Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations #1540
                    
+
                    Version 6.3.9600
                      
+
                    • RSASP1:
                      • 
+
                      • 
+
                      • Modulus Size: 2048 (bits)
                        • 
+
                      • Padding Algorithms: PKCS 1.5
                        • 
+
                      • 
+
                    Microsoft Surface Hub Virtual TPM Implementations #1519
                    
+
                    Version 10.0.15063.674
                      
+
                    • RSASP1:
                      • 
+
                      • 
+
                      • Modulus Size: 2048 (bits)
                        • 
+
                      • Padding Algorithms: PKCS 1.5
                        • 
+
                      • 
+
                    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations #1518
                    
+
                    Version 10.0.16299
                      
+
                    • RSADP:
                      • 
+
                      • 
+
                      • Modulus Size: 2048 (bits)
                        • 
+
                      • 
+
                    Microsoft Surface Hub MsBignum Cryptographic Implementations #1517
                    
+
                    Version 10.0.15063.674
                      
+
                    • RSASP1:
                      • 
+
                      • 
+
                      • Modulus Size: 2048 (bits)
                        • 
+
                      • Padding Algorithms: PKCS 1.5
                        • 
+
                      • 
+
                    Microsoft Surface Hub MsBignum Cryptographic Implementations #1516
                    
+
                    Version 10.0.15063.674
                      
+
                    • ECDSA SigGen:
                      • 
+
                      • 
+
                      • P-256 SHA: SHA-256
                        • 
+
                      • P-384 SHA: SHA-384
                        • 
+
                      • P-521 SHA: SHA-512
                        • 
+
                      • 
+
                    
+
                     Prerequisite: DRBG #1732
                    Microsoft Surface Hub MsBignum Cryptographic Implementations #1515
                    
+
                    Version 10.0.15063.674
                      
+
                    • ECDSA SigGen:
                      • 
+
                      • 
+
                      • P-256 SHA: SHA-256
                        • 
+
                      • P-384 SHA: SHA-384
                        • 
+
                      • P-521 SHA: SHA-512
                        • 
+
                      • 
+
                    
+
                    Prerequisite: DRBG #1732
                    Microsoft Surface Hub SymCrypt Cryptographic Implementations #1514
                    
+
                    Version 10.0.15063.674
                      
+
                    • RSADP:
                      • 
+
                      • 
+
                      • Modulus Size: 2048 (bits)
                        • 
+
                      • 
+
                    Microsoft Surface Hub SymCrypt Cryptographic Implementations #1513
                    
+
                    Version 10.0.15063.674
                      
+
                    • RSASP1:
                      • 
+
                      • 
+
                      • Modulus Size: 2048 (bits)
                        • 
+
                      • Padding Algorithms: PKCS 1.5
                        • 
+
                      • 
+
                    Microsoft Surface Hub SymCrypt Cryptographic Implementations #1512
                    
+
                    Version 10.0.15063.674
                      
+
                    • IKEv1:
                      • 
+
                      • 
+
                      • Methods: Digital Signature, Pre-shared Key, Public Key Encryption
                        • 
+
                      • Pre-shared Key Length: 64-2048
                        • 
+
                      • Diffie-Hellman shared secrets:
                        • 
+
                        • 
+
                        • Diffie-Hellman shared secret:
                          • 
+
                          • 
+
                          • Length: 2048 (bits)
                            • 
+
                          • SHA Functions: SHA-256
                            • 
+
                          • 
+
                        • Diffie-Hellman shared secret:
                          • 
+
                          • 
+
                          • Length: 256 (bits)
                            • 
+
                          • SHA Functions: SHA-256
                            • 
+
                          • 
+
                        • Diffie-Hellman shared secret:
                          • 
+
                          • 
+
                          • Length: 384 (bits)
                            • 
+
                          • SHA Functions: SHA-384
                            • 
+
                          • 
+
                        • 
+
                      • 
+
                    
+
                    Prerequisite: SHS #4011, HMAC #3269
                    
+
                      
+
                    • IKEv2:
                      • 
+
                      • 
+
                      • Derived Keying Material length: 192-1792
                        • 
+
                      • Diffie-Hellman shared secrets:
                        • 
+
                        • 
+
                        • Diffie-Hellman shared secret:
                          • 
+
                          • 
+
                          • Length: 2048 (bits)
                            • 
+
                          • SHA Functions: SHA-256
                            • 
+
                          • 
+
                        • Diffie-Hellman shared secret:
                          • 
+
                          • 
+
                          • Length: 256 (bits)
                            • 
+
                          • SHA Functions: SHA-256
                            • 
+
                          • 
+
                        • Diffie-Hellman shared secret:
                          • 
+
                          • 
+
                          • Length: 384 (bits)
                            • 
+
                          • SHA Functions: SHA-384
                            • 
+
                          • 
+
                        • 
+
                      • 
+
                    
+
                    Prerequisite: SHS #4011, HMAC #3269
                    
+
                      
+
                    • TLS:
                      • 
+
                      • 
+
                      • Supports TLS 1.0/1.1
                        • 
+
                      • Supports TLS 1.2:
                        • 
+
                        • 
+
                        • SHA Functions: SHA-256, SHA-384
                          • 
+
                        • 
+
                      • 
+
                    
+
                    Prerequisite: SHS #4011, HMAC #3269
                    Microsoft Surface Hub SymCrypt Cryptographic Implementations #1511
                    
+
                    Version 10.0.15063.674
                      
+
                    • ECDSA SigGen:
                      • 
+
                      • 
+
                      • P-256 SHA: SHA-256
                        • 
+
                      • P-384 SHA: SHA-384
                        • 
+
                      • P-521 SHA: SHA-512
                        • 
+
                      • 
+
                    
+
                    Prerequisite: DRBG #1731
                    Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #1510
                    
+
                    Version 10.0.15254
                      
+
                    • RSADP:
                      • 
+
                      • 
+
                      • Modulus Size: 2048 (bits)
                        • 
+
                      • 
+
                    Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #1509
                    
+
                    Version 10.0.15254
                      
+
                    • RSASP1:
                      • 
+
                      • 
+
                      • Modulus Size: 2048 (bits)
                        • 
+
                      • Padding Algorithms: PKCS 1.5
                        • 
+
                      • 
+
                    Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #1508
                    
+
                    Version 10.0.15254
                      
+
                    • IKEv1:
                      • 
+
                      • 
+
                      • Methods: Digital Signature, Pre-shared Key, Public Key Encryption
                        • 
+
                      • Pre-shared Key Length: 64-2048
                        • 
+
                      • Diffie-Hellman shared secrets:
                        • 
+
                        • 
+
                        • Diffie-Hellman shared secret:
                          • 
+
                          • 
+
                          • Length: 2048 (bits)
                            • 
+
                          • SHA Functions: SHA-256
                            • 
+
                          • 
+
                        • Diffie-Hellman shared secret:
                          • 
+
                          • 
+
                          • Length: 256 (bits)
                            • 
+
                          • SHA Functions: SHA-256
                            • 
+
                          • 
+
                        • Diffie-Hellman shared secret:
                          • 
+
                          • 
+
                          • Length: 384 (bits)
                            • 
+
                          • SHA Functions: SHA-384
                            • 
+
                          • 
+
                        • 
+
                      • 
+
                    
+
                    Prerequisite: SHS #4010, HMAC #3268
                    
+
                      
+
                    • IKEv2:
                      • 
+
                      • 
+
                      • Derived Keying Material length: 192-1792
                        • 
+
                      • Diffie-Hellman shared secrets:
                        • 
+
                        • 
+
                        • Diffie-Hellman shared secret:
                          • 
+
                          • 
+
                          • Length: 2048 (bits)
                            • 
+
                          • SHA Functions: SHA-256
                            • 
+
                          • 
+
                        • Diffie-Hellman shared secret:
                          • 
+
                          • 
+
                          • Length: 256 (bits)
                            • 
+
                          • SHA Functions: SHA-256
                            • 
+
                          • 
+
                        • Diffie-Hellman shared secret:
                          • 
+
                          • 
+
                          • Length: 384 (bits)
                            • 
+
                          • SHA Functions: SHA-384
                            • 
+
                          • 
+
                        • 
+
                      • 
+
                    
+
                    Prerequisite: SHS #4010, HMAC #3268
                    
+
                      
+
                    • TLS:
                      • 
+
                      • 
+
                      • Supports TLS 1.0/1.1
                        • 
+
                      • Supports TLS 1.2:
                        • 
+
                        • 
+
                        • SHA Functions: SHA-256, SHA-384
                          • 
+
                        • 
+
                      • 
+
                    
+
                    Prerequisite: SHS #4010, HMAC #3268
                    Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #1507
                    
+
                    Version 10.0.15254
                      
+
                    • ECDSA SigGen:
                      • 
+
                      • 
+
                      • P-256 SHA: SHA-256
                        • 
+
                      • P-384 SHA: SHA-384
                        • 
+
                      • P-521 SHA: SHA-512
                        • 
+
                      • 
+
                    
+
                    Prerequisite: DRBG #1731
                    Windows 10 Mobile (version 1709) MsBignum Cryptographic Implementations #1506
                    
+
                    Version 10.0.15254
                      
+
                    • RSADP:
                      • 
+
                      • 
+
                      • Modulus Size: 2048 (bits)
                        • 
+
                      • 
+
                    Windows 10 Mobile (version 1709) MsBignum Cryptographic Implementations #1505
                    
+
                    Version 10.0.15254
                      
+
                    • RSASP1:
                      • 
+
                      • 
+
                      • Modulus Size: 2048 (bits)
                        • 
+
                      • Padding Algorithms: PKCS 1.5
                        • 
+
                      • 
+
                    Windows 10 Mobile (version 1709) MsBignum Cryptographic Implementations #1504
                    
+
                    Version 10.0.15254
                      
+
                    • ECDSA SigGen:
                      • 
+
                      • 
+
                      • P-256 SHA: SHA-256
                        • 
+
                      • P-384 SHA: SHA-384
                        • 
+
                      • P-521 SHA: SHA-512
                        • 
+
                      • 
+
                    
+
                    Prerequisite: DRBG #1730
                    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); MsBignum Cryptographic Implementations #1503
                    
+
                    Version 10.0.16299
                      
+
                    • RSADP:
                      • 
+
                      • 
+
                      • Modulus Size: 2048 (bits)
                        • 
+
                      • 
+
                    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); MsBignum Cryptographic Implementations #1502
                    
+
                    Version 10.0.16299
                      
+
                    • RSASP1:
                      • 
+
                      • 
+
                      • Modulus Size: 2048 (bits)
                        • 
+
                      • Padding Algorithms: PKCS 1.5
                        • 
+
                      • 
+
                    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); MsBignum Cryptographic Implementations #1501
                    
+
                    Version 10.0.16299
                      
+
                    • ECDSA SigGen:
                      • 
+
                      • 
+
                      • P-256 SHA: SHA-256
                        • 
+
                      • P-384 SHA: SHA-384
                        • 
+
                      • P-521 SHA: SHA-512
                        • 
+
                      • 
+
                    
+
                    Prerequisite: DRBG #1730
                    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #1499
                    
+
                    Version 10.0.16299
                      
+
                    • RSADP:
                      • 
+
                      • 
+
                      • Modulus Size: 2048 (bits)
                        • 
+
                      • 
+
                    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #1498
                    
+
                    Version 10.0.16299
                    
+
                     
                      
+
                    • RSASP1:
                      • 
+
                      • 
+
                      • Modulus Size: 2048 (bits)
                        • 
+
                      • Padding Algorithms: PKCS 1.5
                        • 
+
                      • 
+
                    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations  #1497
                    
+
                    Version 10.0.16299
                      
+
                    • IKEv1:
                      • 
+
                      • 
+
                      • Methods: Digital Signature, Pre-shared Key, Public Key Encryption
                        • 
+
                      • Pre-shared Key Length: 64-2048
                        • 
+
                      • Diffie-Hellman shared secrets:
                        • 
+
                        • 
+
                        • Diffie-Hellman shared secret:
                          • 
+
                          • 
+
                          • Length: 2048 (bits)
                            • 
+
                          • SHA Functions: SHA-256
                            • 
+
                          • 
+
                        • Diffie-Hellman shared secret:
                          • 
+
                          • 
+
                          • Length: 256 (bits)
                            • 
+
                          • SHA Functions: SHA-256
                            • 
+
                          • 
+
                        • Diffie-Hellman shared secret:
                          • 
+
                          • 
+
                          • Length: 384 (bits)
                            • 
+
                          • SHA Functions: SHA-384
                            • 
+
                          • 
+
                        • 
+
                      • 
+
                    
+
                    Prerequisite: SHS #4009, HMAC #3267
                    
+
                      
+
                    • IKEv2:
                      • 
+
                      • 
+
                      • Derived Keying Material length: 192-1792
                        • 
+
                      • Diffie-Hellman shared secrets:
                        • 
+
                        • 
+
                        • Diffie-Hellman shared secret:
                          • 
+
                          • 
+
                          • Length: 2048 (bits)
                            • 
+
                          • SHA Functions: SHA-256
                            • 
+
                          • 
+
                        • Diffie-Hellman shared secret:
                          • 
+
                          • 
+
                          • Length: 256 (bits)
                            • 
+
                          • SHA Functions: SHA-256
                            • 
+
                          • 
+
                        • Diffie-Hellman shared secret:
                          • 
+
                          • 
+
                          • Length: 384 (bits)
                            • 
+
                          • SHA Functions: SHA-384
                            • 
+
                          • 
+
                        • 
+
                      • 
+
                    
+
                    Prerequisite: SHS #4009, HMAC #3267
                    
+
                      
+
                    • TLS:
                      • 
+
                      • 
+
                      • Supports TLS 1.0/1.1
                        • 
+
                      • Supports TLS 1.2:
                        • 
+
                        • 
+
                        • SHA Functions: SHA-256, SHA-384
                          • 
+
                        • 
+
                      • 
+
                    
+
                    Prerequisite: SHS #4009, HMAC #3267
                    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations  #1496
                    
+
                    Version 10.0.16299
                    FIPS186-4 ECDSA
                    
+
                    Signature Generation of hash sized messages
                    
+
                    ECDSA SigGen Component: CURVES(P-256 P-384 P-521)
                    Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile MsBignum Cryptographic Implementations #1284
                    
+Version 10.0. 15063
                    
+
                    Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #1279
                    
+Version 10.0. 15063
                    
+
                    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update MsBignum Cryptographic Implementations #922
                    
+Version 10.0.14393
                    
+
                    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #894
                    
+Version 10.0.14393icrosoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” MsBignum Cryptographic Implementations #666
                    
+Version 10.0.10586
                    
+
                    Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations #288
                    
+Version 6.3.9600
                    FIPS186-4 RSA; PKCS#1 v2.1
                    
+
                    RSASP1 Signature Primitive
                    
+
                    RSASP1: (Mod2048: PKCS1.5 PKCSPSS)
                    Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations #1285
                    
+Version 10.0.15063
                    
+
                    Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile MsBignum Cryptographic Implementations #1282
                    
+Version 10.0.15063
                    
+
                    Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #1280
                    
+Version 10.0.15063
                    
+
                    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #893
                    
+Version 10.0.14393
                    
+
                    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update MsBignum Cryptographic Implementations #888
                    
+Version 10.0.14393
                    
+
                    Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” MsBignum Cryptographic Implementations #665
                    
+Version 10.0.10586
                    
+
                    Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 MsBignum Cryptographic Implementations #572
                    
+Version  10.0.10240
                    
+
                    Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry MsBignum Cryptographic Implementations #289
                    
+Version 6.3.9600
                    FIPS186-4 RSA; RSADP
                    
+
                    RSADP Primitive
                    
+
                    RSADP: (Mod2048)
                    Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile MsBignum Cryptographic Implementations #1283
                    
+Version 10.0.15063
                    
+
                    Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #1281
                    
+Version 10.0.15063
                    
+
                    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #895
                    
+Version 10.0.14393
                    
+
                    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update Cryptography Next Generation (CNG) Implementations #887
                    
+Version 10.0.14393
                    
+
                    Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” Cryptography Next Generation (CNG) Implementations #663
                    
+Version 10.0.10586
                    
+
                    Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 Cryptography Next Generation (CNG) Implementations #576
                    
+Version  10.0.10240
                    SP800-135
                    
+
                    Section 4.1.1, IKEv1 Section 4.1.2, IKEv2 Section 4.2, TLS
                    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations  #1496
                    
+
                    Version 10.0.16299
                    
+
                    Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #1278
                    
+Version 10.0.15063
                    
+
                    Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1140
                    
+Version 7.00.2872
                    
+
                    Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1139
                    
+Version 8.00.6246
                    
+
                    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update BcryptPrimitives and NCryptSSLp #886
                    
+Version 10.0.14393
                    
+
                    Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” BCryptPrimitives and NCryptSSLp #664
                    
+Version 10.0.10586
                    
+
                    Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 BCryptPrimitives and NCryptSSLp #575
                    
+Version  10.0.10240
                    
+
                    Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 BCryptPrimitives and NCryptSSLp #323
                    
+Version 6.3.9600
                    
+
+## Contact
+
+fips@microsoft.com
+
+## References
+
+* [FIPS 140-2, Security Requirements for Cryptographic Modules](http://csrc.nist.gov/publications/fips/fips140-2/fips1402.pdf))
+* [Cryptographic Module Validation Program (CMVP) FAQ](http://csrc.nist.gov/groups/stm/cmvp/documents/cmvpfaq.pdf)
+* [SP 800-57 - Recommendation for Key Management – Part 1: General (Revised)](https://csrc.nist.gov/publications/detail/sp/800-57-part-1/rev-5/final)
 * [SP 800-131A - Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths](http://csrc.nist.gov/publications/nistpubs/800-131a/sp800-131a.pdf)
\ No newline at end of file
diff --git a/windows/security/threat-protection/intelligence/developer-faq.yml b/windows/security/threat-protection/intelligence/developer-faq.yml
index 3a515be9fb..27ece7ec39 100644
--- a/windows/security/threat-protection/intelligence/developer-faq.yml
+++ b/windows/security/threat-protection/intelligence/developer-faq.yml
@@ -55,6 +55,6 @@ sections:
           Firewall blocks aren't related to Microsoft Defender Antivirus and other Microsoft antimalware. [Learn about Windows Defender Firewall](../windows-firewall/windows-firewall-with-advanced-security.md).
           
       - question: |
-          Why does the Microsoft Defender Windows Defender SmartScreen say my program isn't commonly downloaded?
+          Why does the Microsoft Defender SmartScreen say my program isn't commonly downloaded?
         answer: |
-          This isn't related to Microsoft Defender Antivirus and other Microsoft antimalware. [Learn about Microsoft Defender Windows Defender SmartScreen](../microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md)
+          This isn't related to Microsoft Defender Antivirus and other Microsoft antimalware. [Learn about Microsoft Defender SmartScreen](../microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md)
diff --git a/windows/security/threat-protection/intelligence/rootkits-malware.md b/windows/security/threat-protection/intelligence/rootkits-malware.md
index 0fb53bc90f..250102afa9 100644
--- a/windows/security/threat-protection/intelligence/rootkits-malware.md
+++ b/windows/security/threat-protection/intelligence/rootkits-malware.md
@@ -56,7 +56,7 @@ For more general tips, see [prevent malware infection](prevent-malware-infection
 
 Microsoft security software includes a number of technologies designed specifically to remove rootkits. If you think you have a rootkit that your antimalware software isn’t detecting, you may need an extra tool that lets you boot to a known trusted environment.
 
-[Microsoft Defender Offline](https://support.microsoft.com/help/17466/microsoft-defender-offline-help-protect-my-pc) can be launched from Windows Security Center and has the latest anti-malware updates from Microsoft. It’s designed to be used on devices that aren't working correctly because of a possible malware infection.
+[Microsoft Defender Offline](https://support.microsoft.com/help/17466/microsoft-defender-offline-help-protect-my-pc) can be launched from the Windows Security app and has the latest antimalware updates from Microsoft. It’s designed to be used on devices that aren't working correctly because of a possible malware infection.
 
 [System Guard](https://cloudblogs.microsoft.com/microsoftsecure/2017/10/23/hardening-the-system-and-maintaining-integrity-with-windows-defender-system-guard/) in Windows 10 protects against rootkits and threats that impact system integrity.
 
diff --git a/windows/security/threat-protection/mbsa-removal-and-guidance.md b/windows/security/threat-protection/mbsa-removal-and-guidance.md
index a12edb4f83..406ee97c59 100644
--- a/windows/security/threat-protection/mbsa-removal-and-guidance.md
+++ b/windows/security/threat-protection/mbsa-removal-and-guidance.md
@@ -9,7 +9,7 @@ ms.author: dansimp
 author: dansimp
 ms.reviewer: 
 manager: dansimp
-ms.technology: other
+ms.technology: windows-sec
 ---
  
 # What is Microsoft Baseline Security Analyzer and its uses?
diff --git a/windows/security/threat-protection/microsoft-bug-bounty-program.md b/windows/security/threat-protection/microsoft-bug-bounty-program.md
index 7dcc6cdd7f..70acd69970 100644
--- a/windows/security/threat-protection/microsoft-bug-bounty-program.md
+++ b/windows/security/threat-protection/microsoft-bug-bounty-program.md
@@ -10,7 +10,7 @@ ms.collection: M365-identity-device-management
 ms.topic: article
 ms.localizationpriority: medium
 ms.reviewer: 
-ms.technology: other
+ms.technology: windows-sec
 ---
 
 # About the Microsoft Bug Bounty Program
diff --git a/windows/security/threat-protection/msft-security-dev-lifecycle.md b/windows/security/threat-protection/msft-security-dev-lifecycle.md
index c16994d574..df8eacefc1 100644
--- a/windows/security/threat-protection/msft-security-dev-lifecycle.md
+++ b/windows/security/threat-protection/msft-security-dev-lifecycle.md
@@ -10,7 +10,7 @@ ms.collection: M365-identity-device-management
 ms.topic: article
 ms.localizationpriority: medium
 ms.reviewer: 
-ms.technology: other
+ms.technology: windows-sec
 ---
 
 # Microsoft Security Development Lifecycle
diff --git a/windows/security/threat-protection/security-policy-settings/user-account-control-run-all-administrators-in-admin-approval-mode.md b/windows/security/threat-protection/security-policy-settings/user-account-control-run-all-administrators-in-admin-approval-mode.md
index 1ce02f4be2..6760e38f5a 100644
--- a/windows/security/threat-protection/security-policy-settings/user-account-control-run-all-administrators-in-admin-approval-mode.md
+++ b/windows/security/threat-protection/security-policy-settings/user-account-control-run-all-administrators-in-admin-approval-mode.md
@@ -40,8 +40,8 @@ This policy setting determines the behavior of all User Account Control (UAC) po
     Admin Approval Mode and all related UAC policies are disabled.
 
     > [!NOTE]
-    > If this security setting is configured to **Disabled**, the Security Center notifies the user that the overall security of the operating system has been reduced.
-     
+    > If this security setting is configured to **Disabled**, Windows Security app notifies the user that the overall security of the operating system has been reduced.
+
 ### Best practices
 
 -   Turn on this policy to allow all other UAC features and policies to function.
@@ -52,7 +52,7 @@ Computer Configuration\\Windows Settings\\Security Settings\\Local Policies\\Sec
 
 ### Default values
 
-The following table lists the actual and effective default values for this policy. Default values are also listed on the policy’s property page.
+The following table lists the actual and effective default values for this policy. Default values are also listed on the policy's property page.
 
 | Server type or GPO | Default value |
 | - | - |
diff --git a/windows/security/threat-protection/windows-10-mobile-security-guide.md b/windows/security/threat-protection/windows-10-mobile-security-guide.md
index 4ee9598673..264a762b9c 100644
--- a/windows/security/threat-protection/windows-10-mobile-security-guide.md
+++ b/windows/security/threat-protection/windows-10-mobile-security-guide.md
@@ -120,7 +120,7 @@ In many cases, most apps don’t require enlightenment for them to use Windows I
 
 To configure Windows Information Protection in a Mobile Device Management (MDM) solution that supports it, simply add authorized apps to the allow list. When a device running Windows 10 Mobile enrolls in the MDM solution, unauthorized apps will not have access to enterprise data.
 
-Windows Information Protection works seamlessly until users try to access enterprise data with or paste enterprise data into unauthorized apps or locations on the web. For example, copying enterprise data from an authorized app to another authorized app works as usual, but Window Information Protection can block users from copying enterprise data from an authorized app to an unauthorized app. Likewise, it will block users from using an unauthorized app to open a file that contains enterprise data.
+Windows Information Protection works seamlessly until users try to access enterprise data with or paste enterprise data into unauthorized apps or locations on the web. For example, copying enterprise data from an authorized app to another authorized app works as usual, but Windows Information Protection can block users from copying enterprise data from an authorized app to an unauthorized app. Likewise, it will block users from using an unauthorized app to open a file that contains enterprise data.
 
 The extent to which users will be prevented from copying and pasting data from authorized apps to unauthorized apps or locations on the web depends on which protection level is set:
 - **Block.** Windows Information Protection blocks users from completing the operation.
diff --git a/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-create-base-policy.md b/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-create-base-policy.md
index fa6ef6f807..4112532232 100644
--- a/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-create-base-policy.md
+++ b/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-create-base-policy.md
@@ -66,7 +66,7 @@ A description of each policy rule, beginning with the left-most column, is provi
 | **Allow Supplemental Policies** | Use this option on a base policy to allow supplemental policies to expand it. |
 | **Disable Script Enforcement** | This option disables script enforcement options. Unsigned PowerShell scripts and interactive PowerShell are no longer restricted to [Constrained Language Mode](/powershell/module/microsoft.powershell.core/about/about_language_modes). NOTE: This option is required to run HTA files, and is only supported with the Windows 10 May 2019 Update (1903) and higher. Using it on earlier versions of Windows 10 is not supported and may have unintended results. |
 |**[Hypervisor-protected code integrity (HVCI)](../device-guard/enable-virtualization-based-protection-of-code-integrity.md)**| When enabled, policy enforcement uses virtualization-based security to run the code integrity service inside a secure environment. HVCI provides stronger protections against kernel malware.|
-| **Intelligent Security Graph Authorization** | Use this option to automatically allow applications with "known good" reputation as defined by Microsoft’s Intelligent Security Graph (ISG). |
+| **Intelligent Security Graph Authorization** | Use this option to automatically allow applications with "known good" reputation as defined by the Microsoft Intelligent Security Graph (ISG). |
 | **Managed Installer** | Use this option to automatically allow applications installed by a software distribution solution, such as Microsoft Endpoint Configuration Manager, that has been defined as a managed installer. |
 | **Require WHQL** | By default, legacy drivers that are not Windows Hardware Quality Labs (WHQL) signed are allowed to execute. Enabling this rule requires that every executed driver is WHQL signed and removes legacy driver support. Going forward, every new Windows–compatible driver must be WHQL certified. |
 | **Update Policy without Rebooting** | Use this option to allow future WDAC policy updates to apply without requiring a system reboot. |
@@ -84,7 +84,7 @@ Selecting the **+ Advanced Options** label will show another column of policy ru
 |------------ | ----------- |
 | **Boot Audit on Failure** | Used when the WDAC policy is in enforcement mode. When a driver fails during startup, the WDAC policy will be placed in audit mode so that Windows will load. Administrators can validate the reason for the failure in the CodeIntegrity event log. |
 | **Disable Flight Signing** | If enabled, WDAC policies will not trust flightroot-signed binaries. This would be used in the scenario in which organizations only want to run released binaries, not flight/preview-signed builds. |
-| **Disable Runtime FilePath Rule Protection** | Disable default FilePath rule protection (apps and executables allowed based on file path rules must come from a file path that’s only writable by an administrator) for any FileRule that allows a file based on FilePath. |
+| **Disable Runtime FilePath Rule Protection** | Disable default FilePath rule protection (apps and executables allowed based on file path rules must come from a file path that's only writable by an administrator) for any FileRule that allows a file based on FilePath. |
 | **Dynamic Code Security** | Enables policy enforcement for .NET applications and dynamically loaded libraries (DLLs). |
 | **Invalidate EAs on Reboot** | When the Intelligent Security Graph option (14) is used, WDAC sets an extended file attribute that indicates that the file was authorized to run. This option will cause WDAC to periodically revalidate the reputation for files that were authorized by the ISG.| 
 | **Require EV Signers** | In addition to being WHQL signed, this rule requires that drivers must have been submitted by a partner that has an Extended Verification (EV) certificate. All Windows 10 and later, or Windows 11 drivers will meet this requirement. |
@@ -132,13 +132,12 @@ The Wizard supports the creation of [file name rules](select-types-of-rules-to-c
 
 ### File Hash Rules
 
-Lastly, the Wizard supports creating file rules using the hash of the file. Although this level is specific, it can cause additional administrative overhead to maintain the current product versions’ hash values. Each time a binary is updated, the hash value changes, therefore requiring a policy update. By default, the Wizard will use file hash as the fallback in case a file rule cannot be created using the specified file rule level. 
+Lastly, the Wizard supports creating file rules using the hash of the file. Although this level is specific, it can cause additional administrative overhead to maintain the current product version's hash values. Each time a binary is updated, the hash value changes, therefore requiring a policy update. By default, the Wizard will use file hash as the fallback in case a file rule cannot be created using the specified file rule level.
 
-
-#### Deleting Signing Rules 
+#### Deleting Signing Rules
   
 The policy signing rules list table on the left of the page will document the allow and deny rules in the template, as well as any custom rules you create. Template signing rules and custom rules can be deleted from the policy by selecting the rule from the rules list table. Once the rule is highlighted, press the delete button underneath the table. you will be prompted for additional confirmation. Select `Yes` to remove the rule from the policy and the rules table. 
 
 ## Up next
 
-- [Editing a WDAC policy using the Wizard](wdac-wizard-editing-policy.md)
\ No newline at end of file
+- [Editing a WDAC policy using the Wizard](wdac-wizard-editing-policy.md)
diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-customize-contact-information.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-customize-contact-information.md
index 9f9932bc80..ab24b47475 100644
--- a/windows/security/threat-protection/windows-defender-security-center/wdsc-customize-contact-information.md
+++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-customize-contact-information.md
@@ -25,7 +25,7 @@ ms.technology: windows-sec
 
 You can add information about your organization in a contact card to the Windows Security app. You can include a link to a support site, a phone number for a help desk, and an email address for email-based support.
 
-![The security center custom fly-out.](images/security-center-custom-flyout.png)
+![The Windows Security custom fly-out.](images/security-center-custom-flyout.png)
 
 This information will also be shown in some enterprise-specific notifications (including notifications for the [Block at first sight feature](/windows/threat-protection/microsoft-defender-antivirus/configure-block-at-first-sight-microsoft-defender-antivirus), and [potentially unwanted applications](/windows/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus)).
 
diff --git a/windows/security/threat-protection/windows-defender-security-center/windows-defender-security-center.md b/windows/security/threat-protection/windows-defender-security-center/windows-defender-security-center.md
index 7d0a3187b2..2f22a993dd 100644
--- a/windows/security/threat-protection/windows-defender-security-center/windows-defender-security-center.md
+++ b/windows/security/threat-protection/windows-defender-security-center/windows-defender-security-center.md
@@ -78,16 +78,16 @@ You can find more information about each section, including options for configur
 > [!IMPORTANT]
 > Microsoft Defender Antivirus  and the Windows Security app use similarly named services for specific purposes.  
 >
-> The Windows Security app uses the Windows Security Service (*SecurityHealthService* or *Windows Security Health Servce*), which in turn utilizes the Security Center service ([*wscsvc*](/previous-versions/windows/it-pro/windows-xp/bb457154(v=technet.10)#EDAA)) to ensure the app provides the most up-to-date information about the protection status on the endpoint, including protection offered by third-party antivirus products, Windows Defender Firewall, third-party firewalls, and other security protection.  
+> The Windows Security app uses the Windows Security Service (*SecurityHealthService* or *Windows Security Health Service*), which in turn utilizes the Windows Security Center Service ([*wscsvc*](/previous-versions/windows/it-pro/windows-xp/bb457154(v=technet.10)#EDAA)) to ensure the app provides the most up-to-date information about the protection status on the endpoint, including protection offered by third-party antivirus products, Windows Defender Firewall, third-party firewalls, and other security protection.
 >
 >These services do not affect the state of Microsoft Defender Antivirus. Disabling or modifying these services will not disable Microsoft Defender Antivirus, and will lead to a lowered protection state on the endpoint, even if you are using a third-party antivirus product.  
 >
 >Microsoft Defender Antivirus will be [disabled automatically when a third-party antivirus product is installed and kept up to date](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-compatibility).
 >
-> Disabling the Windows Security Center service will not disable Microsoft Defender Antivirus or [Windows Defender Firewall](/windows/access-protection/windows-firewall/windows-firewall-with-advanced-security).  
+> Disabling the Windows Security Center Service will not disable Microsoft Defender Antivirus or [Windows Defender Firewall](/windows/access-protection/windows-firewall/windows-firewall-with-advanced-security).
 
 > [!WARNING]
-> If you disable the Security Center service, or configure its associated Group Policy settings to prevent it from starting or running, the Windows Security app may display stale or inaccurate information about any antivirus or firewall products you have installed on the device.
+> If you disable the Windows Security Center Service, or configure its associated Group Policy settings to prevent it from starting or running, the Windows Security app may display stale or inaccurate information about any antivirus or firewall products you have installed on the device.
 >
 > It may also prevent Microsoft Defender Antivirus from enabling itself if you have an old or outdated third-party antivirus, or if you uninstall any third-party antivirus products you may have previously installed.
 >
diff --git a/windows/security/threat-protection/windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md b/windows/security/threat-protection/windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md
index c234a83d1d..c73336b070 100644
--- a/windows/security/threat-protection/windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md
+++ b/windows/security/threat-protection/windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md
@@ -25,7 +25,7 @@ You can enable System Guard Secure Launch by using any of these options:
 
 - [Mobile Device Management (MDM)](#mobile-device-management)
 - [Group Policy](#group-policy)
-- [Windows Security Center](#windows-security-center)
+- [Windows Security app](#windows-security-app)
 - [Registry](#registry)
 
 ### Mobile Device Management
@@ -34,17 +34,17 @@ System Guard Secure Launch can be configured for Mobile Device Management (MDM)
 
 ### Group Policy
 
-1. Click **Start** > type and then click **Edit group policy**. 
+1. Click **Start** > type and then click **Edit group policy**.
 
 2. Click **Computer Configuration** > **Administrative Templates** > **System** > **Device Guard** > **Turn On Virtualization Based Security** > **Secure Launch Configuration**.
 
     ![Secure Launch Configuration.](images/secure-launch-group-policy.png)
 
-### Windows Security Center
+### Windows Security app
 
 Click **Start** > **Settings** > **Update & Security** > **Windows Security** > **Open Windows Security** > **Device security** > **Core isolation** > **Firmware protection**.
 
-  ![Windows Security Center.](images/secure-launch-security-app.png)
+  ![Windows Security app.](images/secure-launch-security-app.png)
   
 ### Registry
 
@@ -54,7 +54,7 @@ Click **Start** > **Settings** > **Update & Security** > **Windows Security** >
 
 3. Right-click **Scenarios** > **New** > **Key** and name the new key **SystemGuard**.
 
-4. Right-click **SystemGuard** > **New** > **DWORD (32-bit) Value** and name the new DWORD **Enabled**. 
+4. Right-click **SystemGuard** > **New** > **DWORD (32-bit) Value** and name the new DWORD **Enabled**.
 
 5. Double-click **Enabled**, change the value to **1**, and click **OK**.
 
@@ -64,7 +64,7 @@ Click **Start** > **Settings** > **Update & Security** > **Windows Security** >
 
 To verify that Secure Launch is running, use System Information (MSInfo32). Click **Start**, search for **System Information**, and look under **Virtualization-based Security Services Running** and **Virtualization-based Security Services Configured**.
 
-![Verifying Secure Launch is running in the Windows Security Center.](images/secure-launch-msinfo.png)
+![Verifying Secure Launch is running in the Windows Security app.](images/secure-launch-msinfo.png)
 
 > [!NOTE]
 > To enable System Guard Secure launch, the platform must meet all the baseline requirements for [Device Guard](../device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md), [Credential Guard](../../identity-protection/credential-guard/credential-guard-requirements.md), and [Virtualization Based Security](/windows-hardware/design/device-experiences/oem-vbs).
diff --git a/windows/security/threat-protection/windows-firewall/gpo-domiso-isolateddomain-servers.md b/windows/security/threat-protection/windows-firewall/gpo-domiso-isolateddomain-servers.md
index fb40bad66f..84d2f5ce16 100644
--- a/windows/security/threat-protection/windows-firewall/gpo-domiso-isolateddomain-servers.md
+++ b/windows/security/threat-protection/windows-firewall/gpo-domiso-isolateddomain-servers.md
@@ -1,6 +1,6 @@
 ---
 title: GPO\_DOMISO\_IsolatedDomain\_Servers (Windows)
-description: Author this GPO by using the Windows Defender Firewall with Advanced Security interface in the Group Policy editing tools.
+description: Author this GPO by using the Windows Defender Firewall with Advanced Security interface in the Group Policy editing tools.
 ms.assetid: 33aed8f3-fdc3-4f96-985c-e9d2720015d3
 ms.reviewer: 
 ms.author: dansimp
@@ -34,4 +34,3 @@ Because so many of the settings and rules for this GPO are common to those in th
     >**Important:**  Windows Vista and Windows Server 2008 support only one network location profile at a time. The profile for the least secure network type is applied to the device. If you attach a network adapter to a device that is not physically connected to a network, the public network location type is associated with the network adapter and applied to the device.
 
 **Next:** [Boundary Zone GPOs](boundary-zone-gpos.md)
-
diff --git a/windows/whats-new/TOC.yml b/windows/whats-new/TOC.yml
index b7b6b4220a..176668f48e 100644
--- a/windows/whats-new/TOC.yml
+++ b/windows/whats-new/TOC.yml
@@ -14,6 +14,8 @@
 - name: Windows 10
   expanded: true
   items:
+    - name: What's new in Windows 10, version 21H2
+      href: whats-new-windows-10-version-21H2.md
     - name: What's new in Windows 10, version 21H1
       href: whats-new-windows-10-version-21H1.md
     - name: What's new in Windows 10, version 20H2
diff --git a/windows/whats-new/ltsc/TOC.yml b/windows/whats-new/ltsc/TOC.yml
index aaabcc56ee..d7d88350ef 100644
--- a/windows/whats-new/ltsc/TOC.yml
+++ b/windows/whats-new/ltsc/TOC.yml
@@ -1,6 +1,8 @@
 - name: Windows 10 Enterprise LTSC
   href: index.md
   items: 
+    - name: What's new in Windows 10 Enterprise LTSC 2021
+      href: whats-new-windows-10-2021.md
     - name: What's new in Windows 10 Enterprise LTSC 2019
       href: whats-new-windows-10-2019.md
     - name: What's new in Windows 10 Enterprise LTSC 2016
diff --git a/windows/whats-new/ltsc/index.md b/windows/whats-new/ltsc/index.md
index 7e088e312d..79aab127a3 100644
--- a/windows/whats-new/ltsc/index.md
+++ b/windows/whats-new/ltsc/index.md
@@ -8,7 +8,7 @@ ms.sitesec: library
 audience: itpro
 author: greg-lindsay
 ms.author: greglin
-manager: laurawi
+manager: dougeby
 ms.localizationpriority: low
 ms.topic: article
 ---
@@ -22,6 +22,7 @@ ms.topic: article
 
 This topic provides links to articles with information about what's new in each release of Windows 10 Enterprise LTSC, and includes a short description of this servicing channel. 
 
+[What's New in Windows 10 Enterprise LTSC 2021](whats-new-windows-10-2021.md)
                    
 [What's New in Windows 10 Enterprise LTSC 2019](whats-new-windows-10-2019.md)
                    
 [What's New in Windows 10 Enterprise LTSC 2016](whats-new-windows-10-2016.md)
                    
 [What's New in Windows 10 Enterprise LTSC 2015](whats-new-windows-10-2015.md)
@@ -35,14 +36,15 @@ The following table summarizes equivalent feature update versions of Windows 10
 | Windows 10 Enterprise LTSC 2015  | Windows 10, Version 1507 | 7/29/2015 |
 | Windows 10 Enterprise LTSC 2016  | Windows 10, Version 1607 | 8/2/2016 |
 | Windows 10 Enterprise LTSC 2019  | Windows 10, Version 1809 | 11/13/2018 |
+| Windows 10 Enterprise LTSC 2021  | Windows 10, Version 21H2 | 11/16/2021 |
 
->[!NOTE]
->The Long-Term Servicing Channel was previously called the Long-Term Servicing Branch (LTSB). All references to LTSB are changed in this article to LTSC for consistency, even though the name of previous versions might still be displayed as LTSB.
+> [!NOTE]
+> The Long-Term Servicing Channel was previously called the Long-Term Servicing Branch (LTSB). All references to LTSB are changed in this article to LTSC for consistency, even though the name of previous versions might still be displayed as LTSB.
 
 With the LTSC servicing model, customers can delay receiving feature updates and instead only receive monthly quality updates on devices. Features from Windows 10 that could be updated with new functionality, including Cortana, Edge, and all in-box Universal Windows apps, are also not included. Feature updates are offered in new LTSC releases every 2–3 years instead of every 6 months, and organizations can choose to install them as in-place upgrades or even skip releases over a 10-year life cycle. Microsoft is committed to providing bug fixes and security patches for each LTSC release during this 10 year period. 
 
->[!IMPORTANT]
->The Long-Term Servicing Channel is not intended for deployment on most or all the PCs in an organization. The LTSC edition of Windows 10 provides customers with access to a deployment option for their special-purpose devices and environments. These devices typically perform a single important task and don’t need feature updates as frequently as other devices in the organization. These devices are also typically not heavily dependent on support from external apps and tools. Since the feature set for LTSC does not change for the lifetime of the release, over time there might be some external tools that do not continue to provide legacy support. See [LTSC: What is it, and when it should be used](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/LTSC-What-is-it-and-when-should-it-be-used/ba-p/293181).
+> [!IMPORTANT]
+> The Long-Term Servicing Channel is not intended for deployment on most or all the PCs in an organization. The LTSC edition of Windows 10 provides customers with access to a deployment option for their special-purpose devices and environments. These devices typically perform a single important task and don’t need feature updates as frequently as other devices in the organization. These devices are also typically not heavily dependent on support from external apps and tools. Since the feature set for LTSC does not change for the lifetime of the release, over time there might be some external tools that do not continue to provide legacy support. See [LTSC: What is it, and when it should be used](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/LTSC-What-is-it-and-when-should-it-be-used/ba-p/293181).
  
 For detailed information about Windows 10 servicing, see [Overview of Windows as a service](/windows/deployment/update/waas-overview).
 
diff --git a/windows/whats-new/ltsc/whats-new-windows-10-2019.md b/windows/whats-new/ltsc/whats-new-windows-10-2019.md
index 256dad7a3a..20366cd3bd 100644
--- a/windows/whats-new/ltsc/whats-new-windows-10-2019.md
+++ b/windows/whats-new/ltsc/whats-new-windows-10-2019.md
@@ -36,11 +36,11 @@ The Windows 10 Enterprise LTSC 2019 release is an important release for LTSC use
 
 ## Microsoft Intune
 
-Microsoft Intune supports Windows 10 Enterprise LTSC 2019 and later.  This includes support for features such as [Windows Autopilot](#windows-autopilot). However, note that Windows 10 Update Rings Device profiles do not support LTSC releases, therefore you should use [Policy configuration service provider](/windows/client-management/mdm/policy-csp-update), WSUS, or Configuration Manager for patching.
+Microsoft Intune supports Windows 10 Enterprise LTSC 2019 and later. However, note that Windows 10 Update Rings Device profiles do not support LTSC releases, therefore you should use [Policy configuration service provider](/windows/client-management/mdm/policy-csp-update), WSUS, or Configuration Manager for patching.
 
 ## Security
 
-This version of Window 10 includes security improvements for threat protection, information protection, and identity protection.
+This version of Windows 10 includes security improvements for threat protection, information protection, and identity protection.
 
 ### Threat protection
 
@@ -48,7 +48,7 @@ This version of Window 10 includes security improvements for threat protection,
 
 The [Microsoft Defender for Endpoint](/windows/security/threat-protection/index) platform includes the security pillars shown in the following diagram. In this version of Windows, Defender for Endpoint includes powerful analytics, security stack integration, and centralized management for better detection, prevention, investigation, response, and management. 
 
-![Microsoft Defender for Endpoint.](../images/wdatp.png)
+[ ![Microsoft Defender for Endpoint.](../images/wdatp.png) ](../images/wdatp.png#lightbox)
 
 ##### Attack surface reduction 
 
@@ -188,26 +188,6 @@ This is an update to the [BitLocker CSP](/windows/client-management/mdm/bitlocke
 
 This feature will soon be enabled on Olympia Corp as an optional feature.
 
-#### Delivering BitLocker policy to AutoPilot devices during OOBE 
-
-You can choose which encryption algorithm to apply to BitLocker encryption capable devices, rather than automatically having those devices encrypt themselves with the default algorithm. This allows the encryption algorithm (and other BitLocker policies that must be applied prior to encryption), to be delivered before BitLocker encryption begins. 
-
-For example, you can choose the XTS-AES 256 encryption algorithm, and have it applied to devices that would normally encrypt themselves automatically with the default XTS-AES 128 algorithm during OOBE.
-
-To achieve this:
-
-1. Configure the [encryption method settings](/intune/endpoint-protection-windows-10#windows-encryption) in the Windows 10 Endpoint Protection profile to the desired encryption algorithm. 
-
-2. [Assign the policy](/intune/device-profile-assign) to your Autopilot device group. 
-
-   > [!IMPORTANT]
-   > The encryption policy must be assigned to **devices** in the group, not users.
-
-3. Enable the Autopilot [Enrollment Status Page](/windows/deployment/windows-autopilot/enrollment-status) (ESP) for these devices. 
-
-   > [!IMPORTANT]
-   > If the ESP is not enabled, the policy will not apply before encryption starts.
-
 ### Identity protection
 
 Improvements have been added are to Windows Hello for Business and Credential Guard.
@@ -288,24 +268,11 @@ A new security policy setting
 
 We’ve continued to work on the **Current threats** area in  [Virus & threat protection](/windows/security/threat-protection/windows-defender-security-center/wdsc-virus-threat-protection), which now displays all threats that need action. You can quickly take action on threats from this screen: 
 
-![S mode settings.](../images/virus-and-threat-protection.png "Virus & threat protection settings")
+> [!div class="mx-imgBorder"]
+> ![Virus & threat protection settings in Windows S mode.](../images/virus-and-threat-protection.png)
 
 ## Deployment
 
-### Windows Autopilot
-
-[Windows Autopilot](/windows/deployment/windows-autopilot/windows-autopilot) is a deployment tool introduced with Windows 10, version 1709 and is also available for Windows 10 Enterprise LTSC 2019 (and later versions). Windows Autopilot provides a modern device lifecycle management service powered by the cloud to deliver a zero touch experience for deploying Windows 10. 
-
-Windows Autopilot is currently available with Surface, Dell, HP, and Lenovo. Other OEM partners such as Panasonic, and Acer will support Autopilot soon. Check the [Windows IT Pro Blog](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/bg-p/Windows10Blog) or this article for updated information.
-
-Using Intune, Autopilot now enables locking the device during provisioning during the Windows Out Of Box Experience (OOBE) until policies and settings for the device get provisioned, thereby ensuring that by the time the user gets to the desktop, the device is secured and configured correctly. 
-
-You can also apply an Autopilot deployment profile to your devices using Microsoft Store for Business. When people in your organization run the out-of-box experience on the device, the profile configures Windows based on the Autopilot deployment profile you applied to the device. For more information, see [Manage Windows device deployment with Windows Autopilot Deployment](/microsoft-store/add-profile-to-devices).
-
-#### Autopilot Reset	
-
-IT Pros can use Autopilot Reset to quickly remove personal files, apps, and settings. A custom login screen is available from the lock screen that enables you to apply original settings and management enrollment (Azure Active Directory and device management) so that devices are returned to a fully configured, known, IT-approved state and ready to use. For more information, see [Reset devices with Autopilot Reset](/education/windows/autopilot-reset).
-
 ### MBR2GPT.EXE
 
 MBR2GPT.EXE is a new command-line tool introduced with Windows 10, version 1703 and also available in Windows 10 Enterprise LTSC 2019 (and later versions). MBR2GPT converts a disk from Master Boot Record (MBR) to GUID Partition Table (GPT) partition style without modifying or deleting data on the disk. The tool is designed to be run from a Windows Preinstallation Environment (Windows PE) command prompt, but can also be run from the full Windows 10 operating system (OS).
diff --git a/windows/whats-new/ltsc/whats-new-windows-10-2021.md b/windows/whats-new/ltsc/whats-new-windows-10-2021.md
new file mode 100644
index 0000000000..6364bc3fd1
--- /dev/null
+++ b/windows/whats-new/ltsc/whats-new-windows-10-2021.md
@@ -0,0 +1,248 @@
+---
+title: What's new in Windows 10 Enterprise LTSC 2021
+ms.reviewer: 
+manager: dougeby
+ms.author: greglin
+description: New and updated IT Pro content about new features in Windows 10 Enterprise LTSC 2021.
+keywords: ["What's new in Windows 10", "Windows 10", "Windows 10 Enterprise LTSC 2021"]
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+author: greg-lindsay
+ms.localizationpriority: low
+ms.topic: article
+---
+
+# What's new in Windows 10 Enterprise LTSC 2021
+
+**Applies to**
+-   Windows 10 Enterprise LTSC 2021
+
+This article lists new and updated features and content that is of interest to IT Pros for Windows 10 Enterprise LTSC 2021, compared to Windows 10 Enterprise LTSC 2019 (LTSB). For a brief description of the LTSC servicing channel and associated support, see [Windows 10 Enterprise LTSC](index.md).
+
+> [!NOTE]
+> Features in Windows 10 Enterprise LTSC 2021 are equivalent to Windows 10, version 21H2.
                    
+> The LTSC release is [intended for special use devices](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/LTSC-What-is-it-and-when-should-it-be-used/ba-p/293181). Support for LTSC by apps and tools that are designed for the semi-annual channel release of Windows 10 might be limited.
+
+Windows 10 Enterprise LTSC 2021 builds on Windows 10 Enterprise LTSC 2019, adding premium features such as advanced protection against modern security threats and comprehensive device management, app management, and control capabilities. 
+
+The Windows 10 Enterprise LTSC 2021 release includes the cumulative enhancements provided in Windows 10 versions 1903, 1909, 2004, 21H1, and 21H2. Details about these enhancements are provided below. 
+
+## Lifecycle
+
+> [!IMPORTANT]
+> Windows 10 Enterprise LTSC 2021 has a 5 year lifecycle ([IoT](/windows/iot/product-family/what's-new-in-windows-10-iot-enterprise-21h2) continues to have a [10 year lifecycle](/windows/iot/product-family/product-lifecycle?tabs=2021)). Thus, the LTSC 2021 release is not a direct replacement for LTSC 2019, which has a 10 year lifecycle.
+
+For more information about the lifecycle for this release, see [The next Windows 10 Long Term Servicing Channel (LTSC) release](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/the-next-windows-10-long-term-servicing-channel-ltsc-release/ba-p/2147232).
+
+## Hardware security
+
+### System Guard
+
+[System Guard](/windows/security/threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows) has improved a feature in this version of Windows called **SMM Firmware Protection**. This feature is built on top of [System Guard Secure Launch](/windows/security/threat-protection/windows-defender-system-guard/system-guard-secure-launch-and-smm-protection) to reduce the firmware attack surface and ensure that the System Management Mode (SMM) firmware on the device is operating in a healthy manner - specifically, SMM code cannot access the OS memory and secrets.
+
+In this release, [Windows Defender System Guard](/windows/security/threat-protection/windows-defender-system-guard/system-guard-how-hardware-based-root-of-trust-helps-protect-windows) enables an even *higher* level of [System Management Mode](/windows/security/threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows#system-management-mode-smm-protection) (SMM) Firmware Protection that goes beyond checking the OS memory and secrets to other resources like registers and IO.
+
+With this improvement, the OS can detect a higher level of SMM compliance, enabling devices to be even more hardened against SMM exploits and vulnerabilities. Based on the platform, the underlying hardware and firmware, there are three versions of SMM Firmware Protection (one, two and three), with each subsequent versions offering stronger protections than the preceding ones. 
+
+There are already devices in the market today that offer SMM Firmware Protection versions one and two. SMM Firmware Protection version three This feature is currently forward-looking and requires new hardware that will be made available soon.
+
+## Operating system security
+
+### System security
+
+[Windows Security app](/windows/security/threat-protection/windows-defender-security-center/windows-defender-security-center) improvements now include Protection history, including detailed and easier to understand information about threats and available actions, Controlled Folder Access blocks are now in the Protection history, Windows Defender Offline Scanning tool actions, and any pending recommendations. 
+
+### Encryption and data protection
+
+BitLocker and Mobile Device Management (MDM) with Azure Active Directory work together to protect your devices from accidental password disclosure. Now, a new key-rolling feature securely rotates recovery passwords on MDM-managed devices. The feature is activated whenever Microsoft Intune/MDM tools or a recovery password is used to unlock a BitLocker protected drive. As a result, the recovery password will be better protected when users manually unlock a BitLocker drive.
+
+### Network security
+
+#### Windows Defender Firewall
+
+Windows Defender Firewall now offers the following benefits: 
+
+**Reduce risk**: Windows Defender Firewall reduces the attack surface of a device with rules to restrict or allow traffic by many properties, such as IP addresses, ports, or program paths. Reducing the attack surface of a device increases manageability and decreases the likelihood of a successful attack. 
+
+**Safeguard data**: With integrated Internet Protocol Security (IPsec), Windows Defender Firewall provides a simple way to enforce authenticated, end-to-end network communications. It provides scalable, tiered access to trusted network resources, helping to enforce integrity of the data, and optionally helping to protect the confidentiality of the data. 
+
+**Extend value**: Windows Defender Firewall is a host-based firewall that is included with the operating system, so there is no additional hardware or software required. Windows Defender Firewall is also designed to complement existing non-Microsoft network security solutions through a documented application programming interface (API). 
+
+The Windows Defender Firewall is also now easier to analyze and debug. IPsec behavior has been integrated with Packet Monitor (pktmon), an in-box cross-component network diagnostic tool for Windows. 
+
+Additionally, the Windows Defender Firewall event logs have been enhanced to ensure an audit can identify the specific filter that was responsible for any given event. This enables analysis of firewall behavior and rich packet capture without relying on other tools.
+
+Windows Defender Firewall also now supports [Windows Subsystem for Linux (WSL)](/windows/wsl/); You can add rules for WSL process, just like for Windows processes. For more information, see [Windows Defender Firewall now supports Windows Subsystem for Linux (WSL)](https://blogs.windows.com/windowsexperience/2018/04/19/announcing-windows-10-insider-preview-build-17650-for-skip-ahead/#II14f7VlSBcZ0Gs4.97).
+
+### Virus and threat protection
+
+[Attack surface area reduction](/windows/security/threat-protection/windows-defender-atp/overview-attack-surface-reduction) – IT admins can configure devices with advanced web protection that enables them to define allow and deny lists for specific URL’s and IP addresses.
+[Next generation protection](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-in-windows-10) – Controls have been extended to protection from ransomware, credential misuse, and attacks that are transmitted through removable storage.
+  - Integrity enforcement capabilities – Enable remote runtime attestation of Windows 10 platform.
+  - [Tamper-proofing](/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection) capabilities – Uses virtualization-based security to isolate critical Microsoft Defender for Endpoint security capabilities away from the OS and attackers.
+[Platform support](https://techcommunity.microsoft.com/t5/Windows-Defender-ATP/Protecting-Windows-Server-with-Windows-Defender-ATP/ba-p/267114) – In addition to Windows 10, Microsoft Defender for Endpoint’s functionality has been extended to support Windows 7 and Windows 8.1 clients, as well as macOS, Linux, and Windows Server with both its Endpoint Detection (EDR) and Endpoint Protection Platform (EPP) capabilities.
+
+**Advanced machine learning**: Improved with advanced machine learning and AI models that enable it to protect against apex attackers using innovative vulnerability exploit techniques, tools and malware.
+
+**Emergency outbreak protection**: Provides emergency outbreak protection which will automatically update devices with new intelligence when a new outbreak has been detected.
+
+**Certified ISO 27001 compliance**: Ensures that the cloud service has analyzed for threats, vulnerabilities and impacts, and that risk management and security controls are in place.
+
+**Geolocation support**: Support geolocation and sovereignty of sample data as well as configurable retention policies.
+
+**Improved support for non-ASCII file paths** for Microsoft Defender Advanced Threat Protection (ATP) Auto Incident Response (IR).
+
+> [!NOTE]
+> The [DisableAntiSpyware](/windows-hardware/customize/desktop/unattend/security-malware-windows-defender-disableantispyware) parameter is deprecated in this release.
+
+## Application security
+
+### App isolation
+
+[Windows Sandbox](https://techcommunity.microsoft.com/t5/Windows-Kernel-Internals/Windows-Sandbox/ba-p/301849): Isolated desktop environment where you can run untrusted software without the fear of lasting impact to your device.
+
+#### Microsoft Defender Application Guard
+
+[Microsoft Defender Application Guard](/windows/security/threat-protection/windows-defender-application-guard/wd-app-guard-overview) enhancements include: 
+  - Standalone users can install and configure their Windows Defender Application Guard settings without needing to change registry key settings. Enterprise users can check their settings to see what their administrators have configured for their machines to better understand the behavior.
+  - Application Guard is now an extension in Google Chrome and Mozilla Firefox. Many users are in a hybrid browser environment, and would like to extend Application Guard’s browser isolation technology beyond Microsoft Edge. In the latest release, users can install the Application Guard extension in their Chrome or Firefox browsers. This extension will redirect untrusted navigation to the Application Guard Edge browser. There is also a companion app to enable this feature in the Microsoft Store. Users can quickly launch Application Guard from their desktop using this app. This feature is also available in Windows 10, version 1803 or later with the latest updates.
+
+    To try this extension: 
+    1. Configure Application Guard policies on your device.
+    2. Go to the Chrome Web Store or Firefox Add-ons and search for Application Guard. Install the extension.
+    3. Follow any additional configuration steps on the extension setup page.
+    4. Reboot the device.
+    5. Navigate to an untrusted site in Chrome and Firefox.
+
+  **Dynamic navigation**: Application Guard now allows users to navigate back to their default host browser from the Application Guard Microsoft Edge. Previously, users browsing in Application Guard Edge would see an error page when they try to go to a trusted site within the container browser. With this new feature, users will automatically be redirected to their host default browser when they enter or click on a trusted site in Application Guard Edge. This feature is also available in Windows 10, version 1803 or later with the latest updates.
+
+Application Guard performance is improved with optimized document opening times:
+- An issue is fixed that could cause a one minute or more delay when you open a Microsoft Defender Application Guard (Application Guard) Office document. This can occur when you try to open a file using a Universal Naming Convention (UNC) path or Server Message Block (SMB) share link.
+- A memory issue is fixed that could cause an Application Guard container to use almost 1 GB of working set memory when the container is idle.
+- The performance of Robocopy is improved when copying files over 400 MB in size.
+
+[Edge support for Microsoft Defender Application Guard](/deployedge/microsoft-edge-security-windows-defender-application-guard) has been available for Chromium-based Edge since early 2020.
+
+**Application Guard now supports Office**: With [Microsoft Defender Application Guard for Office](/microsoft-365/security/office-365-security/install-app-guard), you can launch untrusted Office documents (from outside the Enterprise) in an isolated container to prevent potentially malicious content from compromising your device.
+
+### Application Control
+
+[Application Control for Windows](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control): In Windows 10, version 1903 WDAC added a number of new features that light up key scenarios and provide feature parity with AppLocker.
+  - [Multiple Policies](/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies): WDAC now supports multiple simultaneous code integrity policies for one device in order to enable the following scenarios: 1) enforce and audit side by side, 2) simpler targeting for policies with different scope/intent, 3) expanding a policy using a new ‘supplemental’ policy.
+  - [Path-Based Rules](/windows/security/threat-protection/windows-defender-application-control/create-path-based-rules): The path condition identifies an app by its location in the file system of the computer or on the network instead of a signer or hash identifier. Additionally, WDAC has an option that allows admins to enforce at runtime that only code from paths that are not user-writeable is executed. When code tries to execute at runtime, the directory is scanned and files will be checked for write permissions for non-known admins. If a file is found to be user writeable, the executable is blocked from running unless it is authorized by something other than a path rule like a signer or hash rule.
                    
+    This brings WDAC to functionality parity with AppLocker in terms of support for file path rules. WDAC improves upon the security of policies based on file path rules with the availability of the user-writability permission checks at runtime time, which is a capability that is not available with AppLocker.
+  - [Allow COM Object Registration](/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy): Previously, WDAC enforced a built-in allow list for COM object registration. While this mechanism works for most common application usage scenarios, customers have provided feedback that there are cases where additional COM objects need to be allowed. The 1903 update to Windows 10 introduces the ability to specify allowed COM objects via their GUID in the WDAC policy.
+
+## Identity and privacy
+
+### Secured identity
+
+Windows Hello enhancements include:
+- Windows Hello is now supported as Fast Identity Online 2 (FIDO2) authenticator across all major browsers including Chrome and Firefox.
+- You can now enable passwordless sign-in for Microsoft accounts on your Windows 10 device by going to **Settings > Accounts > Sign-in options**, and selecting **On** under **Make your device passwordless**. Enabling passwordless sign in will switch all Microsoft accounts on your Windows 10 device to modern authentication with Windows Hello Face, Fingerprint, or PIN.
+- Windows Hello PIN sign-in support is [added to Safe mode](/windows-insider/archive/new-in-20H1#windows-hello-pin-in-safe-mode-build-18995).
+- Windows Hello for Business now has Hybrid Azure Active Directory support and phone number sign-in (MSA). FIDO2 security key support is expanded to Azure Active Directory hybrid environments, enabling enterprises with hybrid environments to take advantage of [passwordless authentication](/azure/active-directory/authentication/howto-authentication-passwordless-security-key-on-premises). For more information, see [Expanding Azure Active Directory support for FIDO2 preview to hybrid environments](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/expanding-azure-active-directory-support-for-fido2-preview-to/ba-p/981894).
+- With specialized hardware and software components available on devices shipping with Windows 10, version 20H2 configured out of factory, Windows Hello now offers added support for virtualization-based security with supporting fingerprint and face sensors. This feature isolates and secures a user's biometric authentication data.
+- Windows Hello multi-camera support is added, allowing users to choose an external camera priority when both external and internal Windows Hello-capable cameras are present.
+- [Windows Hello FIDO2 certification](https://fidoalliance.org/microsoft-achieves-fido2-certification-for-windows-hello/): Windows Hello is now a FIDO2 Certified authenticator and enables password-less login for websites supporting FIDO2 authentication, such as Microsoft account and Azure AD.
+- [Streamlined Windows Hello PIN reset experience](/windows/security/identity-protection/hello-for-business/hello-videos#windows-hello-for-business-forgotten-pin-user-experience): Microsoft account users have a revamped Windows Hello PIN reset experience with the same look and feel as signing in on the web.
+- [Remote Desktop with Biometrics](/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop#remote-desktop-with-biometrics): Azure Active Directory and Active Directory users using Windows Hello for Business can use biometrics to authenticate to a remote desktop session.
+
+### Credential protection
+
+#### Windows Defender Credential Guard
+
+[Windows Defender Credential Guard](/windows/security/identity-protection/credential-guard/credential-guard) is now available for ARM64 devices, for additional protection against credential theft for enterprises deploying ARM64 devices in their organizations, such as Surface Pro X.
+
+### Privacy controls
+
+[Microphone privacy settings](https://support.microsoft.com/en-us/help/4468232/windows-10-camera-microphone-and-privacy-microsoft-privacy): A microphone icon appears in the notification area letting you see which apps are using your microphone.
+
+## Cloud Services
+
+### Microsoft Endpoint Manager
+
+Configuration Manager, Intune, Desktop Analytics, Co-Management, and Device Management Admin Console are now [Microsoft Endpoint Manager](/configmgr/). See the Nov. 4 2019 [announcement](https://www.microsoft.com/microsoft-365/blog/2019/11/04/use-the-power-of-cloud-intelligence-to-simplify-and-accelerate-it-and-the-move-to-a-modern-workplace/). Also see [Modern management and security principles driving our Microsoft Endpoint Manager vision](https://techcommunity.microsoft.com/t5/Enterprise-Mobility-Security/Modern-management-and-security-principles-driving-our-Microsoft/ba-p/946797).
+
+### Configuration Manager
+
+An in-place upgrade wizard is available in Configuration Manager. For more information, see [Simplifying Windows 10 deployment with Configuration Manager](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/simplifying-windows-10-deployment-with-configuration-manager/ba-p/1214364).
+
+#### Microsoft Intune
+
+Microsoft Intune supports Windows 10 Enterprise LTSC 2021, except for [Windows Update Rings](/mem/intune/configuration/device-profile-create#create-the-profile) in device profiles.
+
+A new Intune remote action: **Collect diagnostics**, lets you collect the logs from corporate devices without interrupting or waiting for the end user. For more information, see [Collect diagnostics remote action](/mem/intune/fundamentals/whats-new#collect-diagnostics-remote-action).
+
+Intune has also added capabilities to [Role-based access control](/mem/intune/fundamentals/whats-new#role-based-access-control) (RBAC) that can be used to further define profile settings for the Enrollment Status Page (ESP). For more information see [Create Enrollment Status Page profile and assign to a group](/mem/intune/enrollment/windows-enrollment-status#create-enrollment-status-page-profile-and-assign-to-a-group). 
+
+For a full list of what's new in Microsoft Intune, see [What's new in Microsoft Intune](/mem/intune/fundamentals/whats-new).
+
+### Mobile Device Management
+
+Mobile Device Management (MDM) policy is extended with new [Local Users and Groups settings](/windows/client-management/mdm/policy-csp-localusersandgroups) that match the options available for devices managed through Group Policy.
+
+For more information about what's new in MDM, see [What's new in mobile device enrollment and management](/windows/client-management/mdm/new-in-windows-mdm-enrollment-management)
+
+Windows Management Instrumentation (WMI) Group Policy Service (GPSVC) has a performance improvement to support remote work scenarios:
+- An issue is fixed that caused changes by an Active Directory (AD) administrator to user or computer group memberships to propagate slowly. Although the access token eventually updates, these changes might not appear when the administrator uses gpresult /r or gpresult /h to create a report.
+
+#### Key-rolling and Key-rotation
+
+This release also includes two new features called Key-rolling and Key-rotation enables secure rolling of Recovery passwords on MDM-managed AAD devices on demand from Microsoft Intune/MDM tools or when a recovery password is used to unlock the BitLocker protected drive. This feature will help prevent accidental recovery password disclosure as part of manual BitLocker drive unlock by users.
+
+## Deployment
+
+### SetupDiag
+
+[SetupDiag](/windows/deployment/upgrade/setupdiag) is a command-line tool that can help diagnose why a Windows 10 update failed. SetupDiag works by searching Windows Setup log files. When searching log files, SetupDiag uses a set of rules to match known issues. In the current version of SetupDiag there are 53 rules contained in the rules.xml file, which is extracted when SetupDiag is run. The rules.xml file will be updated as new versions of SetupDiag are made available. 
+
+### Reserved storage
+
+[**Reserved storage**](https://techcommunity.microsoft.com/t5/Storage-at-Microsoft/Windows-10-and-reserved-storage/ba-p/428327): Reserved storage sets aside disk space to be used by updates, apps, temporary files, and system caches. It improves the day-to-day function of your PC by ensuring critical OS functions always have access to disk space.  Reserved storage will be enabled automatically on new PCs with Windows 10, version 1903 pre-installed, and for clean installs.  It will not be enabled when updating from a previous version of Windows 10. 
+
+### Windows Assessment and Deployment Toolkit (ADK)
+
+A new [Windows ADK](/windows-hardware/get-started/adk-install) is available for Windows 11 that also supports Windows 10, version 21H2.
+
+### Microsoft Deployment Toolkit (MDT)
+
+For the latest information about MDT, see the [MDT release notes](/mem/configmgr/mdt/release-notes).
+
+### Windows Setup
+
+Windows Setup [answer files](/windows-hardware/manufacture/desktop/update-windows-settings-and-scripts-create-your-own-answer-file-sxs) (unattend.xml) have improved language handling.
+
+Improvements in Windows Setup with this release also include:
+- Reduced offline time during feature updates
+- Improved controls for reserved storage
+- Improved controls and diagnostics
+- New recovery options
+
+For more information, see Windows Setup enhancements in the [Windows IT Pro Blog](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/pilot-new-features-with-the-windows-insider-program-for-business/ba-p/1220464).
+
+## Microsoft Edge
+
+Microsoft Edge Browser support is now included in-box.
+
+### Microsoft Edge kiosk mode
+
+Microsoft Edge kiosk mode is available for LTSC releases starting in Windows 10 Enterprise 2021 LTSC and [Windows 10 IoT Enterprise 2021 LTSC](/windows/iot/product-family/what's-new-in-windows-10-iot-enterprise-21h2).
+
+Microsoft Edge kiosk mode offers two lockdown experiences of the browser so organizations can create, manage, and provide the best experience for their customers. The following lockdown experiences are available:
+- Digital/Interactive Signage experience - Displays a specific site in full-screen mode.
+- Public-Browsing experience - Runs a limited multi-tab version of Microsoft Edge.
+- Both experiences are running a Microsoft Edge InPrivate session, which protects user data.
+
+## Windows Subsystem for Linux
+
+Windows Subsystem for Linux (WSL) is be available in-box.
+
+## Networking
+
+WPA3 H2E standards are supported for enhanced Wi-Fi security.
+
+## See Also
+
+[Windows 10 Enterprise LTSC](index.md): A short description of the LTSC servicing channel with links to information about each release.
diff --git a/windows/whats-new/whats-new-windows-10-version-1709.md b/windows/whats-new/whats-new-windows-10-version-1709.md
index 80fd32b4a9..51abfb8e57 100644
--- a/windows/whats-new/whats-new-windows-10-version-1709.md
+++ b/windows/whats-new/whats-new-windows-10-version-1709.md
@@ -93,7 +93,7 @@ Microsoft Defender for Endpoint has been expanded with powerful analytics, secur
 
 Windows Defender Application Guard hardens a favorite attacker entry-point by isolating malware and other threats away from your data, apps, and infrastructure. For more information, see [Windows Defender Application Guard overview](/windows/threat-protection/windows-defender-application-guard/wd-app-guard-overview).
 
-### Window Defender Exploit Guard
+### Windows Defender Exploit Guard
 
 Window Defender Exploit Guard provides intrusion prevention capabilities to reduce the attack and exploit surface of applications. Exploit Guard has many of the threat mitigations that were available in Enhanced Mitigation Experience Toolkit (EMET) toolkit, a deprecated security download. These mitigations are now built into Windows and configurable with Exploit Guard. These mitigations include [Exploit protection](/microsoft-365/security/defender-endpoint/enable-exploit-protection), [Attack surface reduction protection](/microsoft-365/security/defender-endpoint/evaluate-attack-surface-reduction), [Controlled folder access](/microsoft-365/security/defender-endpoint/evaluate-controlled-folder-access), and [Network protection](/microsoft-365/security/defender-endpoint/enable-network-protection).
 
diff --git a/windows/whats-new/whats-new-windows-10-version-1903.md b/windows/whats-new/whats-new-windows-10-version-1903.md
index 74eb1725e2..e3e4fd0740 100644
--- a/windows/whats-new/whats-new-windows-10-version-1903.md
+++ b/windows/whats-new/whats-new-windows-10-version-1903.md
@@ -35,21 +35,13 @@ This article lists new and updated features and content that are of interest to
 - Windows Autopilot is self-updating during OOBE. Starting with the Windows 10, version 1903 Autopilot functional and critical updates will begin downloading automatically during OOBE.
 - Windows Autopilot will set the [diagnostics data](/windows/privacy/windows-diagnostic-data) level to Full on Windows 10 version 1903 and later during OOBE.
 
-### Windows 10 Subscription Activation
-
-Windows 10 Education support has been added to Windows 10 Subscription Activation.
-
-With Windows 10, version 1903, you can step-up from Windows 10 Pro Education to the enterprise-grade edition for educational institutions – Windows 10 Education. For more information, see [Windows 10 Subscription Activation](/windows/deployment/windows-10-subscription-activation).
-
 ### SetupDiag
 
-[SetupDiag](/windows/deployment/upgrade/setupdiag) version 1.4.1 is available.
-
-SetupDiag is a command-line tool that can help diagnose why a Windows 10 update failed. SetupDiag works by searching Windows Setup log files. When searching log files, SetupDiag uses a set of rules to match known issues. In the current version of SetupDiag there are 53 rules contained in the rules.xml file, which is extracted when SetupDiag is run. The rules.xml file will be updated as new versions of SetupDiag are made available. 
+[SetupDiag](/windows/deployment/upgrade/setupdiag) is a command-line tool that can help diagnose why a Windows 10 update failed. SetupDiag works by searching Windows Setup log files. When searching log files, SetupDiag uses a set of rules to match known issues. In the current version of SetupDiag there are 53 rules contained in the rules.xml file, which is extracted when SetupDiag is run. The rules.xml file will be updated as new versions of SetupDiag are made available. 
 
 ### Reserved storage
 
-[**Reserved storage**](https://techcommunity.microsoft.com/t5/Storage-at-Microsoft/Windows-10-and-reserved-storage/ba-p/428327): Reserved storage sets aside disk space to be used by updates, apps, temporary files, and system caches. It improves the day-to-day function of your PC by ensuring critical OS functions always have access to disk space.  Reserved storage will be enabled automatically on new PCs with Windows 10, version 1903 pre-installed, and for clean installs.  It will not be enabled when updating from a previous version of Windows 10. 
+[**Reserved storage**](https://techcommunity.microsoft.com/t5/Storage-at-Microsoft/Windows-10-and-reserved-storage/ba-p/428327): Reserved storage sets aside disk space to be used by updates, apps, temporary files, and system caches. It improves the day-to-day function of your PC by ensuring critical OS functions always have access to disk space.  Reserved storage will be enabled automatically on new PCs with Windows 10, version 1903 or later pre-installed, and for clean installs.  It will not be enabled when updating from a previous version of Windows 10. 
 
 ## Servicing
 
@@ -102,7 +94,7 @@ The draft release of the [security configuration baseline settings](/archive/blo
 
 - [Windows Defender Application Guard](/windows/security/threat-protection/windows-defender-application-guard/wd-app-guard-overview) enhancements: 
   - Standalone users can install and configure their Windows Defender Application Guard settings without needing to change Registry key settings. Enterprise users can check their settings to see what their administrators have configured for their machines to better understand the behavior.
-  - WDAG is now an extension in Google Chrome and Mozilla Firefox. Many users are in a hybrid browser environment, and would like to extend WDAG’s browser isolation technology beyond Microsoft Edge. In the latest release, users can install the WDAG extension in their Chrome or Firefox browsers. This extension will redirect untrusted navigations to the WDAG Edge browser. There is also a companion app to enable this feature in the Microsoft Store. Users can quickly launch WDAG from their desktop using this app. This feature is also available in Windows 10, version 1803 or later with the latest updates.
+  - WDAG is now an extension in Google Chrome and Mozilla Firefox. Many users are in a hybrid browser environment, and would like to extend WDAG’s browser isolation technology beyond Microsoft Edge. In the latest release, users can install the WDAG extension in their Chrome or Firefox browsers. This extension will redirect untrusted navigation to the WDAG Edge browser. There is also a companion app to enable this feature in the Microsoft Store. Users can quickly launch WDAG from their desktop using this app. This feature is also available in Windows 10, version 1803 or later with the latest updates.
 
     To try this extension: 
     1. Configure WDAG policies on your device.
diff --git a/windows/whats-new/whats-new-windows-10-version-21H2.md b/windows/whats-new/whats-new-windows-10-version-21H2.md
new file mode 100644
index 0000000000..af508674f5
--- /dev/null
+++ b/windows/whats-new/whats-new-windows-10-version-21H2.md
@@ -0,0 +1,78 @@
+---
+title: What's new in Windows 10, version 21H2 for IT pros
+description: Learn more about what's new in Windows 10 version 21H2, including servicing updates, Windows Subsystem for Linux, the latest CSPs, and more.
+ms.reviewer: 
+manager: dougeby
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: mobile
+ms.author: mandia
+author: MandiOhlinger
+ms.localizationpriority: medium
+ms.topic: article
+---
+
+# What's new in Windows 10, version 21H2
+
+**Applies to**:
+
+- Windows 10, version 21H2
+
+Windows 10, version 21H2 is the next feature update. This article lists the new and updated features IT Pros should know. Windows 10, version 21H2 is also known as the Windows 10 November 2021 Update. It includes all features and fixes in previous cumulative updates to Windows 10, version 21H1.
+
+Windows 10, version 21H2 is an [H2-targeted release](/lifecycle/faq/windows#what-is-the-servicing-timeline-for-a-version--feature-update--of-windows-10-), and has the following servicing schedule:
+
+- **Windows 10 Professional**: Serviced for 18 months from the release date.
+- **Windows 10 Enterprise**: Serviced for 30 months from the release date.
+
+Windows 10, version 21H2 is available through Windows Server Update Services (including Configuration Manager), Windows Update for Business, and the Volume Licensing Service Center (VLSC). For more information, see [How to get the Windows 10 November 2021 Update](https://blogs.windows.com/windowsexperience/2021/11/16/how-to-get-the-windows-10-november-2021-update/) and [IT tools to support Windows 10, version 21H2 blog](https://aka.ms/tools-for-21h2).
+
+Devices running Windows 10, versions 2004, 20H2, and 21H1 can update quickly to version 21H2 using an enablement package. For more information, see [Feature Update through Windows 10, version 21H2 Enablement Package](https://support.microsoft.com/help/5003791).
+
+To learn more about the status of the November 2021 Update rollout, known issues, and new information, see [Windows release health](/windows/release-health/).
+
+## Updates and servicing
+
+Windows 10, version 21H2 feature updates are installed annually using the General Availability Channel. Previous feature updates were installed using the Semi-Annual Channel. For more information on this change, see the [How to get the Windows 10 November 2021 Update](https://blogs.windows.com/windowsexperience/?p=176473).
+
+Quality updates are still installed monthly on patch Tuesday.
+
+For more information, see:
+
+- [Feature and quality update definitions](/windows/deployment/update/waas-quick-start#definitions)
+- [Windows servicing channels](/windows/deployment/update/waas-overview#servicing-channels)
+
+## GPU compute support for the Windows Subsystem for Linux
+
+Starting with Windows 10 version 21H2, the Windows Subsystem for Linux has full graphics processing unit (GPU) compute support. It was available to Windows Insiders, and is now available to everyone. The Linux binaries can use your Windows GPU, and run different workloads, including artificial intelligence (AI) and machine learning (ML) development workflows.
+
+For more information, and what GPU compute support means for you, see the [GPU accelerated ML training inside the Windows Subsystem for Linux blog post](https://blogs.windows.com/windowsdeveloper/2020/06/17/gpu-accelerated-ml-training-inside-the-windows-subsystem-for-linux/).
+
+## Get the latest CSPs
+
+The [KB5005101  September 1, 2021 update](https://support.microsoft.com/topic/september-1-2021-kb5005101-os-builds-19041-1202-19042-1202-and-19043-1202-preview-82a50f27-a56f-4212-96ce-1554e8058dc1) includes about 1400 CSPs that were made available to MDM providers.
+
+These CSPs are built in to Windows 10, version 21H2. These settings are available in Endpoint Manager in the [Settings Catalog](/mem/intune/configuration/settings-catalog). [Group Policy analytics](/mem/intune/configuration/group-policy-analytics) also includes these GPOs in its analysis.
+
+For more information on the CSPs, see the [Configuration service provider reference](/windows/client-management/mdm/configuration-service-provider-reference).
+
+## Apps appear local with Azure Virtual Desktop
+
+Azure virtual desktop is a Windows client OS hosted in the cloud, and runs virtual apps. You use the cloud to deliver virtual apps in real time, and as-needed. Users use the apps as if they're installed locally.
+
+You can create Azure virtual desktops that run Windows 10 version 21H2.
+
+For more information, see:
+
+- [What is Azure Virtual Desktop?](/azure/virtual-desktop/overview)
+- [What's new in Azure Virtual Desktop?](/azure/virtual-desktop/whats-new)
+- [Set up MSIX app attach with the Azure portal](/azure/virtual-desktop/app-attach-azure-portal)
+
+## Wi-Fi 6E support
+
+Also known as 802.11ax, Wi-Fi 6E support is built in to Windows 10, version 21H2. Wi-Fi 6E has new channel frequencies that are dedicated to 6E devices, and is more performant for apps that use more bandwidth.
+
+## Related articles
+
+- [Release notes for Microsoft Edge Stable Channel](/deployedge/microsoft-edge-relnote-stable-channel)
diff --git a/windows/whats-new/windows-11-whats-new.md b/windows/whats-new/windows-11-whats-new.md
index 4eafe42218..af406cd7e7 100644
--- a/windows/whats-new/windows-11-whats-new.md
+++ b/windows/whats-new/windows-11-whats-new.md
@@ -149,7 +149,7 @@ For more information on the security features you can configure, manage, and enf
 
 - Your Windows 10 apps will also work on Windows 11. **[App Assure](https://www.microsoft.com/fasttrack/microsoft-365/app-assure)** is also available if there are some issues.
 
-  You can continue to use **MSIX packages** for your UWP, Win32, WPF, and WinForm desktop application files. Continue to use **Windows Package Manager** to install Windows apps. Use **Azure Virtual desktop with MSIX app attach** to virtualize desktops and apps. For more information on these features, see [Overview of apps on Windows client devices](/windows/application-management/apps-in-windows-10).
+  You can continue to use **MSIX packages** for your UWP, Win32, WPF, and WinForm desktop application files. Continue to use **Windows Package Manager** to install Windows apps. You can create **Azure virtual desktops** that run Windows 11. Use **Azure Virtual desktop with MSIX app attach** to virtualize desktops and apps. For more information on these features, see [Overview of apps on Windows client devices](/windows/application-management/apps-in-windows-10).
 
   In the **Settings** app > **Apps**, users can manage some of the app settings. For example, they can get apps anywhere, but let the user know if there's a comparable app in the Microsoft Store. They can also choose which apps start when they sign in.