From cfa97c0011078c0f673d1025762e8f329002e6f5 Mon Sep 17 00:00:00 2001
From: Kelly Baker <v-kbaker@microsoft.com>
Date: Mon, 3 Aug 2020 08:21:11 -0700
Subject: [PATCH 01/69] Edit pass: provisioning-create-package

Changes coming, do not review/merge yet.
---
 .../provisioning-packages/provisioning-create-package.md    | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/configuration/provisioning-packages/provisioning-create-package.md b/windows/configuration/provisioning-packages/provisioning-create-package.md
index 035bdf4010..3c75f63d1f 100644
--- a/windows/configuration/provisioning-packages/provisioning-create-package.md
+++ b/windows/configuration/provisioning-packages/provisioning-create-package.md
@@ -21,12 +21,12 @@ manager: dansimp
 -   Windows 10
 -   Windows 10 Mobile
 
-You use Windows Configuration Designer to create a provisioning package (.ppkg) that contains customization settings. You can apply the provisioning package to a device running Windows 10 or Windows 10 Mobile. 
+You can use Windows Configuration Designer to create a provisioning package (.ppkg) that contains customization settings, and then apply the provisioning package to a device running Windows 10 or Windows 10 Mobile. 
 
 >[Learn how to install Windows Configuration Designer.](provisioning-install-icd.md)
 
->[!TIP]
->We recommend creating a local admin account when developing and testing your provisioning package. We also recommend using a “least privileged” domain user account to join devices to the Active Directory domain.
+> [!TIP]
+> We recommend creating a local admin account when developing and testing your provisioning package. We also recommend using a “least privileged” domain user account to join devices to the Active Directory domain.
 
 ## Start a new project
 

From a75c6ecfffa08ea71fe6c5ddfb10ff6a4267ad4d Mon Sep 17 00:00:00 2001
From: Adam Gross <github@grosshome.com>
Date: Wed, 5 Aug 2020 10:36:42 -0500
Subject: [PATCH 02/69] Updated several app names that have changed

I have updated the names of several apps. Can someone also update this list for Windows 10 2004?
---
 .../application-management/apps-in-windows-10.md   | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/windows/application-management/apps-in-windows-10.md b/windows/application-management/apps-in-windows-10.md
index c27ad32063..9d150d9583 100644
--- a/windows/application-management/apps-in-windows-10.md
+++ b/windows/application-management/apps-in-windows-10.md
@@ -51,13 +51,13 @@ Here are the provisioned Windows apps in Windows 10 versions 1803, 1809, 1903, a
 | Microsoft.HEIFImageExtension                 | [HEIF Image Extensions](ms-windows-store://pdp/?PFN=Microsoft.HEIFImageExtension_8wekyb3d8bbwe)                    |      |   x  |   x  |   x  |           No          |
 | Microsoft.Messaging                          | [Microsoft Messaging](ms-windows-store://pdp/?PFN=Microsoft.Messaging_8wekyb3d8bbwe)                               |   x  |   x  |   x  |   x  |           No          |
 | Microsoft.Microsoft3DViewer                  | [Mixed Reality Viewer](ms-windows-store://pdp/?PFN=Microsoft.Microsoft3DViewer_8wekyb3d8bbwe)                      |   x  |   x  |   x  |   x  |           No          |
-| Microsoft.MicrosoftOfficeHub                 | [My Office](ms-windows-store://pdp/?PFN=Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe)                                |   x  |   x  |   x  |   x  |          Yes          |
+| Microsoft.MicrosoftOfficeHub                 | [Office](ms-windows-store://pdp/?PFN=Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe)                                |   x  |   x  |   x  |   x  |          Yes          |
 | Microsoft.MicrosoftSolitaireCollection       | [Microsoft Solitaire Collection](ms-windows-store://pdp/?PFN=Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe) |   x  |   x  |   x  |   x  |          Yes          |
 | Microsoft.MicrosoftStickyNotes               | [Microsoft Sticky Notes](ms-windows-store://pdp/?PFN=Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe)                 |   x  |   x  |   x  |   x  |           No          |
 | Microsoft.MixedReality.Portal                | [Mixed Reality Portal](ms-windows-store://pdp/?PFN=Microsoft.MixedReality.Portal_8wekyb3d8bbwe)                    |      |   x  |   x  |   x  |           No          |
 | Microsoft.MSPaint                            | [Paint 3D](ms-windows-store://pdp/?PFN=Microsoft.MSPaint_8wekyb3d8bbwe)                                            |   x  |   x  |   x  |   x  |           No          |
-| Microsoft.Office.OneNote                     | [OneNote](ms-windows-store://pdp/?PFN=Microsoft.Office.OneNote_8wekyb3d8bbwe)                                      |   x  |   x  |   x  |   x  |          Yes          |
-| Microsoft.OneConnect                         | [Paid Wi-Fi & Cellular](ms-windows-store://pdp/?PFN=Microsoft.OneConnect_8wekyb3d8bbwe)                            |   x  |   x  |   x  |   x  |           No          |
+| Microsoft.Office.OneNote                     | [OneNote for Windows 10](ms-windows-store://pdp/?PFN=Microsoft.Office.OneNote_8wekyb3d8bbwe)                                      |   x  |   x  |   x  |   x  |          Yes          |
+| Microsoft.OneConnect                         | [Mobile Plans](ms-windows-store://pdp/?PFN=Microsoft.OneConnect_8wekyb3d8bbwe)                            |   x  |   x  |   x  |   x  |           No          |
 | Microsoft.Outlook.DesktopIntegrationServices |                                                                                                                    |      |      |      |   x  |                       |
 | Microsoft.People                             | [Microsoft People](ms-windows-store://pdp/?PFN=Microsoft.People_8wekyb3d8bbwe)                                     |   x  |   x  |   x  |   x  |           No          |
 | Microsoft.Print3D                            | [Print 3D](ms-windows-store://pdp/?PFN=Microsoft.Print3D_8wekyb3d8bbwe)                                            |   x  |   x  |   x  |   x  |           No          |
@@ -77,10 +77,10 @@ Here are the provisioned Windows apps in Windows 10 versions 1803, 1809, 1903, a
 | Microsoft.WindowsMaps                        | [Windows Maps](ms-windows-store://pdp/?PFN=Microsoft.WindowsMaps_8wekyb3d8bbwe)                                    |   x  |   x  |   x  |   x  |           No          |
 | Microsoft.WindowsSoundRecorder               | [Windows Voice Recorder](ms-windows-store://pdp/?PFN=Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe)                 |   x  |   x  |   x  |   x  |           No          |
 | Microsoft.WindowsStore                       | [Microsoft Store](ms-windows-store://pdp/?PFN=Microsoft.WindowsStore_8wekyb3d8bbwe)                                |   x  |   x  |   x  |   x  |           No          |
-| Microsoft.Xbox.TCUI                          | [Xbox TCUI](ms-windows-store://pdp/?PFN=Microsoft.Xbox.TCUI_8wekyb3d8bbwe)                                         |   x  |   x  |   x  |   x  |           No          |
-| Microsoft.XboxApp                            | [Xbox](ms-windows-store://pdp/?PFN=Microsoft.XboxApp_8wekyb3d8bbwe)                                                |   x  |   x  |   x  |   x  |           No          |
-| Microsoft.XboxGameOverlay                    | [Xbox Game Bar](ms-windows-store://pdp/?PFN=Microsoft.XboxGameOverlay_8wekyb3d8bbwe)                               |   x  |   x  |   x  |   x  |           No          |
-| Microsoft.XboxGamingOverlay                  | [Xbox Gaming Overlay](ms-windows-store://pdp/?PFN=Microsoft.XboxGamingOverlay_8wekyb3d8bbwe)                       |   x  |   x  |   x  |   x  |           No          |
+| Microsoft.Xbox.TCUI                          | [Xbox Live in-game experience](ms-windows-store://pdp/?PFN=Microsoft.Xbox.TCUI_8wekyb3d8bbwe)                                         |   x  |   x  |   x  |   x  |           No          |
+| Microsoft.XboxApp                            | [Xbox Console Companion](ms-windows-store://pdp/?PFN=Microsoft.XboxApp_8wekyb3d8bbwe)                                                |   x  |   x  |   x  |   x  |           No          |
+| Microsoft.XboxGameOverlay                    | [Xbox Game Bar Plugin](ms-windows-store://pdp/?PFN=Microsoft.XboxGameOverlay_8wekyb3d8bbwe)                               |   x  |   x  |   x  |   x  |           No          |
+| Microsoft.XboxGamingOverlay                  | [Xbox Game Bar](ms-windows-store://pdp/?PFN=Microsoft.XboxGamingOverlay_8wekyb3d8bbwe)                       |   x  |   x  |   x  |   x  |           No          |
 | Microsoft.XboxIdentityProvider               | [Xbox Identity Provider](ms-windows-store://pdp/?PFN=Microsoft.XboxIdentityProvider_8wekyb3d8bbwe)                 |   x  |   x  |   x  |   x  |           No          |
 | Microsoft.XboxSpeechToTextOverlay            |                                                                                                                    |   x  |   x  |   x  |   x  |           No          |
 | Microsoft.YourPhone                          | [Your Phone](ms-windows-store://pdp/?PFN=Microsoft.YourPhone_8wekyb3d8bbwe)                                        |      |   x  |   x  |   x  |           No          |

From e401b14fa5746aabd67000c2180a87ef70b3b772 Mon Sep 17 00:00:00 2001
From: Russ Rimmerman <russ.rimmerman@microsoft.com>
Date: Sat, 8 Aug 2020 19:56:12 -0500
Subject: [PATCH 03/69] Update
 open-the-group-policy-management-console-to-windows-firewall.md

This heading doesn't seem to make sense and it's lacking sufficient wording in the navigation pane
---
 ...e-group-policy-management-console-to-windows-firewall.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall.md b/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall.md
index bce220a506..134a6bb928 100644
--- a/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall.md
+++ b/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall.md
@@ -1,6 +1,6 @@
 ---
-title: Open a GPO to Windows Defender Firewall (Windows 10)
-description: Open the Group Policy Management Console to Windows Defender Firewall with Advanced Security
+title: Group Policy Management of Windows Defender Firewall (Windows 10)
+description: Group Policy Management of Windows Defender Firewall with Advanced Security
 ms.assetid: 5090b2c8-e038-4905-b238-19ecf8227760
 ms.reviewer: 
 ms.author: dansimp
@@ -17,7 +17,7 @@ ms.topic: conceptual
 ms.date: 04/02/2017
 ---
 
-# Open the Group Policy Management Console to Windows Defender Firewall
+# Group Policy Management of Windows Defender Firewall
 
 **Applies to**
 -   Windows 10

From 0556754e06163a59cb6327d134f90fa04f54ce34 Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Wed, 12 Aug 2020 09:39:45 +0500
Subject: [PATCH 04/69] Update bitlocker-to-go-faq.md

---
 .../information-protection/bitlocker/bitlocker-to-go-faq.md     | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/information-protection/bitlocker/bitlocker-to-go-faq.md b/windows/security/information-protection/bitlocker/bitlocker-to-go-faq.md
index e8bd11f12b..275443414a 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-to-go-faq.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-to-go-faq.md
@@ -24,7 +24,7 @@ ms.date: 07/10/2018
 
 ## What is BitLocker To Go?
 
-BitLocker To Go is BitLocker Drive Encryption on removable data drives. This includes the encryption of USB flash drives, SD cards, external hard disk drives, and other drives formatted by using the NTFS, FAT16, FAT32, or exFAT file systems. 
+BitLocker To Go is BitLocker Drive Encryption on removable data drives. This includes the encryption of USB flash drives, SD cards, external hard disk drives, and other drives formatted by using the NTFS, FAT16, FAT32, or exFAT file systems. Drive partitioning must meet the [BitLocker Drive Encryption Partitioning Requirements](https://docs.microsoft.com/windows-hardware/manufacture/desktop/bitlocker-drive-encryption#bitlocker-drive-encryption-partitioning-requirements).
 
 As with BitLocker, drives that are encrypted using BitLocker To Go can be opened with a password or smart card on another computer by using **BitLocker Drive Encryption** in Control Panel. 
 

From 6a3aabb8663ecefec0c988147f4beea056cd1ac4 Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Wed, 12 Aug 2020 17:13:42 +0500
Subject: [PATCH 05/69] Update
 network-access-restrict-clients-allowed-to-make-remote-sam-calls.md

---
 ...ccess-restrict-clients-allowed-to-make-remote-sam-calls.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/security-policy-settings/network-access-restrict-clients-allowed-to-make-remote-sam-calls.md b/windows/security/threat-protection/security-policy-settings/network-access-restrict-clients-allowed-to-make-remote-sam-calls.md
index f5a0e5c08f..ed9022b411 100644
--- a/windows/security/threat-protection/security-policy-settings/network-access-restrict-clients-allowed-to-make-remote-sam-calls.md
+++ b/windows/security/threat-protection/security-policy-settings/network-access-restrict-clients-allowed-to-make-remote-sam-calls.md
@@ -91,9 +91,9 @@ In other words, the hotfix in each KB article provides the necessary code and fu
 
 | |Default SDDL	|Translated SDDL| Comments
 |---|---|---|---|
-|Windows Server 2016 domain controller (reading Active Directory)|“”|-|Everyone has read permissions to preserve compatibility.|
+|Windows Server 2016 (or later) domain controller (reading Active Directory)|“”|-|Everyone has read permissions to preserve compatibility.|
 |Earlier domain controller |-|-|No access check is performed by default.|
-|Windows 10, version 1607 non-domain controller|O:SYG:SYD:(A;;RC;;;BA)| Owner: NTAUTHORITY/SYSTEM (WellKnownGroup) (S-1-5-18) <br>Primary group: NTAUTHORITY/SYSTEM (WellKnownGroup) (S-1-5-18) <br>DACL: <br>•	Revision: 0x02 <br>•	Size: 0x0020 <br>•	Ace Count: 0x001 <br>•	Ace[00]------------------------- <br> &nbsp;&nbsp;AceType:0x00 <br> &nbsp;&nbsp;(ACCESS\_ALLOWED_ACE_TYPE)<br> &nbsp;&nbsp;AceSize:0x0018 <br> &nbsp;&nbsp;InheritFlags:0x00 <br> &nbsp;&nbsp;Access Mask:0x00020000 <br> &nbsp;&nbsp;AceSid: BUILTIN\Administrators (Alias) (S-1-5-32-544) <br><br> &nbsp;&nbsp;SACL: Not present |Grants RC access (READ_CONTROL, also known as STANDARD_RIGHTS_READ) only to members of the local (built-in) Administrators group. |
+|Windows 10, version 1607 (or later) non-domain controller|O:SYG:SYD:(A;;RC;;;BA)| Owner: NTAUTHORITY/SYSTEM (WellKnownGroup) (S-1-5-18) <br>Primary group: NTAUTHORITY/SYSTEM (WellKnownGroup) (S-1-5-18) <br>DACL: <br>•	Revision: 0x02 <br>•	Size: 0x0020 <br>•	Ace Count: 0x001 <br>•	Ace[00]------------------------- <br> &nbsp;&nbsp;AceType:0x00 <br> &nbsp;&nbsp;(ACCESS\_ALLOWED_ACE_TYPE)<br> &nbsp;&nbsp;AceSize:0x0018 <br> &nbsp;&nbsp;InheritFlags:0x00 <br> &nbsp;&nbsp;Access Mask:0x00020000 <br> &nbsp;&nbsp;AceSid: BUILTIN\Administrators (Alias) (S-1-5-32-544) <br><br> &nbsp;&nbsp;SACL: Not present |Grants RC access (READ_CONTROL, also known as STANDARD_RIGHTS_READ) only to members of the local (built-in) Administrators group. |
 |Earlier non-domain controller |-|-|No access check is performed by default.|
 
 ## Policy management

From 69428242703c27f768b02fcd5b8845563324f56a Mon Sep 17 00:00:00 2001
From: Daniel Simpson <dansimp@microsoft.com>
Date: Wed, 12 Aug 2020 14:26:33 -0700
Subject: [PATCH 06/69] adding topic, started formatting

---
 .../troubleshooting-uwp-firewall.md           | 2074 +++++++++++++++++
 1 file changed, 2074 insertions(+)
 create mode 100644 windows/security/threat-protection/windows-firewall/troubleshooting-uwp-firewall.md

diff --git a/windows/security/threat-protection/windows-firewall/troubleshooting-uwp-firewall.md b/windows/security/threat-protection/windows-firewall/troubleshooting-uwp-firewall.md
new file mode 100644
index 0000000000..dbc2f8af22
--- /dev/null
+++ b/windows/security/threat-protection/windows-firewall/troubleshooting-uwp-firewall.md
@@ -0,0 +1,2074 @@
+---
+title: Troubleshooting UWP App Connectivity Issues in Windows Firewall
+description: Troubleshooting UWP App Connectivity Issues in Windows Firewall
+
+ms.reviewer: 
+ms.author: dansimp
+ms.prod: w10
+ms.sitesec: library
+ms.pagetype: security
+ms.localizationpriority: medium
+author: dansimp
+manager: dansimp
+ms.collection: M365-security-compliance
+ms.topic: troubleshooting
+---
+
+# Troubleshooting UWP App Connectivity Issues
+
+This document is intended to help network admins, support engineers, and developers to
+investigate UWP app network connectivity issues.
+
+# Introduction
+
+This document guides you through steps to debug different Universal Windows Platform (UWP) app network connectivity issues by providing practical case examples.
+
+UWP app network connectivity issues typically stem from one of the following causes:
+
+1. The UWP app was not permitted to receive loopback traffic (this must be configured as, by default, a UWP app is not allowed to receive loopback traffic).
+2. The UWP app is missing the proper capability tokens.
+3. The private range is configured incorrectly (i.e. set incorrectly through GP/MDM policies, etc.)
+
+To understand these causes more thoroughly, there are several concepts that should be reviewed.
+
+The traffic of network packets (e.g. what's permitted and what’s not) on Windows is ultimately determined by the Windows Filtering Platform (WFP). When a UWP app
+or the private range is configured incorrectly, it affects how the UWP app’s network traffic will be processed by WFP.
+
+When a packet is processed by WFP, the characteristics of that packet must explicitly match all the conditions of a filter to either be permitted or dropped to its target address. Connectivity issues typically happen when the packet does not match the filter conditions of any filters, leading the packet to be dropped by a default block filter. The presence of the default block
+filters ensures network isolation for UWP applications. Specifically, it guarantees a network drop for a packet that does not have the correct capabilities for the resource it is trying to reach, ensuring the application’s granular access to each resource type and preventing the application from “escaping” its environment.
+
+For more information on the filter arbitration algorithm and network isolation,
+please read [Filter
+Arbitration](https://docs.microsoft.com/en-us/windows/win32/fwp/filter-arbitration)
+and
+[Isolation](https://docs.microsoft.com/en-us/windows/win32/secauthz/appcontainer-isolation).
+
+The next sections will cover debugging case examples for loopback and
+non-loopback UWP app network connectivity issues.
+
+> [!NOTE] 
+> As improvements to debugging and diagnostics around the Windows Filtering Platform are made, the trace examples in this document may not exactly match the
+traces collected on an older Windows build.
+
+# Debugging UWP App Loopback scenarios
+
+If you have a scenario where you are establishing a TCP/IP connection between two processes on the same host where one of them is a UWP app, you must enable loopback.
+
+To enable loopback for client outbound connections, run the following in a command prompt:
+
+`CheckNetIsolation.exe LoopbackExempt -a -n=\<AppContainer or Package Family\>`
+
+To enable loopback for server inbound connections, please run the following in a
+command prompt:
+
+`CheckNetIsolation.exe LoopbackExempt -is -n=\<AppContainer or Package Family\>`
+
+You can ensure loopback is enabled by checking the appx manifests of both the
+sender and receiver.
+
+For more information about loopback scenarios, please read [Communicating with
+localhost
+(loopback)](https://docs.microsoft.com/en-us/windows/iot-core/develop-your-app/loopback)
+
+# Debugging Live Drops
+
+If the issue happened recently, but you find you are not able to reproduce the
+issue, go to Debugging Past Drops for the appropriate trace commands.
+
+If you can consistently reproduce the issue, then you can run the following in
+an admin command prompt to gather a fresh trace:
+
+```
+Netsh wfp capture start keywords=19
+\<Run UWP app\>
+Netsh wfp capture stop
+```
+
+The above commands will generate a wfpdiag.cab. Inside the .cab exists a
+wfpdiag.xml, which contains any allow or drop netEvents and filters that existed
+during that repro. Without “keywords=19”, the trace will only collect drop
+netEvents.
+
+Inside the wfpdiag.xml, search for netEvents which have
+FWPM_NET_EVENT_TYPE_CLASSIFY_DROP as the netEvent type. To find the relevant
+drop events, search for the drop events with matching destination IP address,
+package SID, or application ID name. The characters in the application ID name
+will be separated by periods:
+```
+(ex) 					
+
+\<asString\>
+
+\\.d.e.v.i.c.e.\\.h.a.r.d.d.i.s.k.v.o.l.u.m.e.1.\\.w.i.n.d.o.w.s.\\.s.y.s.t.e.m.3.2.\\.s.v.c.h.o.s.t...e.x.e...
+
+\</asString\>
+```
+The netEvent will have more information about the packet that was dropped
+including information about its capabilities, the filter that dropped the
+packet, and much more.
+
+## Case 1: UWP app connects to Internet target address with all capabilities
+
+In this example, the UWP app successfully connects to bing.com
+[2620:1ec:c11::200].
+
+A packet from a UWP app needs the correct networking capability token for the
+resource it is trying to reach.
+
+In this scenario, the app could successfully send a packet to the Internet
+target because it had an Internet capability token.
+
+The following shows the allow netEvent of the app connecting to the target IP.
+The netEvent contains information about the packet including its local address,
+remote address, capabilities, etc.
+
+```**Classify Allow netEvent, Wfpdiag-Case-1.xml**
+
+\<netEvent\>
+\<header\>
+>   \<timeStamp\>2020-05-21T17:25:59.070Z\</timeStamp\>
+>   \<flags numItems="9"\>
+>   \<item\>FWPM_NET_EVENT_FLAG_IP_PROTOCOL_SET\</item\>
+>   \<item\>FWPM_NET_EVENT_FLAG_LOCAL_ADDR_SET\</item\>
+>   \<item\>FWPM_NET_EVENT_FLAG_REMOTE_ADDR_SET\</item\>
+>   \<item\>FWPM_NET_EVENT_FLAG_LOCAL_PORT_SET\</item\>
+>   \<item\>FWPM_NET_EVENT_FLAG_REMOTE_PORT_SET\</item\>
+>   \<item\>FWPM_NET_EVENT_FLAG_APP_ID_SET\</item\>
+>   \<item\>FWPM_NET_EVENT_FLAG_USER_ID_SET\</item\>	
+>   \<item\>FWPM_NET_EVENT_FLAG_IP_VERSION_SET\</item\>
+>   \<item\>FWPM_NET_EVENT_FLAG_PACKAGE_ID_SET\</item\>
+>   \</flags\>
+>   \<ipVersion\>FWP_IP_VERSION_V6\</ipVersion\>
+>   \<ipProtocol\>6\</ipProtocol\>				
+>   \<localAddrV6.byteArray16\>2001:4898:30:3:256c:e5ba:12f3:beb1\</localAddrV6.byteArray16\>	\<remoteAddrV6.byteArray16\>2620:1ec:c11::200\</remoteAddrV6.byteArray16\>
+\<localPort\>52127\</localPort\>
+\<remotePort\>443\</remotePort\>
+\<scopeId\>0\</scopeId\>
+\<appId\>				
+>   \<data\>5c006400650076006900630065005c0068006100720064006400690073006b0076006f006c0075006d00650031005c00700072006f006700720061006d002000660069006c00650073005c00770069006e0064006f007700730061007000700073005c00610066003600390032006200660066002d0036003700370039002d0034003200340066002d0038003700300065002d006600360065003500390063003500300032003300340039005f0031002e0031002e00310030002e0030005f007800360034005f005f00350063003000330037006a0061007200350038003300390072005c0075007700700073006f0063006b006500740063006c00690065006e0074002e006500780065000000\</data\>
+>   \<asString\>\\.d.e.v.i.c.e.\\.h.a.r.d.d.i.s.k.v.o.l.u.m.e.1.\\.p.r.o.g.r.a.m.
+>   .f.i.l.e.s.\\.w.i.n.d.o.w.s.a.p.p.s.\\.a.f.6.9.2.b.f.f.-.6.7.7.9.-.4.2.4.f.-.8.7.0.e.-.f.6.e.5.9.c.5.0.2.3.4.9._.1...1...1.0...0._.x.6.4._._.5.c.0.3.7.j.a.r.5.8.3.9.r.\\.u.w.p.s.o.c.k.e.t.c.l.i.e.n.t...e.x.e...\</asString\>
+\</appId\>
+\<userId\>S-1-5-21-2993214446-1947230185-131795049-1000\</userId\>
+\<addressFamily\>FWP_AF_INET6\</addressFamily\>
+\<packageSid\>S-1-15-2-4163697451-3176919390-1155390458-2883473650-3020241727-522149888-4067122936\</packageSid\>
+\<enterpriseId/\>
+\<policyFlags\>0\</policyFlags\>
+\<effectiveName/\>
+\</header\>
+\<type\>FWPM_NET_EVENT_TYPE_CLASSIFY_ALLOW\</type\>
+\<classifyAllow\>
+>   \<filterId\>125918\</filterId\>
+>   \<layerId\>50\</layerId\>
+>   \<reauthReason\>0\</reauthReason\>
+>   \<originalProfile\>1\</originalProfile\>
+>   \<currentProfile\>1\</currentProfile\>
+\</classifyAllow\>
+\<internalFields\>
+\<internalFlags/\>
+\<remoteAddrBitmap\>0000000000000000\</remoteAddrBitmap\>
+\<capabilities numItems="3"\>				
+>   \<item\>FWP_CAPABILITIES_FLAG_INTERNET_CLIENT\</item\>			\<item\>FWP_CAPABILITIES_FLAG_INTERNET_CLIENT_SERVER\</item\>
+>   \<item\>FWP_CAPABILITIES_FLAG_PRIVATE_NETWORK\</item\>
+\</capabilities\>
+\<fqbnVersion\>0\</fqbnVersion\>
+\<fqbnName/\>
+\<terminatingFiltersInfo numItems="2"\>
+>   \<item\>
+		\<filterId\>125918\</filterId\>					
+>   \<subLayer\>FWPP_SUBLAYER_INTERNAL_FIREWALL_WSH\</subLayer\>
+		\<actionType\>FWP_ACTION_PERMIT\</actionType\>
+>   \</item\>
+>   \<item\>
+		\<filterId\>121167\</filterId\>
+		\<subLayer\>FWPP_SUBLAYER_INTERNAL_FIREWALL_WF\</subLayer\>
+		\<actionType\>FWP_ACTION_PERMIT\</actionType\>
+    \</item\>
+\</terminatingFiltersInfo\>
+\</internalFields\>
+\</netEvent\>
+```
+
+The following is the filter that permitted the packet to be sent to the target
+address according to the terminatingFiltersInfo in the netEvent. This packet was
+allowed by Filter \#125918 which is from the InternetClient Default Rule.
+
+**InternetClient Default Rule Filter \#125918, Wfpdiag-Case-1.xml**
+```
+\<item\>
+
+>   \<filterKey\>{3389708e-f7ae-4ebc-a61a-f659065ab24e}\</filterKey\>
+
+>   \<displayData\>
+
+>   \<name\>InternetClient Default Rule\</name\>
+
+>   \<description\>InternetClient Default Rule\</description\>
+
+>   \</displayData\>
+
+>   \<flags/\>
+
+>   \<providerKey\>FWPM_PROVIDER_MPSSVC_WSH\</providerKey\>
+
+>   \<providerData\>
+
+>   \<data\>ad2b000000000000\</data\>
+
+>   \<asString\>.+......\</asString\>
+
+>   \</providerData\>
+
+>   \<layerKey\>FWPM_LAYER_ALE_AUTH_CONNECT_V6\</layerKey\>
+
+>   \<subLayerKey\>FWPM_SUBLAYER_MPSSVC_WSH\</subLayerKey\>
+
+>   \<weight\>
+
+>   \<type\>FWP_EMPTY\</type\>
+
+>   \</weight\>
+
+>   \<filterCondition numItems="5"\>
+
+>   \<item\>
+
+>   \<fieldKey\>FWPM_CONDITION_ALE_PACKAGE_ID\</fieldKey\>
+
+>   \<matchType\>FWP_MATCH_NOT_EQUAL\</matchType\>
+
+>   \<conditionValue\>
+
+>   \<type\>FWP_SID\</type\>
+
+>   \<sid\>S-1-0-0\</sid\>
+
+>   \</conditionValue\>
+
+>   \</item\>
+
+>   \<item\>
+
+>   \<fieldKey\>FWPM_CONDITION_IP_REMOTE_ADDRESS\</fieldKey\>
+
+>   \<matchType\>FWP_MATCH_RANGE\</matchType\>
+
+>   \<conditionValue\>
+
+>   \<type\>FWP_RANGE_TYPE\</type\>
+
+>   \<rangeValue\>
+
+>   \<valueLow\>
+
+>   \<type\>FWP_BYTE_ARRAY16_TYPE\</type\>
+
+>   \<byteArray16\>::\</byteArray16\>
+
+>   \</valueLow\>
+
+>   \<valueHigh\>
+
+>   \<type\>FWP_BYTE_ARRAY16_TYPE\</type\>
+
+>   \<byteArray16\>ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff\</byteArray16\>
+
+>   \</valueHigh\>
+
+>   \</rangeValue\>
+
+>   \</conditionValue\>
+
+>   \</item\>
+
+>   \<item\>
+
+>   \<fieldKey\>FWPM_CONDITION_ORIGINAL_PROFILE_ID\</fieldKey\>
+
+>   \<matchType\>FWP_MATCH_EQUAL\</matchType\>
+
+>   \<conditionValue\>
+
+>   \<type\>FWP_UINT32\</type\>
+
+>   \<uint32\>1\</uint32\>
+
+>   \</conditionValue\>
+
+>   \</item\>
+
+>   \<item\>
+
+>   \<fieldKey\>FWPM_CONDITION_CURRENT_PROFILE_ID\</fieldKey\>
+
+>   \<matchType\>FWP_MATCH_EQUAL\</matchType\>
+
+>   \<conditionValue\>
+
+>   \<type\>FWP_UINT32\</type\>
+
+>   \<uint32\>1\</uint32\>
+
+>   \</conditionValue\>
+
+>   \</item\>
+
+>   \<item\>
+
+>   \<fieldKey\>FWPM_CONDITION_ALE_USER_ID\</fieldKey\>
+
+>   \<matchType\>FWP_MATCH_EQUAL\</matchType\>
+
+>   \<conditionValue\>
+
+>   \<type\>FWP_SECURITY_DESCRIPTOR_TYPE\</type\>
+
+>   \<sd\>O:LSD:(A;;CC;;;S-1-15-3-1)(A;;CC;;;WD)(A;;CC;;;AN)\</sd\>
+
+>   \</conditionValue\>
+
+>   \</item\>
+
+>   \</filterCondition\>
+
+>   \<action\>
+
+>   \<type\>FWP_ACTION_PERMIT\</type\>
+
+>   \<filterType/\>
+
+>   \</action\>
+
+>   \<rawContext\>0\</rawContext\>
+
+>   \<reserved/\>
+
+>   \<filterId\>125918\</filterId\>
+
+>   \<effectiveWeight\>
+
+>   \<type\>FWP_UINT64\</type\>
+
+>   \<uint64\>103079219136\</uint64\>
+
+>   \</effectiveWeight\>
+
+\</item\>
+```
+One condition is
+
+**Capabilities Condition in Filter \#125918, Wfpdiag-Case-1.xml**
+```
+\<item\>
+
+>   \<fieldKey\>FWPM_CONDITION_ALE_USER_ID\</fieldKey\>
+
+>   \<matchType\>FWP_MATCH_EQUAL\</matchType\>
+
+>   \<conditionValue\>
+
+>   \<type\>FWP_SECURITY_DESCRIPTOR_TYPE\</type\>
+
+>   \<sd\>O:LSD:(A;;CC;;;S-1-15-3-1)(A;;CC;;;WD)(A;;CC;;;AN)\</sd\>
+
+>   \</conditionValue\>
+
+\</item\>
+```
+which is the condition for checking capabilities in this filter.
+
+The important part of this condition is S-1-15-3-1, which is the capability SID
+for INTERNET_CLIENT privileges.
+
+From the netEvent’s capabilities section,
+```
+Capabilities from netEvent, Wfpdiag-Case-1.xml
+
+\<capabilities numItems="3"\>				
+
+>   **\<item\>FWP_CAPABILITIES_FLAG_INTERNET_CLIENT\</item\>**			\<item\>FWP_CAPABILITIES_FLAG_INTERNET_CLIENT_SERVER\</item\>
+
+\<item\>FWP_CAPABILITIES_FLAG_PRIVATE_NETWORK\</item\>
+
+\</capabilities\>
+```
+it shows the packet came from an app with an Internet client token
+(FWP_CAPABILITIES_FLAG_INTERNET_CLIENT) which matches the capability SID in the
+filter. All the other conditions are also met for the filter, so the packet is
+allowed.
+
+Something to note is that the only capability token required for the packet to
+reach bing.com was the Internet client token, even though this example showed
+the packet having all capabilities.
+
+## Case 2: UWP APP cannot reach Internet target address and has no capabilities
+
+In this example, the UWP app is unable to connect to bing.com
+[2620:1ec:c11::200].
+
+The following is a drop netEvent that was captured in the traces during this
+repro.
+
+**Classify Drop netEvent, Wfpdiag-Case-2.xml**
+```
+\<netEvent\>
+\<header\>
+\<timeStamp\>2020-03-30T23:53:09.720Z\</timeStamp\>
+\<flags numItems="9"\>
+\<item\>FWPM_NET_EVENT_FLAG_IP_PROTOCOL_SET\</item\>
+\<item\>FWPM_NET_EVENT_FLAG_LOCAL_ADDR_SET\</item\>
+\<item\>FWPM_NET_EVENT_FLAG_REMOTE_ADDR_SET\</item\>
+\<item\>FWPM_NET_EVENT_FLAG_LOCAL_PORT_SET\</item\>
+\<item\>FWPM_NET_EVENT_FLAG_REMOTE_PORT_SET\</item\>
+\<item\>FWPM_NET_EVENT_FLAG_APP_ID_SET\</item\>
+\<item\>FWPM_NET_EVENT_FLAG_USER_ID_SET\</item\>
+\<item\>FWPM_NET_EVENT_FLAG_IP_VERSION_SET\</item\>
+\<item\>FWPM_NET_EVENT_FLAG_PACKAGE_ID_SET\</item\>
+\</flags\>
+\<ipVersion\>FWP_IP_VERSION_V6\</ipVersion\>
+\<ipProtocol\>6\</ipProtocol\>
+\<localAddrV6.byteArray16\>2001:4898:1a:1045:8469:3351:e6e2:543\</localAddrV6.byteArray16\>
+\<remoteAddrV6.byteArray16\>2620:1ec:c11::200\</remoteAddrV6.byteArray16\>
+\<localPort\>63187\</localPort\>
+\<remotePort\>443\</remotePort\>
+\<scopeId\>0\</scopeId\>
+\<appId\>
+\<data\>5c006400650076006900630065005c0068006100720064006400690073006b0076006f006c0075006d00650031005c00700072006f006700720061006d002000660069006c00650073005c00770069006e0064006f007700730061007000700073005c00610066003600390032006200660066002d0036003700370039002d0034003200340066002d0038003700300065002d006600360065003500390063003500300032003300340039005f0031002e0031002e0034002e0030005f007800360034005f005f00350063003000330037006a0061007200350038003300390072005c0075007700700073006f0063006b006500740063006c00690065006e0074002e006500780065000000\</data\>
+\<asString\>\\.d.e.v.i.c.e.\\.h.a.r.d.d.i.s.k.v.o.l.u.m.e.1.\\.p.r.o.g.r.a.m.
+.f.i.l.e.s.\\.w.i.n.d.o.w.s.a.p.p.s.\\.a.f.6.9.2.b.f.f.-.6.7.7.9.-.4.2.4.f.-.8.7.0.e.-.f.6.e.5.9.c.5.0.2.3.4.9._.1...1...4...0._.x.6.4._._.5.c.0.3.7.j.a.r.5.8.3.9.r.\\.u.w.p.s.o.c.k.e.t.c.l.i.e.n.t...e.x.e...\</asString\>
+\</appId\>
+\<userId\>S-1-5-21-2788718703-1626973220-3690764900-1000\</userId\>
+\<addressFamily\>FWP_AF_INET6\</addressFamily\>
+\<packageSid\>S-1-15-2-4163697451-3176919390-1155390458-2883473650-3020241727-522149888-4067122936\</packageSid\>
+\<enterpriseId/\>
+\<policyFlags\>0\</policyFlags\>
+\<effectiveName/\>
+\</header\>
+\<type\>FWPM_NET_EVENT_TYPE_CLASSIFY_DROP\</type\>
+\<classifyDrop\>
+\<filterId\>68893\</filterId\>
+\<layerId\>50\</layerId\>
+\<reauthReason\>0\</reauthReason\>
+\<originalProfile\>1\</originalProfile\>
+\<currentProfile\>1\</currentProfile\>
+\<msFwpDirection\>MS_FWP_DIRECTION_OUT\</msFwpDirection\>
+\<isLoopback\>false\</isLoopback\>
+\<vSwitchId/\>
+\<vSwitchSourcePort\>0\</vSwitchSourcePort\>
+\<vSwitchDestinationPort\>0\</vSwitchDestinationPort\>
+\</classifyDrop\>
+\<internalFields\>
+\<internalFlags/\>
+\<remoteAddrBitmap\>0000000000000000\</remoteAddrBitmap\>
+\<capabilities/\>
+\<fqbnVersion\>0\</fqbnVersion\>
+\<fqbnName/\>
+\<terminatingFiltersInfo numItems="2"\>
+\<item\>
+\<filterId\>68893\</filterId\>
+\<subLayer\>FWPP_SUBLAYER_INTERNAL_FIREWALL_WSH\</subLayer\>
+\<actionType\>FWP_ACTION_BLOCK\</actionType\>
+\</item\>
+\<item\>
+\<filterId\>68879\</filterId\>
+\<subLayer\>FWPP_SUBLAYER_INTERNAL_FIREWALL_WF\</subLayer\>
+\<actionType\>FWP_ACTION_PERMIT\</actionType\>
+\</item\>
+\</terminatingFiltersInfo\>
+\</internalFields\>
+\</netEvent\>
+```
+The first thing that should be checked in the netEvent is the capabilities
+field\*. In this example, the capabilities field is empty, indicating that the
+UWP app was not configured with any capability tokens to allow it to connect to
+a network.
+
+**Internal Fields from netEvent, Wfpdiag-Case-2.xml**
+```
+\<internalFields\>
+\<internalFlags/\>
+\<remoteAddrBitmap\>0000000000000000\</remoteAddrBitmap\>
+**\<capabilities/\>**
+\<fqbnVersion\>0\</fqbnVersion\>
+\<fqbnName/\>
+\<terminatingFiltersInfo numItems="2"\>
+\<item\>
+\<filterId\>68893\</filterId\>
+\<subLayer\>FWPP_SUBLAYER_INTERNAL_FIREWALL_WSH\</subLayer\>
+\<actionType\>FWP_ACTION_BLOCK\</actionType\>
+\</item\>
+\<item\>
+\<filterId\>68879\</filterId\>
+\<subLayer\>FWPP_SUBLAYER_INTERNAL_FIREWALL_WF\</subLayer\>
+\<actionType\>FWP_ACTION_PERMIT\</actionType\>
+\</item\>
+\</terminatingFiltersInfo\>
+\</internalFields\>
+```
+The netEvent also gives us information about the filter that explicitly dropped
+this packet, like the FilterId, listed under classify drop
+
+**Classify Drop from netEvent, Wfpdiag-Case-2.xml**
+```
+\<classifyDrop\>
+**\<filterId\>68893\</filterId\>**
+\<layerId\>50\</layerId\>
+\<reauthReason\>0\</reauthReason\>
+\<originalProfile\>1\</originalProfile\>
+\<currentProfile\>1\</currentProfile\>
+\<msFwpDirection\>MS_FWP_DIRECTION_OUT\</msFwpDirection\>
+\<isLoopback\>false\</isLoopback\>
+\<vSwitchId/\>
+\<vSwitchSourcePort\>0\</vSwitchSourcePort\>
+\<vSwitchDestinationPort\>0\</vSwitchDestinationPort\>
+\</classifyDrop\>
+```
+If we search for that filter, \#68893, in Wfpdiag-Case2.xml, we will see that
+the packet was dropped by a Block Outbound Default Rule filter.
+
+**Block Outbound Default Rule Filter \#68893, Wfpdiag-Case-2.xml**
+
+```
+\<item\>
+>   \<filterKey\>{6d51582f-bcf8-42c4-afc9-e2ce7155c11b}\</filterKey\>
+>   \<displayData\>
+>   \<name\>**Block Outbound Default Rule**\</name\>
+>   \<description\>Block Outbound Default Rule\</description\>
+>   \</displayData\>
+>   \<flags/\>
+>   \<providerKey\>{4b153735-1049-4480-aab4-d1b9bdc03710}\</providerKey\>
+>   \<providerData\>
+>   \<data\>b001000000000000\</data\>
+>   \<asString\>........\</asString\>
+>   \</providerData\>
+>   \<layerKey\>FWPM_LAYER_ALE_AUTH_CONNECT_V6\</layerKey\>
+>   \<subLayerKey\>{b3cdd441-af90-41ba-a745-7c6008ff2300}\</subLayerKey\>
+>   \<weight\>
+>   \<type\>FWP_EMPTY\</type\>
+>   \</weight\>
+>   \<filterCondition numItems="1"\>
+>   \<item\>
+>   \<fieldKey\>FWPM_CONDITION_ALE_PACKAGE_ID\</fieldKey\>
+>   \<matchType\>FWP_MATCH_NOT_EQUAL\</matchType\>
+>   \<conditionValue\>
+>   \<type\>FWP_SID\</type\>
+>   \<sid\>S-1-0-0\</sid\>
+>   \</conditionValue\>
+>   \</item\>
+>   \</filterCondition\>
+>   \<action\>
+>   \<type\>FWP_ACTION_BLOCK\</type\>
+>   \<filterType/\>
+>   \</action\>
+>   \<rawContext\>0\</rawContext\>
+>   \<reserved/\>
+>   \<filterId\>68893\</filterId\>
+>   \<effectiveWeight\>
+>   \<type\>FWP_UINT64\</type\>
+>   \<uint64\>68719476736\</uint64\>
+>   \</effectiveWeight\>
+\</item\>
+```
+
+A packet will reach a default block filter if the packet was unable to match any of the conditions of other filters, and thus not allowed by the other filters in
+the same sublayer.
+
+If the packet had the correct capability token,
+FWP_CAPABILITIES_FLAG_INTERNET_CLIENT, it would have matched a condition for a
+non-default block filter and would have been permitted to reach bing.com.
+Without the correct capability tokens, the packet will be explicitly dropped by
+a default block outbound filter.
+
+## Case 3: UWP app cannot reach Internet target address without Internet Client capability
+
+In this example, the app is unable to connect to bing.com [2620:1ec:c11::200].
+
+The app in this scenario only has private network capabilities (Client and
+Server). The app is trying to connect to an Internet resource (bing.com), but
+only has a private network token. Therefore, the packet will be dropped.
+
+**Classify Drop netEvent, Wfpdiag-Case-3.xml**
+```
+\<netEvent\>
+\<header\>
+\<timeStamp\>2020-03-31T16:57:18.570Z\</timeStamp\>
+\<flags numItems="9"\>
+\<item\>FWPM_NET_EVENT_FLAG_IP_PROTOCOL_SET\</item\>
+\<item\>FWPM_NET_EVENT_FLAG_LOCAL_ADDR_SET\</item\>
+\<item\>FWPM_NET_EVENT_FLAG_REMOTE_ADDR_SET\</item\>
+\<item\>FWPM_NET_EVENT_FLAG_LOCAL_PORT_SET\</item\>
+\<item\>FWPM_NET_EVENT_FLAG_REMOTE_PORT_SET\</item\>
+\<item\>FWPM_NET_EVENT_FLAG_APP_ID_SET\</item\>
+\<item\>FWPM_NET_EVENT_FLAG_USER_ID_SET\</item\>
+\<item\>FWPM_NET_EVENT_FLAG_IP_VERSION_SET\</item\>
+\<item\>FWPM_NET_EVENT_FLAG_PACKAGE_ID_SET\</item\>
+\</flags\>
+\<ipVersion\>FWP_IP_VERSION_V6\</ipVersion\>
+\<ipProtocol\>6\</ipProtocol\>
+\<localAddrV6.byteArray16\>2001:4898:1a:1045:9c65:7805:dd4a:cc4b\</localAddrV6.byteArray16\>
+\<remoteAddrV6.byteArray16\>2620:1ec:c11::200\</remoteAddrV6.byteArray16\>
+\<localPort\>64086\</localPort\>
+\<remotePort\>443\</remotePort\>
+\<scopeId\>0\</scopeId\>
+\<appId\>
+\<data\>5c006400650076006900630065005c0068006100720064006400690073006b0076006f006c0075006d00650031005c00700072006f006700720061006d002000660069006c00650073005c00770069006e0064006f007700730061007000700073005c00610066003600390032006200660066002d0036003700370039002d0034003200340066002d0038003700300065002d006600360065003500390063003500300032003300340039005f0031002e0031002e0035002e0030005f007800360034005f005f00350063003000330037006a0061007200350038003300390072005c0075007700700073006f0063006b006500740063006c00690065006e0074002e006500780065000000\</data\>
+\<asString\>\\.d.e.v.i.c.e.\\.h.a.r.d.d.i.s.k.v.o.l.u.m.e.1.\\.p.r.o.g.r.a.m.
+.f.i.l.e.s.\\.w.i.n.d.o.w.s.a.p.p.s.\\.a.f.6.9.2.b.f.f.-.6.7.7.9.-.4.2.4.f.-.8.7.0.e.-.f.6.e.5.9.c.5.0.2.3.4.9._.1...1...5...0._.x.6.4._._.5.c.0.3.7.j.a.r.5.8.3.9.r.\\.u.w.p.s.o.c.k.e.t.c.l.i.e.n.t...e.x.e...\</asString\>
+\</appId\>
+\<userId\>S-1-5-21-2788718703-1626973220-3690764900-1000\</userId\>
+\<addressFamily\>FWP_AF_INET6\</addressFamily\>
+\<packageSid\>S-1-15-2-4163697451-3176919390-1155390458-2883473650-3020241727-522149888-4067122936\</packageSid\>
+\<enterpriseId/\>
+\<policyFlags\>0\</policyFlags\>
+\<effectiveName/\>
+\</header\>
+\<type\>FWPM_NET_EVENT_TYPE_CLASSIFY_DROP\</type\>
+\<classifyDrop\>
+\<filterId\>68893\</filterId\>
+\<layerId\>50\</layerId\>
+\<reauthReason\>0\</reauthReason\>
+\<originalProfile\>1\</originalProfile\>
+\<currentProfile\>1\</currentProfile\>
+\<msFwpDirection\>MS_FWP_DIRECTION_OUT\</msFwpDirection\>
+\<isLoopback\>false\</isLoopback\>
+\<vSwitchId/\>
+\<vSwitchSourcePort\>0\</vSwitchSourcePort\>
+\<vSwitchDestinationPort\>0\</vSwitchDestinationPort\>
+\</classifyDrop\>
+\<internalFields\>
+\<internalFlags/\>
+\<remoteAddrBitmap\>0000000000000000\</remoteAddrBitmap\>
+**\<capabilities numItems="1"\>**
+**\<item\>FWP_CAPABILITIES_FLAG_PRIVATE_NETWORK\</item\>**
+**\</capabilities\>**
+\<fqbnVersion\>0\</fqbnVersion\>
+\<fqbnName/\>
+\<terminatingFiltersInfo numItems="2"\>
+\<item\>
+\<filterId\>68893\</filterId\>
+\<subLayer\>FWPP_SUBLAYER_INTERNAL_FIREWALL_WSH\</subLayer\>
+\<actionType\>FWP_ACTION_BLOCK\</actionType\>
+\</item\>
+\<item\>
+\<filterId\>68879\</filterId\>
+\<subLayer\>FWPP_SUBLAYER_INTERNAL_FIREWALL_WF\</subLayer\>
+\<actionType\>FWP_ACTION_PERMIT\</actionType\>
+\</item\>
+\</terminatingFiltersInfo\>
+\</internalFields\>
+\</netEvent\>
+```
+
+## Case 4: UWP app cannot reach Intranet target address without Private Network capability
+
+In this example, the UWP app is unable to reach the Intranet target address,
+10.50.50.50, because it does not have a Private Network capability.
+
+**Classify Drop netEvent, Wfpdiag-Case-4.xml**
+
+\<netEvent\>
+
+\<header\>
+
+>   \<timeStamp\>2020-05-22T21:29:28.601Z\</timeStamp\>
+
+>   \<flags numItems="9"\>
+
+>   \<item\>FWPM_NET_EVENT_FLAG_IP_PROTOCOL_SET\</item\>
+
+>   \<item\>FWPM_NET_EVENT_FLAG_LOCAL_ADDR_SET\</item\>
+
+>   \<item\>FWPM_NET_EVENT_FLAG_REMOTE_ADDR_SET\</item\>
+
+>   \<item\>FWPM_NET_EVENT_FLAG_LOCAL_PORT_SET\</item\>
+
+>   \<item\>FWPM_NET_EVENT_FLAG_REMOTE_PORT_SET\</item\>
+
+>   \<item\>FWPM_NET_EVENT_FLAG_APP_ID_SET\</item\>
+
+>   \<item\>FWPM_NET_EVENT_FLAG_USER_ID_SET\</item\>
+
+>   \<item\>FWPM_NET_EVENT_FLAG_IP_VERSION_SET\</item\>
+
+>   \<item\>FWPM_NET_EVENT_FLAG_PACKAGE_ID_SET\</item\>
+
+>   \</flags\>
+
+>   \<ipVersion\>FWP_IP_VERSION_V4\</ipVersion\>
+
+>   \<ipProtocol\>6\</ipProtocol\>
+
+>   \<localAddrV4\>10.216.117.17\</localAddrV4\>
+
+>   \<remoteAddrV4\>10.50.50.50\</remoteAddrV4\>
+
+>   \<localPort\>52998\</localPort\>
+
+>   \<remotePort\>53\</remotePort\>
+
+>   \<scopeId\>0\</scopeId\>
+
+>   \<appId\>				
+
+>   \<data\>5c006400650076006900630065005c0068006100720064006400690073006b0076006f006c0075006d00650031005c00700072006f006700720061006d002000660069006c00650073005c00770069006e0064006f007700730061007000700073005c00610066003600390032006200660066002d0036003700370039002d0034003200340066002d0038003700300065002d006600360065003500390063003500300032003300340039005f0031002e0031002e00310031002e0030005f007800360034005f005f00350063003000330037006a0061007200350038003300390072005c0075007700700073006f0063006b006500740063006c00690065006e0074002e006500780065000000\</data\>
+
+>   \<asString\>\\.d.e.v.i.c.e.\\.h.a.r.d.d.i.s.k.v.o.l.u.m.e.1.\\.p.r.o.g.r.a.m.
+>   .f.i.l.e.s.\\.w.i.n.d.o.w.s.a.p.p.s.\\.a.f.6.9.2.b.f.f.-.6.7.7.9.-.4.2.4.f.-.8.7.0.e.-.f.6.e.5.9.c.5.0.2.3.4.9._.1...1...1.1...0._.x.6.4._._.5.c.0.3.7.j.a.r.5.8.3.9.r.\\.u.w.p.s.o.c.k.e.t.c.l.i.e.n.t...e.x.e...\</asString\>
+
+>   \</appId\>
+
+>   \<userId\>S-1-5-21-2993214446-1947230185-131795049-1000\</userId\>
+
+>   \<addressFamily\>FWP_AF_INET\</addressFamily\>
+
+>   \<packageSid\>S-1-15-2-4163697451-3176919390-1155390458-2883473650-3020241727-522149888-4067122936\</packageSid\>
+
+>   \<enterpriseId/\>
+
+>   \<policyFlags\>0\</policyFlags\>
+
+>   \<effectiveName/\>
+
+\</header\>
+
+>   \<type\>FWPM_NET_EVENT_TYPE_CLASSIFY_DROP\</type\>
+
+>   \<classifyDrop\>
+
+>   \<filterId\>121180\</filterId\>
+
+>   \<layerId\>48\</layerId\>
+
+>   \<reauthReason\>0\</reauthReason\>
+
+>   \<originalProfile\>1\</originalProfile\>
+
+>   \<currentProfile\>1\</currentProfile\>
+
+>   \<msFwpDirection\>MS_FWP_DIRECTION_OUT\</msFwpDirection\>
+
+>   \<isLoopback\>false\</isLoopback\>
+
+>   \<vSwitchId/\>
+
+>   \<vSwitchSourcePort\>0\</vSwitchSourcePort\>
+
+>   \<vSwitchDestinationPort\>0\</vSwitchDestinationPort\>
+
+\</classifyDrop\>
+
+\<internalFields\>
+
+>   \<internalFlags/\>
+
+>   \<remoteAddrBitmap\>0000000000000000\</remoteAddrBitmap\>
+
+>   \<capabilities numItems="2"\>
+
+>   \<item\>FWP_CAPABILITIES_FLAG_INTERNET_CLIENT\</item\>
+
+>   \<item\>FWP_CAPABILITIES_FLAG_INTERNET_CLIENT_SERVER\</item\>
+
+>   \</capabilities\>
+
+>   \<fqbnVersion\>0\</fqbnVersion\>
+
+>   \<fqbnName/\>
+
+>   \<terminatingFiltersInfo numItems="2"\>
+
+>   \<item\>
+
+>   \<filterId\>121180\</filterId\>
+
+>   \<subLayer\>FWPP_SUBLAYER_INTERNAL_FIREWALL_WSH\</subLayer\>
+
+>   \<actionType\>FWP_ACTION_BLOCK\</actionType\>
+
+>   \</item\>
+
+>   \<item\>
+
+>   \<filterId\>121165\</filterId\>
+
+>   \<subLayer\>FWPP_SUBLAYER_INTERNAL_FIREWALL_WF\</subLayer\>
+
+>   \<actionType\>FWP_ACTION_PERMIT\</actionType\>
+
+>   \</item\>
+
+>   \</terminatingFiltersInfo\>
+
+\</internalFields\>
+
+\</netEvent\>
+
+## Case 5: UWP app cannot reach “Intranet” target address with Private Network capability
+
+In this example, the UWP app is unable to reach the Intranet target address,
+10.1.1.1, even though it has a Private Network capability token.
+
+**Classify Drop netEvent, Wfpdiag-Case-5.xml**
+
+\<netEvent\>
+
+>   \<header\>
+
+>   \<timeStamp\>2020-05-22T20:54:53.499Z\</timeStamp\>
+
+>   \<flags numItems="9"\>
+
+>   \<item\>FWPM_NET_EVENT_FLAG_IP_PROTOCOL_SET\</item\>
+
+>   \<item\>FWPM_NET_EVENT_FLAG_LOCAL_ADDR_SET\</item\>
+
+>   \<item\>FWPM_NET_EVENT_FLAG_REMOTE_ADDR_SET\</item\>
+
+>   \<item\>FWPM_NET_EVENT_FLAG_LOCAL_PORT_SET\</item\>
+
+>   \<item\>FWPM_NET_EVENT_FLAG_REMOTE_PORT_SET\</item\>
+
+>   \<item\>FWPM_NET_EVENT_FLAG_APP_ID_SET\</item\>
+
+>   \<item\>FWPM_NET_EVENT_FLAG_USER_ID_SET\</item\>
+
+>   \<item\>FWPM_NET_EVENT_FLAG_IP_VERSION_SET\</item\>
+
+>   \<item\>FWPM_NET_EVENT_FLAG_PACKAGE_ID_SET\</item\>
+
+>   \</flags\>
+
+>   \<ipVersion\>FWP_IP_VERSION_V4\</ipVersion\>
+
+>   \<ipProtocol\>6\</ipProtocol\>
+
+>   \<localAddrV4\>10.216.117.17\</localAddrV4\>
+
+>   \<remoteAddrV4\>10.1.1.1\</remoteAddrV4\>
+
+>   \<localPort\>52956\</localPort\>
+
+>   \<remotePort\>53\</remotePort\>
+
+>   \<scopeId\>0\</scopeId\>
+
+>   \<appId\>	
+
+>   \<data\>5c006400650076006900630065005c0068006100720064006400690073006b0076006f006c0075006d00650031005c00700072006f006700720061006d002000660069006c00650073005c00770069006e0064006f007700730061007000700073005c00610066003600390032006200660066002d0036003700370039002d0034003200340066002d0038003700300065002d006600360065003500390063003500300032003300340039005f0031002e0031002e00310033002e0030005f007800360034005f005f00350063003000330037006a0061007200350038003300390072005c0075007700700073006f0063006b006500740063006c00690065006e0074002e006500780065000000\</data\>
+
+>   \<asString\>\\.d.e.v.i.c.e.\\.h.a.r.d.d.i.s.k.v.o.l.u.m.e.1.\\.p.r.o.g.r.a.m.
+>   .f.i.l.e.s.\\.w.i.n.d.o.w.s.a.p.p.s.\\.a.f.6.9.2.b.f.f.-.6.7.7.9.-.4.2.4.f.-.8.7.0.e.-.f.6.e.5.9.c.5.0.2.3.4.9._.1...1...1.3...0._.x.6.4._._.5.c.0.3.7.j.a.r.5.8.3.9.r.\\.u.w.p.s.o.c.k.e.t.c.l.i.e.n.t...e.x.e...\</asString\>
+
+>   \</appId\>
+
+>   \<userId\>S-1-5-21-2993214446-1947230185-131795049-1000\</userId\>
+
+>   \<addressFamily\>FWP_AF_INET\</addressFamily\>
+
+>   \<packageSid\>S-1-15-2-4163697451-3176919390-1155390458-2883473650-3020241727-522149888-4067122936\</packageSid\>
+
+>   \<enterpriseId/\>
+
+>   \<policyFlags\>0\</policyFlags\>
+
+>   \<effectiveName/\>
+
+\</header\>
+
+>   \<type\>FWPM_NET_EVENT_TYPE_CLASSIFY_DROP\</type\>
+
+>   \<classifyDrop\>
+
+>   \<filterId\>121180\</filterId\>
+
+>   \<layerId\>48\</layerId\>
+
+>   \<reauthReason\>0\</reauthReason\>
+
+>   \<originalProfile\>1\</originalProfile\>
+
+>   \<currentProfile\>1\</currentProfile\>
+
+>   \<msFwpDirection\>MS_FWP_DIRECTION_OUT\</msFwpDirection\>
+
+>   \<isLoopback\>false\</isLoopback\>
+
+>   \<vSwitchId/\>
+
+>   \<vSwitchSourcePort\>0\</vSwitchSourcePort\>
+
+>   \<vSwitchDestinationPort\>0\</vSwitchDestinationPort\>
+
+>   \</classifyDrop\>
+
+>   \<internalFields\>
+
+>   \<internalFlags/\>
+
+>   \<remoteAddrBitmap\>0000000000000000\</remoteAddrBitmap\>
+
+>   \<capabilities numItems="1"\>
+
+>   \<item\>FWP_CAPABILITIES_FLAG_PRIVATE_NETWORK\</item\>
+
+>   \</capabilities\>
+
+>   \<fqbnVersion\>0\</fqbnVersion\>
+
+>   \<fqbnName/\>
+
+>   \<terminatingFiltersInfo numItems="2"\>
+
+>   \<item\>
+
+>   \<filterId\>121180\</filterId\>
+
+>   \<subLayer\>FWPP_SUBLAYER_INTERNAL_FIREWALL_WSH\</subLayer\>
+
+>   \<actionType\>FWP_ACTION_BLOCK\</actionType\>
+
+>   \</item\>
+
+>   \<item\>
+
+>   \<filterId\>121165\</filterId\>
+
+>   \<subLayer\>FWPP_SUBLAYER_INTERNAL_FIREWALL_WF\</subLayer\>
+
+>   \<actionType\>FWP_ACTION_PERMIT\</actionType\>
+
+>   \</item\>
+
+>   \</terminatingFiltersInfo\>
+
+>   \</internalFields\>
+
+\</netEvent\>
+
+The following shows the filter that blocked the event:
+
+**Block Outbound Default Rule Filter \#121180, Wfpdiag-Case-5.xml**
+
+\<item\>
+
+>   \<filterKey\>{e62a1a22-c80a-4518-a7f8-e7d1ef3a9ff6}\</filterKey\>
+
+>   \<displayData\>
+
+>   \<name\>Block Outbound Default Rule\</name\>
+
+>   \<description\>Block Outbound Default Rule\</description\>
+
+>   \</displayData\>
+
+>   \<flags/\>
+
+>   \<providerKey\>FWPM_PROVIDER_MPSSVC_WSH\</providerKey\>
+
+>   \<providerData\>
+
+>   \<data\>c029000000000000\</data\>
+
+>   \<asString\>.)......\</asString\>
+
+>   \</providerData\>
+
+>   \<layerKey\>FWPM_LAYER_ALE_AUTH_CONNECT_V4\</layerKey\>
+
+>   \<subLayerKey\>FWPM_SUBLAYER_MPSSVC_WSH\</subLayerKey\>
+
+>   \<weight\>
+
+>   \<type\>FWP_EMPTY\</type\>
+
+>   \</weight\>
+
+>   \<filterCondition numItems="1"\>
+
+>   \<item\>
+
+>   \<fieldKey\>FWPM_CONDITION_ALE_PACKAGE_ID\</fieldKey\>
+
+>   \<matchType\>FWP_MATCH_NOT_EQUAL\</matchType\>
+
+>   \<conditionValue\>
+
+>   \<type\>FWP_SID\</type\>
+
+>   \<sid\>S-1-0-0\</sid\>
+
+>   \</conditionValue\>
+
+>   \</item\>
+
+>   \</filterCondition\>
+
+>   \<action\>
+
+>   \<type\>FWP_ACTION_BLOCK\</type\>
+
+>   \<filterType/\>
+
+>   \</action\>
+
+>   \<rawContext\>0\</rawContext\>
+
+>   \<reserved/\>
+
+>   \<filterId\>121180\</filterId\>
+
+>   \<effectiveWeight\>
+
+>   \<type\>FWP_UINT64\</type\>
+
+>   \<uint64\>274877906944\</uint64\>
+
+>   \</effectiveWeight\>
+
+\</item\>
+
+If the target was in the private range, then it should have been allowed by a
+PrivateNetwork Outbound Default Rule filter.
+
+The following PrivateNetwork Outbound Default Rule filters have conditions for
+matching Intranet IP addresses. Since the expected Intranet target address,
+10.1.1.1, is not included in these filters it becomes clear that the address is
+not in the private range. Check the policies which configure the private range
+on the machine (MDM, GP, etc) and make sure it includes the private target
+address you wanted to reach.
+
+**PrivateNetwork Outbound Default Rule Filters, Wfpdiag-Case-5.xml**
+
+\<item\>
+
+>   \<filterKey\>{fd65507b-e356-4e2f-966f-0c9f9c1c6e78}\</filterKey\>
+
+>   \<displayData\>
+
+>   \<name\>PrivateNetwork Outbound Default Rule\</name\>
+
+>   \<description\>PrivateNetwork Outbound Default Rule\</description\>
+
+>   \</displayData\>
+
+>   \<flags/\>
+
+>   \<providerKey\>FWPM_PROVIDER_MPSSVC_WSH\</providerKey\>
+
+>   \<providerData\>
+
+>   \<data\>f22d000000000000\</data\>
+
+>   \<asString\>.-......\</asString\>
+
+>   \</providerData\>
+
+>   \<layerKey\>FWPM_LAYER_ALE_AUTH_CONNECT_V4\</layerKey\>
+
+>   \<subLayerKey\>FWPM_SUBLAYER_MPSSVC_WSH\</subLayerKey\>
+
+>   \<weight\>
+
+>   \<type\>FWP_EMPTY\</type\>
+
+>   \</weight\>
+
+>   \<filterCondition numItems="5"\>
+
+>   \<item\>
+
+>   \<fieldKey\>FWPM_CONDITION_ALE_PACKAGE_ID\</fieldKey\>
+
+>   \<matchType\>FWP_MATCH_NOT_EQUAL\</matchType\>
+
+>   \<conditionValue\>
+
+>   \<type\>FWP_SID\</type\>
+
+>   \<sid\>S-1-0-0\</sid\>
+
+>   \</conditionValue\>
+
+>   \</item\>
+
+>   \<item\>
+
+>   \<fieldKey\>FWPM_CONDITION_IP_REMOTE_ADDRESS\</fieldKey\>
+
+>   \<matchType\>FWP_MATCH_EQUAL\</matchType\>
+
+>   \<conditionValue\>
+
+>   \<type\>FWP_UINT32\</type\>
+
+>   \<uint32\>1.1.1.1\</uint32\>
+
+>   \</conditionValue\>
+
+>   \</item\>
+
+>   \<item\>
+
+>   \<fieldKey\>FWPM_CONDITION_ORIGINAL_PROFILE_ID\</fieldKey\>
+
+>   \<matchType\>FWP_MATCH_EQUAL\</matchType\>
+
+>   \<conditionValue\>
+
+>   \<type\>FWP_UINT32\</type\>
+
+>   \<uint32\>1\</uint32\>
+
+>   \</conditionValue\>
+
+>   \</item\>
+
+>   \<item\>
+
+>   \<fieldKey\>FWPM_CONDITION_CURRENT_PROFILE_ID\</fieldKey\>
+
+>   \<matchType\>FWP_MATCH_EQUAL\</matchType\>
+
+>   \<conditionValue\>
+
+>   \<type\>FWP_UINT32\</type\>
+
+>   \<uint32\>1\</uint32\>
+
+>   \</conditionValue\>
+
+>   \</item\>
+
+>   \<item\>
+
+>   \<fieldKey\>FWPM_CONDITION_ALE_USER_ID\</fieldKey\>
+
+>   \<matchType\>FWP_MATCH_EQUAL\</matchType\>
+
+>   \<conditionValue\>
+
+>   \<type\>FWP_SECURITY_DESCRIPTOR_TYPE\</type\>
+
+>   \<sd\>O:LSD:(A;;CC;;;S-1-15-3-3)(A;;CC;;;WD)(A;;CC;;;AN)\</sd\>
+
+>   \</conditionValue\>
+
+>   \</item\>
+
+>   \</filterCondition\>
+
+>   \<action\>
+
+>   \<type\>FWP_ACTION_PERMIT\</type\>
+
+>   \<filterType/\>
+
+>   \</action\>
+
+>   \<rawContext\>0\</rawContext\>
+
+>   \<reserved/\>
+
+>   \<filterId\>129656\</filterId\>
+
+>   \<effectiveWeight\>
+
+>   \<type\>FWP_UINT64\</type\>
+
+>   \<uint64\>144115600392724416\</uint64\>
+
+>   \</effectiveWeight\>
+
+>   \</item\>
+
+>   \<item\>
+
+>   \<filterKey\>{b11b4f8a-222e-49d6-8d69-02728681d8bc}\</filterKey\>
+
+>   \<displayData\>
+
+>   \<name\>PrivateNetwork Outbound Default Rule\</name\>
+
+>   \<description\>PrivateNetwork Outbound Default Rule\</description\>
+
+>   \</displayData\>
+
+>   \<flags/\>
+
+>   \<providerKey\>FWPM_PROVIDER_MPSSVC_WSH\</providerKey\>
+
+>   \<providerData\>
+
+>   \<data\>f22d000000000000\</data\>
+
+>   \<asString\>.-......\</asString\>
+
+>   \</providerData\>
+
+>   \<layerKey\>FWPM_LAYER_ALE_AUTH_CONNECT_V4\</layerKey\>
+
+>   \<subLayerKey\>FWPM_SUBLAYER_MPSSVC_WSH\</subLayerKey\>
+
+>   \<weight\>
+
+>   \<type\>FWP_EMPTY\</type\>
+
+>   \</weight\>
+
+>   \<filterCondition numItems="5"\>
+
+>   \<item\>
+
+>   \<fieldKey\>FWPM_CONDITION_ALE_PACKAGE_ID\</fieldKey\>
+
+>   \<matchType\>FWP_MATCH_NOT_EQUAL\</matchType\>
+
+>   \<conditionValue\>
+
+>   \<type\>FWP_SID\</type\>
+
+>   \<sid\>S-1-0-0\</sid\>
+
+>   \</conditionValue\>
+
+>   \</item\>
+
+>   \<item\>
+
+>   \<fieldKey\>FWPM_CONDITION_IP_REMOTE_ADDRESS\</fieldKey\>
+
+>   \<matchType\>FWP_MATCH_RANGE\</matchType\>
+
+>   \<conditionValue\>
+
+>   \<type\>FWP_RANGE_TYPE\</type\>
+
+>   \<rangeValue\>
+
+>   \<valueLow\>
+
+>   \<type\>FWP_UINT32\</type\>
+
+>   \<uint32\>172.16.0.0\</uint32\>
+
+>   \</valueLow\>
+
+>   \<valueHigh\>
+
+>   \<type\>FWP_UINT32\</type\>
+
+>   \<uint32\>172.31.255.255\</uint32\>
+
+>   \</valueHigh\>
+
+>   \</rangeValue\>
+
+>   \</conditionValue\>
+
+>   \</item\>
+
+>   \<item\>
+
+>   \<fieldKey\>FWPM_CONDITION_ORIGINAL_PROFILE_ID\</fieldKey\>
+
+>   \<matchType\>FWP_MATCH_EQUAL\</matchType\>
+
+>   \<conditionValue\>
+
+>   \<type\>FWP_UINT32\</type\>
+
+>   \<uint32\>1\</uint32\>
+
+>   \</conditionValue\>
+
+>   \</item\>
+
+>   \<item\>
+
+>   \<fieldKey\>FWPM_CONDITION_CURRENT_PROFILE_ID\</fieldKey\>
+
+>   \<matchType\>FWP_MATCH_EQUAL\</matchType\>
+
+>   \<conditionValue\>
+
+>   \<type\>FWP_UINT32\</type\>
+
+>   \<uint32\>1\</uint32\>
+
+>   \</conditionValue\>
+
+>   \</item\>
+
+>   \<item\>
+
+>   \<fieldKey\>FWPM_CONDITION_ALE_USER_ID\</fieldKey\>
+
+>   \<matchType\>FWP_MATCH_EQUAL\</matchType\>
+
+>   \<conditionValue\>
+
+>   \<type\>FWP_SECURITY_DESCRIPTOR_TYPE\</type\>
+
+>   \<sd\>O:LSD:(A;;CC;;;S-1-15-3-3)(A;;CC;;;WD)(A;;CC;;;AN)\</sd\>
+
+>   \</conditionValue\>
+
+>   \</item\>
+
+>   \</filterCondition\>
+
+>   \<action\>
+
+>   \<type\>FWP_ACTION_PERMIT\</type\>
+
+>   \<filterType/\>
+
+>   \</action\>
+
+>   \<rawContext\>0\</rawContext\>
+
+>   \<reserved/\>
+
+>   \<filterId\>129657\</filterId\>
+
+>   \<effectiveWeight\>
+
+>   \<type\>FWP_UINT64\</type\>
+
+>   \<uint64\>36029209335832512\</uint64\>
+
+>   \</effectiveWeight\>
+
+\</item\>
+
+\<item\>
+
+>   \<filterKey\>{21cd82bc-6077-4069-94bf-750e5a43ca23}\</filterKey\>
+
+>   \<displayData\>
+
+>   \<name\>PrivateNetwork Outbound Default Rule\</name\>
+
+>   \<description\>PrivateNetwork Outbound Default Rule\</description\>
+
+>   \</displayData\>
+
+>   \<flags/\>
+
+>   \<providerKey\>FWPM_PROVIDER_MPSSVC_WSH\</providerKey\>
+
+>   \<providerData\>
+
+>   \<data\>f22d000000000000\</data\>
+
+>   \<asString\>.-......\</asString\>
+
+>   \</providerData\>
+
+>   \<layerKey\>FWPM_LAYER_ALE_AUTH_CONNECT_V4\</layerKey\>
+
+>   \<subLayerKey\>FWPM_SUBLAYER_MPSSVC_WSH\</subLayerKey\>
+
+>   \<weight\>
+
+>   \<type\>FWP_EMPTY\</type\>
+
+>   \</weight\>
+
+>   \<filterCondition numItems="5"\>
+
+>   \<item\>
+
+>   \<fieldKey\>FWPM_CONDITION_ALE_PACKAGE_ID\</fieldKey\>
+
+>   \<matchType\>FWP_MATCH_NOT_EQUAL\</matchType\>
+
+>   \<conditionValue\>
+
+>   \<type\>FWP_SID\</type\>
+
+>   \<sid\>S-1-0-0\</sid\>
+
+>   \</conditionValue\>
+
+>   \</item\>
+
+>   \<item\>
+
+>   \<fieldKey\>FWPM_CONDITION_IP_REMOTE_ADDRESS\</fieldKey\>
+
+>   \<matchType\>FWP_MATCH_RANGE\</matchType\>
+
+>   \<conditionValue\>
+
+>   \<type\>FWP_RANGE_TYPE\</type\>
+
+>   \<rangeValue\>
+
+>   \<valueLow\>
+
+>   \<type\>FWP_UINT32\</type\>
+
+>   \<uint32\>192.168.0.0\</uint32\>
+
+>   \</valueLow\>
+
+>   \<valueHigh\>
+
+>   \<type\>FWP_UINT32\</type\>
+
+>   \<uint32\>192.168.255.255\</uint32\>
+
+>   \</valueHigh\>
+
+>   \</rangeValue\>
+
+>   \</conditionValue\>
+
+>   \</item\>
+
+>   \<item\>
+
+>   \<fieldKey\>FWPM_CONDITION_ORIGINAL_PROFILE_ID\</fieldKey\>
+
+>   \<matchType\>FWP_MATCH_EQUAL\</matchType\>
+
+>   \<conditionValue\>
+
+>   \<type\>FWP_UINT32\</type\>
+
+>   \<uint32\>1\</uint32\>
+
+>   \</conditionValue\>
+
+>   \</item\>
+
+>   \<item\>
+
+>   \<fieldKey\>FWPM_CONDITION_CURRENT_PROFILE_ID\</fieldKey\>
+
+>   \<matchType\>FWP_MATCH_EQUAL\</matchType\>
+
+>   \<conditionValue\>
+
+>   \<type\>FWP_UINT32\</type\>
+
+>   \<uint32\>1\</uint32\>
+
+>   \</conditionValue\>
+
+>   \</item\>
+
+>   \<item\>
+
+>   \<fieldKey\>FWPM_CONDITION_ALE_USER_ID\</fieldKey\>
+
+>   \<matchType\>FWP_MATCH_EQUAL\</matchType\>
+
+>   \<conditionValue\>
+
+>   \<type\>FWP_SECURITY_DESCRIPTOR_TYPE\</type\>
+
+>   \<sd\>O:LSD:(A;;CC;;;S-1-15-3-3)(A;;CC;;;WD)(A;;CC;;;AN)\</sd\>
+
+>   \</conditionValue\>
+
+>   \</item\>
+
+>   \</filterCondition\>
+
+>   \<action\>
+
+>   \<type\>FWP_ACTION_PERMIT\</type\>
+
+>   \<filterType/\>
+
+>   \</action\>
+
+>   \<rawContext\>0\</rawContext\>
+
+>   \<reserved/\>
+
+>   \<filterId\>129658\</filterId\>
+
+>   \<effectiveWeight\>
+
+>   \<type\>FWP_UINT64\</type\>
+
+>   \<uint64\>36029209335832512\</uint64\>
+
+>   \</effectiveWeight\>
+
+\</item\>
+
+# Debugging Past Drops 
+
+If you are debugging a network drop from the past or from a remote machine, you
+may have traces already collected from Feedback Hub, such as nettrace.etl and
+wfpstate.xml. Once nettrace.etl is converted, nettrace.txt will have the
+netEvents of the reproduced event, and wfpstate.xml will contain the filters
+that were present on the machine at the time.
+
+If you **do not** have a live repro or traces already collected, you can still
+collect traces after the UWP network connectivity issue has happened by running
+these commands in an Admin command prompt
+
+>   \<Run UWP app\>
+
+>   Netsh wfp show netevents
+
+>   Netsh wfp show state
+
+“Netsh wfp show netevents” will generate netevents.xml, which contains the past
+net events. “Netsh wfp show state” will generate wfpstate.xml, which contains
+the current filters present on the machine.
+
+Unfortunately, collecting traces after the UWP network connectivity issue is not
+always reliable.
+
+NetEvents on the machine are stored in a buffer. Once that buffer has reached
+max capacity, the buffer will overwrite older net events. Due to the buffer
+overwrite, it is possible that the collected netevents.xml will not contain the
+net event associated with the UWP network connectivity issue if it was
+overwritten. Additionally, filters on the machine can get deleted and re-added
+with different filterIds due to miscellaneous events on the machine. Because of
+this, a filterId from “netsh wfp show netevents” may not necessarily match any
+filter in “netsh wfp show state” because that filterId may be outdated.
+
+If you can reproduce the UWP network connectivity issue consistently, we would
+recommend using the commands from Debugging Live Drops instead.
+
+Additionally, you can still follow the examples from Debugging Live Drops
+section using the trace commands in this section, even if you do not have a live
+repro. The netEvents and filters are stored in one file in Debugging Live Drops
+as opposed to two separate files in the following Debugging Past Drops examples.
+
+## Case 7: Debugging Past Drop - UWP app cannot reach Internet target address and has no capabilities
+
+In this example, the UWP app is unable to connect to bing.com.
+
+Classify Drop Net Event, NetEvents-Case-7.xml
+
+\<item\>
+
+\<header\>
+
+\<timeStamp\>2020-05-04T22:04:07.039Z\</timeStamp\>
+
+\<flags numItems="9"\>
+
+\<item\>FWPM_NET_EVENT_FLAG_IP_PROTOCOL_SET\</item\>
+
+\<item\>FWPM_NET_EVENT_FLAG_LOCAL_ADDR_SET\</item\>
+
+\<item\>FWPM_NET_EVENT_FLAG_REMOTE_ADDR_SET\</item\>
+
+\<item\>FWPM_NET_EVENT_FLAG_LOCAL_PORT_SET\</item\>
+
+\<item\>FWPM_NET_EVENT_FLAG_REMOTE_PORT_SET\</item\>
+
+\<item\>FWPM_NET_EVENT_FLAG_APP_ID_SET\</item\>
+
+\<item\>FWPM_NET_EVENT_FLAG_USER_ID_SET\</item\>
+
+\<item\>FWPM_NET_EVENT_FLAG_IP_VERSION_SET\</item\>
+
+\<item\>FWPM_NET_EVENT_FLAG_PACKAGE_ID_SET\</item\>
+
+\</flags\>
+
+\<ipVersion\>FWP_IP_VERSION_V4\</ipVersion\>
+
+\<ipProtocol\>6\</ipProtocol\>
+
+\<localAddrV4\>10.195.36.30\</localAddrV4\>
+
+\<remoteAddrV4\>204.79.197.200\</remoteAddrV4\>
+
+\<localPort\>57062\</localPort\>
+
+\<remotePort\>443\</remotePort\>
+
+\<scopeId\>0\</scopeId\>
+
+\<appId\>
+
+\<data\>5c006400650076006900630065005c0068006100720064006400690073006b0076006f006c0075006d00650031005c00700072006f006700720061006d002000660069006c00650073005c00770069006e0064006f007700730061007000700073005c00610066003600390032006200660066002d0036003700370039002d0034003200340066002d0038003700300065002d006600360065003500390063003500300032003300340039005f0031002e0031002e00310032002e0030005f007800360034005f005f00350063003000330037006a0061007200350038003300390072005c0075007700700073006f0063006b006500740063006c00690065006e0074002e006500780065000000\</data\>
+
+\<asString\>\\.d.e.v.i.c.e.\\.h.a.r.d.d.i.s.k.v.o.l.u.m.e.1.\\.p.r.o.g.r.a.m.
+.f.i.l.e.s.\\.w.i.n.d.o.w.s.a.p.p.s.\\.a.f.6.9.2.b.f.f.-.6.7.7.9.-.4.2.4.f.-.8.7.0.e.-.f.6.e.5.9.c.5.0.2.3.4.9._.1...1...1.2...0._.x.6.4._._.5.c.0.3.7.j.a.r.5.8.3.9.r.\\.u.w.p.s.o.c.k.e.t.c.l.i.e.n.t...e.x.e...\</asString\>
+
+\</appId\>
+
+\<userId\>S-1-5-21-1578316205-4060061518-881547182-1000\</userId\>
+
+\<addressFamily\>FWP_AF_INET\</addressFamily\>
+
+\<packageSid\>S-1-15-2-4163697451-3176919390-1155390458-2883473650-3020241727-522149888-4067122936\</packageSid\>
+
+\<enterpriseId/\>
+
+\<policyFlags\>0\</policyFlags\>
+
+\<effectiveName/\>
+
+\</header\>
+
+\<type\>FWPM_NET_EVENT_TYPE_CLASSIFY_DROP\</type\>
+
+\<classifyDrop\>
+
+\<filterId\>206064\</filterId\>
+
+\<layerId\>48\</layerId\>
+
+\<reauthReason\>0\</reauthReason\>
+
+\<originalProfile\>1\</originalProfile\>
+
+\<currentProfile\>1\</currentProfile\>
+
+\<msFwpDirection\>MS_FWP_DIRECTION_OUT\</msFwpDirection\>
+
+\<isLoopback\>false\</isLoopback\>
+
+\<vSwitchId/\>
+
+\<vSwitchSourcePort\>0\</vSwitchSourcePort\>
+
+\<vSwitchDestinationPort\>0\</vSwitchDestinationPort\>
+
+\</classifyDrop\>
+
+\<internalFields\>
+
+\<internalFlags/\>
+
+\<remoteAddrBitmap\>0000000000000000\</remoteAddrBitmap\>
+
+\<capabilities/\>
+
+\<fqbnVersion\>0\</fqbnVersion\>
+
+\<fqbnName/\>
+
+\<terminatingFiltersInfo numItems="2"\>
+
+\<item\>
+
+\<filterId\>206064\</filterId\>
+
+\<subLayer\>FWPP_SUBLAYER_INTERNAL_FIREWALL_WSH\</subLayer\>
+
+\<actionType\>FWP_ACTION_BLOCK\</actionType\>
+
+\</item\>
+
+\<item\>
+
+\<filterId\>206049\</filterId\>
+
+\<subLayer\>FWPP_SUBLAYER_INTERNAL_FIREWALL_WF\</subLayer\>
+
+\<actionType\>FWP_ACTION_PERMIT\</actionType\>
+
+\</item\>
+
+\</terminatingFiltersInfo\>
+
+\</internalFields\>
+
+\</item\>
+
+The Internal fields lists no active capabilities, and the packet is dropped at
+filter 206064.
+
+This is a default block rule filter, meaning the packet passed through every
+filter that could have allowed it, but because conditions didn’t match for any
+those filters, the packet fell to the filter which blocks any packet that the
+Security Descriptor doesn’t match.
+
+**Block Outbound Default Rule Filter \#206064, FilterState-Case-7.xml**
+
+\<item\>
+
+\<filterKey\>{f138d1ad-9293-478f-8519-c3368e796711}\</filterKey\>
+
+\<displayData\>
+
+\<name\>Block Outbound Default Rule\</name\>
+
+\<description\>Block Outbound Default Rule\</description\>
+
+\</displayData\>
+
+\<flags/\>
+
+\<providerKey\>FWPM_PROVIDER_MPSSVC_WSH\</providerKey\>
+
+\<providerData\>
+
+\<data\>2e65000000000000\</data\>
+
+\<asString\>.e......\</asString\>
+
+\</providerData\>
+
+\<layerKey\>FWPM_LAYER_ALE_AUTH_CONNECT_V4\</layerKey\>
+
+\<subLayerKey\>FWPM_SUBLAYER_MPSSVC_WSH\</subLayerKey\>
+
+\<weight\>
+
+\<type\>FWP_EMPTY\</type\>
+
+\</weight\>
+
+\<filterCondition numItems="1"\>
+
+\<item\>
+
+\<fieldKey\>FWPM_CONDITION_ALE_PACKAGE_ID\</fieldKey\>
+
+\<matchType\>FWP_MATCH_NOT_EQUAL\</matchType\>
+
+\<conditionValue\>
+
+\<type\>FWP_SID\</type\>
+
+\<sid\>S-1-0-0\</sid\>
+
+\</conditionValue\>
+
+\</item\>
+
+\</filterCondition\>
+
+\<action\>
+
+\<type\>FWP_ACTION_BLOCK\</type\>
+
+\<filterType/\>
+
+\</action\>
+
+\<rawContext\>0\</rawContext\>
+
+\<reserved/\>
+
+\<filterId\>206064\</filterId\>
+
+\<effectiveWeight\>
+
+\<type\>FWP_UINT64\</type\>
+
+\<uint64\>274877906944\</uint64\>
+
+\</effectiveWeight\>
+
+\</item\>
+
+## Case 8: Debugging Past Drop - UWP app connects to Internet target address with all capabilities
+
+In this example, the UWP app successfully connects to bing.com [204.79.197.200].
+
+**Classify Allow Net Event, NetEvents-Case-8.xml**
+
+\<item\>
+
+>   \<header\>
+
+>   \<timeStamp\>2020-05-04T18:49:55.101Z\</timeStamp\>
+
+>   \<flags numItems="9"\>
+
+>   \<item\>FWPM_NET_EVENT_FLAG_IP_PROTOCOL_SET\</item\>
+
+>   \<item\>FWPM_NET_EVENT_FLAG_LOCAL_ADDR_SET\</item\>
+
+>   \<item\>FWPM_NET_EVENT_FLAG_REMOTE_ADDR_SET\</item\>
+
+>   \<item\>FWPM_NET_EVENT_FLAG_LOCAL_PORT_SET\</item\>
+
+>   \<item\>FWPM_NET_EVENT_FLAG_REMOTE_PORT_SET\</item\>
+
+>   \<item\>FWPM_NET_EVENT_FLAG_APP_ID_SET\</item\>
+
+>   \<item\>FWPM_NET_EVENT_FLAG_USER_ID_SET\</item\>
+
+>   \<item\>FWPM_NET_EVENT_FLAG_IP_VERSION_SET\</item\>
+
+>   \<item\>FWPM_NET_EVENT_FLAG_PACKAGE_ID_SET\</item\>
+
+>   \</flags\>
+
+>   \<ipVersion\>FWP_IP_VERSION_V4\</ipVersion\>
+
+>   \<ipProtocol\>6\</ipProtocol\>
+
+>   \<localAddrV4\>10.195.36.30\</localAddrV4\>
+
+>   \<remoteAddrV4\>204.79.197.200\</remoteAddrV4\>
+
+>   \<localPort\>61673\</localPort\>
+
+>   \<remotePort\>443\</remotePort\>
+
+>   \<scopeId\>0\</scopeId\>
+
+>   \<appId\>
+
+>   \<data\>5c006400650076006900630065005c0068006100720064006400690073006b0076006f006c0075006d00650031005c00700072006f006700720061006d002000660069006c00650073005c00770069006e0064006f007700730061007000700073005c00610066003600390032006200660066002d0036003700370039002d0034003200340066002d0038003700300065002d006600360065003500390063003500300032003300340039005f0031002e0031002e00310030002e0030005f007800360034005f005f00350063003000330037006a0061007200350038003300390072005c0075007700700073006f0063006b006500740063006c00690065006e0074002e006500780065000000\</data\>
+
+>   \<asString\>\\.d.e.v.i.c.e.\\.h.a.r.d.d.i.s.k.v.o.l.u.m.e.1.\\.p.r.o.g.r.a.m.
+>   .f.i.l.e.s.\\.w.i.n.d.o.w.s.a.p.p.s.\\.a.f.6.9.2.b.f.f.-.6.7.7.9.-.4.2.4.f.-.8.7.0.e.-.f.6.e.5.9.c.5.0.2.3.4.9._.1...1...1.0...0._.x.6.4._._.5.c.0.3.7.j.a.r.5.8.3.9.r.\\.u.w.p.s.o.c.k.e.t.c.l.i.e.n.t...e.x.e...\</asString\>
+
+>   \</appId\>
+
+>   \<userId\>S-1-5-21-1578316205-4060061518-881547182-1000\</userId\>
+
+>   \<addressFamily\>FWP_AF_INET\</addressFamily\>
+
+>   \<packageSid\>S-1-15-2-4163697451-3176919390-1155390458-2883473650-3020241727-522149888-4067122936\</packageSid\>
+
+>   \<enterpriseId/\>
+
+>   \<policyFlags\>0\</policyFlags\>
+
+>   \<effectiveName/\>
+
+>   \</header\>
+
+>   \<type\>FWPM_NET_EVENT_TYPE_CLASSIFY_ALLOW\</type\>
+
+>   \<classifyAllow\>
+
+>   \<filterId\>208757\</filterId\>
+
+>   \<layerId\>48\</layerId\>
+
+>   \<reauthReason\>0\</reauthReason\>
+
+>   \<originalProfile\>1\</originalProfile\>
+
+>   \<currentProfile\>1\</currentProfile\>
+
+>   \</classifyAllow\>
+
+>   \<internalFields\>
+
+>   \<internalFlags/\>
+
+>   \<remoteAddrBitmap\>0000000000000000\</remoteAddrBitmap\>
+
+>   \<capabilities numItems="3"\>
+
+>   \<item\>FWP_CAPABILITIES_FLAG_INTERNET_CLIENT\</item\>
+
+>   \<item\>FWP_CAPABILITIES_FLAG_INTERNET_CLIENT_SERVER\</item\>
+
+>   \<item\>FWP_CAPABILITIES_FLAG_PRIVATE_NETWORK\</item\>
+
+>   \</capabilities\>
+
+>   \<fqbnVersion\>0\</fqbnVersion\>
+
+>   \<fqbnName/\>
+
+>   \<terminatingFiltersInfo numItems="2"\>
+
+>   \<item\>
+
+>   \<filterId\>208757\</filterId\>
+
+>   \<subLayer\>FWPP_SUBLAYER_INTERNAL_FIREWALL_WSH\</subLayer\>
+
+>   \<actionType\>FWP_ACTION_PERMIT\</actionType\>
+
+>   \</item\>
+
+>   \<item\>
+
+>   \<filterId\>206049\</filterId\>
+
+>   \<subLayer\>FWPP_SUBLAYER_INTERNAL_FIREWALL_WF\</subLayer\>
+
+>   \<actionType\>FWP_ACTION_PERMIT\</actionType\>
+
+>   \</item\>
+
+>   \</terminatingFiltersInfo\>
+
+>   \</internalFields\>
+
+\</item\>
+
+Important things to note: all capabilities are enabled and the resulting filter
+determining the flow of the packet is 208757.
+
+The filter stated above with action permit:
+
+**InternetClient Default Rule Filter \#208757, FilterState-Case-8.xml**
+
+				\<item\>
+
+					\<filterKey\>{e0f6f24e-1f0a-4f1a-bdd8-b9277c144fb5}\</filterKey\>
+
+					\<displayData\>
+
+						\<name\>InternetClient Default Rule\</name\>
+
+						\<description\>InternetClient Default Rule\</description\>
+
+					\</displayData\>
+
+					\<flags/\>
+
+					\<providerKey\>FWPM_PROVIDER_MPSSVC_WSH\</providerKey\>
+
+					\<providerData\>
+
+						\<data\>e167000000000000\</data\>
+
+						\<asString\>.g......\</asString\>
+
+					\</providerData\>
+
+					\<layerKey\>FWPM_LAYER_ALE_AUTH_CONNECT_V4\</layerKey\>
+
+					\<subLayerKey\>FWPM_SUBLAYER_MPSSVC_WSH\</subLayerKey\>
+
+					\<weight\>
+
+						\<type\>FWP_EMPTY\</type\>
+
+					\</weight\>
+
+					\<filterCondition numItems="5"\>
+
+						\<item\>
+
+							\<fieldKey\>FWPM_CONDITION_ALE_PACKAGE_ID\</fieldKey\>
+
+							\<matchType\>FWP_MATCH_NOT_EQUAL\</matchType\>
+
+							\<conditionValue\>
+
+								\<type\>FWP_SID\</type\>
+
+								\<sid\>S-1-0-0\</sid\>
+
+							\</conditionValue\>
+
+						\</item\>
+
+						\<item\>
+
+							\<fieldKey\>FWPM_CONDITION_IP_REMOTE_ADDRESS\</fieldKey\>
+
+							\<matchType\>FWP_MATCH_RANGE\</matchType\>
+
+							\<conditionValue\>
+
+								\<type\>FWP_RANGE_TYPE\</type\>
+
+								\<rangeValue\>
+
+									\<valueLow\>
+
+										\<type\>FWP_UINT32\</type\>
+
+										\<uint32\>0.0.0.0\</uint32\>
+
+									\</valueLow\>
+
+									\<valueHigh\>
+
+										\<type\>FWP_UINT32\</type\>
+
+										\<uint32\>255.255.255.255\</uint32\>
+
+									\</valueHigh\>
+
+								\</rangeValue\>
+
+							\</conditionValue\>
+
+						\</item\>
+
+						\<item\>
+
+							\<fieldKey\>FWPM_CONDITION_ORIGINAL_PROFILE_ID\</fieldKey\>
+
+							\<matchType\>FWP_MATCH_EQUAL\</matchType\>
+
+							\<conditionValue\>
+
+								\<type\>FWP_UINT32\</type\>
+
+								\<uint32\>1\</uint32\>
+
+							\</conditionValue\>
+
+						\</item\>
+
+						\<item\>
+
+							\<fieldKey\>FWPM_CONDITION_CURRENT_PROFILE_ID\</fieldKey\>
+
+							\<matchType\>FWP_MATCH_EQUAL\</matchType\>
+
+							\<conditionValue\>
+
+								\<type\>FWP_UINT32\</type\>
+
+								\<uint32\>1\</uint32\>
+
+							\</conditionValue\>
+
+						\</item\>
+
+						\<item\>
+
+							\<fieldKey\>FWPM_CONDITION_ALE_USER_ID\</fieldKey\>
+
+							\<matchType\>FWP_MATCH_EQUAL\</matchType\>
+
+							\<conditionValue\>
+
+								\<type\>FWP_SECURITY_DESCRIPTOR_TYPE\</type\>
+
+								\<sd\>O:LSD:(A;;CC;;;S-1-15-3-1)(A;;CC;;;WD)(A;;CC;;;AN)\</sd\>
+
+							\</conditionValue\>
+
+						\</item\>
+
+					\</filterCondition\>
+
+					\<action\>
+
+						\<type\>FWP_ACTION_PERMIT\</type\>
+
+						\<filterType/\>
+
+					\</action\>
+
+					\<rawContext\>0\</rawContext\>
+
+					\<reserved/\>
+
+					\<filterId\>208757\</filterId\>
+
+					\<effectiveWeight\>
+
+						\<type\>FWP_UINT64\</type\>
+
+						\<uint64\>412316868544\</uint64\>
+
+					\</effectiveWeight\>
+
+				\</item\>
+
+\*The capabilities field in a netEvent was added to the traces in the Windows 10
+May 2019 Update

From db87b515c2506dbf18ccf4aa6a60c9bb97527579 Mon Sep 17 00:00:00 2001
From: Joey Caparas <macapara@microsoft.com>
Date: Wed, 12 Aug 2020 16:11:04 -0700
Subject: [PATCH 07/69] move topics in toc

---
 .../threat-protection/windows-firewall/TOC.md | 99 ++++++++++++++-----
 1 file changed, 77 insertions(+), 22 deletions(-)

diff --git a/windows/security/threat-protection/windows-firewall/TOC.md b/windows/security/threat-protection/windows-firewall/TOC.md
index e3271818c1..791aa26a20 100644
--- a/windows/security/threat-protection/windows-firewall/TOC.md
+++ b/windows/security/threat-protection/windows-firewall/TOC.md
@@ -1,44 +1,54 @@
 # [Windows Firewall with Advanced Security](windows-firewall-with-advanced-security.md)
-## [Isolating Microsoft Store Apps on Your Network](isolating-apps-on-your-network.md)
-## [Securing IPsec](securing-end-to-end-ipsec-connections-by-using-ikev2.md)
-## [PowerShell](windows-firewall-with-advanced-security-administration-with-windows-powershell.md)
-## [Design Guide](windows-firewall-with-advanced-security-design-guide.md)
+
+## [Plan/Design]()
+
+### [Design Guide](windows-firewall-with-advanced-security-design-guide.md)
+
 ### [Design Process](understanding-the-windows-firewall-with-advanced-security-design-process.md)
 ### [Deployment Goals](identifying-your-windows-firewall-with-advanced-security-deployment-goals.md)
 #### [Protect Devices from Unwanted Network Traffic](protect-devices-from-unwanted-network-traffic.md)
 #### [Restrict Access to Only Trusted Devices](restrict-access-to-only-trusted-devices.md)
 #### [Require Encryption](require-encryption-when-accessing-sensitive-network-resources.md)
 #### [Restrict Access](restrict-access-to-only-specified-users-or-devices.md)
+
 ### [Mapping Goals to a Design](mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md)
 #### [Basic Design](basic-firewall-policy-design.md)
 #### [Domain Isolation Design](domain-isolation-policy-design.md)
 #### [Server Isolation Design](server-isolation-policy-design.md)
 #### [Certificate-based Isolation Design](certificate-based-isolation-policy-design.md)
+
 ### [Evaluating Design Examples](evaluating-windows-firewall-with-advanced-security-design-examples.md)
 #### [Basic Design Example](firewall-policy-design-example.md)
 #### [Domain Isolation Design Example](domain-isolation-policy-design-example.md)
 #### [Server Isolation Design Example](server-isolation-policy-design-example.md)
 #### [Certificate-based Isolation Design Example](certificate-based-isolation-policy-design-example.md)
+
 ### [Designing a Strategy](designing-a-windows-firewall-with-advanced-security-strategy.md)
+
 #### [Gathering the Info You Need](gathering-the-information-you-need.md)
 ##### [Network](gathering-information-about-your-current-network-infrastructure.md)
 ##### [Active Directory](gathering-information-about-your-active-directory-deployment.md)
 ##### [Computers](gathering-information-about-your-devices.md)
 ##### [Other Relevant Information](gathering-other-relevant-information.md)
 #### [Determining the Trusted State of Your Computers](determining-the-trusted-state-of-your-devices.md)
+
 ### [Planning Your Design](planning-your-windows-firewall-with-advanced-security-design.md)
 #### [Planning Settings for a Basic Firewall Policy](planning-settings-for-a-basic-firewall-policy.md)
+
 #### [Planning Domain Isolation Zones](planning-domain-isolation-zones.md)
 ##### [Exemption List](exemption-list.md)
 ##### [Isolated Domain](isolated-domain.md)
 ##### [Boundary Zone](boundary-zone.md)
 ##### [Encryption Zone](encryption-zone.md)
 #### [Planning Server Isolation Zones](planning-server-isolation-zones.md)
+
 #### [Planning Certificate-based Authentication](planning-certificate-based-authentication.md)
 ##### [Documenting the Zones](documenting-the-zones.md)
+
 ##### [Planning Group Policy Deployment for Your Isolation Zones](planning-group-policy-deployment-for-your-isolation-zones.md)
 ###### [Planning Isolation Groups for the Zones](planning-isolation-groups-for-the-zones.md)
 ###### [Planning Network Access Groups](planning-network-access-groups.md)
+
 ###### [Planning the GPOs](planning-the-gpos.md)
 ####### [Firewall GPOs](firewall-gpos.md)
 ######## [GPO_DOMISO_Firewall](gpo-domiso-firewall.md)
@@ -50,25 +60,29 @@
 ####### [Encryption Zone GPOs](encryption-zone-gpos.md)
 ######## [GPO_DOMISO_Encryption](gpo-domiso-encryption.md)
 ####### [Server Isolation GPOs](server-isolation-gpos.md)
+
 ###### [Planning GPO Deployment](planning-gpo-deployment.md)
-### [Appendix A: Sample GPO Template Files for Settings Used in this Guide](appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md)
-## [Deployment Guide](windows-firewall-with-advanced-security-deployment-guide.md)
-### [Planning to Deploy](planning-to-deploy-windows-firewall-with-advanced-security.md)
-### [Implementing Your Plan](implementing-your-windows-firewall-with-advanced-security-design-plan.md)
-### [Checklist: Creating Group Policy Objects](checklist-creating-group-policy-objects.md)
-### [Checklist: Implementing a Basic Firewall Policy Design](checklist-implementing-a-basic-firewall-policy-design.md)
-### [Checklist: Configuring Basic Firewall Settings](checklist-configuring-basic-firewall-settings.md)
-### [Checklist: Creating Inbound Firewall Rules](checklist-creating-inbound-firewall-rules.md)
-### [Checklist: Creating Outbound Firewall Rules](checklist-creating-outbound-firewall-rules.md)
-### [Checklist: Implementing a Domain Isolation Policy Design](checklist-implementing-a-domain-isolation-policy-design.md)
-#### [Checklist: Configuring Rules for the Isolated Domain](checklist-configuring-rules-for-the-isolated-domain.md)
-#### [Checklist: Configuring Rules for the Boundary Zone](checklist-configuring-rules-for-the-boundary-zone.md)
-#### [Checklist: Configuring Rules for the Encryption Zone](checklist-configuring-rules-for-the-encryption-zone.md)
-#### [Checklist: Configuring Rules for an Isolated Server Zone](checklist-configuring-rules-for-an-isolated-server-zone.md)
-### [Checklist: Implementing a Standalone Server Isolation Policy Design](checklist-implementing-a-standalone-server-isolation-policy-design.md)
-#### [Checklist: Configuring Rules for Servers in a Standalone Isolated Server Zone](checklist-configuring-rules-for-servers-in-a-standalone-isolated-server-zone.md)
-#### [Checklist: Creating Rules for Clients of a Standalone Isolated Server Zone](checklist-creating-rules-for-clients-of-a-standalone-isolated-server-zone.md)
-### [Checklist: Implementing a Certificate-based Isolation Policy Design](checklist-implementing-a-certificate-based-isolation-policy-design.md)
+
+
+## [Deployment guide]()
+### [Deployment Guide](windows-firewall-with-advanced-security-deployment-guide.md)
+#### [Planning to Deploy](planning-to-deploy-windows-firewall-with-advanced-security.md)
+#### [Implementing Your Plan](implementing-your-windows-firewall-with-advanced-security-design-plan.md)
+
+
+
+
+## [Best practices]()
+### [Securing IPsec](securing-end-to-end-ipsec-connections-by-using-ikev2.md)
+### [PowerShell](windows-firewall-with-advanced-security-administration-with-windows-powershell.md)
+### [Isolating Microsoft Store Apps on Your Network](isolating-apps-on-your-network.md)
+
+
+
+
+
+
+## [How-to]()
 ### [Procedures Used in This Guide](procedures-used-in-this-guide.md)
 #### [Add Production Devices to the Membership Group for a Zone](add-production-devices-to-the-membership-group-for-a-zone.md)
 #### [Add Test Devices to the Membership Group for a Zone](add-test-devices-to-the-membership-group-for-a-zone.md)
@@ -108,3 +122,44 @@
 #### [Restrict Server Access](restrict-server-access-to-members-of-a-group-only.md)
 #### [Enable Windows Firewall](turn-on-windows-firewall-and-configure-default-behavior.md)
 #### [Verify Network Traffic](verify-that-network-traffic-is-authenticated.md)
+#### [Verify Network Traffic](verify-that-network-traffic-is-authenticated.md)
+
+
+
+
+## [References]()
+### [Checklist: Creating Group Policy Objects](checklist-creating-group-policy-objects.md)
+### [Checklist: Implementing a Basic Firewall Policy Design](checklist-implementing-a-basic-firewall-policy-design.md)
+### [Checklist: Configuring Basic Firewall Settings](checklist-configuring-basic-firewall-settings.md)
+### [Checklist: Creating Inbound Firewall Rules](checklist-creating-inbound-firewall-rules.md)
+### [Checklist: Creating Outbound Firewall Rules](checklist-creating-outbound-firewall-rules.md)
+### [Checklist: Implementing a Domain Isolation Policy Design](checklist-implementing-a-domain-isolation-policy-design.md)
+#### [Checklist: Configuring Rules for the Isolated Domain](checklist-configuring-rules-for-the-isolated-domain.md)
+#### [Checklist: Configuring Rules for the Boundary Zone](checklist-configuring-rules-for-the-boundary-zone.md)
+#### [Checklist: Configuring Rules for the Encryption Zone](checklist-configuring-rules-for-the-encryption-zone.md)
+#### [Checklist: Configuring Rules for an Isolated Server Zone](checklist-configuring-rules-for-an-isolated-server-zone.md)
+### [Checklist: Implementing a Standalone Server Isolation Policy Design](checklist-implementing-a-standalone-server-isolation-policy-design.md)
+#### [Checklist: Configuring Rules for Servers in a Standalone Isolated Server Zone](checklist-configuring-rules-for-servers-in-a-standalone-isolated-server-zone.md)
+#### [Checklist: Creating Rules for Clients of a Standalone Isolated Server Zone](checklist-creating-rules-for-clients-of-a-standalone-isolated-server-zone.md)
+
+### [Checklist: Implementing a Certificate-based Isolation Policy Design](checklist-implementing-a-certificate-based-isolation-policy-design.md)
+
+### [Appendix A: Sample GPO Template Files for Settings Used in this Guide](appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md)
+
+
+
+## [Troubleshooting]()
+
+
+
+
+
+
+
+
+
+
+
+
+
+

From 847ebd5a2f280aa41bb1bfaac54ff7f143879238 Mon Sep 17 00:00:00 2001
From: Daniel Simpson <dansimp@microsoft.com>
Date: Wed, 12 Aug 2020 16:25:33 -0700
Subject: [PATCH 08/69] checking in formatting

---
 .../troubleshooting-uwp-firewall.md           | 518 +-----------------
 1 file changed, 13 insertions(+), 505 deletions(-)

diff --git a/windows/security/threat-protection/windows-firewall/troubleshooting-uwp-firewall.md b/windows/security/threat-protection/windows-firewall/troubleshooting-uwp-firewall.md
index dbc2f8af22..4874e16c5e 100644
--- a/windows/security/threat-protection/windows-firewall/troubleshooting-uwp-firewall.md
+++ b/windows/security/threat-protection/windows-firewall/troubleshooting-uwp-firewall.md
@@ -196,163 +196,84 @@ allowed by Filter \#125918 which is from the InternetClient Default Rule.
 **InternetClient Default Rule Filter \#125918, Wfpdiag-Case-1.xml**
 ```
 \<item\>
-
 >   \<filterKey\>{3389708e-f7ae-4ebc-a61a-f659065ab24e}\</filterKey\>
-
 >   \<displayData\>
-
 >   \<name\>InternetClient Default Rule\</name\>
-
 >   \<description\>InternetClient Default Rule\</description\>
-
 >   \</displayData\>
-
 >   \<flags/\>
-
 >   \<providerKey\>FWPM_PROVIDER_MPSSVC_WSH\</providerKey\>
-
 >   \<providerData\>
-
 >   \<data\>ad2b000000000000\</data\>
-
 >   \<asString\>.+......\</asString\>
-
 >   \</providerData\>
-
 >   \<layerKey\>FWPM_LAYER_ALE_AUTH_CONNECT_V6\</layerKey\>
-
 >   \<subLayerKey\>FWPM_SUBLAYER_MPSSVC_WSH\</subLayerKey\>
-
 >   \<weight\>
-
 >   \<type\>FWP_EMPTY\</type\>
-
 >   \</weight\>
-
 >   \<filterCondition numItems="5"\>
-
 >   \<item\>
-
 >   \<fieldKey\>FWPM_CONDITION_ALE_PACKAGE_ID\</fieldKey\>
-
 >   \<matchType\>FWP_MATCH_NOT_EQUAL\</matchType\>
-
 >   \<conditionValue\>
-
 >   \<type\>FWP_SID\</type\>
-
 >   \<sid\>S-1-0-0\</sid\>
-
 >   \</conditionValue\>
-
 >   \</item\>
-
 >   \<item\>
-
 >   \<fieldKey\>FWPM_CONDITION_IP_REMOTE_ADDRESS\</fieldKey\>
-
 >   \<matchType\>FWP_MATCH_RANGE\</matchType\>
-
 >   \<conditionValue\>
-
 >   \<type\>FWP_RANGE_TYPE\</type\>
-
 >   \<rangeValue\>
-
 >   \<valueLow\>
-
 >   \<type\>FWP_BYTE_ARRAY16_TYPE\</type\>
-
 >   \<byteArray16\>::\</byteArray16\>
-
 >   \</valueLow\>
-
 >   \<valueHigh\>
-
 >   \<type\>FWP_BYTE_ARRAY16_TYPE\</type\>
-
 >   \<byteArray16\>ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff\</byteArray16\>
-
 >   \</valueHigh\>
-
 >   \</rangeValue\>
-
 >   \</conditionValue\>
-
 >   \</item\>
-
 >   \<item\>
-
 >   \<fieldKey\>FWPM_CONDITION_ORIGINAL_PROFILE_ID\</fieldKey\>
-
 >   \<matchType\>FWP_MATCH_EQUAL\</matchType\>
-
 >   \<conditionValue\>
-
 >   \<type\>FWP_UINT32\</type\>
-
 >   \<uint32\>1\</uint32\>
-
 >   \</conditionValue\>
-
 >   \</item\>
-
 >   \<item\>
-
 >   \<fieldKey\>FWPM_CONDITION_CURRENT_PROFILE_ID\</fieldKey\>
-
 >   \<matchType\>FWP_MATCH_EQUAL\</matchType\>
-
 >   \<conditionValue\>
-
 >   \<type\>FWP_UINT32\</type\>
-
 >   \<uint32\>1\</uint32\>
-
 >   \</conditionValue\>
-
 >   \</item\>
-
 >   \<item\>
-
 >   \<fieldKey\>FWPM_CONDITION_ALE_USER_ID\</fieldKey\>
-
 >   \<matchType\>FWP_MATCH_EQUAL\</matchType\>
-
 >   \<conditionValue\>
-
 >   \<type\>FWP_SECURITY_DESCRIPTOR_TYPE\</type\>
-
 >   \<sd\>O:LSD:(A;;CC;;;S-1-15-3-1)(A;;CC;;;WD)(A;;CC;;;AN)\</sd\>
-
 >   \</conditionValue\>
-
 >   \</item\>
-
 >   \</filterCondition\>
-
 >   \<action\>
-
 >   \<type\>FWP_ACTION_PERMIT\</type\>
-
 >   \<filterType/\>
-
 >   \</action\>
-
 >   \<rawContext\>0\</rawContext\>
-
 >   \<reserved/\>
-
 >   \<filterId\>125918\</filterId\>
-
 >   \<effectiveWeight\>
-
 >   \<type\>FWP_UINT64\</type\>
-
 >   \<uint64\>103079219136\</uint64\>
-
 >   \</effectiveWeight\>
-
 \</item\>
 ```
 One condition is
@@ -360,19 +281,12 @@ One condition is
 **Capabilities Condition in Filter \#125918, Wfpdiag-Case-1.xml**
 ```
 \<item\>
-
 >   \<fieldKey\>FWPM_CONDITION_ALE_USER_ID\</fieldKey\>
-
 >   \<matchType\>FWP_MATCH_EQUAL\</matchType\>
-
 >   \<conditionValue\>
-
 >   \<type\>FWP_SECURITY_DESCRIPTOR_TYPE\</type\>
-
 >   \<sd\>O:LSD:(A;;CC;;;S-1-15-3-1)(A;;CC;;;WD)(A;;CC;;;AN)\</sd\>
-
 >   \</conditionValue\>
-
 \</item\>
 ```
 which is the condition for checking capabilities in this filter.
@@ -381,15 +295,12 @@ The important part of this condition is S-1-15-3-1, which is the capability SID
 for INTERNET_CLIENT privileges.
 
 From the netEvent’s capabilities section,
-```
+
 Capabilities from netEvent, Wfpdiag-Case-1.xml
-
+```
 \<capabilities numItems="3"\>				
-
 >   **\<item\>FWP_CAPABILITIES_FLAG_INTERNET_CLIENT\</item\>**			\<item\>FWP_CAPABILITIES_FLAG_INTERNET_CLIENT_SERVER\</item\>
-
 \<item\>FWP_CAPABILITIES_FLAG_PRIVATE_NETWORK\</item\>
-
 \</capabilities\>
 ```
 it shows the packet came from an app with an Internet client token
@@ -665,842 +576,439 @@ In this example, the UWP app is unable to reach the Intranet target address,
 10.50.50.50, because it does not have a Private Network capability.
 
 **Classify Drop netEvent, Wfpdiag-Case-4.xml**
-
+```
 \<netEvent\>
-
 \<header\>
-
 >   \<timeStamp\>2020-05-22T21:29:28.601Z\</timeStamp\>
-
 >   \<flags numItems="9"\>
-
 >   \<item\>FWPM_NET_EVENT_FLAG_IP_PROTOCOL_SET\</item\>
-
 >   \<item\>FWPM_NET_EVENT_FLAG_LOCAL_ADDR_SET\</item\>
-
 >   \<item\>FWPM_NET_EVENT_FLAG_REMOTE_ADDR_SET\</item\>
-
 >   \<item\>FWPM_NET_EVENT_FLAG_LOCAL_PORT_SET\</item\>
-
 >   \<item\>FWPM_NET_EVENT_FLAG_REMOTE_PORT_SET\</item\>
-
 >   \<item\>FWPM_NET_EVENT_FLAG_APP_ID_SET\</item\>
-
 >   \<item\>FWPM_NET_EVENT_FLAG_USER_ID_SET\</item\>
-
 >   \<item\>FWPM_NET_EVENT_FLAG_IP_VERSION_SET\</item\>
-
 >   \<item\>FWPM_NET_EVENT_FLAG_PACKAGE_ID_SET\</item\>
-
 >   \</flags\>
-
 >   \<ipVersion\>FWP_IP_VERSION_V4\</ipVersion\>
-
 >   \<ipProtocol\>6\</ipProtocol\>
-
 >   \<localAddrV4\>10.216.117.17\</localAddrV4\>
-
 >   \<remoteAddrV4\>10.50.50.50\</remoteAddrV4\>
-
 >   \<localPort\>52998\</localPort\>
-
 >   \<remotePort\>53\</remotePort\>
-
 >   \<scopeId\>0\</scopeId\>
-
 >   \<appId\>				
-
 >   \<data\>5c006400650076006900630065005c0068006100720064006400690073006b0076006f006c0075006d00650031005c00700072006f006700720061006d002000660069006c00650073005c00770069006e0064006f007700730061007000700073005c00610066003600390032006200660066002d0036003700370039002d0034003200340066002d0038003700300065002d006600360065003500390063003500300032003300340039005f0031002e0031002e00310031002e0030005f007800360034005f005f00350063003000330037006a0061007200350038003300390072005c0075007700700073006f0063006b006500740063006c00690065006e0074002e006500780065000000\</data\>
-
 >   \<asString\>\\.d.e.v.i.c.e.\\.h.a.r.d.d.i.s.k.v.o.l.u.m.e.1.\\.p.r.o.g.r.a.m.
 >   .f.i.l.e.s.\\.w.i.n.d.o.w.s.a.p.p.s.\\.a.f.6.9.2.b.f.f.-.6.7.7.9.-.4.2.4.f.-.8.7.0.e.-.f.6.e.5.9.c.5.0.2.3.4.9._.1...1...1.1...0._.x.6.4._._.5.c.0.3.7.j.a.r.5.8.3.9.r.\\.u.w.p.s.o.c.k.e.t.c.l.i.e.n.t...e.x.e...\</asString\>
-
 >   \</appId\>
-
 >   \<userId\>S-1-5-21-2993214446-1947230185-131795049-1000\</userId\>
-
 >   \<addressFamily\>FWP_AF_INET\</addressFamily\>
-
 >   \<packageSid\>S-1-15-2-4163697451-3176919390-1155390458-2883473650-3020241727-522149888-4067122936\</packageSid\>
-
 >   \<enterpriseId/\>
-
 >   \<policyFlags\>0\</policyFlags\>
-
 >   \<effectiveName/\>
-
 \</header\>
-
 >   \<type\>FWPM_NET_EVENT_TYPE_CLASSIFY_DROP\</type\>
-
 >   \<classifyDrop\>
-
 >   \<filterId\>121180\</filterId\>
-
 >   \<layerId\>48\</layerId\>
-
 >   \<reauthReason\>0\</reauthReason\>
-
 >   \<originalProfile\>1\</originalProfile\>
-
 >   \<currentProfile\>1\</currentProfile\>
-
 >   \<msFwpDirection\>MS_FWP_DIRECTION_OUT\</msFwpDirection\>
-
 >   \<isLoopback\>false\</isLoopback\>
-
 >   \<vSwitchId/\>
-
 >   \<vSwitchSourcePort\>0\</vSwitchSourcePort\>
-
 >   \<vSwitchDestinationPort\>0\</vSwitchDestinationPort\>
-
 \</classifyDrop\>
-
 \<internalFields\>
-
 >   \<internalFlags/\>
-
 >   \<remoteAddrBitmap\>0000000000000000\</remoteAddrBitmap\>
-
 >   \<capabilities numItems="2"\>
-
 >   \<item\>FWP_CAPABILITIES_FLAG_INTERNET_CLIENT\</item\>
-
 >   \<item\>FWP_CAPABILITIES_FLAG_INTERNET_CLIENT_SERVER\</item\>
-
 >   \</capabilities\>
-
 >   \<fqbnVersion\>0\</fqbnVersion\>
-
 >   \<fqbnName/\>
-
 >   \<terminatingFiltersInfo numItems="2"\>
-
 >   \<item\>
-
 >   \<filterId\>121180\</filterId\>
-
 >   \<subLayer\>FWPP_SUBLAYER_INTERNAL_FIREWALL_WSH\</subLayer\>
-
 >   \<actionType\>FWP_ACTION_BLOCK\</actionType\>
-
 >   \</item\>
-
 >   \<item\>
-
 >   \<filterId\>121165\</filterId\>
-
 >   \<subLayer\>FWPP_SUBLAYER_INTERNAL_FIREWALL_WF\</subLayer\>
-
 >   \<actionType\>FWP_ACTION_PERMIT\</actionType\>
-
 >   \</item\>
-
 >   \</terminatingFiltersInfo\>
-
 \</internalFields\>
-
 \</netEvent\>
-
+```
 ## Case 5: UWP app cannot reach “Intranet” target address with Private Network capability
 
 In this example, the UWP app is unable to reach the Intranet target address,
 10.1.1.1, even though it has a Private Network capability token.
 
 **Classify Drop netEvent, Wfpdiag-Case-5.xml**
-
+```
 \<netEvent\>
-
 >   \<header\>
-
 >   \<timeStamp\>2020-05-22T20:54:53.499Z\</timeStamp\>
-
 >   \<flags numItems="9"\>
-
 >   \<item\>FWPM_NET_EVENT_FLAG_IP_PROTOCOL_SET\</item\>
-
 >   \<item\>FWPM_NET_EVENT_FLAG_LOCAL_ADDR_SET\</item\>
-
 >   \<item\>FWPM_NET_EVENT_FLAG_REMOTE_ADDR_SET\</item\>
-
 >   \<item\>FWPM_NET_EVENT_FLAG_LOCAL_PORT_SET\</item\>
-
 >   \<item\>FWPM_NET_EVENT_FLAG_REMOTE_PORT_SET\</item\>
-
 >   \<item\>FWPM_NET_EVENT_FLAG_APP_ID_SET\</item\>
-
 >   \<item\>FWPM_NET_EVENT_FLAG_USER_ID_SET\</item\>
-
 >   \<item\>FWPM_NET_EVENT_FLAG_IP_VERSION_SET\</item\>
-
 >   \<item\>FWPM_NET_EVENT_FLAG_PACKAGE_ID_SET\</item\>
-
 >   \</flags\>
-
 >   \<ipVersion\>FWP_IP_VERSION_V4\</ipVersion\>
-
 >   \<ipProtocol\>6\</ipProtocol\>
-
 >   \<localAddrV4\>10.216.117.17\</localAddrV4\>
-
 >   \<remoteAddrV4\>10.1.1.1\</remoteAddrV4\>
-
 >   \<localPort\>52956\</localPort\>
-
 >   \<remotePort\>53\</remotePort\>
-
 >   \<scopeId\>0\</scopeId\>
-
 >   \<appId\>	
-
 >   \<data\>5c006400650076006900630065005c0068006100720064006400690073006b0076006f006c0075006d00650031005c00700072006f006700720061006d002000660069006c00650073005c00770069006e0064006f007700730061007000700073005c00610066003600390032006200660066002d0036003700370039002d0034003200340066002d0038003700300065002d006600360065003500390063003500300032003300340039005f0031002e0031002e00310033002e0030005f007800360034005f005f00350063003000330037006a0061007200350038003300390072005c0075007700700073006f0063006b006500740063006c00690065006e0074002e006500780065000000\</data\>
-
 >   \<asString\>\\.d.e.v.i.c.e.\\.h.a.r.d.d.i.s.k.v.o.l.u.m.e.1.\\.p.r.o.g.r.a.m.
 >   .f.i.l.e.s.\\.w.i.n.d.o.w.s.a.p.p.s.\\.a.f.6.9.2.b.f.f.-.6.7.7.9.-.4.2.4.f.-.8.7.0.e.-.f.6.e.5.9.c.5.0.2.3.4.9._.1...1...1.3...0._.x.6.4._._.5.c.0.3.7.j.a.r.5.8.3.9.r.\\.u.w.p.s.o.c.k.e.t.c.l.i.e.n.t...e.x.e...\</asString\>
-
 >   \</appId\>
-
 >   \<userId\>S-1-5-21-2993214446-1947230185-131795049-1000\</userId\>
-
 >   \<addressFamily\>FWP_AF_INET\</addressFamily\>
-
 >   \<packageSid\>S-1-15-2-4163697451-3176919390-1155390458-2883473650-3020241727-522149888-4067122936\</packageSid\>
-
 >   \<enterpriseId/\>
-
 >   \<policyFlags\>0\</policyFlags\>
-
 >   \<effectiveName/\>
-
 \</header\>
-
 >   \<type\>FWPM_NET_EVENT_TYPE_CLASSIFY_DROP\</type\>
-
 >   \<classifyDrop\>
-
 >   \<filterId\>121180\</filterId\>
-
 >   \<layerId\>48\</layerId\>
-
 >   \<reauthReason\>0\</reauthReason\>
-
 >   \<originalProfile\>1\</originalProfile\>
-
 >   \<currentProfile\>1\</currentProfile\>
-
 >   \<msFwpDirection\>MS_FWP_DIRECTION_OUT\</msFwpDirection\>
-
 >   \<isLoopback\>false\</isLoopback\>
-
 >   \<vSwitchId/\>
-
 >   \<vSwitchSourcePort\>0\</vSwitchSourcePort\>
-
 >   \<vSwitchDestinationPort\>0\</vSwitchDestinationPort\>
-
 >   \</classifyDrop\>
-
 >   \<internalFields\>
-
 >   \<internalFlags/\>
-
 >   \<remoteAddrBitmap\>0000000000000000\</remoteAddrBitmap\>
-
 >   \<capabilities numItems="1"\>
-
 >   \<item\>FWP_CAPABILITIES_FLAG_PRIVATE_NETWORK\</item\>
-
 >   \</capabilities\>
-
 >   \<fqbnVersion\>0\</fqbnVersion\>
-
 >   \<fqbnName/\>
-
 >   \<terminatingFiltersInfo numItems="2"\>
-
 >   \<item\>
-
 >   \<filterId\>121180\</filterId\>
-
 >   \<subLayer\>FWPP_SUBLAYER_INTERNAL_FIREWALL_WSH\</subLayer\>
-
 >   \<actionType\>FWP_ACTION_BLOCK\</actionType\>
-
 >   \</item\>
-
 >   \<item\>
-
 >   \<filterId\>121165\</filterId\>
-
 >   \<subLayer\>FWPP_SUBLAYER_INTERNAL_FIREWALL_WF\</subLayer\>
-
 >   \<actionType\>FWP_ACTION_PERMIT\</actionType\>
-
 >   \</item\>
-
 >   \</terminatingFiltersInfo\>
-
 >   \</internalFields\>
-
 \</netEvent\>
-
+```
 The following shows the filter that blocked the event:
 
 **Block Outbound Default Rule Filter \#121180, Wfpdiag-Case-5.xml**
 
+```
 \<item\>
-
 >   \<filterKey\>{e62a1a22-c80a-4518-a7f8-e7d1ef3a9ff6}\</filterKey\>
-
 >   \<displayData\>
-
 >   \<name\>Block Outbound Default Rule\</name\>
-
 >   \<description\>Block Outbound Default Rule\</description\>
-
 >   \</displayData\>
-
 >   \<flags/\>
-
 >   \<providerKey\>FWPM_PROVIDER_MPSSVC_WSH\</providerKey\>
-
 >   \<providerData\>
-
 >   \<data\>c029000000000000\</data\>
-
 >   \<asString\>.)......\</asString\>
-
 >   \</providerData\>
-
 >   \<layerKey\>FWPM_LAYER_ALE_AUTH_CONNECT_V4\</layerKey\>
-
 >   \<subLayerKey\>FWPM_SUBLAYER_MPSSVC_WSH\</subLayerKey\>
-
 >   \<weight\>
-
 >   \<type\>FWP_EMPTY\</type\>
-
 >   \</weight\>
-
 >   \<filterCondition numItems="1"\>
-
 >   \<item\>
-
 >   \<fieldKey\>FWPM_CONDITION_ALE_PACKAGE_ID\</fieldKey\>
-
 >   \<matchType\>FWP_MATCH_NOT_EQUAL\</matchType\>
-
 >   \<conditionValue\>
-
 >   \<type\>FWP_SID\</type\>
-
 >   \<sid\>S-1-0-0\</sid\>
-
 >   \</conditionValue\>
-
 >   \</item\>
-
 >   \</filterCondition\>
-
 >   \<action\>
-
 >   \<type\>FWP_ACTION_BLOCK\</type\>
-
 >   \<filterType/\>
-
 >   \</action\>
-
 >   \<rawContext\>0\</rawContext\>
-
 >   \<reserved/\>
-
 >   \<filterId\>121180\</filterId\>
-
 >   \<effectiveWeight\>
-
 >   \<type\>FWP_UINT64\</type\>
-
 >   \<uint64\>274877906944\</uint64\>
-
 >   \</effectiveWeight\>
-
 \</item\>
-
+```
 If the target was in the private range, then it should have been allowed by a
 PrivateNetwork Outbound Default Rule filter.
 
-The following PrivateNetwork Outbound Default Rule filters have conditions for
-matching Intranet IP addresses. Since the expected Intranet target address,
-10.1.1.1, is not included in these filters it becomes clear that the address is
-not in the private range. Check the policies which configure the private range
-on the machine (MDM, GP, etc) and make sure it includes the private target
-address you wanted to reach.
+The following PrivateNetwork Outbound Default Rule filters have conditions for matching Intranet IP addresses. Since the expected Intranet target address,
+10.1.1.1, is not included in these filters it becomes clear that the address isnot in the private range. Check the policies which configure the private range
+on the machine (MDM, GP, etc) and make sure it includes the private targetaddress you wanted to reach.
 
 **PrivateNetwork Outbound Default Rule Filters, Wfpdiag-Case-5.xml**
-
+```
 \<item\>
-
 >   \<filterKey\>{fd65507b-e356-4e2f-966f-0c9f9c1c6e78}\</filterKey\>
-
 >   \<displayData\>
-
 >   \<name\>PrivateNetwork Outbound Default Rule\</name\>
-
 >   \<description\>PrivateNetwork Outbound Default Rule\</description\>
-
 >   \</displayData\>
-
 >   \<flags/\>
-
 >   \<providerKey\>FWPM_PROVIDER_MPSSVC_WSH\</providerKey\>
-
 >   \<providerData\>
-
 >   \<data\>f22d000000000000\</data\>
-
 >   \<asString\>.-......\</asString\>
-
 >   \</providerData\>
-
 >   \<layerKey\>FWPM_LAYER_ALE_AUTH_CONNECT_V4\</layerKey\>
-
 >   \<subLayerKey\>FWPM_SUBLAYER_MPSSVC_WSH\</subLayerKey\>
-
 >   \<weight\>
-
 >   \<type\>FWP_EMPTY\</type\>
-
 >   \</weight\>
-
 >   \<filterCondition numItems="5"\>
-
 >   \<item\>
-
 >   \<fieldKey\>FWPM_CONDITION_ALE_PACKAGE_ID\</fieldKey\>
-
 >   \<matchType\>FWP_MATCH_NOT_EQUAL\</matchType\>
-
 >   \<conditionValue\>
-
 >   \<type\>FWP_SID\</type\>
-
 >   \<sid\>S-1-0-0\</sid\>
-
 >   \</conditionValue\>
-
 >   \</item\>
-
 >   \<item\>
-
 >   \<fieldKey\>FWPM_CONDITION_IP_REMOTE_ADDRESS\</fieldKey\>
-
 >   \<matchType\>FWP_MATCH_EQUAL\</matchType\>
-
 >   \<conditionValue\>
-
 >   \<type\>FWP_UINT32\</type\>
-
 >   \<uint32\>1.1.1.1\</uint32\>
-
 >   \</conditionValue\>
-
 >   \</item\>
-
 >   \<item\>
-
 >   \<fieldKey\>FWPM_CONDITION_ORIGINAL_PROFILE_ID\</fieldKey\>
-
 >   \<matchType\>FWP_MATCH_EQUAL\</matchType\>
-
 >   \<conditionValue\>
-
 >   \<type\>FWP_UINT32\</type\>
-
 >   \<uint32\>1\</uint32\>
-
 >   \</conditionValue\>
-
 >   \</item\>
-
 >   \<item\>
-
 >   \<fieldKey\>FWPM_CONDITION_CURRENT_PROFILE_ID\</fieldKey\>
-
 >   \<matchType\>FWP_MATCH_EQUAL\</matchType\>
-
 >   \<conditionValue\>
-
 >   \<type\>FWP_UINT32\</type\>
-
 >   \<uint32\>1\</uint32\>
-
 >   \</conditionValue\>
-
 >   \</item\>
-
 >   \<item\>
-
 >   \<fieldKey\>FWPM_CONDITION_ALE_USER_ID\</fieldKey\>
-
 >   \<matchType\>FWP_MATCH_EQUAL\</matchType\>
-
 >   \<conditionValue\>
-
 >   \<type\>FWP_SECURITY_DESCRIPTOR_TYPE\</type\>
-
 >   \<sd\>O:LSD:(A;;CC;;;S-1-15-3-3)(A;;CC;;;WD)(A;;CC;;;AN)\</sd\>
-
 >   \</conditionValue\>
-
 >   \</item\>
-
 >   \</filterCondition\>
-
 >   \<action\>
-
 >   \<type\>FWP_ACTION_PERMIT\</type\>
-
 >   \<filterType/\>
-
 >   \</action\>
-
 >   \<rawContext\>0\</rawContext\>
-
 >   \<reserved/\>
-
 >   \<filterId\>129656\</filterId\>
-
 >   \<effectiveWeight\>
-
 >   \<type\>FWP_UINT64\</type\>
-
 >   \<uint64\>144115600392724416\</uint64\>
-
 >   \</effectiveWeight\>
-
 >   \</item\>
-
 >   \<item\>
-
 >   \<filterKey\>{b11b4f8a-222e-49d6-8d69-02728681d8bc}\</filterKey\>
-
 >   \<displayData\>
-
 >   \<name\>PrivateNetwork Outbound Default Rule\</name\>
-
 >   \<description\>PrivateNetwork Outbound Default Rule\</description\>
-
 >   \</displayData\>
-
 >   \<flags/\>
-
 >   \<providerKey\>FWPM_PROVIDER_MPSSVC_WSH\</providerKey\>
-
 >   \<providerData\>
-
 >   \<data\>f22d000000000000\</data\>
-
 >   \<asString\>.-......\</asString\>
-
 >   \</providerData\>
-
 >   \<layerKey\>FWPM_LAYER_ALE_AUTH_CONNECT_V4\</layerKey\>
-
 >   \<subLayerKey\>FWPM_SUBLAYER_MPSSVC_WSH\</subLayerKey\>
-
 >   \<weight\>
-
 >   \<type\>FWP_EMPTY\</type\>
-
 >   \</weight\>
-
 >   \<filterCondition numItems="5"\>
-
 >   \<item\>
-
 >   \<fieldKey\>FWPM_CONDITION_ALE_PACKAGE_ID\</fieldKey\>
-
 >   \<matchType\>FWP_MATCH_NOT_EQUAL\</matchType\>
-
 >   \<conditionValue\>
-
 >   \<type\>FWP_SID\</type\>
-
 >   \<sid\>S-1-0-0\</sid\>
-
 >   \</conditionValue\>
-
 >   \</item\>
-
 >   \<item\>
-
 >   \<fieldKey\>FWPM_CONDITION_IP_REMOTE_ADDRESS\</fieldKey\>
-
 >   \<matchType\>FWP_MATCH_RANGE\</matchType\>
-
 >   \<conditionValue\>
-
 >   \<type\>FWP_RANGE_TYPE\</type\>
-
 >   \<rangeValue\>
-
 >   \<valueLow\>
-
 >   \<type\>FWP_UINT32\</type\>
-
 >   \<uint32\>172.16.0.0\</uint32\>
-
 >   \</valueLow\>
-
 >   \<valueHigh\>
-
 >   \<type\>FWP_UINT32\</type\>
-
 >   \<uint32\>172.31.255.255\</uint32\>
-
 >   \</valueHigh\>
-
 >   \</rangeValue\>
-
 >   \</conditionValue\>
-
 >   \</item\>
-
 >   \<item\>
-
 >   \<fieldKey\>FWPM_CONDITION_ORIGINAL_PROFILE_ID\</fieldKey\>
-
 >   \<matchType\>FWP_MATCH_EQUAL\</matchType\>
-
 >   \<conditionValue\>
-
 >   \<type\>FWP_UINT32\</type\>
-
 >   \<uint32\>1\</uint32\>
-
 >   \</conditionValue\>
-
 >   \</item\>
-
 >   \<item\>
-
 >   \<fieldKey\>FWPM_CONDITION_CURRENT_PROFILE_ID\</fieldKey\>
-
 >   \<matchType\>FWP_MATCH_EQUAL\</matchType\>
-
 >   \<conditionValue\>
-
 >   \<type\>FWP_UINT32\</type\>
-
 >   \<uint32\>1\</uint32\>
-
 >   \</conditionValue\>
-
 >   \</item\>
-
 >   \<item\>
-
 >   \<fieldKey\>FWPM_CONDITION_ALE_USER_ID\</fieldKey\>
-
 >   \<matchType\>FWP_MATCH_EQUAL\</matchType\>
-
 >   \<conditionValue\>
-
 >   \<type\>FWP_SECURITY_DESCRIPTOR_TYPE\</type\>
-
 >   \<sd\>O:LSD:(A;;CC;;;S-1-15-3-3)(A;;CC;;;WD)(A;;CC;;;AN)\</sd\>
-
 >   \</conditionValue\>
-
 >   \</item\>
-
 >   \</filterCondition\>
-
 >   \<action\>
-
 >   \<type\>FWP_ACTION_PERMIT\</type\>
-
 >   \<filterType/\>
-
 >   \</action\>
-
 >   \<rawContext\>0\</rawContext\>
-
 >   \<reserved/\>
-
 >   \<filterId\>129657\</filterId\>
-
 >   \<effectiveWeight\>
-
 >   \<type\>FWP_UINT64\</type\>
-
 >   \<uint64\>36029209335832512\</uint64\>
-
 >   \</effectiveWeight\>
-
 \</item\>
-
 \<item\>
-
 >   \<filterKey\>{21cd82bc-6077-4069-94bf-750e5a43ca23}\</filterKey\>
-
 >   \<displayData\>
-
 >   \<name\>PrivateNetwork Outbound Default Rule\</name\>
-
 >   \<description\>PrivateNetwork Outbound Default Rule\</description\>
-
 >   \</displayData\>
-
 >   \<flags/\>
-
 >   \<providerKey\>FWPM_PROVIDER_MPSSVC_WSH\</providerKey\>
-
 >   \<providerData\>
-
 >   \<data\>f22d000000000000\</data\>
-
 >   \<asString\>.-......\</asString\>
-
 >   \</providerData\>
-
 >   \<layerKey\>FWPM_LAYER_ALE_AUTH_CONNECT_V4\</layerKey\>
-
 >   \<subLayerKey\>FWPM_SUBLAYER_MPSSVC_WSH\</subLayerKey\>
-
 >   \<weight\>
-
 >   \<type\>FWP_EMPTY\</type\>
-
 >   \</weight\>
-
 >   \<filterCondition numItems="5"\>
-
 >   \<item\>
-
 >   \<fieldKey\>FWPM_CONDITION_ALE_PACKAGE_ID\</fieldKey\>
-
 >   \<matchType\>FWP_MATCH_NOT_EQUAL\</matchType\>
-
 >   \<conditionValue\>
-
 >   \<type\>FWP_SID\</type\>
-
 >   \<sid\>S-1-0-0\</sid\>
-
 >   \</conditionValue\>
-
 >   \</item\>
-
 >   \<item\>
-
 >   \<fieldKey\>FWPM_CONDITION_IP_REMOTE_ADDRESS\</fieldKey\>
-
 >   \<matchType\>FWP_MATCH_RANGE\</matchType\>
-
 >   \<conditionValue\>
-
 >   \<type\>FWP_RANGE_TYPE\</type\>
-
 >   \<rangeValue\>
-
 >   \<valueLow\>
-
 >   \<type\>FWP_UINT32\</type\>
-
 >   \<uint32\>192.168.0.0\</uint32\>
-
 >   \</valueLow\>
-
 >   \<valueHigh\>
-
 >   \<type\>FWP_UINT32\</type\>
-
 >   \<uint32\>192.168.255.255\</uint32\>
-
 >   \</valueHigh\>
-
 >   \</rangeValue\>
-
 >   \</conditionValue\>
-
 >   \</item\>
-
 >   \<item\>
-
 >   \<fieldKey\>FWPM_CONDITION_ORIGINAL_PROFILE_ID\</fieldKey\>
-
 >   \<matchType\>FWP_MATCH_EQUAL\</matchType\>
-
 >   \<conditionValue\>
-
 >   \<type\>FWP_UINT32\</type\>
-
 >   \<uint32\>1\</uint32\>
-
 >   \</conditionValue\>
-
 >   \</item\>
-
 >   \<item\>
-
 >   \<fieldKey\>FWPM_CONDITION_CURRENT_PROFILE_ID\</fieldKey\>
-
 >   \<matchType\>FWP_MATCH_EQUAL\</matchType\>
-
 >   \<conditionValue\>
-
 >   \<type\>FWP_UINT32\</type\>
-
 >   \<uint32\>1\</uint32\>
-
 >   \</conditionValue\>
-
 >   \</item\>
-
 >   \<item\>
-
 >   \<fieldKey\>FWPM_CONDITION_ALE_USER_ID\</fieldKey\>
-
 >   \<matchType\>FWP_MATCH_EQUAL\</matchType\>
-
 >   \<conditionValue\>
-
 >   \<type\>FWP_SECURITY_DESCRIPTOR_TYPE\</type\>
-
 >   \<sd\>O:LSD:(A;;CC;;;S-1-15-3-3)(A;;CC;;;WD)(A;;CC;;;AN)\</sd\>
-
 >   \</conditionValue\>
-
 >   \</item\>
-
 >   \</filterCondition\>
-
 >   \<action\>
-
 >   \<type\>FWP_ACTION_PERMIT\</type\>
-
 >   \<filterType/\>
-
 >   \</action\>
-
 >   \<rawContext\>0\</rawContext\>
-
 >   \<reserved/\>
-
 >   \<filterId\>129658\</filterId\>
-
 >   \<effectiveWeight\>
-
 >   \<type\>FWP_UINT64\</type\>
-
 >   \<uint64\>36029209335832512\</uint64\>
-
 >   \</effectiveWeight\>
-
 \</item\>
-
+```
 # Debugging Past Drops 
 
 If you are debugging a network drop from the past or from a remote machine, you

From 8771fdd2ae4e44ffc834f3afca8252328b3a5f9b Mon Sep 17 00:00:00 2001
From: Daniel Simpson <dansimp@microsoft.com>
Date: Wed, 12 Aug 2020 17:03:33 -0700
Subject: [PATCH 09/69] more formatting

---
 .../troubleshooting-uwp-firewall.md           | 300 ++----------------
 1 file changed, 30 insertions(+), 270 deletions(-)

diff --git a/windows/security/threat-protection/windows-firewall/troubleshooting-uwp-firewall.md b/windows/security/threat-protection/windows-firewall/troubleshooting-uwp-firewall.md
index 4874e16c5e..fc7c29c60d 100644
--- a/windows/security/threat-protection/windows-firewall/troubleshooting-uwp-firewall.md
+++ b/windows/security/threat-protection/windows-firewall/troubleshooting-uwp-firewall.md
@@ -122,8 +122,8 @@ The following shows the allow netEvent of the app connecting to the target IP.
 The netEvent contains information about the packet including its local address,
 remote address, capabilities, etc.
 
-```**Classify Allow netEvent, Wfpdiag-Case-1.xml**
-
+**Classify Allow netEvent, Wfpdiag-Case-1.xml**
+```xml
 \<netEvent\>
 \<header\>
 >   \<timeStamp\>2020-05-21T17:25:59.070Z\</timeStamp\>
@@ -194,7 +194,7 @@ address according to the terminatingFiltersInfo in the netEvent. This packet was
 allowed by Filter \#125918 which is from the InternetClient Default Rule.
 
 **InternetClient Default Rule Filter \#125918, Wfpdiag-Case-1.xml**
-```
+```xml
 \<item\>
 >   \<filterKey\>{3389708e-f7ae-4ebc-a61a-f659065ab24e}\</filterKey\>
 >   \<displayData\>
@@ -279,7 +279,7 @@ allowed by Filter \#125918 which is from the InternetClient Default Rule.
 One condition is
 
 **Capabilities Condition in Filter \#125918, Wfpdiag-Case-1.xml**
-```
+```xml
 \<item\>
 >   \<fieldKey\>FWPM_CONDITION_ALE_USER_ID\</fieldKey\>
 >   \<matchType\>FWP_MATCH_EQUAL\</matchType\>
@@ -297,7 +297,7 @@ for INTERNET_CLIENT privileges.
 From the netEvent’s capabilities section,
 
 Capabilities from netEvent, Wfpdiag-Case-1.xml
-```
+```xml
 \<capabilities numItems="3"\>				
 >   **\<item\>FWP_CAPABILITIES_FLAG_INTERNET_CLIENT\</item\>**			\<item\>FWP_CAPABILITIES_FLAG_INTERNET_CLIENT_SERVER\</item\>
 \<item\>FWP_CAPABILITIES_FLAG_PRIVATE_NETWORK\</item\>
@@ -321,7 +321,7 @@ The following is a drop netEvent that was captured in the traces during this
 repro.
 
 **Classify Drop netEvent, Wfpdiag-Case-2.xml**
-```
+```xml
 \<netEvent\>
 \<header\>
 \<timeStamp\>2020-03-30T23:53:09.720Z\</timeStamp\>
@@ -395,7 +395,7 @@ UWP app was not configured with any capability tokens to allow it to connect to
 a network.
 
 **Internal Fields from netEvent, Wfpdiag-Case-2.xml**
-```
+```xml
 \<internalFields\>
 \<internalFlags/\>
 \<remoteAddrBitmap\>0000000000000000\</remoteAddrBitmap\>
@@ -420,7 +420,7 @@ The netEvent also gives us information about the filter that explicitly dropped
 this packet, like the FilterId, listed under classify drop
 
 **Classify Drop from netEvent, Wfpdiag-Case-2.xml**
-```
+```xml
 \<classifyDrop\>
 **\<filterId\>68893\</filterId\>**
 \<layerId\>50\</layerId\>
@@ -439,7 +439,7 @@ the packet was dropped by a Block Outbound Default Rule filter.
 
 **Block Outbound Default Rule Filter \#68893, Wfpdiag-Case-2.xml**
 
-```
+```xml
 \<item\>
 >   \<filterKey\>{6d51582f-bcf8-42c4-afc9-e2ce7155c11b}\</filterKey\>
 >   \<displayData\>
@@ -499,7 +499,7 @@ Server). The app is trying to connect to an Internet resource (bing.com), but
 only has a private network token. Therefore, the packet will be dropped.
 
 **Classify Drop netEvent, Wfpdiag-Case-3.xml**
-```
+```xml
 \<netEvent\>
 \<header\>
 \<timeStamp\>2020-03-31T16:57:18.570Z\</timeStamp\>
@@ -576,7 +576,7 @@ In this example, the UWP app is unable to reach the Intranet target address,
 10.50.50.50, because it does not have a Private Network capability.
 
 **Classify Drop netEvent, Wfpdiag-Case-4.xml**
-```
+```xml
 \<netEvent\>
 \<header\>
 >   \<timeStamp\>2020-05-22T21:29:28.601Z\</timeStamp\>
@@ -653,7 +653,7 @@ In this example, the UWP app is unable to reach the Intranet target address,
 10.1.1.1, even though it has a Private Network capability token.
 
 **Classify Drop netEvent, Wfpdiag-Case-5.xml**
-```
+```xml
 \<netEvent\>
 >   \<header\>
 >   \<timeStamp\>2020-05-22T20:54:53.499Z\</timeStamp\>
@@ -727,7 +727,7 @@ The following shows the filter that blocked the event:
 
 **Block Outbound Default Rule Filter \#121180, Wfpdiag-Case-5.xml**
 
-```
+```xml
 \<item\>
 >   \<filterKey\>{e62a1a22-c80a-4518-a7f8-e7d1ef3a9ff6}\</filterKey\>
 >   \<displayData\>
@@ -776,7 +776,7 @@ The following PrivateNetwork Outbound Default Rule filters have conditions for m
 on the machine (MDM, GP, etc) and make sure it includes the private targetaddress you wanted to reach.
 
 **PrivateNetwork Outbound Default Rule Filters, Wfpdiag-Case-5.xml**
-```
+```xml
 \<item\>
 >   \<filterKey\>{fd65507b-e356-4e2f-966f-0c9f9c1c6e78}\</filterKey\>
 >   \<displayData\>
@@ -1021,11 +1021,11 @@ If you **do not** have a live repro or traces already collected, you can still
 collect traces after the UWP network connectivity issue has happened by running
 these commands in an Admin command prompt
 
+```xml
 >   \<Run UWP app\>
-
 >   Netsh wfp show netevents
-
 >   Netsh wfp show state
+```
 
 “Netsh wfp show netevents” will generate netevents.xml, which contains the past
 net events. “Netsh wfp show state” will generate wfpstate.xml, which contains
@@ -1057,136 +1057,74 @@ In this example, the UWP app is unable to connect to bing.com.
 
 Classify Drop Net Event, NetEvents-Case-7.xml
 
+```xml
 \<item\>
-
 \<header\>
-
 \<timeStamp\>2020-05-04T22:04:07.039Z\</timeStamp\>
-
 \<flags numItems="9"\>
-
 \<item\>FWPM_NET_EVENT_FLAG_IP_PROTOCOL_SET\</item\>
-
 \<item\>FWPM_NET_EVENT_FLAG_LOCAL_ADDR_SET\</item\>
-
 \<item\>FWPM_NET_EVENT_FLAG_REMOTE_ADDR_SET\</item\>
-
 \<item\>FWPM_NET_EVENT_FLAG_LOCAL_PORT_SET\</item\>
-
 \<item\>FWPM_NET_EVENT_FLAG_REMOTE_PORT_SET\</item\>
-
 \<item\>FWPM_NET_EVENT_FLAG_APP_ID_SET\</item\>
-
 \<item\>FWPM_NET_EVENT_FLAG_USER_ID_SET\</item\>
-
 \<item\>FWPM_NET_EVENT_FLAG_IP_VERSION_SET\</item\>
-
 \<item\>FWPM_NET_EVENT_FLAG_PACKAGE_ID_SET\</item\>
-
 \</flags\>
-
 \<ipVersion\>FWP_IP_VERSION_V4\</ipVersion\>
-
 \<ipProtocol\>6\</ipProtocol\>
-
 \<localAddrV4\>10.195.36.30\</localAddrV4\>
-
 \<remoteAddrV4\>204.79.197.200\</remoteAddrV4\>
-
 \<localPort\>57062\</localPort\>
-
 \<remotePort\>443\</remotePort\>
-
 \<scopeId\>0\</scopeId\>
-
 \<appId\>
-
 \<data\>5c006400650076006900630065005c0068006100720064006400690073006b0076006f006c0075006d00650031005c00700072006f006700720061006d002000660069006c00650073005c00770069006e0064006f007700730061007000700073005c00610066003600390032006200660066002d0036003700370039002d0034003200340066002d0038003700300065002d006600360065003500390063003500300032003300340039005f0031002e0031002e00310032002e0030005f007800360034005f005f00350063003000330037006a0061007200350038003300390072005c0075007700700073006f0063006b006500740063006c00690065006e0074002e006500780065000000\</data\>
-
 \<asString\>\\.d.e.v.i.c.e.\\.h.a.r.d.d.i.s.k.v.o.l.u.m.e.1.\\.p.r.o.g.r.a.m.
 .f.i.l.e.s.\\.w.i.n.d.o.w.s.a.p.p.s.\\.a.f.6.9.2.b.f.f.-.6.7.7.9.-.4.2.4.f.-.8.7.0.e.-.f.6.e.5.9.c.5.0.2.3.4.9._.1...1...1.2...0._.x.6.4._._.5.c.0.3.7.j.a.r.5.8.3.9.r.\\.u.w.p.s.o.c.k.e.t.c.l.i.e.n.t...e.x.e...\</asString\>
-
 \</appId\>
-
 \<userId\>S-1-5-21-1578316205-4060061518-881547182-1000\</userId\>
-
 \<addressFamily\>FWP_AF_INET\</addressFamily\>
-
 \<packageSid\>S-1-15-2-4163697451-3176919390-1155390458-2883473650-3020241727-522149888-4067122936\</packageSid\>
-
 \<enterpriseId/\>
-
 \<policyFlags\>0\</policyFlags\>
-
 \<effectiveName/\>
-
 \</header\>
-
 \<type\>FWPM_NET_EVENT_TYPE_CLASSIFY_DROP\</type\>
-
 \<classifyDrop\>
-
 \<filterId\>206064\</filterId\>
-
 \<layerId\>48\</layerId\>
-
 \<reauthReason\>0\</reauthReason\>
-
 \<originalProfile\>1\</originalProfile\>
-
 \<currentProfile\>1\</currentProfile\>
-
 \<msFwpDirection\>MS_FWP_DIRECTION_OUT\</msFwpDirection\>
-
 \<isLoopback\>false\</isLoopback\>
-
 \<vSwitchId/\>
-
 \<vSwitchSourcePort\>0\</vSwitchSourcePort\>
-
 \<vSwitchDestinationPort\>0\</vSwitchDestinationPort\>
-
 \</classifyDrop\>
-
 \<internalFields\>
-
 \<internalFlags/\>
-
 \<remoteAddrBitmap\>0000000000000000\</remoteAddrBitmap\>
-
 \<capabilities/\>
-
 \<fqbnVersion\>0\</fqbnVersion\>
-
 \<fqbnName/\>
-
 \<terminatingFiltersInfo numItems="2"\>
-
 \<item\>
-
 \<filterId\>206064\</filterId\>
-
 \<subLayer\>FWPP_SUBLAYER_INTERNAL_FIREWALL_WSH\</subLayer\>
-
 \<actionType\>FWP_ACTION_BLOCK\</actionType\>
-
 \</item\>
-
 \<item\>
-
 \<filterId\>206049\</filterId\>
-
 \<subLayer\>FWPP_SUBLAYER_INTERNAL_FIREWALL_WF\</subLayer\>
-
 \<actionType\>FWP_ACTION_PERMIT\</actionType\>
-
 \</item\>
-
 \</terminatingFiltersInfo\>
-
 \</internalFields\>
-
 \</item\>
+```
 
 The Internal fields lists no active capabilities, and the packet is dropped at
 filter 206064.
@@ -1198,385 +1136,207 @@ Security Descriptor doesn’t match.
 
 **Block Outbound Default Rule Filter \#206064, FilterState-Case-7.xml**
 
+```xml
 \<item\>
-
 \<filterKey\>{f138d1ad-9293-478f-8519-c3368e796711}\</filterKey\>
-
 \<displayData\>
-
 \<name\>Block Outbound Default Rule\</name\>
-
 \<description\>Block Outbound Default Rule\</description\>
-
 \</displayData\>
-
 \<flags/\>
-
 \<providerKey\>FWPM_PROVIDER_MPSSVC_WSH\</providerKey\>
-
 \<providerData\>
-
 \<data\>2e65000000000000\</data\>
-
 \<asString\>.e......\</asString\>
-
 \</providerData\>
-
 \<layerKey\>FWPM_LAYER_ALE_AUTH_CONNECT_V4\</layerKey\>
-
 \<subLayerKey\>FWPM_SUBLAYER_MPSSVC_WSH\</subLayerKey\>
-
 \<weight\>
-
 \<type\>FWP_EMPTY\</type\>
-
 \</weight\>
-
 \<filterCondition numItems="1"\>
-
 \<item\>
-
 \<fieldKey\>FWPM_CONDITION_ALE_PACKAGE_ID\</fieldKey\>
-
 \<matchType\>FWP_MATCH_NOT_EQUAL\</matchType\>
-
 \<conditionValue\>
-
 \<type\>FWP_SID\</type\>
-
 \<sid\>S-1-0-0\</sid\>
-
 \</conditionValue\>
-
 \</item\>
-
 \</filterCondition\>
-
 \<action\>
-
 \<type\>FWP_ACTION_BLOCK\</type\>
-
 \<filterType/\>
-
 \</action\>
-
 \<rawContext\>0\</rawContext\>
-
 \<reserved/\>
-
 \<filterId\>206064\</filterId\>
-
 \<effectiveWeight\>
-
 \<type\>FWP_UINT64\</type\>
-
 \<uint64\>274877906944\</uint64\>
-
 \</effectiveWeight\>
-
 \</item\>
-
+```
 ## Case 8: Debugging Past Drop - UWP app connects to Internet target address with all capabilities
 
 In this example, the UWP app successfully connects to bing.com [204.79.197.200].
 
 **Classify Allow Net Event, NetEvents-Case-8.xml**
 
+```xml
 \<item\>
-
 >   \<header\>
-
 >   \<timeStamp\>2020-05-04T18:49:55.101Z\</timeStamp\>
-
 >   \<flags numItems="9"\>
-
 >   \<item\>FWPM_NET_EVENT_FLAG_IP_PROTOCOL_SET\</item\>
-
 >   \<item\>FWPM_NET_EVENT_FLAG_LOCAL_ADDR_SET\</item\>
-
 >   \<item\>FWPM_NET_EVENT_FLAG_REMOTE_ADDR_SET\</item\>
-
 >   \<item\>FWPM_NET_EVENT_FLAG_LOCAL_PORT_SET\</item\>
-
 >   \<item\>FWPM_NET_EVENT_FLAG_REMOTE_PORT_SET\</item\>
-
 >   \<item\>FWPM_NET_EVENT_FLAG_APP_ID_SET\</item\>
-
 >   \<item\>FWPM_NET_EVENT_FLAG_USER_ID_SET\</item\>
-
 >   \<item\>FWPM_NET_EVENT_FLAG_IP_VERSION_SET\</item\>
-
 >   \<item\>FWPM_NET_EVENT_FLAG_PACKAGE_ID_SET\</item\>
-
 >   \</flags\>
-
 >   \<ipVersion\>FWP_IP_VERSION_V4\</ipVersion\>
-
 >   \<ipProtocol\>6\</ipProtocol\>
-
 >   \<localAddrV4\>10.195.36.30\</localAddrV4\>
-
 >   \<remoteAddrV4\>204.79.197.200\</remoteAddrV4\>
-
 >   \<localPort\>61673\</localPort\>
-
 >   \<remotePort\>443\</remotePort\>
-
 >   \<scopeId\>0\</scopeId\>
-
 >   \<appId\>
-
 >   \<data\>5c006400650076006900630065005c0068006100720064006400690073006b0076006f006c0075006d00650031005c00700072006f006700720061006d002000660069006c00650073005c00770069006e0064006f007700730061007000700073005c00610066003600390032006200660066002d0036003700370039002d0034003200340066002d0038003700300065002d006600360065003500390063003500300032003300340039005f0031002e0031002e00310030002e0030005f007800360034005f005f00350063003000330037006a0061007200350038003300390072005c0075007700700073006f0063006b006500740063006c00690065006e0074002e006500780065000000\</data\>
-
 >   \<asString\>\\.d.e.v.i.c.e.\\.h.a.r.d.d.i.s.k.v.o.l.u.m.e.1.\\.p.r.o.g.r.a.m.
 >   .f.i.l.e.s.\\.w.i.n.d.o.w.s.a.p.p.s.\\.a.f.6.9.2.b.f.f.-.6.7.7.9.-.4.2.4.f.-.8.7.0.e.-.f.6.e.5.9.c.5.0.2.3.4.9._.1...1...1.0...0._.x.6.4._._.5.c.0.3.7.j.a.r.5.8.3.9.r.\\.u.w.p.s.o.c.k.e.t.c.l.i.e.n.t...e.x.e...\</asString\>
-
 >   \</appId\>
-
 >   \<userId\>S-1-5-21-1578316205-4060061518-881547182-1000\</userId\>
-
 >   \<addressFamily\>FWP_AF_INET\</addressFamily\>
-
 >   \<packageSid\>S-1-15-2-4163697451-3176919390-1155390458-2883473650-3020241727-522149888-4067122936\</packageSid\>
-
 >   \<enterpriseId/\>
-
 >   \<policyFlags\>0\</policyFlags\>
-
 >   \<effectiveName/\>
-
 >   \</header\>
-
 >   \<type\>FWPM_NET_EVENT_TYPE_CLASSIFY_ALLOW\</type\>
-
 >   \<classifyAllow\>
-
 >   \<filterId\>208757\</filterId\>
-
 >   \<layerId\>48\</layerId\>
-
 >   \<reauthReason\>0\</reauthReason\>
-
 >   \<originalProfile\>1\</originalProfile\>
-
 >   \<currentProfile\>1\</currentProfile\>
-
 >   \</classifyAllow\>
-
 >   \<internalFields\>
-
 >   \<internalFlags/\>
-
 >   \<remoteAddrBitmap\>0000000000000000\</remoteAddrBitmap\>
-
 >   \<capabilities numItems="3"\>
-
 >   \<item\>FWP_CAPABILITIES_FLAG_INTERNET_CLIENT\</item\>
-
 >   \<item\>FWP_CAPABILITIES_FLAG_INTERNET_CLIENT_SERVER\</item\>
-
 >   \<item\>FWP_CAPABILITIES_FLAG_PRIVATE_NETWORK\</item\>
-
 >   \</capabilities\>
-
 >   \<fqbnVersion\>0\</fqbnVersion\>
-
 >   \<fqbnName/\>
-
 >   \<terminatingFiltersInfo numItems="2"\>
-
 >   \<item\>
-
 >   \<filterId\>208757\</filterId\>
-
 >   \<subLayer\>FWPP_SUBLAYER_INTERNAL_FIREWALL_WSH\</subLayer\>
-
 >   \<actionType\>FWP_ACTION_PERMIT\</actionType\>
-
 >   \</item\>
-
 >   \<item\>
-
 >   \<filterId\>206049\</filterId\>
-
 >   \<subLayer\>FWPP_SUBLAYER_INTERNAL_FIREWALL_WF\</subLayer\>
-
 >   \<actionType\>FWP_ACTION_PERMIT\</actionType\>
-
 >   \</item\>
-
 >   \</terminatingFiltersInfo\>
-
 >   \</internalFields\>
-
 \</item\>
-
+```
 Important things to note: all capabilities are enabled and the resulting filter
 determining the flow of the packet is 208757.
 
 The filter stated above with action permit:
 
 **InternetClient Default Rule Filter \#208757, FilterState-Case-8.xml**
-
-				\<item\>
-
-					\<filterKey\>{e0f6f24e-1f0a-4f1a-bdd8-b9277c144fb5}\</filterKey\>
-
-					\<displayData\>
-
-						\<name\>InternetClient Default Rule\</name\>
-
-						\<description\>InternetClient Default Rule\</description\>
-
+```xml
+\<item\>
+	\<filterKey\>{e0f6f24e-1f0a-4f1a-bdd8-b9277c144fb5}\</filterKey\>
+	\<displayData\>
+	\<name\>InternetClient Default Rule\</name\>
+		\<description\>InternetClient Default Rule\</description\>
 					\</displayData\>
-
 					\<flags/\>
-
 					\<providerKey\>FWPM_PROVIDER_MPSSVC_WSH\</providerKey\>
-
 					\<providerData\>
-
 						\<data\>e167000000000000\</data\>
-
 						\<asString\>.g......\</asString\>
-
 					\</providerData\>
-
 					\<layerKey\>FWPM_LAYER_ALE_AUTH_CONNECT_V4\</layerKey\>
-
 					\<subLayerKey\>FWPM_SUBLAYER_MPSSVC_WSH\</subLayerKey\>
-
 					\<weight\>
-
 						\<type\>FWP_EMPTY\</type\>
-
 					\</weight\>
-
 					\<filterCondition numItems="5"\>
-
 						\<item\>
-
 							\<fieldKey\>FWPM_CONDITION_ALE_PACKAGE_ID\</fieldKey\>
-
 							\<matchType\>FWP_MATCH_NOT_EQUAL\</matchType\>
-
 							\<conditionValue\>
-
 								\<type\>FWP_SID\</type\>
-
 								\<sid\>S-1-0-0\</sid\>
-
 							\</conditionValue\>
-
 						\</item\>
-
 						\<item\>
-
 							\<fieldKey\>FWPM_CONDITION_IP_REMOTE_ADDRESS\</fieldKey\>
-
 							\<matchType\>FWP_MATCH_RANGE\</matchType\>
-
 							\<conditionValue\>
-
 								\<type\>FWP_RANGE_TYPE\</type\>
-
 								\<rangeValue\>
-
 									\<valueLow\>
-
 										\<type\>FWP_UINT32\</type\>
-
 										\<uint32\>0.0.0.0\</uint32\>
-
 									\</valueLow\>
-
 									\<valueHigh\>
-
 										\<type\>FWP_UINT32\</type\>
-
 										\<uint32\>255.255.255.255\</uint32\>
-
 									\</valueHigh\>
-
 								\</rangeValue\>
-
 							\</conditionValue\>
-
 						\</item\>
-
 						\<item\>
-
 							\<fieldKey\>FWPM_CONDITION_ORIGINAL_PROFILE_ID\</fieldKey\>
-
 							\<matchType\>FWP_MATCH_EQUAL\</matchType\>
-
 							\<conditionValue\>
-
 								\<type\>FWP_UINT32\</type\>
-
 								\<uint32\>1\</uint32\>
-
 							\</conditionValue\>
-
 						\</item\>
-
 						\<item\>
-
 							\<fieldKey\>FWPM_CONDITION_CURRENT_PROFILE_ID\</fieldKey\>
-
 							\<matchType\>FWP_MATCH_EQUAL\</matchType\>
-
 							\<conditionValue\>
-
 								\<type\>FWP_UINT32\</type\>
-
 								\<uint32\>1\</uint32\>
-
 							\</conditionValue\>
-
 						\</item\>
-
 						\<item\>
-
 							\<fieldKey\>FWPM_CONDITION_ALE_USER_ID\</fieldKey\>
-
 							\<matchType\>FWP_MATCH_EQUAL\</matchType\>
-
 							\<conditionValue\>
-
 								\<type\>FWP_SECURITY_DESCRIPTOR_TYPE\</type\>
-
 								\<sd\>O:LSD:(A;;CC;;;S-1-15-3-1)(A;;CC;;;WD)(A;;CC;;;AN)\</sd\>
-
 							\</conditionValue\>
-
 						\</item\>
-
 					\</filterCondition\>
-
 					\<action\>
-
 						\<type\>FWP_ACTION_PERMIT\</type\>
-
 						\<filterType/\>
-
 					\</action\>
-
 					\<rawContext\>0\</rawContext\>
-
 					\<reserved/\>
-
 					\<filterId\>208757\</filterId\>
-
 					\<effectiveWeight\>
-
 						\<type\>FWP_UINT64\</type\>
-
 						\<uint64\>412316868544\</uint64\>
-
 					\</effectiveWeight\>
-
 				\</item\>
-
-\*The capabilities field in a netEvent was added to the traces in the Windows 10
+```
+The capabilities field in a netEvent was added to the traces in the Windows 10
 May 2019 Update

From 35644ef61137dd2fb944e69b863987a1bea4c671 Mon Sep 17 00:00:00 2001
From: damabe <v-damabe@microsoft.com>
Date: Wed, 12 Aug 2020 19:06:27 -0700
Subject: [PATCH 10/69] Update short descriptions for SEO improvement

---
 windows/application-management/app-v/appv-deploying-appv.md     | 2 +-
 .../change-history-for-application-management.md                | 2 +-
 .../microsoft-defender-atp/live-response-command-examples.md    | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/application-management/app-v/appv-deploying-appv.md b/windows/application-management/app-v/appv-deploying-appv.md
index d71a0f0476..2c80350942 100644
--- a/windows/application-management/app-v/appv-deploying-appv.md
+++ b/windows/application-management/app-v/appv-deploying-appv.md
@@ -1,6 +1,6 @@
 ---
 title: Deploying App-V (Windows 10)
-description: Deploying App-V
+description: Install the App-V sequencer used to virtualize applications, and enable the App-V client that runs on target computers to facilitate virtualized packages. 
 author: lomayor
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
diff --git a/windows/application-management/change-history-for-application-management.md b/windows/application-management/change-history-for-application-management.md
index 2ae0e03c13..923e6f3204 100644
--- a/windows/application-management/change-history-for-application-management.md
+++ b/windows/application-management/change-history-for-application-management.md
@@ -1,6 +1,6 @@
 ---
 title: Change history for Application management in Windows 10 (Windows 10)
-description: This topic lists changes to documentation for configuring Windows 10.
+description: Learn about the new and updated topics in the Configure Windows 10 documentation for Windows 10 and Windows 10 Mobile.
 keywords: 
 ms.prod: w10
 ms.mktglfcycl: manage
diff --git a/windows/security/threat-protection/microsoft-defender-atp/live-response-command-examples.md b/windows/security/threat-protection/microsoft-defender-atp/live-response-command-examples.md
index 89649bba47..8799ea7fc0 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/live-response-command-examples.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/live-response-command-examples.md
@@ -1,6 +1,6 @@
 ---
 title: Live response command examples
-description: Learn about common commands and see examples on how it's used
+description: Learn about common commands used in live response and see examples on how the commands are typically used.
 keywords: example, command, cli, remote, shell, connection, live, response, real-time, command, script, remediate, hunt, export, log, drop, download, file 
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150

From 4e58287fd99dc9909cf91c9aa203a37eb70d10f3 Mon Sep 17 00:00:00 2001
From: damabe <v-damabe@microsoft.com>
Date: Wed, 12 Aug 2020 20:19:53 -0700
Subject: [PATCH 11/69] Update short descriptions for SEO improvement

---
 .../app-v/appv-deploy-the-appv-server-with-a-script.md          | 2 +-
 windows/deployment/usmt/usmt-loadstate-syntax.md                | 2 +-
 .../microsoft-defender-atp/exposed-apis-odata-samples.md        | 2 +-
 .../windows-firewall/planning-isolation-groups-for-the-zones.md | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/windows/application-management/app-v/appv-deploy-the-appv-server-with-a-script.md b/windows/application-management/app-v/appv-deploy-the-appv-server-with-a-script.md
index 728f4943a1..07407291fe 100644
--- a/windows/application-management/app-v/appv-deploy-the-appv-server-with-a-script.md
+++ b/windows/application-management/app-v/appv-deploy-the-appv-server-with-a-script.md
@@ -1,6 +1,6 @@
 ---
 title: How to Deploy the App-V Server Using a Script (Windows 10)
-description: Information, lists, and tables that can help you deploy the App-V  server using a script
+description: 'Learn how to deploy the App-V server by using a script (appv_server_setup.exe) from the command line.'
 author: lomayor
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
diff --git a/windows/deployment/usmt/usmt-loadstate-syntax.md b/windows/deployment/usmt/usmt-loadstate-syntax.md
index 3bbf83959b..2a52999416 100644
--- a/windows/deployment/usmt/usmt-loadstate-syntax.md
+++ b/windows/deployment/usmt/usmt-loadstate-syntax.md
@@ -1,6 +1,6 @@
 ---
 title: LoadState Syntax (Windows 10)
-description: LoadState Syntax
+description: Learn about the syntax and usage of the command-line options available when you use the LoadState command.
 ms.assetid: 53d2143b-cbe9-4cfc-8506-36e9d429f6d4
 ms.reviewer: 
 manager: laurawi
diff --git a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-odata-samples.md b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-odata-samples.md
index 37e873ced5..c820d3d69e 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-odata-samples.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-odata-samples.md
@@ -1,7 +1,7 @@
 ---
 title: OData queries with Microsoft Defender ATP
 ms.reviewer: 
-description: Use these examples of Open Data Protocol (OData) queries to help with data access protocols in Microsoft Defender ATP
+description: Use these examples of Open Data Protocol (OData) queries to help with data access protocols in Microsoft Defender ATP.
 keywords: apis, supported apis, odata, query
 search.product: eADQiWindows 10XVcnh
 ms.prod: w10
diff --git a/windows/security/threat-protection/windows-firewall/planning-isolation-groups-for-the-zones.md b/windows/security/threat-protection/windows-firewall/planning-isolation-groups-for-the-zones.md
index 2183c3f911..cef2c16969 100644
--- a/windows/security/threat-protection/windows-firewall/planning-isolation-groups-for-the-zones.md
+++ b/windows/security/threat-protection/windows-firewall/planning-isolation-groups-for-the-zones.md
@@ -1,6 +1,6 @@
 ---
 title: Planning Isolation Groups for the Zones (Windows 10)
-description: Learn about planning isolation groups for the zones in Microsoft Firewall, including information on universal groups and GPOs
+description: Learn about planning isolation groups for the zones in Microsoft Firewall, including information on universal groups and GPOs.
 ms.assetid: be4b662d-c1ce-441e-b462-b140469a5695
 ms.reviewer: 
 ms.author: dansimp

From 8b2e9e237b9759ffa14b7df3cd3ab8dd1c0c2e08 Mon Sep 17 00:00:00 2001
From: Joey Caparas <macapara@microsoft.com>
Date: Wed, 12 Aug 2020 20:58:58 -0700
Subject: [PATCH 12/69] update

---
 windows/security/threat-protection/windows-firewall/TOC.md | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/windows/security/threat-protection/windows-firewall/TOC.md b/windows/security/threat-protection/windows-firewall/TOC.md
index 791aa26a20..69bd3c156c 100644
--- a/windows/security/threat-protection/windows-firewall/TOC.md
+++ b/windows/security/threat-protection/windows-firewall/TOC.md
@@ -71,17 +71,12 @@
 
 
 
-
 ## [Best practices]()
 ### [Securing IPsec](securing-end-to-end-ipsec-connections-by-using-ikev2.md)
 ### [PowerShell](windows-firewall-with-advanced-security-administration-with-windows-powershell.md)
 ### [Isolating Microsoft Store Apps on Your Network](isolating-apps-on-your-network.md)
 
 
-
-
-
-
 ## [How-to]()
 ### [Procedures Used in This Guide](procedures-used-in-this-guide.md)
 #### [Add Production Devices to the Membership Group for a Zone](add-production-devices-to-the-membership-group-for-a-zone.md)

From 10d904fdb9f0b3fe6c67be034620695edb47ba49 Mon Sep 17 00:00:00 2001
From: damabe <v-damabe@microsoft.com>
Date: Wed, 12 Aug 2020 21:27:53 -0700
Subject: [PATCH 13/69] Update short descriptions for SEO improvement

---
 ...ation-publishing-and-client-interaction.md |   2 +-
 .../app-v/appv-install-the-sequencer.md       |   2 +-
 ...ing-for-sequencer-and-client-deployment.md |   2 +-
 windows/client-management/mdm/hotspot-csp.md  |   2 +-
 .../deployment/usmt/usmt-troubleshooting.md   | 147 +++++++++---------
 .../access-control/dynamic-access-control.md  |   2 +-
 .../offboard-machine-api.md                   |   2 +-
 .../pull-alerts-using-rest-api.md             |   2 +-
 ...e-files-for-settings-used-in-this-guide.md |   2 +-
 ...windows-firewall-with-advanced-security.md |   2 +-
 10 files changed, 83 insertions(+), 82 deletions(-)

diff --git a/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md b/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md
index a913ce8a38..88430660e3 100644
--- a/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md
+++ b/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md
@@ -1,6 +1,6 @@
 ---
 title: Application Publishing and Client Interaction (Windows 10)
-description: Application publishing and client interaction.
+description: Learn technical information about common App-V Client operations and their integration with the local operating system.
 author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
diff --git a/windows/application-management/app-v/appv-install-the-sequencer.md b/windows/application-management/app-v/appv-install-the-sequencer.md
index 93180520e7..7a13e789c6 100644
--- a/windows/application-management/app-v/appv-install-the-sequencer.md
+++ b/windows/application-management/app-v/appv-install-the-sequencer.md
@@ -1,6 +1,6 @@
 ---
 title: Install the App-V Sequencer (Windows 10)
-description: Install the App-V Sequencer
+description: Learn how to install the App-V Sequencer to convert Win32 applications into virtual packages for deployment to user devices.
 author: lomayor
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
diff --git a/windows/application-management/app-v/appv-planning-for-sequencer-and-client-deployment.md b/windows/application-management/app-v/appv-planning-for-sequencer-and-client-deployment.md
index 4fa3630f7f..0f797ad9d7 100644
--- a/windows/application-management/app-v/appv-planning-for-sequencer-and-client-deployment.md
+++ b/windows/application-management/app-v/appv-planning-for-sequencer-and-client-deployment.md
@@ -1,6 +1,6 @@
 ---
 title: Planning for the App-V Sequencer and Client Deployment (Windows 10)
-description: Planning for the App-V Sequencer and Client Deployment
+description: Learn what you need to do to plan for the App-V Sequencer and Client deployment, and where to find additional information about the deployment process.
 author: lomayor
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
diff --git a/windows/client-management/mdm/hotspot-csp.md b/windows/client-management/mdm/hotspot-csp.md
index 025ce63385..f4a14359a1 100644
--- a/windows/client-management/mdm/hotspot-csp.md
+++ b/windows/client-management/mdm/hotspot-csp.md
@@ -1,6 +1,6 @@
 ---
 title: HotSpot CSP
-description: HotSpot CSP
+description: Learn how HotSpot configuration service provider (CSP) is used to configure and enable Internet sharing on a device.
 ms.assetid: ec49dec1-fa79-420a-a9a7-e86668b3eebf
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/deployment/usmt/usmt-troubleshooting.md b/windows/deployment/usmt/usmt-troubleshooting.md
index 085f3892d2..1c629df5ec 100644
--- a/windows/deployment/usmt/usmt-troubleshooting.md
+++ b/windows/deployment/usmt/usmt-troubleshooting.md
@@ -1,73 +1,74 @@
----
-title: User State Migration Tool (USMT) Troubleshooting (Windows 10)
-description: User State Migration Tool (USMT) Troubleshooting
-ms.assetid: 770f45bb-2284-463f-a29c-69c04f437533
-ms.reviewer: 
-manager: laurawi
-ms.author: greglin
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-audience: itpro
author: greg-lindsay
-ms.date: 04/19/2017
-ms.topic: article
----
-
-# User State Migration Tool (USMT) Troubleshooting
-
-
-The following table describes topics that address common User State Migration Tool (USMT) 10.0 issues and questions. These topics describe tools that you can use to troubleshoot issues that arise during your migration.
-
-## In This Section
-
-
-<table>
-<colgroup>
-<col width="50%" />
-<col width="50%" />
-</colgroup>
-<tbody>
-<tr class="odd">
-<td align="left"><p><a href="usmt-common-issues.md" data-raw-source="[Common Issues](usmt-common-issues.md)">Common Issues</a></p></td>
-<td align="left"><p>Find troubleshooting solutions for common problems in USMT.</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p><a href="usmt-faq.md" data-raw-source="[Frequently Asked Questions](usmt-faq.md)">Frequently Asked Questions</a></p></td>
-<td align="left"><p>Find answers to questions about how to use USMT.</p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p><a href="usmt-log-files.md" data-raw-source="[Log Files](usmt-log-files.md)">Log Files</a></p></td>
-<td align="left"><p>Learn how to enable logging to help you troubleshoot issues in USMT.</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p><a href="usmt-return-codes.md" data-raw-source="[Return Codes](usmt-return-codes.md)">Return Codes</a></p></td>
-<td align="left"><p>Learn how to use return codes to identify problems in USMT.</p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p><a href="usmt-resources.md" data-raw-source="[USMT Resources](usmt-resources.md)">USMT Resources</a></p></td>
-<td align="left"><p>Find more information and support for using USMT.</p></td>
-</tr>
-</tbody>
-</table>
-
- 
-
-## Related topics
-
-
-[USMT Best Practices](usmt-best-practices.md)
-
-[User State Migration Tool (USMT) Overview Topics](usmt-topics.md)
-
-[User State Migration Tool (USMT) How-to topics](usmt-how-to.md)
-
-[User State Migration Toolkit (USMT) Reference](usmt-reference.md)
-
- 
-
- 
-
-
-
-
-
+---
+title: User State Migration Tool (USMT) Troubleshooting (Windows 10)
+description: Learn about topics that address common User State Migration Tool (USMT) 10.0 issues and questions to assist in troubleshooting.
+ms.assetid: 770f45bb-2284-463f-a29c-69c04f437533
+ms.reviewer: 
+manager: laurawi
+ms.author: greglin
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+audience: itpro
+author: greg-lindsay
+ms.date: 04/19/2017
+ms.topic: article
+---
+
+# User State Migration Tool (USMT) Troubleshooting
+
+
+The following table describes topics that address common User State Migration Tool (USMT) 10.0 issues and questions. These topics describe tools that you can use to troubleshoot issues that arise during your migration.
+
+## In This Section
+
+
+<table>
+<colgroup>
+<col width="50%" />
+<col width="50%" />
+</colgroup>
+<tbody>
+<tr class="odd">
+<td align="left"><p><a href="usmt-common-issues.md" data-raw-source="[Common Issues](usmt-common-issues.md)">Common Issues</a></p></td>
+<td align="left"><p>Find troubleshooting solutions for common problems in USMT.</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p><a href="usmt-faq.md" data-raw-source="[Frequently Asked Questions](usmt-faq.md)">Frequently Asked Questions</a></p></td>
+<td align="left"><p>Find answers to questions about how to use USMT.</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p><a href="usmt-log-files.md" data-raw-source="[Log Files](usmt-log-files.md)">Log Files</a></p></td>
+<td align="left"><p>Learn how to enable logging to help you troubleshoot issues in USMT.</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p><a href="usmt-return-codes.md" data-raw-source="[Return Codes](usmt-return-codes.md)">Return Codes</a></p></td>
+<td align="left"><p>Learn how to use return codes to identify problems in USMT.</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p><a href="usmt-resources.md" data-raw-source="[USMT Resources](usmt-resources.md)">USMT Resources</a></p></td>
+<td align="left"><p>Find more information and support for using USMT.</p></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+## Related topics
+
+
+[USMT Best Practices](usmt-best-practices.md)
+
+[User State Migration Tool (USMT) Overview Topics](usmt-topics.md)
+
+[User State Migration Tool (USMT) How-to topics](usmt-how-to.md)
+
+[User State Migration Toolkit (USMT) Reference](usmt-reference.md)
+
+ 
+
+ 
+
+
+
+
+
diff --git a/windows/security/identity-protection/access-control/dynamic-access-control.md b/windows/security/identity-protection/access-control/dynamic-access-control.md
index 1ef5a24b40..3ad985610a 100644
--- a/windows/security/identity-protection/access-control/dynamic-access-control.md
+++ b/windows/security/identity-protection/access-control/dynamic-access-control.md
@@ -1,6 +1,6 @@
 ---
 title: Dynamic Access Control Overview (Windows 10)
-description: Dynamic Access Control Overview
+description: Learn about Dynamic Access Control and its associated elements, which were introduced in Windows Server 2012 and Windows 8.
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/windows/security/threat-protection/microsoft-defender-atp/offboard-machine-api.md b/windows/security/threat-protection/microsoft-defender-atp/offboard-machine-api.md
index 2c94a9c19e..d51165a30f 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/offboard-machine-api.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/offboard-machine-api.md
@@ -1,6 +1,6 @@
 ---
 title: Offboard machine API
-description: Use this API to offboard a device from WDATP.
+description: Learn how to use an API to offboard a device from Windows Defender Advanced Threat Protection (WDATP).
 keywords: apis, graph api, supported apis, collect investigation package
 search.product: eADQiWindows 10XVcnh
 ms.prod: w10
diff --git a/windows/security/threat-protection/microsoft-defender-atp/pull-alerts-using-rest-api.md b/windows/security/threat-protection/microsoft-defender-atp/pull-alerts-using-rest-api.md
index fce90c63c2..4c7de91e8a 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/pull-alerts-using-rest-api.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/pull-alerts-using-rest-api.md
@@ -1,6 +1,6 @@
 ---
 title: Pull Microsoft Defender ATP detections using REST API
-description: Pull detections from Microsoft Defender ATP REST API.
+description: Learn how call an Microsoft Defender ATP endpoint to pull detections in JSON format using the SIEM REST API.
 keywords: detections, pull detections, rest api, request, response
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
diff --git a/windows/security/threat-protection/windows-firewall/appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md b/windows/security/threat-protection/windows-firewall/appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md
index a0422c4a14..b9c0f35fc2 100644
--- a/windows/security/threat-protection/windows-firewall/appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md
+++ b/windows/security/threat-protection/windows-firewall/appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md
@@ -1,6 +1,6 @@
 ---
 title: Appendix A Sample GPO Template Files for Settings Used in this Guide (Windows 10)
-description: Appendix A Sample GPO Template Files for Settings Used in this Guide
+description: Use sample template files import an XML file containing customized registry preferences into a Group Policy Object (GPO).
 ms.assetid: 75930afd-ab1b-4e53-915b-a28787814b38
 ms.reviewer: 
 ms.author: dansimp
diff --git a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security.md b/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security.md
index 3261e0545f..3573bb28b5 100644
--- a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security.md
+++ b/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security.md
@@ -1,6 +1,6 @@
 ---
 title: Windows Defender Firewall with Advanced Security (Windows 10)
-description: Windows Defender Firewall with Advanced Security
+description: Learn overview information about the Windows Defender Firewall with Advanced Security (WFAS) and Internet Protocol security (IPsec) features.
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library

From ae4db0dc4a240e2f2fc0a57dbea10d49b0fcf769 Mon Sep 17 00:00:00 2001
From: schmurky <maccruz@microsoft.com>
Date: Thu, 13 Aug 2020 12:47:29 +0800
Subject: [PATCH 14/69] Updated TOC

---
 .../threat-protection/windows-firewall/TOC.md | 120 +++++++++---------
 1 file changed, 57 insertions(+), 63 deletions(-)

diff --git a/windows/security/threat-protection/windows-firewall/TOC.md b/windows/security/threat-protection/windows-firewall/TOC.md
index 69bd3c156c..17d730be02 100644
--- a/windows/security/threat-protection/windows-firewall/TOC.md
+++ b/windows/security/threat-protection/windows-firewall/TOC.md
@@ -5,41 +5,36 @@
 ### [Design Guide](windows-firewall-with-advanced-security-design-guide.md)
 
 ### [Design Process](understanding-the-windows-firewall-with-advanced-security-design-process.md)
-### [Deployment Goals](identifying-your-windows-firewall-with-advanced-security-deployment-goals.md)
+
+### [Deployment Goals]()
+
+#### [Identify deployment goals](identifying-your-windows-firewall-with-advanced-security-deployment-goals.md)
 #### [Protect Devices from Unwanted Network Traffic](protect-devices-from-unwanted-network-traffic.md)
 #### [Restrict Access to Only Trusted Devices](restrict-access-to-only-trusted-devices.md)
 #### [Require Encryption](require-encryption-when-accessing-sensitive-network-resources.md)
 #### [Restrict Access](restrict-access-to-only-specified-users-or-devices.md)
 
-### [Mapping Goals to a Design](mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md)
+### [Deployment designs]()
+
+#### [Mapping Goals to a Design](mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md)
 #### [Basic Design](basic-firewall-policy-design.md)
 #### [Domain Isolation Design](domain-isolation-policy-design.md)
 #### [Server Isolation Design](server-isolation-policy-design.md)
 #### [Certificate-based Isolation Design](certificate-based-isolation-policy-design.md)
 
-### [Evaluating Design Examples](evaluating-windows-firewall-with-advanced-security-design-examples.md)
-#### [Basic Design Example](firewall-policy-design-example.md)
-#### [Domain Isolation Design Example](domain-isolation-policy-design-example.md)
-#### [Server Isolation Design Example](server-isolation-policy-design-example.md)
-#### [Certificate-based Isolation Design Example](certificate-based-isolation-policy-design-example.md)
+### [Design plans]()
 
-### [Designing a Strategy](designing-a-windows-firewall-with-advanced-security-strategy.md)
-
-#### [Gathering the Info You Need](gathering-the-information-you-need.md)
-##### [Network](gathering-information-about-your-current-network-infrastructure.md)
-##### [Active Directory](gathering-information-about-your-active-directory-deployment.md)
-##### [Computers](gathering-information-about-your-devices.md)
-##### [Other Relevant Information](gathering-other-relevant-information.md)
-#### [Determining the Trusted State of Your Computers](determining-the-trusted-state-of-your-devices.md)
-
-### [Planning Your Design](planning-your-windows-firewall-with-advanced-security-design.md)
+#### [Planning Your Design](planning-your-windows-firewall-with-advanced-security-design.md)
 #### [Planning Settings for a Basic Firewall Policy](planning-settings-for-a-basic-firewall-policy.md)
 
-#### [Planning Domain Isolation Zones](planning-domain-isolation-zones.md)
-##### [Exemption List](exemption-list.md)
-##### [Isolated Domain](isolated-domain.md)
-##### [Boundary Zone](boundary-zone.md)
-##### [Encryption Zone](encryption-zone.md)
+##### [Planning Domain Isolation Zones]()
+
+###### [Domain Isolation Zones](planning-domain-isolation-zones.md)
+###### [Exemption List](exemption-list.md)
+###### [Isolated Domain](isolated-domain.md)
+###### [Boundary Zone](boundary-zone.md)
+###### [Encryption Zone](encryption-zone.md)
+
 #### [Planning Server Isolation Zones](planning-server-isolation-zones.md)
 
 #### [Planning Certificate-based Authentication](planning-certificate-based-authentication.md)
@@ -65,7 +60,7 @@
 
 
 ## [Deployment guide]()
-### [Deployment Guide](windows-firewall-with-advanced-security-deployment-guide.md)
+
 #### [Planning to Deploy](planning-to-deploy-windows-firewall-with-advanced-security.md)
 #### [Implementing Your Plan](implementing-your-windows-firewall-with-advanced-security-design-plan.md)
 
@@ -78,46 +73,45 @@
 
 
 ## [How-to]()
-### [Procedures Used in This Guide](procedures-used-in-this-guide.md)
-#### [Add Production Devices to the Membership Group for a Zone](add-production-devices-to-the-membership-group-for-a-zone.md)
-#### [Add Test Devices to the Membership Group for a Zone](add-test-devices-to-the-membership-group-for-a-zone.md)
-#### [Assign Security Group Filters to the GPO](assign-security-group-filters-to-the-gpo.md)
-#### [Change Rules from Request to Require Mode](change-rules-from-request-to-require-mode.md)
-#### [Configure Authentication Methods](configure-authentication-methods.md)
-#### [Configure Data Protection (Quick Mode) Settings](configure-data-protection-quick-mode-settings.md)
-#### [Configure Group Policy to Autoenroll and Deploy Certificates](configure-group-policy-to-autoenroll-and-deploy-certificates.md)
-#### [Configure Key Exchange (Main Mode) Settings](configure-key-exchange-main-mode-settings.md)
-#### [Configure the Rules to Require Encryption](configure-the-rules-to-require-encryption.md)
-#### [Configure the Windows Firewall Log](configure-the-windows-firewall-log.md)
-#### [Configure the Workstation Authentication Certificate Template](configure-the-workstation-authentication-certificate-template.md)
-#### [Configure Windows Firewall to Suppress Notifications When a Program Is Blocked](configure-windows-firewall-to-suppress-notifications-when-a-program-is-blocked.md)
-#### [Confirm That Certificates Are Deployed Correctly](confirm-that-certificates-are-deployed-correctly.md)
-#### [Copy a GPO to Create a New GPO](copy-a-gpo-to-create-a-new-gpo.md)
-#### [Create a Group Account in Active Directory](create-a-group-account-in-active-directory.md)
-#### [Create a Group Policy Object](create-a-group-policy-object.md)
-#### [Create an Authentication Exemption List Rule](create-an-authentication-exemption-list-rule.md)
-#### [Create an Authentication Request Rule](create-an-authentication-request-rule.md)
-#### [Create an Inbound ICMP Rule](create-an-inbound-icmp-rule.md)
-#### [Create an Inbound Port Rule](create-an-inbound-port-rule.md)
-#### [Create an Inbound Program or Service Rule](create-an-inbound-program-or-service-rule.md)
-#### [Create an Outbound Port Rule](create-an-outbound-port-rule.md)
-#### [Create an Outbound Program or Service Rule](create-an-outbound-program-or-service-rule.md)
-#### [Create Inbound Rules to Support RPC](create-inbound-rules-to-support-rpc.md)
-#### [Create WMI Filters for the GPO](create-wmi-filters-for-the-gpo.md)
-#### [Create Windows Firewall rules in Intune](create-windows-firewall-rules-in-intune.md)
-#### [Enable Predefined Inbound Rules](enable-predefined-inbound-rules.md)
-#### [Enable Predefined Outbound Rules](enable-predefined-outbound-rules.md)
-#### [Exempt ICMP from Authentication](exempt-icmp-from-authentication.md)
-#### [Link the GPO to the Domain](link-the-gpo-to-the-domain.md)
-#### [Modify GPO Filters](modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md)
-#### [Open IP Security Policies](open-the-group-policy-management-console-to-ip-security-policies.md)
-#### [Open Group Policy](open-the-group-policy-management-console-to-windows-firewall.md)
-#### [Open Group Policy](open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md)
-#### [Open Windows Firewall](open-windows-firewall-with-advanced-security.md)
-#### [Restrict Server Access](restrict-server-access-to-members-of-a-group-only.md)
-#### [Enable Windows Firewall](turn-on-windows-firewall-and-configure-default-behavior.md)
-#### [Verify Network Traffic](verify-that-network-traffic-is-authenticated.md)
-#### [Verify Network Traffic](verify-that-network-traffic-is-authenticated.md)
+### [Add Production Devices to the Membership Group for a Zone](add-production-devices-to-the-membership-group-for-a-zone.md)
+### [Add Test Devices to the Membership Group for a Zone](add-test-devices-to-the-membership-group-for-a-zone.md)
+### [Assign Security Group Filters to the GPO](assign-security-group-filters-to-the-gpo.md)
+### [Change Rules from Request to Require Mode](change-rules-from-request-to-require-mode.md)
+### [Configure Authentication Methods](configure-authentication-methods.md)
+### [Configure Data Protection (Quick Mode) Settings](configure-data-protection-quick-mode-settings.md)
+### [Configure Group Policy to Autoenroll and Deploy Certificates](configure-group-policy-to-autoenroll-and-deploy-certificates.md)
+### [Configure Key Exchange (Main Mode) Settings](configure-key-exchange-main-mode-settings.md)
+### [Configure the Rules to Require Encryption](configure-the-rules-to-require-encryption.md)
+### [Configure the Windows Firewall Log](configure-the-windows-firewall-log.md)
+### [Configure the Workstation Authentication Certificate Template](configure-the-workstation-authentication-certificate-template.md)
+### [Configure Windows Firewall to Suppress Notifications When a Program Is Blocked](configure-windows-firewall-to-suppress-notifications-when-a-program-is-blocked.md)
+### [Confirm That Certificates Are Deployed Correctly](confirm-that-certificates-are-deployed-correctly.md)
+### [Copy a GPO to Create a New GPO](copy-a-gpo-to-create-a-new-gpo.md)
+### [Create a Group Account in Active Directory](create-a-group-account-in-active-directory.md)
+### [Create a Group Policy Object](create-a-group-policy-object.md)
+### [Create an Authentication Exemption List Rule](create-an-authentication-exemption-list-rule.md)
+### [Create an Authentication Request Rule](create-an-authentication-request-rule.md)
+### [Create an Inbound ICMP Rule](create-an-inbound-icmp-rule.md)
+### [Create an Inbound Port Rule](create-an-inbound-port-rule.md)
+### [Create an Inbound Program or Service Rule](create-an-inbound-program-or-service-rule.md)
+### [Create an Outbound Port Rule](create-an-outbound-port-rule.md)
+### [Create an Outbound Program or Service Rule](create-an-outbound-program-or-service-rule.md)
+### [Create Inbound Rules to Support RPC](create-inbound-rules-to-support-rpc.md)
+### [Create WMI Filters for the GPO](create-wmi-filters-for-the-gpo.md)
+### [Create Windows Firewall rules in Intune](create-windows-firewall-rules-in-intune.md)
+### [Enable Predefined Inbound Rules](enable-predefined-inbound-rules.md)
+### [Enable Predefined Outbound Rules](enable-predefined-outbound-rules.md)
+### [Exempt ICMP from Authentication](exempt-icmp-from-authentication.md)
+### [Link the GPO to the Domain](link-the-gpo-to-the-domain.md)
+### [Modify GPO Filters](modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md)
+### [Open IP Security Policies](open-the-group-policy-management-console-to-ip-security-policies.md)
+### [Open Group Policy](open-the-group-policy-management-console-to-windows-firewall.md)
+### [Open Group Policy](open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md)
+### [Open Windows Firewall](open-windows-firewall-with-advanced-security.md)
+### [Restrict Server Access](restrict-server-access-to-members-of-a-group-only.md)
+### [Enable Windows Firewall](turn-on-windows-firewall-and-configure-default-behavior.md)
+### [Verify Network Traffic](verify-that-network-traffic-is-authenticated.md)
+### [Verify Network Traffic](verify-that-network-traffic-is-authenticated.md)
 
 
 

From 5d48805b796545e42b9c53fdd64b6978e55b3408 Mon Sep 17 00:00:00 2001
From: damabe <v-damabe@microsoft.com>
Date: Wed, 12 Aug 2020 21:49:03 -0700
Subject: [PATCH 15/69] Update short descriptions for SEO improvement

---
 ...add-production-devices-to-the-membership-group-for-a-zone.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/windows-firewall/add-production-devices-to-the-membership-group-for-a-zone.md b/windows/security/threat-protection/windows-firewall/add-production-devices-to-the-membership-group-for-a-zone.md
index d74524355b..d0e6ef0bb8 100644
--- a/windows/security/threat-protection/windows-firewall/add-production-devices-to-the-membership-group-for-a-zone.md
+++ b/windows/security/threat-protection/windows-firewall/add-production-devices-to-the-membership-group-for-a-zone.md
@@ -1,6 +1,6 @@
 ---
 title: Add Production Devices to the Membership Group for a Zone (Windows 10)
-description: Add Production Devices to the Membership Group for a Zone
+description: Learn how to add production devices to the Membership Group for a zone.
 ms.assetid: 7141de15-5840-4beb-aabe-21c1dd89eb23
 ms.reviewer: 
 ms.author: dansimp

From 20b7034df2176413da74d4f66979e87b34de0817 Mon Sep 17 00:00:00 2001
From: damabe <v-damabe@microsoft.com>
Date: Wed, 12 Aug 2020 21:57:50 -0700
Subject: [PATCH 16/69] Update short descriptions for SEO improvement

---
 .../identity-protection/hello-for-business/WebAuthnAPIs.md      | 2 +-
 ...add-production-devices-to-the-membership-group-for-a-zone.md | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/identity-protection/hello-for-business/WebAuthnAPIs.md b/windows/security/identity-protection/hello-for-business/WebAuthnAPIs.md
index 4579829e90..7cf7eeccbf 100644
--- a/windows/security/identity-protection/hello-for-business/WebAuthnAPIs.md
+++ b/windows/security/identity-protection/hello-for-business/WebAuthnAPIs.md
@@ -1,6 +1,6 @@
 ---
 title: WebAuthn APIs 
-description: Enabling password-less authentication for your sites and apps
+description: Learn how to use WebAuthn APIs to enable password-less authentication for your sites and apps.
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/windows/security/threat-protection/windows-firewall/add-production-devices-to-the-membership-group-for-a-zone.md b/windows/security/threat-protection/windows-firewall/add-production-devices-to-the-membership-group-for-a-zone.md
index d0e6ef0bb8..32918a0147 100644
--- a/windows/security/threat-protection/windows-firewall/add-production-devices-to-the-membership-group-for-a-zone.md
+++ b/windows/security/threat-protection/windows-firewall/add-production-devices-to-the-membership-group-for-a-zone.md
@@ -1,6 +1,6 @@
 ---
 title: Add Production Devices to the Membership Group for a Zone (Windows 10)
-description: Learn how to add production devices to the Membership Group for a zone.
+description: Learn how to add production devices to the membership group for a zone and refresh the group policy on the devices in the membership group.
 ms.assetid: 7141de15-5840-4beb-aabe-21c1dd89eb23
 ms.reviewer: 
 ms.author: dansimp

From e8ad1713f727f4c34790d78dd11b12b9f22a4f42 Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Thu, 13 Aug 2020 10:03:26 +0500
Subject: [PATCH 17/69] Update dg-readiness-tool.md

---
 .../identity-protection/credential-guard/dg-readiness-tool.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/identity-protection/credential-guard/dg-readiness-tool.md b/windows/security/identity-protection/credential-guard/dg-readiness-tool.md
index ae96f09ed1..e609c9469d 100644
--- a/windows/security/identity-protection/credential-guard/dg-readiness-tool.md
+++ b/windows/security/identity-protection/credential-guard/dg-readiness-tool.md
@@ -657,7 +657,7 @@ function PrintHardwareReq
 {
     LogAndConsole "###########################################################################"
     LogAndConsole "OS and Hardware requirements for enabling Device Guard and Credential Guard"
-    LogAndConsole " 1. OS SKUs: Available only on these OS Skus - Enterprise, Server, Education, Enterprise IoT, Pro, and Home"
+    LogAndConsole " 1. OS SKUs: Available only on these OS Skus - Enterprise, Server, Education and Enterprise IoT"
     LogAndConsole " 2. Hardware: Recent hardware that supports virtualization extension with SLAT"
     LogAndConsole "To learn more please visit: https://aka.ms/dgwhcr"
     LogAndConsole "########################################################################### `n"
@@ -735,7 +735,7 @@ function CheckOSSKU
     $osname = $((gwmi win32_operatingsystem).Name).ToLower()
     $_SKUSupported = 0
     Log "OSNAME:$osname"
-    $SKUarray = @("Enterprise", "Education", "IoT", "Windows Server", "Pro", "Home")
+    $SKUarray = @("Enterprise", "Education", "IoT", "Windows Server")
     $HLKAllowed = @("microsoft windows 10 pro")
     foreach ($SKUent in $SKUarray)
     {

From 9ac7d8fcb0f0a7d8ebef4ea3ff18e76266550020 Mon Sep 17 00:00:00 2001
From: damabe <v-damabe@microsoft.com>
Date: Wed, 12 Aug 2020 22:14:51 -0700
Subject: [PATCH 18/69] Update short descriptions for SEO improvement

---
 ...dd-or-remove-an-administrator-with-the-management-console.md | 2 +-
 windows/client-management/mdm/firewall-ddf-file.md              | 2 +-
 windows/client-management/mdm/remotewipe-ddf-file.md            | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/application-management/app-v/appv-add-or-remove-an-administrator-with-the-management-console.md b/windows/application-management/app-v/appv-add-or-remove-an-administrator-with-the-management-console.md
index 1ef657304d..8e37f9eb2f 100644
--- a/windows/application-management/app-v/appv-add-or-remove-an-administrator-with-the-management-console.md
+++ b/windows/application-management/app-v/appv-add-or-remove-an-administrator-with-the-management-console.md
@@ -1,6 +1,6 @@
 ---
 title: How to Add or Remove an Administrator by Using the Management Console (Windows 10)
-description: How to add or remove an administrator by using the Management Console
+description: Add or remove an administrator on the Microsoft Application Virtualization (App-V) server by using the Management Console.
 author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
diff --git a/windows/client-management/mdm/firewall-ddf-file.md b/windows/client-management/mdm/firewall-ddf-file.md
index 20172a8f10..72829fc3a9 100644
--- a/windows/client-management/mdm/firewall-ddf-file.md
+++ b/windows/client-management/mdm/firewall-ddf-file.md
@@ -1,6 +1,6 @@
 ---
 title: Firewall DDF file
-description: Firewall DDF file
+description: Learn about the OMA DM device description framework (DDF) for the Firewall configuration service provider.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/remotewipe-ddf-file.md b/windows/client-management/mdm/remotewipe-ddf-file.md
index 12a8de389a..36a83bee33 100644
--- a/windows/client-management/mdm/remotewipe-ddf-file.md
+++ b/windows/client-management/mdm/remotewipe-ddf-file.md
@@ -1,6 +1,6 @@
 ---
 title: RemoteWipe DDF file
-description: RemoteWipe DDF file
+description: Learn about the OMA DM device description framework (DDF) for the RemoteWipe configuration service provider.
 ms.assetid: 10ec4fb7-f911-4d0c-9a8f-e96bf5faea0c
 ms.reviewer: 
 manager: dansimp

From 6c6bb06926cb69a77e32d97bd6bc5e3f41302084 Mon Sep 17 00:00:00 2001
From: Joey Caparas <macapara@microsoft.com>
Date: Thu, 13 Aug 2020 13:12:40 -0700
Subject: [PATCH 19/69] Update TOC.md

---
 .../security/threat-protection/windows-firewall/TOC.md   | 9 ---------
 1 file changed, 9 deletions(-)

diff --git a/windows/security/threat-protection/windows-firewall/TOC.md b/windows/security/threat-protection/windows-firewall/TOC.md
index 17d730be02..00296d4b2d 100644
--- a/windows/security/threat-protection/windows-firewall/TOC.md
+++ b/windows/security/threat-protection/windows-firewall/TOC.md
@@ -7,7 +7,6 @@
 ### [Design Process](understanding-the-windows-firewall-with-advanced-security-design-process.md)
 
 ### [Deployment Goals]()
-
 #### [Identify deployment goals](identifying-your-windows-firewall-with-advanced-security-deployment-goals.md)
 #### [Protect Devices from Unwanted Network Traffic](protect-devices-from-unwanted-network-traffic.md)
 #### [Restrict Access to Only Trusted Devices](restrict-access-to-only-trusted-devices.md)
@@ -15,7 +14,6 @@
 #### [Restrict Access](restrict-access-to-only-specified-users-or-devices.md)
 
 ### [Deployment designs]()
-
 #### [Mapping Goals to a Design](mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md)
 #### [Basic Design](basic-firewall-policy-design.md)
 #### [Domain Isolation Design](domain-isolation-policy-design.md)
@@ -23,12 +21,9 @@
 #### [Certificate-based Isolation Design](certificate-based-isolation-policy-design.md)
 
 ### [Design plans]()
-
 #### [Planning Your Design](planning-your-windows-firewall-with-advanced-security-design.md)
 #### [Planning Settings for a Basic Firewall Policy](planning-settings-for-a-basic-firewall-policy.md)
-
 ##### [Planning Domain Isolation Zones]()
-
 ###### [Domain Isolation Zones](planning-domain-isolation-zones.md)
 ###### [Exemption List](exemption-list.md)
 ###### [Isolated Domain](isolated-domain.md)
@@ -60,7 +55,6 @@
 
 
 ## [Deployment guide]()
-
 #### [Planning to Deploy](planning-to-deploy-windows-firewall-with-advanced-security.md)
 #### [Implementing Your Plan](implementing-your-windows-firewall-with-advanced-security-design-plan.md)
 
@@ -113,9 +107,6 @@
 ### [Verify Network Traffic](verify-that-network-traffic-is-authenticated.md)
 ### [Verify Network Traffic](verify-that-network-traffic-is-authenticated.md)
 
-
-
-
 ## [References]()
 ### [Checklist: Creating Group Policy Objects](checklist-creating-group-policy-objects.md)
 ### [Checklist: Implementing a Basic Firewall Policy Design](checklist-implementing-a-basic-firewall-policy-design.md)

From 58cadb1af5084f78fcf02dea9cd36c8d1b989fb8 Mon Sep 17 00:00:00 2001
From: Joey Caparas <macapara@microsoft.com>
Date: Thu, 13 Aug 2020 13:16:19 -0700
Subject: [PATCH 20/69] fix lines

---
 windows/security/threat-protection/windows-firewall/TOC.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/windows-firewall/TOC.md b/windows/security/threat-protection/windows-firewall/TOC.md
index 00296d4b2d..7861f11250 100644
--- a/windows/security/threat-protection/windows-firewall/TOC.md
+++ b/windows/security/threat-protection/windows-firewall/TOC.md
@@ -55,8 +55,8 @@
 
 
 ## [Deployment guide]()
-#### [Planning to Deploy](planning-to-deploy-windows-firewall-with-advanced-security.md)
-#### [Implementing Your Plan](implementing-your-windows-firewall-with-advanced-security-design-plan.md)
+### [Planning to Deploy](planning-to-deploy-windows-firewall-with-advanced-security.md)
+### [Implementing Your Plan](implementing-your-windows-firewall-with-advanced-security-design-plan.md)
 
 
 

From cef561ea53b63153a87c18d7bb65c9810df0cc74 Mon Sep 17 00:00:00 2001
From: Daniel Simpson <dansimp@microsoft.com>
Date: Thu, 13 Aug 2020 16:23:35 -0700
Subject: [PATCH 21/69] more fixin

---
 .../troubleshooting-uwp-firewall.md           | 210 +++++++++---------
 1 file changed, 100 insertions(+), 110 deletions(-)

diff --git a/windows/security/threat-protection/windows-firewall/troubleshooting-uwp-firewall.md b/windows/security/threat-protection/windows-firewall/troubleshooting-uwp-firewall.md
index fc7c29c60d..bc17fd0a75 100644
--- a/windows/security/threat-protection/windows-firewall/troubleshooting-uwp-firewall.md
+++ b/windows/security/threat-protection/windows-firewall/troubleshooting-uwp-firewall.md
@@ -19,174 +19,164 @@ ms.topic: troubleshooting
 This document is intended to help network admins, support engineers, and developers to
 investigate UWP app network connectivity issues.
 
-# Introduction
+This document guides you through steps to debug  Universal Windows Platform (UWP) app network connectivity issues by providing practical examples.
 
-This document guides you through steps to debug different Universal Windows Platform (UWP) app network connectivity issues by providing practical case examples.
+## Typical causes of connectivity issues
 
-UWP app network connectivity issues typically stem from one of the following causes:
+UWP app network connectivity issues are typically caused by: 
 
-1. The UWP app was not permitted to receive loopback traffic (this must be configured as, by default, a UWP app is not allowed to receive loopback traffic).
+1. The UWP app was not permitted to receive loopback traffic. This must be configured. By default, UWP apps are not allowed to receive loopback traffic.
 2. The UWP app is missing the proper capability tokens.
-3. The private range is configured incorrectly (i.e. set incorrectly through GP/MDM policies, etc.)
+3. The private range is configured incorrectly. For example, the private ranges is set incorrectly through GP/MDM policies, etc.
 
-To understand these causes more thoroughly, there are several concepts that should be reviewed.
+To understand these causes more thoroughly, there are several concepts to review.
 
-The traffic of network packets (e.g. what's permitted and what’s not) on Windows is ultimately determined by the Windows Filtering Platform (WFP). When a UWP app
+The traffic of network packets (what's permitted and what’s not) on Windows is determined by the Windows Filtering Platform (WFP). When a UWP app
 or the private range is configured incorrectly, it affects how the UWP app’s network traffic will be processed by WFP.
 
-When a packet is processed by WFP, the characteristics of that packet must explicitly match all the conditions of a filter to either be permitted or dropped to its target address. Connectivity issues typically happen when the packet does not match the filter conditions of any filters, leading the packet to be dropped by a default block filter. The presence of the default block
-filters ensures network isolation for UWP applications. Specifically, it guarantees a network drop for a packet that does not have the correct capabilities for the resource it is trying to reach, ensuring the application’s granular access to each resource type and preventing the application from “escaping” its environment.
+When a packet is processed by WFP, the characteristics of that packet must explicitly match all the conditions of a filter to either be permitted or dropped to its target address. Connectivity issues typically happen when the packet does not match any of the filter conditions, leading the packet to be dropped by a default block filter. The presence of the default block
+filters ensures network isolation for UWP applications. Specifically, it guarantees a network drop for a packet that does not have the correct capabilities for the resource it is trying to reach. This ensures the application’s granular access to each resource type and preventing the application from escaping its environment.
 
 For more information on the filter arbitration algorithm and network isolation,
-please read [Filter
+see [Filter
 Arbitration](https://docs.microsoft.com/en-us/windows/win32/fwp/filter-arbitration)
 and
 [Isolation](https://docs.microsoft.com/en-us/windows/win32/secauthz/appcontainer-isolation).
 
-The next sections will cover debugging case examples for loopback and
-non-loopback UWP app network connectivity issues.
+The following sections cover debugging case examples for loopback and non-loopback UWP app network connectivity issues.
 
 > [!NOTE] 
-> As improvements to debugging and diagnostics around the Windows Filtering Platform are made, the trace examples in this document may not exactly match the
-traces collected on an older Windows build.
+> As improvements to debugging and diagnostics in the Windows Filtering Platform are made, the trace examples in this document may not exactly match the
+traces collected on previous releases of Windows.
 
 # Debugging UWP App Loopback scenarios
 
-If you have a scenario where you are establishing a TCP/IP connection between two processes on the same host where one of them is a UWP app, you must enable loopback.
+If you need to establis a TCP/IP connection between two processes on the same host where one of them is a UWP app, you must enable loopback.
 
-To enable loopback for client outbound connections, run the following in a command prompt:
+To enable loopback for client outbound connections, run the following at a command prompt:
 
-`CheckNetIsolation.exe LoopbackExempt -a -n=\<AppContainer or Package Family\>`
+```dos
+CheckNetIsolation.exe LoopbackExempt -a -n=\<AppContainer or Package Family\>
+```
 
-To enable loopback for server inbound connections, please run the following in a
+To enable loopback for server inbound connections,  run the following at a
 command prompt:
+```dos
+CheckNetIsolation.exe LoopbackExempt -is -n=\<AppContainer or Package Family\>
+```
+You can ensure loopback is enabled by checking the appx manifests of both the sender and receiver.
 
-`CheckNetIsolation.exe LoopbackExempt -is -n=\<AppContainer or Package Family\>`
-
-You can ensure loopback is enabled by checking the appx manifests of both the
-sender and receiver.
-
-For more information about loopback scenarios, please read [Communicating with
+For more information about loopback scenarios, see [Communicating with
 localhost
 (loopback)](https://docs.microsoft.com/en-us/windows/iot-core/develop-your-app/loopback)
 
 # Debugging Live Drops
 
-If the issue happened recently, but you find you are not able to reproduce the
-issue, go to Debugging Past Drops for the appropriate trace commands.
+If the issue happened recently, but you find you are not able to reproduce the issue, go to Debugging Past Drops for the appropriate trace commands.
 
-If you can consistently reproduce the issue, then you can run the following in
-an admin command prompt to gather a fresh trace:
+If you can consistently reproduce the issue, then you can run the following in an admin command prompt to gather a fresh trace:
 
-```
+```DOS
 Netsh wfp capture start keywords=19
 \<Run UWP app\>
 Netsh wfp capture stop
 ```
 
-The above commands will generate a wfpdiag.cab. Inside the .cab exists a
-wfpdiag.xml, which contains any allow or drop netEvents and filters that existed
-during that repro. Without “keywords=19”, the trace will only collect drop
-netEvents.
+These commands generate a wfpdiag.cab. Inside the .cab exists a wfpdiag.xml, which contains any allow or drop netEvents and filters that existed during that repro. Without “keywords=19”, the trace will only collect drop netEvents.
 
 Inside the wfpdiag.xml, search for netEvents which have
-FWPM_NET_EVENT_TYPE_CLASSIFY_DROP as the netEvent type. To find the relevant
-drop events, search for the drop events with matching destination IP address,
+FWPM_NET_EVENT_TYPE_CLASSIFY_DROP as the netEvent type. To find the relevant drop events, search for the drop events with matching destination IP address,
 package SID, or application ID name. The characters in the application ID name
 will be separated by periods:
-```
+
+```XML
 (ex) 					
 
-\<asString\>
-
+<asString\>
 \\.d.e.v.i.c.e.\\.h.a.r.d.d.i.s.k.v.o.l.u.m.e.1.\\.w.i.n.d.o.w.s.\\.s.y.s.t.e.m.3.2.\\.s.v.c.h.o.s.t...e.x.e...
 
 \</asString\>
 ```
-The netEvent will have more information about the packet that was dropped
-including information about its capabilities, the filter that dropped the
-packet, and much more.
+
+The netEvent will have more information about the packet that was dropped including information about its capabilities, the filter that dropped the packet, and much more.
 
 ## Case 1: UWP app connects to Internet target address with all capabilities
 
 In this example, the UWP app successfully connects to bing.com
 [2620:1ec:c11::200].
 
-A packet from a UWP app needs the correct networking capability token for the
-resource it is trying to reach.
+A packet from a UWP app needs the correct networking capability token for the resource it is trying to reach.
 
-In this scenario, the app could successfully send a packet to the Internet
-target because it had an Internet capability token.
+In this scenario, the app could successfully send a packet to the Internet target because it had an Internet capability token.
 
-The following shows the allow netEvent of the app connecting to the target IP.
-The netEvent contains information about the packet including its local address,
+The following shows the allow netEvent of the app connecting to the target IP. The netEvent contains information about the packet including its local address,
 remote address, capabilities, etc.
 
 **Classify Allow netEvent, Wfpdiag-Case-1.xml**
 ```xml
-\<netEvent\>
-\<header\>
->   \<timeStamp\>2020-05-21T17:25:59.070Z\</timeStamp\>
->   \<flags numItems="9"\>
->   \<item\>FWPM_NET_EVENT_FLAG_IP_PROTOCOL_SET\</item\>
->   \<item\>FWPM_NET_EVENT_FLAG_LOCAL_ADDR_SET\</item\>
->   \<item\>FWPM_NET_EVENT_FLAG_REMOTE_ADDR_SET\</item\>
->   \<item\>FWPM_NET_EVENT_FLAG_LOCAL_PORT_SET\</item\>
->   \<item\>FWPM_NET_EVENT_FLAG_REMOTE_PORT_SET\</item\>
->   \<item\>FWPM_NET_EVENT_FLAG_APP_ID_SET\</item\>
->   \<item\>FWPM_NET_EVENT_FLAG_USER_ID_SET\</item\>	
->   \<item\>FWPM_NET_EVENT_FLAG_IP_VERSION_SET\</item\>
->   \<item\>FWPM_NET_EVENT_FLAG_PACKAGE_ID_SET\</item\>
->   \</flags\>
->   \<ipVersion\>FWP_IP_VERSION_V6\</ipVersion\>
->   \<ipProtocol\>6\</ipProtocol\>				
->   \<localAddrV6.byteArray16\>2001:4898:30:3:256c:e5ba:12f3:beb1\</localAddrV6.byteArray16\>	\<remoteAddrV6.byteArray16\>2620:1ec:c11::200\</remoteAddrV6.byteArray16\>
-\<localPort\>52127\</localPort\>
-\<remotePort\>443\</remotePort\>
-\<scopeId\>0\</scopeId\>
-\<appId\>				
->   \<data\>5c006400650076006900630065005c0068006100720064006400690073006b0076006f006c0075006d00650031005c00700072006f006700720061006d002000660069006c00650073005c00770069006e0064006f007700730061007000700073005c00610066003600390032006200660066002d0036003700370039002d0034003200340066002d0038003700300065002d006600360065003500390063003500300032003300340039005f0031002e0031002e00310030002e0030005f007800360034005f005f00350063003000330037006a0061007200350038003300390072005c0075007700700073006f0063006b006500740063006c00690065006e0074002e006500780065000000\</data\>
->   \<asString\>\\.d.e.v.i.c.e.\\.h.a.r.d.d.i.s.k.v.o.l.u.m.e.1.\\.p.r.o.g.r.a.m.
->   .f.i.l.e.s.\\.w.i.n.d.o.w.s.a.p.p.s.\\.a.f.6.9.2.b.f.f.-.6.7.7.9.-.4.2.4.f.-.8.7.0.e.-.f.6.e.5.9.c.5.0.2.3.4.9._.1...1...1.0...0._.x.6.4._._.5.c.0.3.7.j.a.r.5.8.3.9.r.\\.u.w.p.s.o.c.k.e.t.c.l.i.e.n.t...e.x.e...\</asString\>
-\</appId\>
-\<userId\>S-1-5-21-2993214446-1947230185-131795049-1000\</userId\>
-\<addressFamily\>FWP_AF_INET6\</addressFamily\>
-\<packageSid\>S-1-15-2-4163697451-3176919390-1155390458-2883473650-3020241727-522149888-4067122936\</packageSid\>
-\<enterpriseId/\>
-\<policyFlags\>0\</policyFlags\>
-\<effectiveName/\>
-\</header\>
-\<type\>FWPM_NET_EVENT_TYPE_CLASSIFY_ALLOW\</type\>
-\<classifyAllow\>
->   \<filterId\>125918\</filterId\>
->   \<layerId\>50\</layerId\>
->   \<reauthReason\>0\</reauthReason\>
->   \<originalProfile\>1\</originalProfile\>
->   \<currentProfile\>1\</currentProfile\>
-\</classifyAllow\>
-\<internalFields\>
-\<internalFlags/\>
-\<remoteAddrBitmap\>0000000000000000\</remoteAddrBitmap\>
-\<capabilities numItems="3"\>				
->   \<item\>FWP_CAPABILITIES_FLAG_INTERNET_CLIENT\</item\>			\<item\>FWP_CAPABILITIES_FLAG_INTERNET_CLIENT_SERVER\</item\>
->   \<item\>FWP_CAPABILITIES_FLAG_PRIVATE_NETWORK\</item\>
-\</capabilities\>
-\<fqbnVersion\>0\</fqbnVersion\>
-\<fqbnName/\>
-\<terminatingFiltersInfo numItems="2"\>
->   \<item\>
-		\<filterId\>125918\</filterId\>					
->   \<subLayer\>FWPP_SUBLAYER_INTERNAL_FIREWALL_WSH\</subLayer\>
-		\<actionType\>FWP_ACTION_PERMIT\</actionType\>
->   \</item\>
->   \<item\>
-		\<filterId\>121167\</filterId\>
-		\<subLayer\>FWPP_SUBLAYER_INTERNAL_FIREWALL_WF\</subLayer\>
-		\<actionType\>FWP_ACTION_PERMIT\</actionType\>
-    \</item\>
-\</terminatingFiltersInfo\>
-\</internalFields\>
-\</netEvent\>
+<netEvent\>
+<header\>
+    <timeStamp\>2020-05-21T17:25:59.070Z\</timeStamp\>
+    <flags numItems="9"\>
+    <item\>FWPM_NET_EVENT_FLAG_IP_PROTOCOL_SET\</item\>
+    <item\>FWPM_NET_EVENT_FLAG_LOCAL_ADDR_SET\</item\>
+    <item\>FWPM_NET_EVENT_FLAG_REMOTE_ADDR_SET\</item\>
+    <item\>FWPM_NET_EVENT_FLAG_LOCAL_PORT_SET\</item\>
+    <item\>FWPM_NET_EVENT_FLAG_REMOTE_PORT_SET\</item\>
+    <item\>FWPM_NET_EVENT_FLAG_APP_ID_SET\</item\>
+    <item\>FWPM_NET_EVENT_FLAG_USER_ID_SET\</item\>	
+    <item\>FWPM_NET_EVENT_FLAG_IP_VERSION_SET\</item\>
+    <item\>FWPM_NET_EVENT_FLAG_PACKAGE_ID_SET\</item\>
+    </flags\>
+    <ipVersion\>FWP_IP_VERSION_V6\</ipVersion\>
+    <ipProtocol\>6\</ipProtocol\>				
+    <localAddrV6.byteArray16\>2001:4898:30:3:256c:e5ba:12f3:beb1\</localAddrV6.byteArray16\>	\<remoteAddrV6.byteArray16\>2620:1ec:c11::200\</remoteAddrV6.byteArray16\>
+<localPort\>52127\</localPort\>
+<remotePort\>443\</remotePort\>
+<scopeId\>0\</scopeId\>
+<appId\>				
+    <data\>5c006400650076006900630065005c0068006100720064006400690073006b0076006f006c0075006d00650031005c00700072006f006700720061006d002000660069006c00650073005c00770069006e0064006f007700730061007000700073005c00610066003600390032006200660066002d0036003700370039002d0034003200340066002d0038003700300065002d006600360065003500390063003500300032003300340039005f0031002e0031002e00310030002e0030005f007800360034005f005f00350063003000330037006a0061007200350038003300390072005c0075007700700073006f0063006b006500740063006c00690065006e0074002e006500780065000000\</data\>
+    <asString\>\\.d.e.v.i.c.e.\\.h.a.r.d.d.i.s.k.v.o.l.u.m.e.1.\\.p.r.o.g.r.a.m.
+       .f.i.l.e.s.\\.w.i.n.d.o.w.s.a.p.p.s.\\.a.f.6.9.2.b.f.f.-.6.7.7.9.-.4.2.4.f.-.8.7.0.e.-.f.6.e.5.9.c.5.0.2.3.4.9._.1...1...1.0...0._.x.6.4._._.5.c.0.3.7.j.a.r.5.8.3.9.r.\\.u.w.p.s.o.c.k.e.t.c.l.i.e.n.t...e.x.e...\</asString\>
+</appId\>
+<userId\>S-1-5-21-2993214446-1947230185-131795049-1000\</userId\>
+<addressFamily\>FWP_AF_INET6\</addressFamily\>
+<packageSid\>S-1-15-2-4163697451-3176919390-1155390458-2883473650-3020241727-522149888-4067122936\</packageSid\>
+<enterpriseId/\>
+<policyFlags\>0\</policyFlags\>
+<effectiveName/\>
+</header\>
+<type\>FWPM_NET_EVENT_TYPE_CLASSIFY_ALLOW\</type\>
+<classifyAllow\>
+    <filterId\>125918\</filterId\>
+    <layerId\>50\</layerId\>
+    <reauthReason\>0\</reauthReason\>
+    <originalProfile\>1\</originalProfile\>
+    <currentProfile\>1\</currentProfile\>
+</classifyAllow\>
+<internalFields\>
+<internalFlags/\>
+<remoteAddrBitmap\>0000000000000000\</remoteAddrBitmap\>
+<capabilities numItems="3"\>				
+    <item\>FWP_CAPABILITIES_FLAG_INTERNET_CLIENT\</item\>			<item\>FWP_CAPABILITIES_FLAG_INTERNET_CLIENT_SERVER\</item\>
+    <item\>FWP_CAPABILITIES_FLAG_PRIVATE_NETWORK\</item\>
+</capabilities\>
+<fqbnVersion\>0\</fqbnVersion\>
+<fqbnName/\>
+<terminatingFiltersInfo numItems="2"\>
+    <item\>
+		<filterId\>125918\</filterId\>					
+    <subLayer\>FWPP_SUBLAYER_INTERNAL_FIREWALL_WSH\</subLayer\>
+		<actionType\>FWP_ACTION_PERMIT\</actionType\>
+    </item\>
+    <item\>
+		<filterId\>121167\</filterId\>
+		<subLayer\>FWPP_SUBLAYER_INTERNAL_FIREWALL_WF\</subLayer\>
+		<actionType\>FWP_ACTION_PERMIT\</actionType\>
+    </item\>
+</terminatingFiltersInfo\>
+</internalFields\>
+</netEvent\>
 ```
 
 The following is the filter that permitted the packet to be sent to the target

From 9aba80f3de8d2ec83e443b30afe63184a793c404 Mon Sep 17 00:00:00 2001
From: Daniel Simpson <dansimp@microsoft.com>
Date: Thu, 13 Aug 2020 18:09:28 -0700
Subject: [PATCH 22/69] so many

---
 .../troubleshooting-uwp-firewall.md           | 2124 ++++++++---------
 1 file changed, 1060 insertions(+), 1064 deletions(-)

diff --git a/windows/security/threat-protection/windows-firewall/troubleshooting-uwp-firewall.md b/windows/security/threat-protection/windows-firewall/troubleshooting-uwp-firewall.md
index bc17fd0a75..fd79a67511 100644
--- a/windows/security/threat-protection/windows-firewall/troubleshooting-uwp-firewall.md
+++ b/windows/security/threat-protection/windows-firewall/troubleshooting-uwp-firewall.md
@@ -56,13 +56,13 @@ If you need to establis a TCP/IP connection between two processes on the same ho
 To enable loopback for client outbound connections, run the following at a command prompt:
 
 ```dos
-CheckNetIsolation.exe LoopbackExempt -a -n=\<AppContainer or Package Family\>
+CheckNetIsolation.exe LoopbackExempt -a -n=<AppContainer or Package Family>
 ```
 
 To enable loopback for server inbound connections,  run the following at a
 command prompt:
 ```dos
-CheckNetIsolation.exe LoopbackExempt -is -n=\<AppContainer or Package Family\>
+CheckNetIsolation.exe LoopbackExempt -is -n=<AppContainer or Package Family>
 ```
 You can ensure loopback is enabled by checking the appx manifests of both the sender and receiver.
 
@@ -78,7 +78,7 @@ If you can consistently reproduce the issue, then you can run the following in a
 
 ```DOS
 Netsh wfp capture start keywords=19
-\<Run UWP app\>
+<Run UWP app>
 Netsh wfp capture stop
 ```
 
@@ -92,10 +92,10 @@ will be separated by periods:
 ```XML
 (ex) 					
 
-<asString\>
+<asString>
 \\.d.e.v.i.c.e.\\.h.a.r.d.d.i.s.k.v.o.l.u.m.e.1.\\.w.i.n.d.o.w.s.\\.s.y.s.t.e.m.3.2.\\.s.v.c.h.o.s.t...e.x.e...
 
-\</asString\>
+</asString>
 ```
 
 The netEvent will have more information about the packet that was dropped including information about its capabilities, the filter that dropped the packet, and much more.
@@ -114,187 +114,186 @@ remote address, capabilities, etc.
 
 **Classify Allow netEvent, Wfpdiag-Case-1.xml**
 ```xml
-<netEvent\>
-<header\>
-    <timeStamp\>2020-05-21T17:25:59.070Z\</timeStamp\>
-    <flags numItems="9"\>
-    <item\>FWPM_NET_EVENT_FLAG_IP_PROTOCOL_SET\</item\>
-    <item\>FWPM_NET_EVENT_FLAG_LOCAL_ADDR_SET\</item\>
-    <item\>FWPM_NET_EVENT_FLAG_REMOTE_ADDR_SET\</item\>
-    <item\>FWPM_NET_EVENT_FLAG_LOCAL_PORT_SET\</item\>
-    <item\>FWPM_NET_EVENT_FLAG_REMOTE_PORT_SET\</item\>
-    <item\>FWPM_NET_EVENT_FLAG_APP_ID_SET\</item\>
-    <item\>FWPM_NET_EVENT_FLAG_USER_ID_SET\</item\>	
-    <item\>FWPM_NET_EVENT_FLAG_IP_VERSION_SET\</item\>
-    <item\>FWPM_NET_EVENT_FLAG_PACKAGE_ID_SET\</item\>
-    </flags\>
-    <ipVersion\>FWP_IP_VERSION_V6\</ipVersion\>
-    <ipProtocol\>6\</ipProtocol\>				
-    <localAddrV6.byteArray16\>2001:4898:30:3:256c:e5ba:12f3:beb1\</localAddrV6.byteArray16\>	\<remoteAddrV6.byteArray16\>2620:1ec:c11::200\</remoteAddrV6.byteArray16\>
-<localPort\>52127\</localPort\>
-<remotePort\>443\</remotePort\>
-<scopeId\>0\</scopeId\>
-<appId\>				
-    <data\>5c006400650076006900630065005c0068006100720064006400690073006b0076006f006c0075006d00650031005c00700072006f006700720061006d002000660069006c00650073005c00770069006e0064006f007700730061007000700073005c00610066003600390032006200660066002d0036003700370039002d0034003200340066002d0038003700300065002d006600360065003500390063003500300032003300340039005f0031002e0031002e00310030002e0030005f007800360034005f005f00350063003000330037006a0061007200350038003300390072005c0075007700700073006f0063006b006500740063006c00690065006e0074002e006500780065000000\</data\>
-    <asString\>\\.d.e.v.i.c.e.\\.h.a.r.d.d.i.s.k.v.o.l.u.m.e.1.\\.p.r.o.g.r.a.m.
-       .f.i.l.e.s.\\.w.i.n.d.o.w.s.a.p.p.s.\\.a.f.6.9.2.b.f.f.-.6.7.7.9.-.4.2.4.f.-.8.7.0.e.-.f.6.e.5.9.c.5.0.2.3.4.9._.1...1...1.0...0._.x.6.4._._.5.c.0.3.7.j.a.r.5.8.3.9.r.\\.u.w.p.s.o.c.k.e.t.c.l.i.e.n.t...e.x.e...\</asString\>
-</appId\>
-<userId\>S-1-5-21-2993214446-1947230185-131795049-1000\</userId\>
-<addressFamily\>FWP_AF_INET6\</addressFamily\>
-<packageSid\>S-1-15-2-4163697451-3176919390-1155390458-2883473650-3020241727-522149888-4067122936\</packageSid\>
-<enterpriseId/\>
-<policyFlags\>0\</policyFlags\>
-<effectiveName/\>
-</header\>
-<type\>FWPM_NET_EVENT_TYPE_CLASSIFY_ALLOW\</type\>
-<classifyAllow\>
-    <filterId\>125918\</filterId\>
-    <layerId\>50\</layerId\>
-    <reauthReason\>0\</reauthReason\>
-    <originalProfile\>1\</originalProfile\>
-    <currentProfile\>1\</currentProfile\>
-</classifyAllow\>
-<internalFields\>
-<internalFlags/\>
-<remoteAddrBitmap\>0000000000000000\</remoteAddrBitmap\>
-<capabilities numItems="3"\>				
-    <item\>FWP_CAPABILITIES_FLAG_INTERNET_CLIENT\</item\>			<item\>FWP_CAPABILITIES_FLAG_INTERNET_CLIENT_SERVER\</item\>
-    <item\>FWP_CAPABILITIES_FLAG_PRIVATE_NETWORK\</item\>
-</capabilities\>
-<fqbnVersion\>0\</fqbnVersion\>
-<fqbnName/\>
-<terminatingFiltersInfo numItems="2"\>
-    <item\>
-		<filterId\>125918\</filterId\>					
-    <subLayer\>FWPP_SUBLAYER_INTERNAL_FIREWALL_WSH\</subLayer\>
-		<actionType\>FWP_ACTION_PERMIT\</actionType\>
-    </item\>
-    <item\>
-		<filterId\>121167\</filterId\>
-		<subLayer\>FWPP_SUBLAYER_INTERNAL_FIREWALL_WF\</subLayer\>
-		<actionType\>FWP_ACTION_PERMIT\</actionType\>
-    </item\>
-</terminatingFiltersInfo\>
-</internalFields\>
-</netEvent\>
+<netEvent>
+    <header>
+    <timeStamp>2020-05-21T17:25:59.070Z</timeStamp>
+    <flags numItems="9">
+        <item>FWPM_NET_EVENT_FLAG_IP_PROTOCOL_SET</item>
+        <item>FWPM_NET_EVENT_FLAG_LOCAL_ADDR_SET</item>
+        <item>FWPM_NET_EVENT_FLAG_REMOTE_ADDR_SET</item>
+        <item>FWPM_NET_EVENT_FLAG_LOCAL_PORT_SET</item>
+        <item>FWPM_NET_EVENT_FLAG_REMOTE_PORT_SET</item>
+        <item>FWPM_NET_EVENT_FLAG_APP_ID_SET</item>
+        <item>FWPM_NET_EVENT_FLAG_USER_ID_SET</item>	
+        <item>FWPM_NET_EVENT_FLAG_IP_VERSION_SET</item>
+        <item>FWPM_NET_EVENT_FLAG_PACKAGE_ID_SET</item>
+    </flags>
+    <ipVersion>FWP_IP_VERSION_V6</ipVersion>
+    <ipProtocol>6</ipProtocol>				
+    <localAddrV6.byteArray16>2001:4898:30:3:256c:e5ba:12f3:beb1</localAddrV6.byteArray16>	
+    <remoteAddrV6.byteArray16>2620:1ec:c11::200</remoteAddrV6.byteArray16>
+<localPort>52127</localPort>
+<remotePort>443</remotePort>
+<scopeId>0</scopeId>
+<appId>				
+    <data>5c006400650076006900630065005c0068006100720064006400690073006b0076006f006c0075006d00650031005c00700072006f006700720061006d002000660069006c00650073005c00770069006e0064006f007700730061007000700073005c00610066003600390032006200660066002d0036003700370039002d0034003200340066002d0038003700300065002d006600360065003500390063003500300032003300340039005f0031002e0031002e00310030002e0030005f007800360034005f005f00350063003000330037006a0061007200350038003300390072005c0075007700700073006f0063006b006500740063006c00690065006e0074002e006500780065000000</data>
+    <asString>\\.d.e.v.i.c.e.\\.h.a.r.d.d.i.s.k.v.o.l.u.m.e.1.\\.p.r.o.g.r.a.m.
+       .f.i.l.e.s.\\.w.i.n.d.o.w.s.a.p.p.s.\\.a.f.6.9.2.b.f.f.-.6.7.7.9.-.4.2.4.f.-.8.7.0.e.-.f.6.e.5.9.c.5.0.2.3.4.9._.1...1...1.0...0._.x.6.4._._.5.c.0.3.7.j.a.r.5.8.3.9.r.\\.u.w.p.s.o.c.k.e.t.c.l.i.e.n.t...e.x.e...</asString>
+</appId>
+<userId>S-1-5-21-2993214446-1947230185-131795049-1000</userId>
+<addressFamily>FWP_AF_INET6</addressFamily>
+<packageSid>S-1-15-2-4163697451-3176919390-1155390458-2883473650-3020241727-522149888-4067122936</packageSid>
+<enterpriseId/>
+<policyFlags>0</policyFlags>
+<effectiveName/>
+</header>
+<type>FWPM_NET_EVENT_TYPE_CLASSIFY_ALLOW</type>
+<classifyAllow>
+    <filterId>125918</filterId>
+    <layerId>50</layerId>
+    <reauthReason>0</reauthReason>
+    <originalProfile>1</originalProfile>
+    <currentProfile>1</currentProfile>
+</classifyAllow>
+<internalFields>
+<internalFlags/>
+<remoteAddrBitmap>0000000000000000</remoteAddrBitmap>
+<capabilities numItems="3">				
+    <item>FWP_CAPABILITIES_FLAG_INTERNET_CLIENT</item>
+    <item>FWP_CAPABILITIES_FLAG_INTERNET_CLIENT_SERVER</item>
+    <item>FWP_CAPABILITIES_FLAG_PRIVATE_NETWORK</item>
+</capabilities>
+<fqbnVersion>0</fqbnVersion>
+<fqbnName/>
+<terminatingFiltersInfo numItems="2">
+    <item>
+        <filterId>125918</filterId>
+        <subLayer>FWPP_SUBLAYER_INTERNAL_FIREWALL_WSH</subLayer>
+        <actionType>FWP_ACTION_PERMIT</actionType>
+    </item>
+    <item>
+		<filterId>121167</filterId>
+		<subLayer>FWPP_SUBLAYER_INTERNAL_FIREWALL_WF</subLayer>
+		<actionType>FWP_ACTION_PERMIT</actionType>
+    </item>
+</terminatingFiltersInfo>
+</internalFields>
+</netEvent>
 ```
 
 The following is the filter that permitted the packet to be sent to the target
-address according to the terminatingFiltersInfo in the netEvent. This packet was
-allowed by Filter \#125918 which is from the InternetClient Default Rule.
+address according to the **terminatingFiltersInfo** in the **netEvent**. This packet was
+allowed by Filter #125918, from the InternetClient Default Rule.
 
-**InternetClient Default Rule Filter \#125918, Wfpdiag-Case-1.xml**
+**InternetClient Default Rule Filter #125918, Wfpdiag-Case-1.xml**
 ```xml
-\<item\>
->   \<filterKey\>{3389708e-f7ae-4ebc-a61a-f659065ab24e}\</filterKey\>
->   \<displayData\>
->   \<name\>InternetClient Default Rule\</name\>
->   \<description\>InternetClient Default Rule\</description\>
->   \</displayData\>
->   \<flags/\>
->   \<providerKey\>FWPM_PROVIDER_MPSSVC_WSH\</providerKey\>
->   \<providerData\>
->   \<data\>ad2b000000000000\</data\>
->   \<asString\>.+......\</asString\>
->   \</providerData\>
->   \<layerKey\>FWPM_LAYER_ALE_AUTH_CONNECT_V6\</layerKey\>
->   \<subLayerKey\>FWPM_SUBLAYER_MPSSVC_WSH\</subLayerKey\>
->   \<weight\>
->   \<type\>FWP_EMPTY\</type\>
->   \</weight\>
->   \<filterCondition numItems="5"\>
->   \<item\>
->   \<fieldKey\>FWPM_CONDITION_ALE_PACKAGE_ID\</fieldKey\>
->   \<matchType\>FWP_MATCH_NOT_EQUAL\</matchType\>
->   \<conditionValue\>
->   \<type\>FWP_SID\</type\>
->   \<sid\>S-1-0-0\</sid\>
->   \</conditionValue\>
->   \</item\>
->   \<item\>
->   \<fieldKey\>FWPM_CONDITION_IP_REMOTE_ADDRESS\</fieldKey\>
->   \<matchType\>FWP_MATCH_RANGE\</matchType\>
->   \<conditionValue\>
->   \<type\>FWP_RANGE_TYPE\</type\>
->   \<rangeValue\>
->   \<valueLow\>
->   \<type\>FWP_BYTE_ARRAY16_TYPE\</type\>
->   \<byteArray16\>::\</byteArray16\>
->   \</valueLow\>
->   \<valueHigh\>
->   \<type\>FWP_BYTE_ARRAY16_TYPE\</type\>
->   \<byteArray16\>ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff\</byteArray16\>
->   \</valueHigh\>
->   \</rangeValue\>
->   \</conditionValue\>
->   \</item\>
->   \<item\>
->   \<fieldKey\>FWPM_CONDITION_ORIGINAL_PROFILE_ID\</fieldKey\>
->   \<matchType\>FWP_MATCH_EQUAL\</matchType\>
->   \<conditionValue\>
->   \<type\>FWP_UINT32\</type\>
->   \<uint32\>1\</uint32\>
->   \</conditionValue\>
->   \</item\>
->   \<item\>
->   \<fieldKey\>FWPM_CONDITION_CURRENT_PROFILE_ID\</fieldKey\>
->   \<matchType\>FWP_MATCH_EQUAL\</matchType\>
->   \<conditionValue\>
->   \<type\>FWP_UINT32\</type\>
->   \<uint32\>1\</uint32\>
->   \</conditionValue\>
->   \</item\>
->   \<item\>
->   \<fieldKey\>FWPM_CONDITION_ALE_USER_ID\</fieldKey\>
->   \<matchType\>FWP_MATCH_EQUAL\</matchType\>
->   \<conditionValue\>
->   \<type\>FWP_SECURITY_DESCRIPTOR_TYPE\</type\>
->   \<sd\>O:LSD:(A;;CC;;;S-1-15-3-1)(A;;CC;;;WD)(A;;CC;;;AN)\</sd\>
->   \</conditionValue\>
->   \</item\>
->   \</filterCondition\>
->   \<action\>
->   \<type\>FWP_ACTION_PERMIT\</type\>
->   \<filterType/\>
->   \</action\>
->   \<rawContext\>0\</rawContext\>
->   \<reserved/\>
->   \<filterId\>125918\</filterId\>
->   \<effectiveWeight\>
->   \<type\>FWP_UINT64\</type\>
->   \<uint64\>103079219136\</uint64\>
->   \</effectiveWeight\>
-\</item\>
+<item>
+    <filterKey>{3389708e-f7ae-4ebc-a61a-f659065ab24e}</filterKey>
+    <displayData>
+    <name>InternetClient Default Rule</name>
+    <description>InternetClient Default Rule</description>
+    </displayData>
+    <flags/>
+    <providerKey>FWPM_PROVIDER_MPSSVC_WSH</providerKey>
+    <providerData>
+    <data>ad2b000000000000</data>
+    <asString>.+......</asString>
+    </providerData>
+    <layerKey>FWPM_LAYER_ALE_AUTH_CONNECT_V6</layerKey>
+    <subLayerKey>FWPM_SUBLAYER_MPSSVC_WSH</subLayerKey	 
+    <weight>
+    <type>FWP_EMPTY</type>
+    </weight>
+    <filterCondition numItems="5">
+    <item>
+    <fieldKey>FWPM_CONDITION_ALE_PACKAGE_ID</fieldKey>
+    <matchType>FWP_MATCH_NOT_EQUAL</matchType>
+    <conditionValue>
+    <type>FWP_SID</type>
+    <sid>S-1-0-0</sid>
+    </conditionValue>
+    </item>
+    <item>
+    <fieldKey>FWPM_CONDITION_IP_REMOTE_ADDRESS</fieldKey>
+ 	<matchType>FWP_MATCH_RANGE</matchType>
+ 	 <conditionValue>
+ 	 <type>FWP_RANGE_TYPE</type>
+ 	 <rangeValue>
+ 	<valueLow>
+    <type>FWP_BYTE_ARRAY16_TYPE</type>
+    <byteArray16>::</byteArray16>
+    </valueLow>
+    <valueHigh>
+    <type>FWP_BYTE_ARRAY16_TYPE</type>
+    <byteArray16>ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff</byteArray16>
+	</valueHigh>
+	</rangeValue>
+	</conditionValue>
+	</item>
+	<item>
+	<fieldKey>FWPM_CONDITION_ORIGINAL_PROFILE_ID<fieldKey>
+	<matchType>FWP_MATCH_EQUAL</matchType>
+	<conditionValue>
+	<type>FWP_UINT32</type>
+	<uint32>1</uint32>
+	</conditionValue>
+	</item>
+	<item>
+	<fieldKey>FWPM_CONDITION_CURRENT_PROFILE_ID<fieldKey>
+	<matchType>FWP_MATCH_EQUAL</matchType>
+	<conditionValue>
+	<type>FWP_UINT32</type>
+	<uint32>1</uint32>
+	</conditionValue>
+	</item>
+	<item>
+	<fieldKey>FWPM_CONDITION_ALE_USER_ID</fieldKey>
+	<matchType>FWP_MATCH_EQUAL</matchType>
+	<conditionValue>
+	<type>FWP_SECURITY_DESCRIPTOR_TYPE</type>
+	<sd>O:LSD:(A;;CC;;;S-1-15-3-1)(A;;CC;;;WD)(A;;CC;;;AN)</sd>
+	</conditionValue>
+	</item>
+	</filterCondition>
+	<action>
+	<type>FWP_ACTION_PERMIT</type>
+	<filterType/>
+	</action>
+	<rawContext>0</rawContext>
+	<reserved/>
+	<filterId>125918</filterId>
+	<effectiveWeight>
+	<type>FWP_UINT64</type>
+	<uint64>103079219136</uint64>
+	</effectiveWeight>
+</item>
 ```
-One condition is
 
 **Capabilities Condition in Filter \#125918, Wfpdiag-Case-1.xml**
 ```xml
-\<item\>
->   \<fieldKey\>FWPM_CONDITION_ALE_USER_ID\</fieldKey\>
->   \<matchType\>FWP_MATCH_EQUAL\</matchType\>
->   \<conditionValue\>
->   \<type\>FWP_SECURITY_DESCRIPTOR_TYPE\</type\>
->   \<sd\>O:LSD:(A;;CC;;;S-1-15-3-1)(A;;CC;;;WD)(A;;CC;;;AN)\</sd\>
->   \</conditionValue\>
-\</item\>
+<item>
+    <fieldKey>FWPM_CONDITION_ALE_USER_ID</fieldKey>
+    <matchType>FWP_MATCH_EQUAL</matchType>
+    <conditionValue>
+    <type>FWP_SECURITY_DESCRIPTOR_TYPE</type>
+    <sd>O:LSD:(A;;CC;;;S-1-15-3-1)(A;;CC;;;WD)(A;;CC;;;AN)</sd>
+    </conditionValue>
+</item>
 ```
-which is the condition for checking capabilities in this filter.
+This is the condition for checking capabilities in this filter.
 
-The important part of this condition is S-1-15-3-1, which is the capability SID
-for INTERNET_CLIENT privileges.
+The important part of this condition is **S-1-15-3-1**, which is the capability SID
+for **INTERNET_CLIENT** privileges.
 
-From the netEvent’s capabilities section,
-
-Capabilities from netEvent, Wfpdiag-Case-1.xml
+From the **netEvent** capabilities section,
+capabilities from netEvent, Wfpdiag-Case-1.xml.
 ```xml
-\<capabilities numItems="3"\>				
->   **\<item\>FWP_CAPABILITIES_FLAG_INTERNET_CLIENT\</item\>**			\<item\>FWP_CAPABILITIES_FLAG_INTERNET_CLIENT_SERVER\</item\>
-\<item\>FWP_CAPABILITIES_FLAG_PRIVATE_NETWORK\</item\>
-\</capabilities\>
+<capabilities numItems="3">				
+    <item>FWP_CAPABILITIES_FLAG_INTERNET_CLIENT</item>			<item>FWP_CAPABILITIES_FLAG_INTERNET_CLIENT_SERVER</item>
+    <item>FWP_CAPABILITIES_FLAG_PRIVATE_NETWORK</item>
+</capabilities>
 ```
-it shows the packet came from an app with an Internet client token
-(FWP_CAPABILITIES_FLAG_INTERNET_CLIENT) which matches the capability SID in the
+This shows the packet came from an app with an Internet client token (**FWP_CAPABILITIES_FLAG_INTERNET_CLIENT**) which matches the capability SID in the
 filter. All the other conditions are also met for the filter, so the packet is
 allowed.
 
@@ -307,175 +306,173 @@ the packet having all capabilities.
 In this example, the UWP app is unable to connect to bing.com
 [2620:1ec:c11::200].
 
-The following is a drop netEvent that was captured in the traces during this
-repro.
+The following is a drop netEvent that was captured in the trace.
 
 **Classify Drop netEvent, Wfpdiag-Case-2.xml**
 ```xml
-\<netEvent\>
-\<header\>
-\<timeStamp\>2020-03-30T23:53:09.720Z\</timeStamp\>
-\<flags numItems="9"\>
-\<item\>FWPM_NET_EVENT_FLAG_IP_PROTOCOL_SET\</item\>
-\<item\>FWPM_NET_EVENT_FLAG_LOCAL_ADDR_SET\</item\>
-\<item\>FWPM_NET_EVENT_FLAG_REMOTE_ADDR_SET\</item\>
-\<item\>FWPM_NET_EVENT_FLAG_LOCAL_PORT_SET\</item\>
-\<item\>FWPM_NET_EVENT_FLAG_REMOTE_PORT_SET\</item\>
-\<item\>FWPM_NET_EVENT_FLAG_APP_ID_SET\</item\>
-\<item\>FWPM_NET_EVENT_FLAG_USER_ID_SET\</item\>
-\<item\>FWPM_NET_EVENT_FLAG_IP_VERSION_SET\</item\>
-\<item\>FWPM_NET_EVENT_FLAG_PACKAGE_ID_SET\</item\>
-\</flags\>
-\<ipVersion\>FWP_IP_VERSION_V6\</ipVersion\>
-\<ipProtocol\>6\</ipProtocol\>
-\<localAddrV6.byteArray16\>2001:4898:1a:1045:8469:3351:e6e2:543\</localAddrV6.byteArray16\>
-\<remoteAddrV6.byteArray16\>2620:1ec:c11::200\</remoteAddrV6.byteArray16\>
-\<localPort\>63187\</localPort\>
-\<remotePort\>443\</remotePort\>
-\<scopeId\>0\</scopeId\>
-\<appId\>
-\<data\>5c006400650076006900630065005c0068006100720064006400690073006b0076006f006c0075006d00650031005c00700072006f006700720061006d002000660069006c00650073005c00770069006e0064006f007700730061007000700073005c00610066003600390032006200660066002d0036003700370039002d0034003200340066002d0038003700300065002d006600360065003500390063003500300032003300340039005f0031002e0031002e0034002e0030005f007800360034005f005f00350063003000330037006a0061007200350038003300390072005c0075007700700073006f0063006b006500740063006c00690065006e0074002e006500780065000000\</data\>
-\<asString\>\\.d.e.v.i.c.e.\\.h.a.r.d.d.i.s.k.v.o.l.u.m.e.1.\\.p.r.o.g.r.a.m.
-.f.i.l.e.s.\\.w.i.n.d.o.w.s.a.p.p.s.\\.a.f.6.9.2.b.f.f.-.6.7.7.9.-.4.2.4.f.-.8.7.0.e.-.f.6.e.5.9.c.5.0.2.3.4.9._.1...1...4...0._.x.6.4._._.5.c.0.3.7.j.a.r.5.8.3.9.r.\\.u.w.p.s.o.c.k.e.t.c.l.i.e.n.t...e.x.e...\</asString\>
-\</appId\>
-\<userId\>S-1-5-21-2788718703-1626973220-3690764900-1000\</userId\>
-\<addressFamily\>FWP_AF_INET6\</addressFamily\>
-\<packageSid\>S-1-15-2-4163697451-3176919390-1155390458-2883473650-3020241727-522149888-4067122936\</packageSid\>
-\<enterpriseId/\>
-\<policyFlags\>0\</policyFlags\>
-\<effectiveName/\>
-\</header\>
-\<type\>FWPM_NET_EVENT_TYPE_CLASSIFY_DROP\</type\>
-\<classifyDrop\>
-\<filterId\>68893\</filterId\>
-\<layerId\>50\</layerId\>
-\<reauthReason\>0\</reauthReason\>
-\<originalProfile\>1\</originalProfile\>
-\<currentProfile\>1\</currentProfile\>
-\<msFwpDirection\>MS_FWP_DIRECTION_OUT\</msFwpDirection\>
-\<isLoopback\>false\</isLoopback\>
-\<vSwitchId/\>
-\<vSwitchSourcePort\>0\</vSwitchSourcePort\>
-\<vSwitchDestinationPort\>0\</vSwitchDestinationPort\>
-\</classifyDrop\>
-\<internalFields\>
-\<internalFlags/\>
-\<remoteAddrBitmap\>0000000000000000\</remoteAddrBitmap\>
-\<capabilities/\>
-\<fqbnVersion\>0\</fqbnVersion\>
-\<fqbnName/\>
-\<terminatingFiltersInfo numItems="2"\>
-\<item\>
-\<filterId\>68893\</filterId\>
-\<subLayer\>FWPP_SUBLAYER_INTERNAL_FIREWALL_WSH\</subLayer\>
-\<actionType\>FWP_ACTION_BLOCK\</actionType\>
-\</item\>
-\<item\>
-\<filterId\>68879\</filterId\>
-\<subLayer\>FWPP_SUBLAYER_INTERNAL_FIREWALL_WF\</subLayer\>
-\<actionType\>FWP_ACTION_PERMIT\</actionType\>
-\</item\>
-\</terminatingFiltersInfo\>
-\</internalFields\>
-\</netEvent\>
+<netEvent>
+<header>
+<timeStamp>2020-03-30T23:53:09.720Z</timeStamp>
+<flags numItems="9">
+    <item>FWPM_NET_EVENT_FLAG_IP_PROTOCOL_SET</item>
+    <item>FWPM_NET_EVENT_FLAG_LOCAL_ADDR_SET</item>
+    <item>FWPM_NET_EVENT_FLAG_REMOTE_ADDR_SET</item>
+    <item>FWPM_NET_EVENT_FLAG_LOCAL_PORT_SET</item>
+    <item>FWPM_NET_EVENT_FLAG_REMOTE_PORT_SET</item>
+    <item>FWPM_NET_EVENT_FLAG_APP_ID_SET</item>
+    <item>FWPM_NET_EVENT_FLAG_USER_ID_SET</item>
+    <item>FWPM_NET_EVENT_FLAG_IP_VERSION_SET</item>
+    <item>FWPM_NET_EVENT_FLAG_PACKAGE_ID_SET</item>
+</flags>
+<ipVersion>FWP_IP_VERSION_V6</ipVersion>
+<ipProtocol>6</ipProtocol>
+<localAddrV6.byteArray16>2001:4898:1a:1045:8469:3351:e6e2:543</localAddrV6.byteArray16>
+<remoteAddrV6.byteArray16>2620:1ec:c11::200</remoteAddrV6.byteArray16>
+<localPort>63187</localPort>
+<remotePort>443</remotePort>
+<scopeId>0</scopeId>
+<appId>
+<data>5c006400650076006900630065005c0068006100720064006400690073006b0076006f006c0075006d00650031005c00700072006f006700720061006d002000660069006c00650073005c00770069006e0064006f007700730061007000700073005c00610066003600390032006200660066002d0036003700370039002d0034003200340066002d0038003700300065002d006600360065003500390063003500300032003300340039005f0031002e0031002e0034002e0030005f007800360034005f005f00350063003000330037006a0061007200350038003300390072005c0075007700700073006f0063006b006500740063006c00690065006e0074002e006500780065000000</data>
+<asString>\\.d.e.v.i.c.e.\\.h.a.r.d.d.i.s.k.v.o.l.u.m.e.1.\\.p.r.o.g.r.a.m.
+.f.i.l.e.s.\\.w.i.n.d.o.w.s.a.p.p.s.\\.a.f.6.9.2.b.f.f.-.6.7.7.9.-.4.2.4.f.-.8.7.0.e.-.f.6.e.5.9.c.5.0.2.3.4.9._.1...1...4...0._.x.6.4._._.5.c.0.3.7.j.a.r.5.8.3.9.r.\\.u.w.p.s.o.c.k.e.t.c.l.i.e.n.t...e.x.e...</asString>
+</appId>
+<userId>S-1-5-21-2788718703-1626973220-3690764900-1000</userId>
+<addressFamily>FWP_AF_INET6</addressFamily>
+<packageSid>S-1-15-2-4163697451-3176919390-1155390458-2883473650-3020241727-522149888-4067122936</packageSid>
+<enterpriseId/>
+<policyFlags>0</policyFlags>
+<effectiveName/>
+</header>
+<type>FWPM_NET_EVENT_TYPE_CLASSIFY_DROP</type>
+<classifyDrop>
+<filterId>68893</filterId>
+<layerId>50</layerId>
+<reauthReason>0</reauthReason>
+<originalProfile>1</originalProfile>
+<currentProfile>1</currentProfile>
+<msFwpDirection>MS_FWP_DIRECTION_OUT</msFwpDirection>
+<isLoopback>false</isLoopback>
+<vSwitchId/>
+<vSwitchSourcePort>0</vSwitchSourcePort>
+<vSwitchDestinationPort>0</vSwitchDestinationPort>
+</classifyDrop>
+<internalFields>
+<internalFlags/>
+<remoteAddrBitmap>0000000000000000</remoteAddrBitmap>
+<capabilities/>
+<fqbnVersion>0</fqbnVersion>
+<fqbnName/>
+<terminatingFiltersInfo numItems="2">
+<item>
+<filterId>68893</filterId>
+<subLayer>FWPP_SUBLAYER_INTERNAL_FIREWALL_WSH</subLayer>
+<actionType>FWP_ACTION_BLOCK</actionType>
+</item>
+<item>
+<filterId>68879</filterId>
+<subLayer>FWPP_SUBLAYER_INTERNAL_FIREWALL_WF</subLayer>
+<actionType>FWP_ACTION_PERMIT</actionType>
+</item>
+</terminatingFiltersInfo>
+</internalFields>
+</netEvent>
 ```
-The first thing that should be checked in the netEvent is the capabilities
-field\*. In this example, the capabilities field is empty, indicating that the
+The first thing that you should check in the **netEvent** is the capabilities
+field. In this example, the capabilities field is empty, indicating that the
 UWP app was not configured with any capability tokens to allow it to connect to
 a network.
 
 **Internal Fields from netEvent, Wfpdiag-Case-2.xml**
 ```xml
-\<internalFields\>
-\<internalFlags/\>
-\<remoteAddrBitmap\>0000000000000000\</remoteAddrBitmap\>
-**\<capabilities/\>**
-\<fqbnVersion\>0\</fqbnVersion\>
-\<fqbnName/\>
-\<terminatingFiltersInfo numItems="2"\>
-\<item\>
-\<filterId\>68893\</filterId\>
-\<subLayer\>FWPP_SUBLAYER_INTERNAL_FIREWALL_WSH\</subLayer\>
-\<actionType\>FWP_ACTION_BLOCK\</actionType\>
-\</item\>
-\<item\>
-\<filterId\>68879\</filterId\>
-\<subLayer\>FWPP_SUBLAYER_INTERNAL_FIREWALL_WF\</subLayer\>
-\<actionType\>FWP_ACTION_PERMIT\</actionType\>
-\</item\>
-\</terminatingFiltersInfo\>
-\</internalFields\>
+<internalFields>
+<internalFlags/>
+<remoteAddrBitmap>0000000000000000</remoteAddrBitmap>
+<capabilities/>
+<fqbnVersion>0</fqbnVersion>
+<fqbnName/>
+<terminatingFiltersInfo numItems="2">
+<item>
+<filterId>68893</filterId>
+<subLayer>FWPP_SUBLAYER_INTERNAL_FIREWALL_WSH</subLayer>
+<actionType>FWP_ACTION_BLOCK</actionType>
+</item>
+<item>
+<filterId>68879</filterId>
+<subLayer>FWPP_SUBLAYER_INTERNAL_FIREWALL_WF</subLayer>
+<actionType>FWP_ACTION_PERMIT</actionType>
+</item>
+</terminatingFiltersInfo>
+</internalFields>
 ```
-The netEvent also gives us information about the filter that explicitly dropped
-this packet, like the FilterId, listed under classify drop
+The **netEvent** also shows information about the filter that explicitly dropped this packet, like the **FilterId**, listed under classify drop.
 
 **Classify Drop from netEvent, Wfpdiag-Case-2.xml**
 ```xml
-\<classifyDrop\>
-**\<filterId\>68893\</filterId\>**
-\<layerId\>50\</layerId\>
-\<reauthReason\>0\</reauthReason\>
-\<originalProfile\>1\</originalProfile\>
-\<currentProfile\>1\</currentProfile\>
-\<msFwpDirection\>MS_FWP_DIRECTION_OUT\</msFwpDirection\>
-\<isLoopback\>false\</isLoopback\>
-\<vSwitchId/\>
-\<vSwitchSourcePort\>0\</vSwitchSourcePort\>
-\<vSwitchDestinationPort\>0\</vSwitchDestinationPort\>
-\</classifyDrop\>
+<classifyDrop>
+<filterId>68893</filterId>
+<layerId>50</layerId>
+<reauthReason>0</reauthReason>
+<originalProfile>1</originalProfile>
+<currentProfile>1</currentProfile>
+<msFwpDirection>MS_FWP_DIRECTION_OUT</msFwpDirection>
+<isLoopback>false</isLoopback>
+<vSwitchId/>
+<vSwitchSourcePort>0</vSwitchSourcePort>
+<vSwitchDestinationPort>0</vSwitchDestinationPort>
+</classifyDrop>
 ```
-If we search for that filter, \#68893, in Wfpdiag-Case2.xml, we will see that
+If you search for the filter #68893 in Wfpdiag-Case2.xml, you'll see that
 the packet was dropped by a Block Outbound Default Rule filter.
 
-**Block Outbound Default Rule Filter \#68893, Wfpdiag-Case-2.xml**
+**Block Outbound Default Rule Filter #68893, Wfpdiag-Case-2.xml**
 
 ```xml
-\<item\>
->   \<filterKey\>{6d51582f-bcf8-42c4-afc9-e2ce7155c11b}\</filterKey\>
->   \<displayData\>
->   \<name\>**Block Outbound Default Rule**\</name\>
->   \<description\>Block Outbound Default Rule\</description\>
->   \</displayData\>
->   \<flags/\>
->   \<providerKey\>{4b153735-1049-4480-aab4-d1b9bdc03710}\</providerKey\>
->   \<providerData\>
->   \<data\>b001000000000000\</data\>
->   \<asString\>........\</asString\>
->   \</providerData\>
->   \<layerKey\>FWPM_LAYER_ALE_AUTH_CONNECT_V6\</layerKey\>
->   \<subLayerKey\>{b3cdd441-af90-41ba-a745-7c6008ff2300}\</subLayerKey\>
->   \<weight\>
->   \<type\>FWP_EMPTY\</type\>
->   \</weight\>
->   \<filterCondition numItems="1"\>
->   \<item\>
->   \<fieldKey\>FWPM_CONDITION_ALE_PACKAGE_ID\</fieldKey\>
->   \<matchType\>FWP_MATCH_NOT_EQUAL\</matchType\>
->   \<conditionValue\>
->   \<type\>FWP_SID\</type\>
->   \<sid\>S-1-0-0\</sid\>
->   \</conditionValue\>
->   \</item\>
->   \</filterCondition\>
->   \<action\>
->   \<type\>FWP_ACTION_BLOCK\</type\>
->   \<filterType/\>
->   \</action\>
->   \<rawContext\>0\</rawContext\>
->   \<reserved/\>
->   \<filterId\>68893\</filterId\>
->   \<effectiveWeight\>
->   \<type\>FWP_UINT64\</type\>
->   \<uint64\>68719476736\</uint64\>
->   \</effectiveWeight\>
-\</item\>
+<item>
+	<filterKey>{6d51582f-bcf8-42c4-afc9-e2ce7155c11b}</filterKey>
+/t<displayData>
+	<name>**Block Outbound Default Rule**</name>
+	<description>Block Outbound Default Rule</description>
+	</displayData>
+	<flags/>
+	<providerKey>{4b153735-1049-4480-aab4-d1b9bdc03710}</providerKey>
+	<providerData>
+	<data>b001000000000000</data>
+	<asString>........</asString>
+	</providerData>
+	<layerKey>FWPM_LAYER_ALE_AUTH_CONNECT_V6</layerKey>
+	<subLayerKey>{b3cdd441-af90-41ba-a745-7c6008ff2300}</subLayerKey>
+	<weight>
+	<type>FWP_EMPTY</type>
+	</weight>
+	<filterCondition numItems="1">
+	<item>
+	<fieldKey>FWPM_CONDITION_ALE_PACKAGE_ID</fieldKey>
+	<matchType>FWP_MATCH_NOT_EQUAL</matchType>
+	<conditionValue>
+	<type>FWP_SID</type>
+	<sid>S-1-0-0</sid>
+	</conditionValue>
+	</item>
+	</filterCondition>
+	<action>
+	<type>FWP_ACTION_BLOCK</type>
+	<filterType/>
+	</action>
+	<rawContext>0</rawContext>
+	<reserved/>
+	<filterId>68893</filterId>
+	<effectiveWeight>
+	<type>FWP_UINT64</type>
+	<uint64>68719476736</uint64>
+	</effectiveWeight>
+</item>
 ```
 
-A packet will reach a default block filter if the packet was unable to match any of the conditions of other filters, and thus not allowed by the other filters in
+A packet will reach a default block filter if the packet was unable to match any of the conditions of other filters, and not allowed by the other filters in
 the same sublayer.
 
 If the packet had the correct capability token,
-FWP_CAPABILITIES_FLAG_INTERNET_CLIENT, it would have matched a condition for a
+**FWP_CAPABILITIES_FLAG_INTERNET_CLIENT**, it would have matched a condition for a
 non-default block filter and would have been permitted to reach bing.com.
 Without the correct capability tokens, the packet will be explicitly dropped by
 a default block outbound filter.
@@ -490,74 +487,74 @@ only has a private network token. Therefore, the packet will be dropped.
 
 **Classify Drop netEvent, Wfpdiag-Case-3.xml**
 ```xml
-\<netEvent\>
-\<header\>
-\<timeStamp\>2020-03-31T16:57:18.570Z\</timeStamp\>
-\<flags numItems="9"\>
-\<item\>FWPM_NET_EVENT_FLAG_IP_PROTOCOL_SET\</item\>
-\<item\>FWPM_NET_EVENT_FLAG_LOCAL_ADDR_SET\</item\>
-\<item\>FWPM_NET_EVENT_FLAG_REMOTE_ADDR_SET\</item\>
-\<item\>FWPM_NET_EVENT_FLAG_LOCAL_PORT_SET\</item\>
-\<item\>FWPM_NET_EVENT_FLAG_REMOTE_PORT_SET\</item\>
-\<item\>FWPM_NET_EVENT_FLAG_APP_ID_SET\</item\>
-\<item\>FWPM_NET_EVENT_FLAG_USER_ID_SET\</item\>
-\<item\>FWPM_NET_EVENT_FLAG_IP_VERSION_SET\</item\>
-\<item\>FWPM_NET_EVENT_FLAG_PACKAGE_ID_SET\</item\>
-\</flags\>
-\<ipVersion\>FWP_IP_VERSION_V6\</ipVersion\>
-\<ipProtocol\>6\</ipProtocol\>
-\<localAddrV6.byteArray16\>2001:4898:1a:1045:9c65:7805:dd4a:cc4b\</localAddrV6.byteArray16\>
-\<remoteAddrV6.byteArray16\>2620:1ec:c11::200\</remoteAddrV6.byteArray16\>
-\<localPort\>64086\</localPort\>
-\<remotePort\>443\</remotePort\>
-\<scopeId\>0\</scopeId\>
-\<appId\>
-\<data\>5c006400650076006900630065005c0068006100720064006400690073006b0076006f006c0075006d00650031005c00700072006f006700720061006d002000660069006c00650073005c00770069006e0064006f007700730061007000700073005c00610066003600390032006200660066002d0036003700370039002d0034003200340066002d0038003700300065002d006600360065003500390063003500300032003300340039005f0031002e0031002e0035002e0030005f007800360034005f005f00350063003000330037006a0061007200350038003300390072005c0075007700700073006f0063006b006500740063006c00690065006e0074002e006500780065000000\</data\>
-\<asString\>\\.d.e.v.i.c.e.\\.h.a.r.d.d.i.s.k.v.o.l.u.m.e.1.\\.p.r.o.g.r.a.m.
-.f.i.l.e.s.\\.w.i.n.d.o.w.s.a.p.p.s.\\.a.f.6.9.2.b.f.f.-.6.7.7.9.-.4.2.4.f.-.8.7.0.e.-.f.6.e.5.9.c.5.0.2.3.4.9._.1...1...5...0._.x.6.4._._.5.c.0.3.7.j.a.r.5.8.3.9.r.\\.u.w.p.s.o.c.k.e.t.c.l.i.e.n.t...e.x.e...\</asString\>
-\</appId\>
-\<userId\>S-1-5-21-2788718703-1626973220-3690764900-1000\</userId\>
-\<addressFamily\>FWP_AF_INET6\</addressFamily\>
-\<packageSid\>S-1-15-2-4163697451-3176919390-1155390458-2883473650-3020241727-522149888-4067122936\</packageSid\>
-\<enterpriseId/\>
-\<policyFlags\>0\</policyFlags\>
-\<effectiveName/\>
-\</header\>
-\<type\>FWPM_NET_EVENT_TYPE_CLASSIFY_DROP\</type\>
-\<classifyDrop\>
-\<filterId\>68893\</filterId\>
-\<layerId\>50\</layerId\>
-\<reauthReason\>0\</reauthReason\>
-\<originalProfile\>1\</originalProfile\>
-\<currentProfile\>1\</currentProfile\>
-\<msFwpDirection\>MS_FWP_DIRECTION_OUT\</msFwpDirection\>
-\<isLoopback\>false\</isLoopback\>
-\<vSwitchId/\>
-\<vSwitchSourcePort\>0\</vSwitchSourcePort\>
-\<vSwitchDestinationPort\>0\</vSwitchDestinationPort\>
-\</classifyDrop\>
-\<internalFields\>
-\<internalFlags/\>
-\<remoteAddrBitmap\>0000000000000000\</remoteAddrBitmap\>
-**\<capabilities numItems="1"\>**
-**\<item\>FWP_CAPABILITIES_FLAG_PRIVATE_NETWORK\</item\>**
-**\</capabilities\>**
-\<fqbnVersion\>0\</fqbnVersion\>
-\<fqbnName/\>
-\<terminatingFiltersInfo numItems="2"\>
-\<item\>
-\<filterId\>68893\</filterId\>
-\<subLayer\>FWPP_SUBLAYER_INTERNAL_FIREWALL_WSH\</subLayer\>
-\<actionType\>FWP_ACTION_BLOCK\</actionType\>
-\</item\>
-\<item\>
-\<filterId\>68879\</filterId\>
-\<subLayer\>FWPP_SUBLAYER_INTERNAL_FIREWALL_WF\</subLayer\>
-\<actionType\>FWP_ACTION_PERMIT\</actionType\>
-\</item\>
-\</terminatingFiltersInfo\>
-\</internalFields\>
-\</netEvent\>
+<netEvent>
+<header>
+<timeStamp>2020-03-31T16:57:18.570Z</timeStamp>
+<flags numItems="9">
+<item>FWPM_NET_EVENT_FLAG_IP_PROTOCOL_SET</item>
+<item>FWPM_NET_EVENT_FLAG_LOCAL_ADDR_SET</item>
+<item>FWPM_NET_EVENT_FLAG_REMOTE_ADDR_SET</item>
+<item>FWPM_NET_EVENT_FLAG_LOCAL_PORT_SET</item>
+<item>FWPM_NET_EVENT_FLAG_REMOTE_PORT_SET</item>
+<item>FWPM_NET_EVENT_FLAG_APP_ID_SET</item>
+<item>FWPM_NET_EVENT_FLAG_USER_ID_SET</item>
+<item>FWPM_NET_EVENT_FLAG_IP_VERSION_SET</item>
+<item>FWPM_NET_EVENT_FLAG_PACKAGE_ID_SET</item>
+</flags>
+<ipVersion>FWP_IP_VERSION_V6</ipVersion>
+<ipProtocol>6</ipProtocol>
+<localAddrV6.byteArray16>2001:4898:1a:1045:9c65:7805:dd4a:cc4b</localAddrV6.byteArray16>
+<remoteAddrV6.byteArray16>2620:1ec:c11::200</remoteAddrV6.byteArray16>
+<localPort>64086</localPort>
+<remotePort>443</remotePort>
+<scopeId>0</scopeId>
+<appId>
+<data>5c006400650076006900630065005c0068006100720064006400690073006b0076006f006c0075006d00650031005c00700072006f006700720061006d002000660069006c00650073005c00770069006e0064006f007700730061007000700073005c00610066003600390032006200660066002d0036003700370039002d0034003200340066002d0038003700300065002d006600360065003500390063003500300032003300340039005f0031002e0031002e0035002e0030005f007800360034005f005f00350063003000330037006a0061007200350038003300390072005c0075007700700073006f0063006b006500740063006c00690065006e0074002e006500780065000000</data>
+<asString>\\.d.e.v.i.c.e.\\.h.a.r.d.d.i.s.k.v.o.l.u.m.e.1.\\.p.r.o.g.r.a.m.
+.f.i.l.e.s.\\.w.i.n.d.o.w.s.a.p.p.s.\\.a.f.6.9.2.b.f.f.-.6.7.7.9.-.4.2.4.f.-.8.7.0.e.-.f.6.e.5.9.c.5.0.2.3.4.9._.1...1...5...0._.x.6.4._._.5.c.0.3.7.j.a.r.5.8.3.9.r.\\.u.w.p.s.o.c.k.e.t.c.l.i.e.n.t...e.x.e...</asString>
+</appId>
+<userId>S-1-5-21-2788718703-1626973220-3690764900-1000</userId>
+<addressFamily>FWP_AF_INET6</addressFamily>
+<packageSid>S-1-15-2-4163697451-3176919390-1155390458-2883473650-3020241727-522149888-4067122936</packageSid>
+<enterpriseId/>
+<policyFlags>0</policyFlags>
+<effectiveName/>
+</header>
+<type>FWPM_NET_EVENT_TYPE_CLASSIFY_DROP</type>
+<classifyDrop>
+<filterId>68893</filterId>
+<layerId>50</layerId>
+<reauthReason>0</reauthReason>
+<originalProfile>1</originalProfile>
+<currentProfile>1</currentProfile>
+<msFwpDirection>MS_FWP_DIRECTION_OUT</msFwpDirection>
+<isLoopback>false</isLoopback>
+<vSwitchId/>
+<vSwitchSourcePort>0</vSwitchSourcePort>
+<vSwitchDestinationPort>0</vSwitchDestinationPort>
+</classifyDrop>
+<internalFields>
+<internalFlags/>
+<remoteAddrBitmap>0000000000000000</remoteAddrBitmap>
+**<capabilities numItems="1">**
+**<item>FWP_CAPABILITIES_FLAG_PRIVATE_NETWORK</item>**
+**</capabilities>**
+<fqbnVersion>0</fqbnVersion>
+<fqbnName/>
+<terminatingFiltersInfo numItems="2">
+<item>
+<filterId>68893</filterId>
+<subLayer>FWPP_SUBLAYER_INTERNAL_FIREWALL_WSH</subLayer>
+<actionType>FWP_ACTION_BLOCK</actionType>
+</item>
+<item>
+<filterId>68879</filterId>
+<subLayer>FWPP_SUBLAYER_INTERNAL_FIREWALL_WF</subLayer>
+<actionType>FWP_ACTION_PERMIT</actionType>
+</item>
+</terminatingFiltersInfo>
+</internalFields>
+</netEvent>
 ```
 
 ## Case 4: UWP app cannot reach Intranet target address without Private Network capability
@@ -567,75 +564,75 @@ In this example, the UWP app is unable to reach the Intranet target address,
 
 **Classify Drop netEvent, Wfpdiag-Case-4.xml**
 ```xml
-\<netEvent\>
-\<header\>
->   \<timeStamp\>2020-05-22T21:29:28.601Z\</timeStamp\>
->   \<flags numItems="9"\>
->   \<item\>FWPM_NET_EVENT_FLAG_IP_PROTOCOL_SET\</item\>
->   \<item\>FWPM_NET_EVENT_FLAG_LOCAL_ADDR_SET\</item\>
->   \<item\>FWPM_NET_EVENT_FLAG_REMOTE_ADDR_SET\</item\>
->   \<item\>FWPM_NET_EVENT_FLAG_LOCAL_PORT_SET\</item\>
->   \<item\>FWPM_NET_EVENT_FLAG_REMOTE_PORT_SET\</item\>
->   \<item\>FWPM_NET_EVENT_FLAG_APP_ID_SET\</item\>
->   \<item\>FWPM_NET_EVENT_FLAG_USER_ID_SET\</item\>
->   \<item\>FWPM_NET_EVENT_FLAG_IP_VERSION_SET\</item\>
->   \<item\>FWPM_NET_EVENT_FLAG_PACKAGE_ID_SET\</item\>
->   \</flags\>
->   \<ipVersion\>FWP_IP_VERSION_V4\</ipVersion\>
->   \<ipProtocol\>6\</ipProtocol\>
->   \<localAddrV4\>10.216.117.17\</localAddrV4\>
->   \<remoteAddrV4\>10.50.50.50\</remoteAddrV4\>
->   \<localPort\>52998\</localPort\>
->   \<remotePort\>53\</remotePort\>
->   \<scopeId\>0\</scopeId\>
->   \<appId\>				
->   \<data\>5c006400650076006900630065005c0068006100720064006400690073006b0076006f006c0075006d00650031005c00700072006f006700720061006d002000660069006c00650073005c00770069006e0064006f007700730061007000700073005c00610066003600390032006200660066002d0036003700370039002d0034003200340066002d0038003700300065002d006600360065003500390063003500300032003300340039005f0031002e0031002e00310031002e0030005f007800360034005f005f00350063003000330037006a0061007200350038003300390072005c0075007700700073006f0063006b006500740063006c00690065006e0074002e006500780065000000\</data\>
->   \<asString\>\\.d.e.v.i.c.e.\\.h.a.r.d.d.i.s.k.v.o.l.u.m.e.1.\\.p.r.o.g.r.a.m.
->   .f.i.l.e.s.\\.w.i.n.d.o.w.s.a.p.p.s.\\.a.f.6.9.2.b.f.f.-.6.7.7.9.-.4.2.4.f.-.8.7.0.e.-.f.6.e.5.9.c.5.0.2.3.4.9._.1...1...1.1...0._.x.6.4._._.5.c.0.3.7.j.a.r.5.8.3.9.r.\\.u.w.p.s.o.c.k.e.t.c.l.i.e.n.t...e.x.e...\</asString\>
->   \</appId\>
->   \<userId\>S-1-5-21-2993214446-1947230185-131795049-1000\</userId\>
->   \<addressFamily\>FWP_AF_INET\</addressFamily\>
->   \<packageSid\>S-1-15-2-4163697451-3176919390-1155390458-2883473650-3020241727-522149888-4067122936\</packageSid\>
->   \<enterpriseId/\>
->   \<policyFlags\>0\</policyFlags\>
->   \<effectiveName/\>
-\</header\>
->   \<type\>FWPM_NET_EVENT_TYPE_CLASSIFY_DROP\</type\>
->   \<classifyDrop\>
->   \<filterId\>121180\</filterId\>
->   \<layerId\>48\</layerId\>
->   \<reauthReason\>0\</reauthReason\>
->   \<originalProfile\>1\</originalProfile\>
->   \<currentProfile\>1\</currentProfile\>
->   \<msFwpDirection\>MS_FWP_DIRECTION_OUT\</msFwpDirection\>
->   \<isLoopback\>false\</isLoopback\>
->   \<vSwitchId/\>
->   \<vSwitchSourcePort\>0\</vSwitchSourcePort\>
->   \<vSwitchDestinationPort\>0\</vSwitchDestinationPort\>
-\</classifyDrop\>
-\<internalFields\>
->   \<internalFlags/\>
->   \<remoteAddrBitmap\>0000000000000000\</remoteAddrBitmap\>
->   \<capabilities numItems="2"\>
->   \<item\>FWP_CAPABILITIES_FLAG_INTERNET_CLIENT\</item\>
->   \<item\>FWP_CAPABILITIES_FLAG_INTERNET_CLIENT_SERVER\</item\>
->   \</capabilities\>
->   \<fqbnVersion\>0\</fqbnVersion\>
->   \<fqbnName/\>
->   \<terminatingFiltersInfo numItems="2"\>
->   \<item\>
->   \<filterId\>121180\</filterId\>
->   \<subLayer\>FWPP_SUBLAYER_INTERNAL_FIREWALL_WSH\</subLayer\>
->   \<actionType\>FWP_ACTION_BLOCK\</actionType\>
->   \</item\>
->   \<item\>
->   \<filterId\>121165\</filterId\>
->   \<subLayer\>FWPP_SUBLAYER_INTERNAL_FIREWALL_WF\</subLayer\>
->   \<actionType\>FWP_ACTION_PERMIT\</actionType\>
->   \</item\>
->   \</terminatingFiltersInfo\>
-\</internalFields\>
-\</netEvent\>
+<netEvent>
+<header>
+	<timeStamp>2020-05-22T21:29:28.601Z</timeStamp>
+	<flags numItems="9">
+	<item>FWPM_NET_EVENT_FLAG_IP_PROTOCOL_SET</item>
+	<item>FWPM_NET_EVENT_FLAG_LOCAL_ADDR_SET</item>
+	<item>FWPM_NET_EVENT_FLAG_REMOTE_ADDR_SET</item>
+	<item>FWPM_NET_EVENT_FLAG_LOCAL_PORT_SET</item>
+	<item>FWPM_NET_EVENT_FLAG_REMOTE_PORT_SET</item>
+	<item>FWPM_NET_EVENT_FLAG_APP_ID_SET</item>
+	<item>FWPM_NET_EVENT_FLAG_USER_ID_SET</item>
+	<item>FWPM_NET_EVENT_FLAG_IP_VERSION_SET</item>
+	<item>FWPM_NET_EVENT_FLAG_PACKAGE_ID_SET</item>
+	</flags>
+	<ipVersion>FWP_IP_VERSION_V4</ipVersion>
+	<ipProtocol>6</ipProtocol>
+	<localAddrV4>10.216.117.17</localAddrV4>
+	<remoteAddrV4>10.50.50.50</remoteAddrV4>
+	<localPort>52998</localPort>
+	<remotePort>53</remotePort>
+	<scopeId>0</scopeId>
+	<appId>				
+	<data>5c006400650076006900630065005c0068006100720064006400690073006b0076006f006c0075006d00650031005c00700072006f006700720061006d002000660069006c00650073005c00770069006e0064006f007700730061007000700073005c00610066003600390032006200660066002d0036003700370039002d0034003200340066002d0038003700300065002d006600360065003500390063003500300032003300340039005f0031002e0031002e00310031002e0030005f007800360034005f005f00350063003000330037006a0061007200350038003300390072005c0075007700700073006f0063006b006500740063006c00690065006e0074002e006500780065000000</data>
+	<asString>\\.d.e.v.i.c.e.\\.h.a.r.d.d.i.s.k.v.o.l.u.m.e.1.\\.p.r.o.g.r.a.m.
+	.f.i.l.e.s.\\.w.i.n.d.o.w.s.a.p.p.s.\\.a.f.6.9.2.b.f.f.-.6.7.7.9.-.4.2.4.f.-.8.7.0.e.-.f.6.e.5.9.c.5.0.2.3.4.9._.1...1...1.1...0._.x.6.4._._.5.c.0.3.7.j.a.r.5.8.3.9.r.\\.u.w.p.s.o.c.k.e.t.c.l.i.e.n.t...e.x.e...</asString>
+	</appId>
+	<userId>S-1-5-21-2993214446-1947230185-131795049-1000</userId>
+	<addressFamily>FWP_AF_INET</addressFamily>
+	<packageSid>S-1-15-2-4163697451-3176919390-1155390458-2883473650-3020241727-522149888-4067122936</packageSid>
+	<enterpriseId/>
+	<policyFlags>0</policyFlags>
+	<effectiveName/>
+</header>
+	<type>FWPM_NET_EVENT_TYPE_CLASSIFY_DROP</type>
+	<classifyDrop>
+	<filterId>121180</filterId>
+	<layerId>48</layerId>
+	<reauthReason>0</reauthReason>
+	<originalProfile>1</originalProfile>
+	<currentProfile>1</currentProfile>
+	<msFwpDirection>MS_FWP_DIRECTION_OUT</msFwpDirection>
+	<isLoopback>false</isLoopback>
+	<vSwitchId/>
+	<vSwitchSourcePort>0</vSwitchSourcePort>
+	<vSwitchDestinationPort>0</vSwitchDestinationPort>
+</classifyDrop>
+<internalFields>
+	<internalFlags/>
+	<remoteAddrBitmap>0000000000000000</remoteAddrBitmap>
+	<capabilities numItems="2">
+	<item>FWP_CAPABILITIES_FLAG_INTERNET_CLIENT</item>
+	<item>FWP_CAPABILITIES_FLAG_INTERNET_CLIENT_SERVER</item>
+	</capabilities>
+	<fqbnVersion>0</fqbnVersion>
+	<fqbnName/>
+	<terminatingFiltersInfo numItems="2">
+	<item>
+	<filterId>121180</filterId>
+	<subLayer>FWPP_SUBLAYER_INTERNAL_FIREWALL_WSH</subLayer>
+	<actionType>FWP_ACTION_BLOCK</actionType>
+	</item>
+	<item>
+	<filterId>121165</filterId>
+	<subLayer>FWPP_SUBLAYER_INTERNAL_FIREWALL_WF</subLayer>
+	<actionType>FWP_ACTION_PERMIT</actionType>
+	</item>
+	</terminatingFiltersInfo>
+</internalFields>
+</netEvent>
 ```
 ## Case 5: UWP app cannot reach “Intranet” target address with Private Network capability
 
@@ -644,360 +641,360 @@ In this example, the UWP app is unable to reach the Intranet target address,
 
 **Classify Drop netEvent, Wfpdiag-Case-5.xml**
 ```xml
-\<netEvent\>
->   \<header\>
->   \<timeStamp\>2020-05-22T20:54:53.499Z\</timeStamp\>
->   \<flags numItems="9"\>
->   \<item\>FWPM_NET_EVENT_FLAG_IP_PROTOCOL_SET\</item\>
->   \<item\>FWPM_NET_EVENT_FLAG_LOCAL_ADDR_SET\</item\>
->   \<item\>FWPM_NET_EVENT_FLAG_REMOTE_ADDR_SET\</item\>
->   \<item\>FWPM_NET_EVENT_FLAG_LOCAL_PORT_SET\</item\>
->   \<item\>FWPM_NET_EVENT_FLAG_REMOTE_PORT_SET\</item\>
->   \<item\>FWPM_NET_EVENT_FLAG_APP_ID_SET\</item\>
->   \<item\>FWPM_NET_EVENT_FLAG_USER_ID_SET\</item\>
->   \<item\>FWPM_NET_EVENT_FLAG_IP_VERSION_SET\</item\>
->   \<item\>FWPM_NET_EVENT_FLAG_PACKAGE_ID_SET\</item\>
->   \</flags\>
->   \<ipVersion\>FWP_IP_VERSION_V4\</ipVersion\>
->   \<ipProtocol\>6\</ipProtocol\>
->   \<localAddrV4\>10.216.117.17\</localAddrV4\>
->   \<remoteAddrV4\>10.1.1.1\</remoteAddrV4\>
->   \<localPort\>52956\</localPort\>
->   \<remotePort\>53\</remotePort\>
->   \<scopeId\>0\</scopeId\>
->   \<appId\>	
->   \<data\>5c006400650076006900630065005c0068006100720064006400690073006b0076006f006c0075006d00650031005c00700072006f006700720061006d002000660069006c00650073005c00770069006e0064006f007700730061007000700073005c00610066003600390032006200660066002d0036003700370039002d0034003200340066002d0038003700300065002d006600360065003500390063003500300032003300340039005f0031002e0031002e00310033002e0030005f007800360034005f005f00350063003000330037006a0061007200350038003300390072005c0075007700700073006f0063006b006500740063006c00690065006e0074002e006500780065000000\</data\>
->   \<asString\>\\.d.e.v.i.c.e.\\.h.a.r.d.d.i.s.k.v.o.l.u.m.e.1.\\.p.r.o.g.r.a.m.
->   .f.i.l.e.s.\\.w.i.n.d.o.w.s.a.p.p.s.\\.a.f.6.9.2.b.f.f.-.6.7.7.9.-.4.2.4.f.-.8.7.0.e.-.f.6.e.5.9.c.5.0.2.3.4.9._.1...1...1.3...0._.x.6.4._._.5.c.0.3.7.j.a.r.5.8.3.9.r.\\.u.w.p.s.o.c.k.e.t.c.l.i.e.n.t...e.x.e...\</asString\>
->   \</appId\>
->   \<userId\>S-1-5-21-2993214446-1947230185-131795049-1000\</userId\>
->   \<addressFamily\>FWP_AF_INET\</addressFamily\>
->   \<packageSid\>S-1-15-2-4163697451-3176919390-1155390458-2883473650-3020241727-522149888-4067122936\</packageSid\>
->   \<enterpriseId/\>
->   \<policyFlags\>0\</policyFlags\>
->   \<effectiveName/\>
-\</header\>
->   \<type\>FWPM_NET_EVENT_TYPE_CLASSIFY_DROP\</type\>
->   \<classifyDrop\>
->   \<filterId\>121180\</filterId\>
->   \<layerId\>48\</layerId\>
->   \<reauthReason\>0\</reauthReason\>
->   \<originalProfile\>1\</originalProfile\>
->   \<currentProfile\>1\</currentProfile\>
->   \<msFwpDirection\>MS_FWP_DIRECTION_OUT\</msFwpDirection\>
->   \<isLoopback\>false\</isLoopback\>
->   \<vSwitchId/\>
->   \<vSwitchSourcePort\>0\</vSwitchSourcePort\>
->   \<vSwitchDestinationPort\>0\</vSwitchDestinationPort\>
->   \</classifyDrop\>
->   \<internalFields\>
->   \<internalFlags/\>
->   \<remoteAddrBitmap\>0000000000000000\</remoteAddrBitmap\>
->   \<capabilities numItems="1"\>
->   \<item\>FWP_CAPABILITIES_FLAG_PRIVATE_NETWORK\</item\>
->   \</capabilities\>
->   \<fqbnVersion\>0\</fqbnVersion\>
->   \<fqbnName/\>
->   \<terminatingFiltersInfo numItems="2"\>
->   \<item\>
->   \<filterId\>121180\</filterId\>
->   \<subLayer\>FWPP_SUBLAYER_INTERNAL_FIREWALL_WSH\</subLayer\>
->   \<actionType\>FWP_ACTION_BLOCK\</actionType\>
->   \</item\>
->   \<item\>
->   \<filterId\>121165\</filterId\>
->   \<subLayer\>FWPP_SUBLAYER_INTERNAL_FIREWALL_WF\</subLayer\>
->   \<actionType\>FWP_ACTION_PERMIT\</actionType\>
->   \</item\>
->   \</terminatingFiltersInfo\>
->   \</internalFields\>
-\</netEvent\>
+<netEvent>
+	<header>
+	<timeStamp>2020-05-22T20:54:53.499Z</timeStamp>
+	<flags numItems="9">
+	<item>FWPM_NET_EVENT_FLAG_IP_PROTOCOL_SET</item>
+	<item>FWPM_NET_EVENT_FLAG_LOCAL_ADDR_SET</item>
+	<item>FWPM_NET_EVENT_FLAG_REMOTE_ADDR_SET</item>
+	<item>FWPM_NET_EVENT_FLAG_LOCAL_PORT_SET</item>
+	<item>FWPM_NET_EVENT_FLAG_REMOTE_PORT_SET</item>
+	<item>FWPM_NET_EVENT_FLAG_APP_ID_SET</item>
+	<item>FWPM_NET_EVENT_FLAG_USER_ID_SET</item>
+	<item>FWPM_NET_EVENT_FLAG_IP_VERSION_SET</item>
+	<item>FWPM_NET_EVENT_FLAG_PACKAGE_ID_SET</item>
+	</flags>
+	<ipVersion>FWP_IP_VERSION_V4</ipVersion>
+	<ipProtocol>6</ipProtocol>
+	<localAddrV4>10.216.117.17</localAddrV4>
+	<remoteAddrV4>10.1.1.1</remoteAddrV4>
+	<localPort>52956</localPort>
+	<remotePort>53</remotePort>
+	<scopeId>0</scopeId>
+	<appId>	
+	<data>5c006400650076006900630065005c0068006100720064006400690073006b0076006f006c0075006d00650031005c00700072006f006700720061006d002000660069006c00650073005c00770069006e0064006f007700730061007000700073005c00610066003600390032006200660066002d0036003700370039002d0034003200340066002d0038003700300065002d006600360065003500390063003500300032003300340039005f0031002e0031002e00310033002e0030005f007800360034005f005f00350063003000330037006a0061007200350038003300390072005c0075007700700073006f0063006b006500740063006c00690065006e0074002e006500780065000000</data>
+	<asString>\\.d.e.v.i.c.e.\\.h.a.r.d.d.i.s.k.v.o.l.u.m.e.1.\\.p.r.o.g.r.a.m.
+	.f.i.l.e.s.\\.w.i.n.d.o.w.s.a.p.p.s.\\.a.f.6.9.2.b.f.f.-.6.7.7.9.-.4.2.4.f.-.8.7.0.e.-.f.6.e.5.9.c.5.0.2.3.4.9._.1...1...1.3...0._.x.6.4._._.5.c.0.3.7.j.a.r.5.8.3.9.r.\\.u.w.p.s.o.c.k.e.t.c.l.i.e.n.t...e.x.e...</asString>
+	</appId>
+	<userId>S-1-5-21-2993214446-1947230185-131795049-1000</userId>
+	<addressFamily>FWP_AF_INET</addressFamily>
+	<packageSid>S-1-15-2-4163697451-3176919390-1155390458-2883473650-3020241727-522149888-4067122936</packageSid>
+	<enterpriseId/>
+	<policyFlags>0</policyFlags>
+	<effectiveName/>
+</header>
+	<type>FWPM_NET_EVENT_TYPE_CLASSIFY_DROP</type>
+	<classifyDrop>
+	<filterId>121180</filterId>
+	<layerId>48</layerId>
+	<reauthReason>0</reauthReason>
+	<originalProfile>1</originalProfile>
+	<currentProfile>1</currentProfile>
+	<msFwpDirection>MS_FWP_DIRECTION_OUT</msFwpDirection>
+	<isLoopback>false</isLoopback>
+	<vSwitchId/>
+	<vSwitchSourcePort>0</vSwitchSourcePort>
+	<vSwitchDestinationPort>0</vSwitchDestinationPort>
+	</classifyDrop>
+	<internalFields>
+	<internalFlags/>
+	<remoteAddrBitmap>0000000000000000</remoteAddrBitmap>
+	<capabilities numItems="1">
+	<item>FWP_CAPABILITIES_FLAG_PRIVATE_NETWORK</item>
+	</capabilities>
+	<fqbnVersion>0</fqbnVersion>
+	<fqbnName/>
+	<terminatingFiltersInfo numItems="2">
+	<item>
+	<filterId>121180</filterId>
+	<subLayer>FWPP_SUBLAYER_INTERNAL_FIREWALL_WSH</subLayer>
+	<actionType>FWP_ACTION_BLOCK</actionType>
+	</item>
+	<item>
+	<filterId>121165</filterId>
+	<subLayer>FWPP_SUBLAYER_INTERNAL_FIREWALL_WF</subLayer>
+	<actionType>FWP_ACTION_PERMIT</actionType>
+	</item>
+	</terminatingFiltersInfo>
+	</internalFields>
+</netEvent>
 ```
 The following shows the filter that blocked the event:
 
 **Block Outbound Default Rule Filter \#121180, Wfpdiag-Case-5.xml**
 
 ```xml
-\<item\>
->   \<filterKey\>{e62a1a22-c80a-4518-a7f8-e7d1ef3a9ff6}\</filterKey\>
->   \<displayData\>
->   \<name\>Block Outbound Default Rule\</name\>
->   \<description\>Block Outbound Default Rule\</description\>
->   \</displayData\>
->   \<flags/\>
->   \<providerKey\>FWPM_PROVIDER_MPSSVC_WSH\</providerKey\>
->   \<providerData\>
->   \<data\>c029000000000000\</data\>
->   \<asString\>.)......\</asString\>
->   \</providerData\>
->   \<layerKey\>FWPM_LAYER_ALE_AUTH_CONNECT_V4\</layerKey\>
->   \<subLayerKey\>FWPM_SUBLAYER_MPSSVC_WSH\</subLayerKey\>
->   \<weight\>
->   \<type\>FWP_EMPTY\</type\>
->   \</weight\>
->   \<filterCondition numItems="1"\>
->   \<item\>
->   \<fieldKey\>FWPM_CONDITION_ALE_PACKAGE_ID\</fieldKey\>
->   \<matchType\>FWP_MATCH_NOT_EQUAL\</matchType\>
->   \<conditionValue\>
->   \<type\>FWP_SID\</type\>
->   \<sid\>S-1-0-0\</sid\>
->   \</conditionValue\>
->   \</item\>
->   \</filterCondition\>
->   \<action\>
->   \<type\>FWP_ACTION_BLOCK\</type\>
->   \<filterType/\>
->   \</action\>
->   \<rawContext\>0\</rawContext\>
->   \<reserved/\>
->   \<filterId\>121180\</filterId\>
->   \<effectiveWeight\>
->   \<type\>FWP_UINT64\</type\>
->   \<uint64\>274877906944\</uint64\>
->   \</effectiveWeight\>
-\</item\>
+<item>
+	<filterKey>{e62a1a22-c80a-4518-a7f8-e7d1ef3a9ff6}</filterKey>
+	<displayData>
+	<name>Block Outbound Default Rule</name>
+	<description>Block Outbound Default Rule</description>
+	</displayData>
+	<flags/>
+	<providerKey>FWPM_PROVIDER_MPSSVC_WSH</providerKey>
+	<providerData>
+	<data>c029000000000000</data>
+	<asString>.)......</asString>
+	</providerData>
+	<layerKey>FWPM_LAYER_ALE_AUTH_CONNECT_V4</layerKey>
+	<subLayerKey>FWPM_SUBLAYER_MPSSVC_WSH</subLayerKey>
+	<weight>
+	<type>FWP_EMPTY</type>
+	</weight>
+	<filterCondition numItems="1">
+	<item>
+	<fieldKey>FWPM_CONDITION_ALE_PACKAGE_ID</fieldKey>
+	<matchType>FWP_MATCH_NOT_EQUAL</matchType>
+	<conditionValue>
+	<type>FWP_SID</type>
+	<sid>S-1-0-0</sid>
+	</conditionValue>
+	</item>
+	</filterCondition>
+	<action>
+	<type>FWP_ACTION_BLOCK</type>
+	<filterType/>
+	</action>
+	<rawContext>0</rawContext>
+	<reserved/>
+	<filterId>121180</filterId>
+	<effectiveWeight>
+	<type>FWP_UINT64</type>
+	<uint64>274877906944</uint64>
+	</effectiveWeight>
+</item>
 ```
 If the target was in the private range, then it should have been allowed by a
 PrivateNetwork Outbound Default Rule filter.
 
 The following PrivateNetwork Outbound Default Rule filters have conditions for matching Intranet IP addresses. Since the expected Intranet target address,
-10.1.1.1, is not included in these filters it becomes clear that the address isnot in the private range. Check the policies which configure the private range
-on the machine (MDM, GP, etc) and make sure it includes the private targetaddress you wanted to reach.
+10.1.1.1, is not included in these filters it becomes clear that the address is not in the private range. Check the policies that configure the private range
+on the device (MDM, Group Policy, etc) and make sure it includes the private targetaddress you wanted to reach.
 
 **PrivateNetwork Outbound Default Rule Filters, Wfpdiag-Case-5.xml**
 ```xml
-\<item\>
->   \<filterKey\>{fd65507b-e356-4e2f-966f-0c9f9c1c6e78}\</filterKey\>
->   \<displayData\>
->   \<name\>PrivateNetwork Outbound Default Rule\</name\>
->   \<description\>PrivateNetwork Outbound Default Rule\</description\>
->   \</displayData\>
->   \<flags/\>
->   \<providerKey\>FWPM_PROVIDER_MPSSVC_WSH\</providerKey\>
->   \<providerData\>
->   \<data\>f22d000000000000\</data\>
->   \<asString\>.-......\</asString\>
->   \</providerData\>
->   \<layerKey\>FWPM_LAYER_ALE_AUTH_CONNECT_V4\</layerKey\>
->   \<subLayerKey\>FWPM_SUBLAYER_MPSSVC_WSH\</subLayerKey\>
->   \<weight\>
->   \<type\>FWP_EMPTY\</type\>
->   \</weight\>
->   \<filterCondition numItems="5"\>
->   \<item\>
->   \<fieldKey\>FWPM_CONDITION_ALE_PACKAGE_ID\</fieldKey\>
->   \<matchType\>FWP_MATCH_NOT_EQUAL\</matchType\>
->   \<conditionValue\>
->   \<type\>FWP_SID\</type\>
->   \<sid\>S-1-0-0\</sid\>
->   \</conditionValue\>
->   \</item\>
->   \<item\>
->   \<fieldKey\>FWPM_CONDITION_IP_REMOTE_ADDRESS\</fieldKey\>
->   \<matchType\>FWP_MATCH_EQUAL\</matchType\>
->   \<conditionValue\>
->   \<type\>FWP_UINT32\</type\>
->   \<uint32\>1.1.1.1\</uint32\>
->   \</conditionValue\>
->   \</item\>
->   \<item\>
->   \<fieldKey\>FWPM_CONDITION_ORIGINAL_PROFILE_ID\</fieldKey\>
->   \<matchType\>FWP_MATCH_EQUAL\</matchType\>
->   \<conditionValue\>
->   \<type\>FWP_UINT32\</type\>
->   \<uint32\>1\</uint32\>
->   \</conditionValue\>
->   \</item\>
->   \<item\>
->   \<fieldKey\>FWPM_CONDITION_CURRENT_PROFILE_ID\</fieldKey\>
->   \<matchType\>FWP_MATCH_EQUAL\</matchType\>
->   \<conditionValue\>
->   \<type\>FWP_UINT32\</type\>
->   \<uint32\>1\</uint32\>
->   \</conditionValue\>
->   \</item\>
->   \<item\>
->   \<fieldKey\>FWPM_CONDITION_ALE_USER_ID\</fieldKey\>
->   \<matchType\>FWP_MATCH_EQUAL\</matchType\>
->   \<conditionValue\>
->   \<type\>FWP_SECURITY_DESCRIPTOR_TYPE\</type\>
->   \<sd\>O:LSD:(A;;CC;;;S-1-15-3-3)(A;;CC;;;WD)(A;;CC;;;AN)\</sd\>
->   \</conditionValue\>
->   \</item\>
->   \</filterCondition\>
->   \<action\>
->   \<type\>FWP_ACTION_PERMIT\</type\>
->   \<filterType/\>
->   \</action\>
->   \<rawContext\>0\</rawContext\>
->   \<reserved/\>
->   \<filterId\>129656\</filterId\>
->   \<effectiveWeight\>
->   \<type\>FWP_UINT64\</type\>
->   \<uint64\>144115600392724416\</uint64\>
->   \</effectiveWeight\>
->   \</item\>
->   \<item\>
->   \<filterKey\>{b11b4f8a-222e-49d6-8d69-02728681d8bc}\</filterKey\>
->   \<displayData\>
->   \<name\>PrivateNetwork Outbound Default Rule\</name\>
->   \<description\>PrivateNetwork Outbound Default Rule\</description\>
->   \</displayData\>
->   \<flags/\>
->   \<providerKey\>FWPM_PROVIDER_MPSSVC_WSH\</providerKey\>
->   \<providerData\>
->   \<data\>f22d000000000000\</data\>
->   \<asString\>.-......\</asString\>
->   \</providerData\>
->   \<layerKey\>FWPM_LAYER_ALE_AUTH_CONNECT_V4\</layerKey\>
->   \<subLayerKey\>FWPM_SUBLAYER_MPSSVC_WSH\</subLayerKey\>
->   \<weight\>
->   \<type\>FWP_EMPTY\</type\>
->   \</weight\>
->   \<filterCondition numItems="5"\>
->   \<item\>
->   \<fieldKey\>FWPM_CONDITION_ALE_PACKAGE_ID\</fieldKey\>
->   \<matchType\>FWP_MATCH_NOT_EQUAL\</matchType\>
->   \<conditionValue\>
->   \<type\>FWP_SID\</type\>
->   \<sid\>S-1-0-0\</sid\>
->   \</conditionValue\>
->   \</item\>
->   \<item\>
->   \<fieldKey\>FWPM_CONDITION_IP_REMOTE_ADDRESS\</fieldKey\>
->   \<matchType\>FWP_MATCH_RANGE\</matchType\>
->   \<conditionValue\>
->   \<type\>FWP_RANGE_TYPE\</type\>
->   \<rangeValue\>
->   \<valueLow\>
->   \<type\>FWP_UINT32\</type\>
->   \<uint32\>172.16.0.0\</uint32\>
->   \</valueLow\>
->   \<valueHigh\>
->   \<type\>FWP_UINT32\</type\>
->   \<uint32\>172.31.255.255\</uint32\>
->   \</valueHigh\>
->   \</rangeValue\>
->   \</conditionValue\>
->   \</item\>
->   \<item\>
->   \<fieldKey\>FWPM_CONDITION_ORIGINAL_PROFILE_ID\</fieldKey\>
->   \<matchType\>FWP_MATCH_EQUAL\</matchType\>
->   \<conditionValue\>
->   \<type\>FWP_UINT32\</type\>
->   \<uint32\>1\</uint32\>
->   \</conditionValue\>
->   \</item\>
->   \<item\>
->   \<fieldKey\>FWPM_CONDITION_CURRENT_PROFILE_ID\</fieldKey\>
->   \<matchType\>FWP_MATCH_EQUAL\</matchType\>
->   \<conditionValue\>
->   \<type\>FWP_UINT32\</type\>
->   \<uint32\>1\</uint32\>
->   \</conditionValue\>
->   \</item\>
->   \<item\>
->   \<fieldKey\>FWPM_CONDITION_ALE_USER_ID\</fieldKey\>
->   \<matchType\>FWP_MATCH_EQUAL\</matchType\>
->   \<conditionValue\>
->   \<type\>FWP_SECURITY_DESCRIPTOR_TYPE\</type\>
->   \<sd\>O:LSD:(A;;CC;;;S-1-15-3-3)(A;;CC;;;WD)(A;;CC;;;AN)\</sd\>
->   \</conditionValue\>
->   \</item\>
->   \</filterCondition\>
->   \<action\>
->   \<type\>FWP_ACTION_PERMIT\</type\>
->   \<filterType/\>
->   \</action\>
->   \<rawContext\>0\</rawContext\>
->   \<reserved/\>
->   \<filterId\>129657\</filterId\>
->   \<effectiveWeight\>
->   \<type\>FWP_UINT64\</type\>
->   \<uint64\>36029209335832512\</uint64\>
->   \</effectiveWeight\>
-\</item\>
-\<item\>
->   \<filterKey\>{21cd82bc-6077-4069-94bf-750e5a43ca23}\</filterKey\>
->   \<displayData\>
->   \<name\>PrivateNetwork Outbound Default Rule\</name\>
->   \<description\>PrivateNetwork Outbound Default Rule\</description\>
->   \</displayData\>
->   \<flags/\>
->   \<providerKey\>FWPM_PROVIDER_MPSSVC_WSH\</providerKey\>
->   \<providerData\>
->   \<data\>f22d000000000000\</data\>
->   \<asString\>.-......\</asString\>
->   \</providerData\>
->   \<layerKey\>FWPM_LAYER_ALE_AUTH_CONNECT_V4\</layerKey\>
->   \<subLayerKey\>FWPM_SUBLAYER_MPSSVC_WSH\</subLayerKey\>
->   \<weight\>
->   \<type\>FWP_EMPTY\</type\>
->   \</weight\>
->   \<filterCondition numItems="5"\>
->   \<item\>
->   \<fieldKey\>FWPM_CONDITION_ALE_PACKAGE_ID\</fieldKey\>
->   \<matchType\>FWP_MATCH_NOT_EQUAL\</matchType\>
->   \<conditionValue\>
->   \<type\>FWP_SID\</type\>
->   \<sid\>S-1-0-0\</sid\>
->   \</conditionValue\>
->   \</item\>
->   \<item\>
->   \<fieldKey\>FWPM_CONDITION_IP_REMOTE_ADDRESS\</fieldKey\>
->   \<matchType\>FWP_MATCH_RANGE\</matchType\>
->   \<conditionValue\>
->   \<type\>FWP_RANGE_TYPE\</type\>
->   \<rangeValue\>
->   \<valueLow\>
->   \<type\>FWP_UINT32\</type\>
->   \<uint32\>192.168.0.0\</uint32\>
->   \</valueLow\>
->   \<valueHigh\>
->   \<type\>FWP_UINT32\</type\>
->   \<uint32\>192.168.255.255\</uint32\>
->   \</valueHigh\>
->   \</rangeValue\>
->   \</conditionValue\>
->   \</item\>
->   \<item\>
->   \<fieldKey\>FWPM_CONDITION_ORIGINAL_PROFILE_ID\</fieldKey\>
->   \<matchType\>FWP_MATCH_EQUAL\</matchType\>
->   \<conditionValue\>
->   \<type\>FWP_UINT32\</type\>
->   \<uint32\>1\</uint32\>
->   \</conditionValue\>
->   \</item\>
->   \<item\>
->   \<fieldKey\>FWPM_CONDITION_CURRENT_PROFILE_ID\</fieldKey\>
->   \<matchType\>FWP_MATCH_EQUAL\</matchType\>
->   \<conditionValue\>
->   \<type\>FWP_UINT32\</type\>
->   \<uint32\>1\</uint32\>
->   \</conditionValue\>
->   \</item\>
->   \<item\>
->   \<fieldKey\>FWPM_CONDITION_ALE_USER_ID\</fieldKey\>
->   \<matchType\>FWP_MATCH_EQUAL\</matchType\>
->   \<conditionValue\>
->   \<type\>FWP_SECURITY_DESCRIPTOR_TYPE\</type\>
->   \<sd\>O:LSD:(A;;CC;;;S-1-15-3-3)(A;;CC;;;WD)(A;;CC;;;AN)\</sd\>
->   \</conditionValue\>
->   \</item\>
->   \</filterCondition\>
->   \<action\>
->   \<type\>FWP_ACTION_PERMIT\</type\>
->   \<filterType/\>
->   \</action\>
->   \<rawContext\>0\</rawContext\>
->   \<reserved/\>
->   \<filterId\>129658\</filterId\>
->   \<effectiveWeight\>
->   \<type\>FWP_UINT64\</type\>
->   \<uint64\>36029209335832512\</uint64\>
->   \</effectiveWeight\>
-\</item\>
+<item>
+	<filterKey>{fd65507b-e356-4e2f-966f-0c9f9c1c6e78}</filterKey>
+	<displayData>
+	<name>PrivateNetwork Outbound Default Rule</name>
+	<description>PrivateNetwork Outbound Default Rule</description>
+	</displayData>
+	<flags/>
+	<providerKey>FWPM_PROVIDER_MPSSVC_WSH</providerKey>
+	<providerData>
+	<data>f22d000000000000</data>
+	<asString>.-......</asString>
+	</providerData>
+	<layerKey>FWPM_LAYER_ALE_AUTH_CONNECT_V4</layerKey>
+	<subLayerKey>FWPM_SUBLAYER_MPSSVC_WSH</subLayerKey>
+	<weight>
+	<type>FWP_EMPTY</type>
+	</weight>
+	<filterCondition numItems="5">
+	<item>
+	<fieldKey>FWPM_CONDITION_ALE_PACKAGE_ID</fieldKey>
+	<matchType>FWP_MATCH_NOT_EQUAL</matchType>
+	<conditionValue>
+	<type>FWP_SID</type>
+	<sid>S-1-0-0</sid>
+	</conditionValue>
+	</item>
+	<item>
+	<fieldKey>FWPM_CONDITION_IP_REMOTE_ADDRESS</fieldKey>
+	<matchType>FWP_MATCH_EQUAL</matchType>
+	<conditionValue>
+	<type>FWP_UINT32</type>
+	<uint32>1.1.1.1</uint32>
+	</conditionValue>
+	</item>
+	<item>
+	<fieldKey>FWPM_CONDITION_ORIGINAL_PROFILE_ID</fieldKey>
+	<matchType>FWP_MATCH_EQUAL</matchType>
+	<conditionValue>
+	<type>FWP_UINT32</type>
+	<uint32>1</uint32>
+	</conditionValue>
+	</item>
+	<item>
+	<fieldKey>FWPM_CONDITION_CURRENT_PROFILE_ID</fieldKey>
+	<matchType>FWP_MATCH_EQUAL</matchType>
+	<conditionValue>
+	<type>FWP_UINT32</type>
+	<uint32>1</uint32>
+	</conditionValue>
+	</item>
+	<item>
+	<fieldKey>FWPM_CONDITION_ALE_USER_ID</fieldKey>
+	<matchType>FWP_MATCH_EQUAL</matchType>
+	<conditionValue>
+	<type>FWP_SECURITY_DESCRIPTOR_TYPE</type>
+	<sd>O:LSD:(A;;CC;;;S-1-15-3-3)(A;;CC;;;WD)(A;;CC;;;AN)</sd>
+	</conditionValue>
+	</item>
+	</filterCondition>
+	<action>
+	<type>FWP_ACTION_PERMIT</type>
+	<filterType/>
+	</action>
+	<rawContext>0</rawContext>
+	<reserved/>
+	<filterId>129656</filterId>
+	<effectiveWeight>
+	<type>FWP_UINT64</type>
+	<uint64>144115600392724416</uint64>
+	</effectiveWeight>
+	</item>
+	<item>
+	<filterKey>{b11b4f8a-222e-49d6-8d69-02728681d8bc}</filterKey>
+	<displayData>
+	<name>PrivateNetwork Outbound Default Rule</name>
+	<description>PrivateNetwork Outbound Default Rule</description>
+	</displayData>
+	<flags/>
+	<providerKey>FWPM_PROVIDER_MPSSVC_WSH</providerKey>
+	<providerData>
+	<data>f22d000000000000</data>
+	<asString>.-......</asString>
+	</providerData>
+	<layerKey>FWPM_LAYER_ALE_AUTH_CONNECT_V4</layerKey>
+	<subLayerKey>FWPM_SUBLAYER_MPSSVC_WSH</subLayerKey>
+	<weight>
+	<type>FWP_EMPTY</type>
+	</weight>
+	<filterCondition numItems="5">
+	<item>
+	<fieldKey>FWPM_CONDITION_ALE_PACKAGE_ID</fieldKey>
+	<matchType>FWP_MATCH_NOT_EQUAL</matchType>
+	<conditionValue>
+	<type>FWP_SID</type>
+	<sid>S-1-0-0</sid>
+	</conditionValue>
+	</item>
+	<item>
+	<fieldKey>FWPM_CONDITION_IP_REMOTE_ADDRESS</fieldKey>
+	<matchType>FWP_MATCH_RANGE</matchType>
+	<conditionValue>
+	<type>FWP_RANGE_TYPE</type>
+	<rangeValue>
+	<valueLow>
+	<type>FWP_UINT32</type>
+	<uint32>172.16.0.0</uint32>
+	</valueLow>
+	<valueHigh>
+	<type>FWP_UINT32</type>
+	<uint32>172.31.255.255</uint32>
+	</valueHigh>
+	</rangeValue>
+	</conditionValue>
+	</item>
+	<item>
+	<fieldKey>FWPM_CONDITION_ORIGINAL_PROFILE_ID</fieldKey>
+	<matchType>FWP_MATCH_EQUAL</matchType>
+	<conditionValue>
+	<type>FWP_UINT32</type>
+	<uint32>1</uint32>
+	</conditionValue>
+	</item>
+	<item>
+	<fieldKey>FWPM_CONDITION_CURRENT_PROFILE_ID</fieldKey>
+	<matchType>FWP_MATCH_EQUAL</matchType>
+	<conditionValue>
+	<type>FWP_UINT32</type>
+	<uint32>1</uint32>
+	</conditionValue>
+	</item>
+	<item>
+	<fieldKey>FWPM_CONDITION_ALE_USER_ID</fieldKey>
+	<matchType>FWP_MATCH_EQUAL</matchType>
+	<conditionValue>
+	<type>FWP_SECURITY_DESCRIPTOR_TYPE</type>
+	<sd>O:LSD:(A;;CC;;;S-1-15-3-3)(A;;CC;;;WD)(A;;CC;;;AN)</sd>
+	</conditionValue>
+	</item>
+	</filterCondition>
+	<action>
+	<type>FWP_ACTION_PERMIT</type>
+	<filterType/>
+	</action>
+	<rawContext>0</rawContext>
+	<reserved/>
+	<filterId>129657</filterId>
+	<effectiveWeight>
+	<type>FWP_UINT64</type>
+	<uint64>36029209335832512</uint64>
+	</effectiveWeight>
+</item>
+<item>
+	<filterKey>{21cd82bc-6077-4069-94bf-750e5a43ca23}</filterKey>
+	<displayData>
+	<name>PrivateNetwork Outbound Default Rule</name>
+	<description>PrivateNetwork Outbound Default Rule</description>
+	</displayData>
+	<flags/>
+	<providerKey>FWPM_PROVIDER_MPSSVC_WSH</providerKey>
+	<providerData>
+	<data>f22d000000000000</data>
+	<asString>.-......</asString>
+	</providerData>
+	<layerKey>FWPM_LAYER_ALE_AUTH_CONNECT_V4</layerKey>
+	<subLayerKey>FWPM_SUBLAYER_MPSSVC_WSH</subLayerKey>
+	<weight>
+	<type>FWP_EMPTY</type>
+	</weight>
+	<filterCondition numItems="5">
+	<item>
+	<fieldKey>FWPM_CONDITION_ALE_PACKAGE_ID</fieldKey>
+	<matchType>FWP_MATCH_NOT_EQUAL</matchType>
+	<conditionValue>
+	<type>FWP_SID</type>
+	<sid>S-1-0-0</sid>
+	</conditionValue>
+	</item>
+	<item>
+	<fieldKey>FWPM_CONDITION_IP_REMOTE_ADDRESS</fieldKey>
+	<matchType>FWP_MATCH_RANGE</matchType>
+	<conditionValue>
+	<type>FWP_RANGE_TYPE</type>
+	<rangeValue>
+	<valueLow>
+	<type>FWP_UINT32</type>
+	<uint32>192.168.0.0</uint32>
+	</valueLow>
+	<valueHigh>
+	<type>FWP_UINT32</type>
+	<uint32>192.168.255.255</uint32>
+	</valueHigh>
+	</rangeValue>
+	</conditionValue>
+	</item>
+	<item>
+	<fieldKey>FWPM_CONDITION_ORIGINAL_PROFILE_ID</fieldKey>
+	<matchType>FWP_MATCH_EQUAL</matchType>
+	<conditionValue>
+	<type>FWP_UINT32</type>
+	<uint32>1</uint32>
+	</conditionValue>
+	</item>
+	<item>
+	<fieldKey>FWPM_CONDITION_CURRENT_PROFILE_ID</fieldKey>
+	<matchType>FWP_MATCH_EQUAL</matchType>
+	<conditionValue>
+	<type>FWP_UINT32</type>
+	<uint32>1</uint32>
+	</conditionValue>
+	</item>
+	<item>
+	<fieldKey>FWPM_CONDITION_ALE_USER_ID</fieldKey>
+	<matchType>FWP_MATCH_EQUAL</matchType>
+	<conditionValue>
+	<type>FWP_SECURITY_DESCRIPTOR_TYPE</type>
+	<sd>O:LSD:(A;;CC;;;S-1-15-3-3)(A;;CC;;;WD)(A;;CC;;;AN)</sd>
+	</conditionValue>
+	</item>
+	</filterCondition>
+	<action>
+	<type>FWP_ACTION_PERMIT</type>
+	<filterType/>
+	</action>
+	<rawContext>0</rawContext>
+	<reserved/>
+	<filterId>129658</filterId>
+	<effectiveWeight>
+	<type>FWP_UINT64</type>
+	<uint64>36029209335832512</uint64>
+	</effectiveWeight>
+</item>
 ```
 # Debugging Past Drops 
 
@@ -1007,38 +1004,38 @@ wfpstate.xml. Once nettrace.etl is converted, nettrace.txt will have the
 netEvents of the reproduced event, and wfpstate.xml will contain the filters
 that were present on the machine at the time.
 
-If you **do not** have a live repro or traces already collected, you can still
+If you do not have a live repro or traces already collected, you can still
 collect traces after the UWP network connectivity issue has happened by running
-these commands in an Admin command prompt
+these commands in an admin command prompt
 
 ```xml
->   \<Run UWP app\>
->   Netsh wfp show netevents
->   Netsh wfp show state
+	<Run UWP app>
+	Netsh wfp show netevents
+	Netsh wfp show state
 ```
 
-“Netsh wfp show netevents” will generate netevents.xml, which contains the past
-net events. “Netsh wfp show state” will generate wfpstate.xml, which contains
+**Netsh wfp show netevents** creates netevents.xml, which contains the past
+net events. **Netsh wfp show state** creates wfpstate.xml, which contains
 the current filters present on the machine.
 
 Unfortunately, collecting traces after the UWP network connectivity issue is not
 always reliable.
 
-NetEvents on the machine are stored in a buffer. Once that buffer has reached
-max capacity, the buffer will overwrite older net events. Due to the buffer
+NetEvents on the device are stored in a buffer. Once that buffer has reached
+maximum capacity, the buffer will overwrite older net events. Due to the buffer
 overwrite, it is possible that the collected netevents.xml will not contain the
-net event associated with the UWP network connectivity issue if it was
-overwritten. Additionally, filters on the machine can get deleted and re-added
-with different filterIds due to miscellaneous events on the machine. Because of
-this, a filterId from “netsh wfp show netevents” may not necessarily match any
-filter in “netsh wfp show state” because that filterId may be outdated.
+net event associated with the UWP network connectivity issue. It could have been ov
+overwritten. Additionally, filters on the device can get deleted and re-added
+with different filterIds due to miscellaneous events on the device. Because of
+this, a **filterId** from **netsh wfp show netevents** may not necessarily match any
+filter in **netsh wfp show state** because that **filterId** may be outdated.
 
-If you can reproduce the UWP network connectivity issue consistently, we would
+If you can reproduce the UWP network connectivity issue consistently, we 
 recommend using the commands from Debugging Live Drops instead.
 
 Additionally, you can still follow the examples from Debugging Live Drops
 section using the trace commands in this section, even if you do not have a live
-repro. The netEvents and filters are stored in one file in Debugging Live Drops
+repro. The **netEvents** and filters are stored in one file in Debugging Live Drops
 as opposed to two separate files in the following Debugging Past Drops examples.
 
 ## Case 7: Debugging Past Drop - UWP app cannot reach Internet target address and has no capabilities
@@ -1048,72 +1045,72 @@ In this example, the UWP app is unable to connect to bing.com.
 Classify Drop Net Event, NetEvents-Case-7.xml
 
 ```xml
-\<item\>
-\<header\>
-\<timeStamp\>2020-05-04T22:04:07.039Z\</timeStamp\>
-\<flags numItems="9"\>
-\<item\>FWPM_NET_EVENT_FLAG_IP_PROTOCOL_SET\</item\>
-\<item\>FWPM_NET_EVENT_FLAG_LOCAL_ADDR_SET\</item\>
-\<item\>FWPM_NET_EVENT_FLAG_REMOTE_ADDR_SET\</item\>
-\<item\>FWPM_NET_EVENT_FLAG_LOCAL_PORT_SET\</item\>
-\<item\>FWPM_NET_EVENT_FLAG_REMOTE_PORT_SET\</item\>
-\<item\>FWPM_NET_EVENT_FLAG_APP_ID_SET\</item\>
-\<item\>FWPM_NET_EVENT_FLAG_USER_ID_SET\</item\>
-\<item\>FWPM_NET_EVENT_FLAG_IP_VERSION_SET\</item\>
-\<item\>FWPM_NET_EVENT_FLAG_PACKAGE_ID_SET\</item\>
-\</flags\>
-\<ipVersion\>FWP_IP_VERSION_V4\</ipVersion\>
-\<ipProtocol\>6\</ipProtocol\>
-\<localAddrV4\>10.195.36.30\</localAddrV4\>
-\<remoteAddrV4\>204.79.197.200\</remoteAddrV4\>
-\<localPort\>57062\</localPort\>
-\<remotePort\>443\</remotePort\>
-\<scopeId\>0\</scopeId\>
-\<appId\>
-\<data\>5c006400650076006900630065005c0068006100720064006400690073006b0076006f006c0075006d00650031005c00700072006f006700720061006d002000660069006c00650073005c00770069006e0064006f007700730061007000700073005c00610066003600390032006200660066002d0036003700370039002d0034003200340066002d0038003700300065002d006600360065003500390063003500300032003300340039005f0031002e0031002e00310032002e0030005f007800360034005f005f00350063003000330037006a0061007200350038003300390072005c0075007700700073006f0063006b006500740063006c00690065006e0074002e006500780065000000\</data\>
-\<asString\>\\.d.e.v.i.c.e.\\.h.a.r.d.d.i.s.k.v.o.l.u.m.e.1.\\.p.r.o.g.r.a.m.
-.f.i.l.e.s.\\.w.i.n.d.o.w.s.a.p.p.s.\\.a.f.6.9.2.b.f.f.-.6.7.7.9.-.4.2.4.f.-.8.7.0.e.-.f.6.e.5.9.c.5.0.2.3.4.9._.1...1...1.2...0._.x.6.4._._.5.c.0.3.7.j.a.r.5.8.3.9.r.\\.u.w.p.s.o.c.k.e.t.c.l.i.e.n.t...e.x.e...\</asString\>
-\</appId\>
-\<userId\>S-1-5-21-1578316205-4060061518-881547182-1000\</userId\>
-\<addressFamily\>FWP_AF_INET\</addressFamily\>
-\<packageSid\>S-1-15-2-4163697451-3176919390-1155390458-2883473650-3020241727-522149888-4067122936\</packageSid\>
-\<enterpriseId/\>
-\<policyFlags\>0\</policyFlags\>
-\<effectiveName/\>
-\</header\>
-\<type\>FWPM_NET_EVENT_TYPE_CLASSIFY_DROP\</type\>
-\<classifyDrop\>
-\<filterId\>206064\</filterId\>
-\<layerId\>48\</layerId\>
-\<reauthReason\>0\</reauthReason\>
-\<originalProfile\>1\</originalProfile\>
-\<currentProfile\>1\</currentProfile\>
-\<msFwpDirection\>MS_FWP_DIRECTION_OUT\</msFwpDirection\>
-\<isLoopback\>false\</isLoopback\>
-\<vSwitchId/\>
-\<vSwitchSourcePort\>0\</vSwitchSourcePort\>
-\<vSwitchDestinationPort\>0\</vSwitchDestinationPort\>
-\</classifyDrop\>
-\<internalFields\>
-\<internalFlags/\>
-\<remoteAddrBitmap\>0000000000000000\</remoteAddrBitmap\>
-\<capabilities/\>
-\<fqbnVersion\>0\</fqbnVersion\>
-\<fqbnName/\>
-\<terminatingFiltersInfo numItems="2"\>
-\<item\>
-\<filterId\>206064\</filterId\>
-\<subLayer\>FWPP_SUBLAYER_INTERNAL_FIREWALL_WSH\</subLayer\>
-\<actionType\>FWP_ACTION_BLOCK\</actionType\>
-\</item\>
-\<item\>
-\<filterId\>206049\</filterId\>
-\<subLayer\>FWPP_SUBLAYER_INTERNAL_FIREWALL_WF\</subLayer\>
-\<actionType\>FWP_ACTION_PERMIT\</actionType\>
-\</item\>
-\</terminatingFiltersInfo\>
-\</internalFields\>
-\</item\>
+<item>
+<header>
+<timeStamp>2020-05-04T22:04:07.039Z</timeStamp>
+<flags numItems="9">
+<item>FWPM_NET_EVENT_FLAG_IP_PROTOCOL_SET</item>
+<item>FWPM_NET_EVENT_FLAG_LOCAL_ADDR_SET</item>
+<item>FWPM_NET_EVENT_FLAG_REMOTE_ADDR_SET</item>
+<item>FWPM_NET_EVENT_FLAG_LOCAL_PORT_SET</item>
+<item>FWPM_NET_EVENT_FLAG_REMOTE_PORT_SET</item>
+<item>FWPM_NET_EVENT_FLAG_APP_ID_SET</item>
+<item>FWPM_NET_EVENT_FLAG_USER_ID_SET</item>
+<item>FWPM_NET_EVENT_FLAG_IP_VERSION_SET</item>
+<item>FWPM_NET_EVENT_FLAG_PACKAGE_ID_SET</item>
+</flags>
+<ipVersion>FWP_IP_VERSION_V4</ipVersion>
+<ipProtocol>6</ipProtocol>
+<localAddrV4>10.195.36.30</localAddrV4>
+<remoteAddrV4>204.79.197.200</remoteAddrV4>
+<localPort>57062</localPort>
+<remotePort>443</remotePort>
+<scopeId>0</scopeId>
+<appId>
+<data>5c006400650076006900630065005c0068006100720064006400690073006b0076006f006c0075006d00650031005c00700072006f006700720061006d002000660069006c00650073005c00770069006e0064006f007700730061007000700073005c00610066003600390032006200660066002d0036003700370039002d0034003200340066002d0038003700300065002d006600360065003500390063003500300032003300340039005f0031002e0031002e00310032002e0030005f007800360034005f005f00350063003000330037006a0061007200350038003300390072005c0075007700700073006f0063006b006500740063006c00690065006e0074002e006500780065000000</data>
+<asString>\\.d.e.v.i.c.e.\\.h.a.r.d.d.i.s.k.v.o.l.u.m.e.1.\\.p.r.o.g.r.a.m.
+.f.i.l.e.s.\\.w.i.n.d.o.w.s.a.p.p.s.\\.a.f.6.9.2.b.f.f.-.6.7.7.9.-.4.2.4.f.-.8.7.0.e.-.f.6.e.5.9.c.5.0.2.3.4.9._.1...1...1.2...0._.x.6.4._._.5.c.0.3.7.j.a.r.5.8.3.9.r.\\.u.w.p.s.o.c.k.e.t.c.l.i.e.n.t...e.x.e...</asString>
+</appId>
+<userId>S-1-5-21-1578316205-4060061518-881547182-1000</userId>
+<addressFamily>FWP_AF_INET</addressFamily>
+<packageSid>S-1-15-2-4163697451-3176919390-1155390458-2883473650-3020241727-522149888-4067122936</packageSid>
+<enterpriseId/>
+<policyFlags>0</policyFlags>
+<effectiveName/>
+</header>
+<type>FWPM_NET_EVENT_TYPE_CLASSIFY_DROP</type>
+<classifyDrop>
+<filterId>206064</filterId>
+<layerId>48</layerId>
+<reauthReason>0</reauthReason>
+<originalProfile>1</originalProfile>
+<currentProfile>1</currentProfile>
+<msFwpDirection>MS_FWP_DIRECTION_OUT</msFwpDirection>
+<isLoopback>false</isLoopback>
+<vSwitchId/>
+<vSwitchSourcePort>0</vSwitchSourcePort>
+<vSwitchDestinationPort>0</vSwitchDestinationPort>
+</classifyDrop>
+<internalFields>
+<internalFlags/>
+<remoteAddrBitmap>0000000000000000</remoteAddrBitmap>
+<capabilities/>
+<fqbnVersion>0</fqbnVersion>
+<fqbnName/>
+<terminatingFiltersInfo numItems="2">
+<item>
+<filterId>206064</filterId>
+<subLayer>FWPP_SUBLAYER_INTERNAL_FIREWALL_WSH</subLayer>
+<actionType>FWP_ACTION_BLOCK</actionType>
+</item>
+<item>
+<filterId>206049</filterId>
+<subLayer>FWPP_SUBLAYER_INTERNAL_FIREWALL_WF</subLayer>
+<actionType>FWP_ACTION_PERMIT</actionType>
+</item>
+</terminatingFiltersInfo>
+</internalFields>
+</item>
 ```
 
 The Internal fields lists no active capabilities, and the packet is dropped at
@@ -1127,45 +1124,45 @@ Security Descriptor doesn’t match.
 **Block Outbound Default Rule Filter \#206064, FilterState-Case-7.xml**
 
 ```xml
-\<item\>
-\<filterKey\>{f138d1ad-9293-478f-8519-c3368e796711}\</filterKey\>
-\<displayData\>
-\<name\>Block Outbound Default Rule\</name\>
-\<description\>Block Outbound Default Rule\</description\>
-\</displayData\>
-\<flags/\>
-\<providerKey\>FWPM_PROVIDER_MPSSVC_WSH\</providerKey\>
-\<providerData\>
-\<data\>2e65000000000000\</data\>
-\<asString\>.e......\</asString\>
-\</providerData\>
-\<layerKey\>FWPM_LAYER_ALE_AUTH_CONNECT_V4\</layerKey\>
-\<subLayerKey\>FWPM_SUBLAYER_MPSSVC_WSH\</subLayerKey\>
-\<weight\>
-\<type\>FWP_EMPTY\</type\>
-\</weight\>
-\<filterCondition numItems="1"\>
-\<item\>
-\<fieldKey\>FWPM_CONDITION_ALE_PACKAGE_ID\</fieldKey\>
-\<matchType\>FWP_MATCH_NOT_EQUAL\</matchType\>
-\<conditionValue\>
-\<type\>FWP_SID\</type\>
-\<sid\>S-1-0-0\</sid\>
-\</conditionValue\>
-\</item\>
-\</filterCondition\>
-\<action\>
-\<type\>FWP_ACTION_BLOCK\</type\>
-\<filterType/\>
-\</action\>
-\<rawContext\>0\</rawContext\>
-\<reserved/\>
-\<filterId\>206064\</filterId\>
-\<effectiveWeight\>
-\<type\>FWP_UINT64\</type\>
-\<uint64\>274877906944\</uint64\>
-\</effectiveWeight\>
-\</item\>
+<item>
+<filterKey>{f138d1ad-9293-478f-8519-c3368e796711}</filterKey>
+<displayData>
+<name>Block Outbound Default Rule</name>
+<description>Block Outbound Default Rule</description>
+</displayData>
+<flags/>
+<providerKey>FWPM_PROVIDER_MPSSVC_WSH</providerKey>
+<providerData>
+<data>2e65000000000000</data>
+<asString>.e......</asString>
+</providerData>
+<layerKey>FWPM_LAYER_ALE_AUTH_CONNECT_V4</layerKey>
+<subLayerKey>FWPM_SUBLAYER_MPSSVC_WSH</subLayerKey>
+<weight>
+<type>FWP_EMPTY</type>
+</weight>
+<filterCondition numItems="1">
+<item>
+<fieldKey>FWPM_CONDITION_ALE_PACKAGE_ID</fieldKey>
+<matchType>FWP_MATCH_NOT_EQUAL</matchType>
+<conditionValue>
+<type>FWP_SID</type>
+<sid>S-1-0-0</sid>
+</conditionValue>
+</item>
+</filterCondition>
+<action>
+<type>FWP_ACTION_BLOCK</type>
+<filterType/>
+</action>
+<rawContext>0</rawContext>
+<reserved/>
+<filterId>206064</filterId>
+<effectiveWeight>
+<type>FWP_UINT64</type>
+<uint64>274877906944</uint64>
+</effectiveWeight>
+</item>
 ```
 ## Case 8: Debugging Past Drop - UWP app connects to Internet target address with all capabilities
 
@@ -1174,159 +1171,158 @@ In this example, the UWP app successfully connects to bing.com [204.79.197.200].
 **Classify Allow Net Event, NetEvents-Case-8.xml**
 
 ```xml
-\<item\>
->   \<header\>
->   \<timeStamp\>2020-05-04T18:49:55.101Z\</timeStamp\>
->   \<flags numItems="9"\>
->   \<item\>FWPM_NET_EVENT_FLAG_IP_PROTOCOL_SET\</item\>
->   \<item\>FWPM_NET_EVENT_FLAG_LOCAL_ADDR_SET\</item\>
->   \<item\>FWPM_NET_EVENT_FLAG_REMOTE_ADDR_SET\</item\>
->   \<item\>FWPM_NET_EVENT_FLAG_LOCAL_PORT_SET\</item\>
->   \<item\>FWPM_NET_EVENT_FLAG_REMOTE_PORT_SET\</item\>
->   \<item\>FWPM_NET_EVENT_FLAG_APP_ID_SET\</item\>
->   \<item\>FWPM_NET_EVENT_FLAG_USER_ID_SET\</item\>
->   \<item\>FWPM_NET_EVENT_FLAG_IP_VERSION_SET\</item\>
->   \<item\>FWPM_NET_EVENT_FLAG_PACKAGE_ID_SET\</item\>
->   \</flags\>
->   \<ipVersion\>FWP_IP_VERSION_V4\</ipVersion\>
->   \<ipProtocol\>6\</ipProtocol\>
->   \<localAddrV4\>10.195.36.30\</localAddrV4\>
->   \<remoteAddrV4\>204.79.197.200\</remoteAddrV4\>
->   \<localPort\>61673\</localPort\>
->   \<remotePort\>443\</remotePort\>
->   \<scopeId\>0\</scopeId\>
->   \<appId\>
->   \<data\>5c006400650076006900630065005c0068006100720064006400690073006b0076006f006c0075006d00650031005c00700072006f006700720061006d002000660069006c00650073005c00770069006e0064006f007700730061007000700073005c00610066003600390032006200660066002d0036003700370039002d0034003200340066002d0038003700300065002d006600360065003500390063003500300032003300340039005f0031002e0031002e00310030002e0030005f007800360034005f005f00350063003000330037006a0061007200350038003300390072005c0075007700700073006f0063006b006500740063006c00690065006e0074002e006500780065000000\</data\>
->   \<asString\>\\.d.e.v.i.c.e.\\.h.a.r.d.d.i.s.k.v.o.l.u.m.e.1.\\.p.r.o.g.r.a.m.
->   .f.i.l.e.s.\\.w.i.n.d.o.w.s.a.p.p.s.\\.a.f.6.9.2.b.f.f.-.6.7.7.9.-.4.2.4.f.-.8.7.0.e.-.f.6.e.5.9.c.5.0.2.3.4.9._.1...1...1.0...0._.x.6.4._._.5.c.0.3.7.j.a.r.5.8.3.9.r.\\.u.w.p.s.o.c.k.e.t.c.l.i.e.n.t...e.x.e...\</asString\>
->   \</appId\>
->   \<userId\>S-1-5-21-1578316205-4060061518-881547182-1000\</userId\>
->   \<addressFamily\>FWP_AF_INET\</addressFamily\>
->   \<packageSid\>S-1-15-2-4163697451-3176919390-1155390458-2883473650-3020241727-522149888-4067122936\</packageSid\>
->   \<enterpriseId/\>
->   \<policyFlags\>0\</policyFlags\>
->   \<effectiveName/\>
->   \</header\>
->   \<type\>FWPM_NET_EVENT_TYPE_CLASSIFY_ALLOW\</type\>
->   \<classifyAllow\>
->   \<filterId\>208757\</filterId\>
->   \<layerId\>48\</layerId\>
->   \<reauthReason\>0\</reauthReason\>
->   \<originalProfile\>1\</originalProfile\>
->   \<currentProfile\>1\</currentProfile\>
->   \</classifyAllow\>
->   \<internalFields\>
->   \<internalFlags/\>
->   \<remoteAddrBitmap\>0000000000000000\</remoteAddrBitmap\>
->   \<capabilities numItems="3"\>
->   \<item\>FWP_CAPABILITIES_FLAG_INTERNET_CLIENT\</item\>
->   \<item\>FWP_CAPABILITIES_FLAG_INTERNET_CLIENT_SERVER\</item\>
->   \<item\>FWP_CAPABILITIES_FLAG_PRIVATE_NETWORK\</item\>
->   \</capabilities\>
->   \<fqbnVersion\>0\</fqbnVersion\>
->   \<fqbnName/\>
->   \<terminatingFiltersInfo numItems="2"\>
->   \<item\>
->   \<filterId\>208757\</filterId\>
->   \<subLayer\>FWPP_SUBLAYER_INTERNAL_FIREWALL_WSH\</subLayer\>
->   \<actionType\>FWP_ACTION_PERMIT\</actionType\>
->   \</item\>
->   \<item\>
->   \<filterId\>206049\</filterId\>
->   \<subLayer\>FWPP_SUBLAYER_INTERNAL_FIREWALL_WF\</subLayer\>
->   \<actionType\>FWP_ACTION_PERMIT\</actionType\>
->   \</item\>
->   \</terminatingFiltersInfo\>
->   \</internalFields\>
-\</item\>
+<item>
+	<header>
+	<timeStamp>2020-05-04T18:49:55.101Z</timeStamp>
+	<flags numItems="9">
+	<item>FWPM_NET_EVENT_FLAG_IP_PROTOCOL_SET</item>
+	<item>FWPM_NET_EVENT_FLAG_LOCAL_ADDR_SET</item>
+	<item>FWPM_NET_EVENT_FLAG_REMOTE_ADDR_SET</item>
+	<item>FWPM_NET_EVENT_FLAG_LOCAL_PORT_SET</item>
+	<item>FWPM_NET_EVENT_FLAG_REMOTE_PORT_SET</item>
+	<item>FWPM_NET_EVENT_FLAG_APP_ID_SET</item>
+	<item>FWPM_NET_EVENT_FLAG_USER_ID_SET</item>
+	<item>FWPM_NET_EVENT_FLAG_IP_VERSION_SET</item>
+	<item>FWPM_NET_EVENT_FLAG_PACKAGE_ID_SET</item>
+	</flags>
+	<ipVersion>FWP_IP_VERSION_V4</ipVersion>
+	<ipProtocol>6</ipProtocol>
+	<localAddrV4>10.195.36.30</localAddrV4>
+	<remoteAddrV4>204.79.197.200</remoteAddrV4>
+	<localPort>61673</localPort>
+	<remotePort>443</remotePort>
+	<scopeId>0</scopeId>
+	<appId>
+	<data>5c006400650076006900630065005c0068006100720064006400690073006b0076006f006c0075006d00650031005c00700072006f006700720061006d002000660069006c00650073005c00770069006e0064006f007700730061007000700073005c00610066003600390032006200660066002d0036003700370039002d0034003200340066002d0038003700300065002d006600360065003500390063003500300032003300340039005f0031002e0031002e00310030002e0030005f007800360034005f005f00350063003000330037006a0061007200350038003300390072005c0075007700700073006f0063006b006500740063006c00690065006e0074002e006500780065000000</data>
+	<asString>\\.d.e.v.i.c.e.\\.h.a.r.d.d.i.s.k.v.o.l.u.m.e.1.\\.p.r.o.g.r.a.m.
+	.f.i.l.e.s.\\.w.i.n.d.o.w.s.a.p.p.s.\\.a.f.6.9.2.b.f.f.-.6.7.7.9.-.4.2.4.f.-.8.7.0.e.-.f.6.e.5.9.c.5.0.2.3.4.9._.1...1...1.0...0._.x.6.4._._.5.c.0.3.7.j.a.r.5.8.3.9.r.\\.u.w.p.s.o.c.k.e.t.c.l.i.e.n.t...e.x.e...</asString>
+	</appId>
+	<userId>S-1-5-21-1578316205-4060061518-881547182-1000</userId>
+	<addressFamily>FWP_AF_INET</addressFamily>
+	<packageSid>S-1-15-2-4163697451-3176919390-1155390458-2883473650-3020241727-522149888-4067122936</packageSid>
+	<enterpriseId/>
+	<policyFlags>0</policyFlags>
+	<effectiveName/>
+	</header>
+	<type>FWPM_NET_EVENT_TYPE_CLASSIFY_ALLOW</type>
+	<classifyAllow>
+	<filterId>208757</filterId>
+	<layerId>48</layerId>
+	<reauthReason>0</reauthReason>
+	<originalProfile>1</originalProfile>
+	<currentProfile>1</currentProfile>
+	</classifyAllow>
+	<internalFields>
+	<internalFlags/>
+	<remoteAddrBitmap>0000000000000000</remoteAddrBitmap>
+	<capabilities numItems="3">
+	<item>FWP_CAPABILITIES_FLAG_INTERNET_CLIENT</item>
+	<item>FWP_CAPABILITIES_FLAG_INTERNET_CLIENT_SERVER</item>
+	<item>FWP_CAPABILITIES_FLAG_PRIVATE_NETWORK</item>
+	</capabilities>
+	<fqbnVersion>0</fqbnVersion>
+	<fqbnName/>
+	<terminatingFiltersInfo numItems="2">
+	<item>
+	<filterId>208757</filterId>
+	<subLayer>FWPP_SUBLAYER_INTERNAL_FIREWALL_WSH</subLayer>
+	<actionType>FWP_ACTION_PERMIT</actionType>
+	</item>
+	<item>
+	<filterId>206049</filterId>
+	<subLayer>FWPP_SUBLAYER_INTERNAL_FIREWALL_WF</subLayer>
+	<actionType>FWP_ACTION_PERMIT</actionType>
+	</item>
+	</terminatingFiltersInfo>
+	</internalFields>
+</item>
 ```
-Important things to note: all capabilities are enabled and the resulting filter
-determining the flow of the packet is 208757.
+All capabilities are enabled and the resulting filter determining the flow of the packet is 208757.
 
 The filter stated above with action permit:
 
 **InternetClient Default Rule Filter \#208757, FilterState-Case-8.xml**
 ```xml
-\<item\>
-	\<filterKey\>{e0f6f24e-1f0a-4f1a-bdd8-b9277c144fb5}\</filterKey\>
-	\<displayData\>
-	\<name\>InternetClient Default Rule\</name\>
-		\<description\>InternetClient Default Rule\</description\>
-					\</displayData\>
-					\<flags/\>
-					\<providerKey\>FWPM_PROVIDER_MPSSVC_WSH\</providerKey\>
-					\<providerData\>
-						\<data\>e167000000000000\</data\>
-						\<asString\>.g......\</asString\>
-					\</providerData\>
-					\<layerKey\>FWPM_LAYER_ALE_AUTH_CONNECT_V4\</layerKey\>
-					\<subLayerKey\>FWPM_SUBLAYER_MPSSVC_WSH\</subLayerKey\>
-					\<weight\>
-						\<type\>FWP_EMPTY\</type\>
-					\</weight\>
-					\<filterCondition numItems="5"\>
-						\<item\>
-							\<fieldKey\>FWPM_CONDITION_ALE_PACKAGE_ID\</fieldKey\>
-							\<matchType\>FWP_MATCH_NOT_EQUAL\</matchType\>
-							\<conditionValue\>
-								\<type\>FWP_SID\</type\>
-								\<sid\>S-1-0-0\</sid\>
-							\</conditionValue\>
-						\</item\>
-						\<item\>
-							\<fieldKey\>FWPM_CONDITION_IP_REMOTE_ADDRESS\</fieldKey\>
-							\<matchType\>FWP_MATCH_RANGE\</matchType\>
-							\<conditionValue\>
-								\<type\>FWP_RANGE_TYPE\</type\>
-								\<rangeValue\>
-									\<valueLow\>
-										\<type\>FWP_UINT32\</type\>
-										\<uint32\>0.0.0.0\</uint32\>
-									\</valueLow\>
-									\<valueHigh\>
-										\<type\>FWP_UINT32\</type\>
-										\<uint32\>255.255.255.255\</uint32\>
-									\</valueHigh\>
-								\</rangeValue\>
-							\</conditionValue\>
-						\</item\>
-						\<item\>
-							\<fieldKey\>FWPM_CONDITION_ORIGINAL_PROFILE_ID\</fieldKey\>
-							\<matchType\>FWP_MATCH_EQUAL\</matchType\>
-							\<conditionValue\>
-								\<type\>FWP_UINT32\</type\>
-								\<uint32\>1\</uint32\>
-							\</conditionValue\>
-						\</item\>
-						\<item\>
-							\<fieldKey\>FWPM_CONDITION_CURRENT_PROFILE_ID\</fieldKey\>
-							\<matchType\>FWP_MATCH_EQUAL\</matchType\>
-							\<conditionValue\>
-								\<type\>FWP_UINT32\</type\>
-								\<uint32\>1\</uint32\>
-							\</conditionValue\>
-						\</item\>
-						\<item\>
-							\<fieldKey\>FWPM_CONDITION_ALE_USER_ID\</fieldKey\>
-							\<matchType\>FWP_MATCH_EQUAL\</matchType\>
-							\<conditionValue\>
-								\<type\>FWP_SECURITY_DESCRIPTOR_TYPE\</type\>
-								\<sd\>O:LSD:(A;;CC;;;S-1-15-3-1)(A;;CC;;;WD)(A;;CC;;;AN)\</sd\>
-							\</conditionValue\>
-						\</item\>
-					\</filterCondition\>
-					\<action\>
-						\<type\>FWP_ACTION_PERMIT\</type\>
-						\<filterType/\>
-					\</action\>
-					\<rawContext\>0\</rawContext\>
-					\<reserved/\>
-					\<filterId\>208757\</filterId\>
-					\<effectiveWeight\>
-						\<type\>FWP_UINT64\</type\>
-						\<uint64\>412316868544\</uint64\>
-					\</effectiveWeight\>
-				\</item\>
+<item>
+	<filterKey>{e0f6f24e-1f0a-4f1a-bdd8-b9277c144fb5}</filterKey>
+	<displayData>
+	<name>InternetClient Default Rule</name>
+		<description>InternetClient Default Rule</description>
+					</displayData>
+					<flags/>
+					<providerKey>FWPM_PROVIDER_MPSSVC_WSH</providerKey>
+					<providerData>
+						<data>e167000000000000</data>
+						<asString>.g......</asString>
+					</providerData>
+					<layerKey>FWPM_LAYER_ALE_AUTH_CONNECT_V4</layerKey>
+					<subLayerKey>FWPM_SUBLAYER_MPSSVC_WSH</subLayerKey>
+					<weight>
+						<type>FWP_EMPTY</type>
+					</weight>
+					<filterCondition numItems="5">
+						<item>
+							<fieldKey>FWPM_CONDITION_ALE_PACKAGE_ID</fieldKey>
+							<matchType>FWP_MATCH_NOT_EQUAL</matchType>
+							<conditionValue>
+								<type>FWP_SID</type>
+								<sid>S-1-0-0</sid>
+							</conditionValue>
+						</item>
+						<item>
+							<fieldKey>FWPM_CONDITION_IP_REMOTE_ADDRESS</fieldKey>
+							<matchType>FWP_MATCH_RANGE</matchType>
+							<conditionValue>
+								<type>FWP_RANGE_TYPE</type>
+								<rangeValue>
+									<valueLow>
+										<type>FWP_UINT32</type>
+										<uint32>0.0.0.0</uint32>
+									</valueLow>
+									<valueHigh>
+										<type>FWP_UINT32</type>
+										<uint32>255.255.255.255</uint32>
+									</valueHigh>
+								</rangeValue>
+							</conditionValue>
+						</item>
+						<item>
+							<fieldKey>FWPM_CONDITION_ORIGINAL_PROFILE_ID</fieldKey>
+							<matchType>FWP_MATCH_EQUAL</matchType>
+							<conditionValue>
+								<type>FWP_UINT32</type>
+								<uint32>1</uint32>
+							</conditionValue>
+						</item>
+						<item>
+							<fieldKey>FWPM_CONDITION_CURRENT_PROFILE_ID</fieldKey>
+							<matchType>FWP_MATCH_EQUAL</matchType>
+							<conditionValue>
+								<type>FWP_UINT32</type>
+								<uint32>1</uint32>
+							</conditionValue>
+						</item>
+						<item>
+							<fieldKey>FWPM_CONDITION_ALE_USER_ID</fieldKey>
+							<matchType>FWP_MATCH_EQUAL</matchType>
+							<conditionValue>
+								<type>FWP_SECURITY_DESCRIPTOR_TYPE</type>
+								<sd>O:LSD:(A;;CC;;;S-1-15-3-1)(A;;CC;;;WD)(A;;CC;;;AN)</sd>
+							</conditionValue>
+						</item>
+					</filterCondition>
+					<action>
+						<type>FWP_ACTION_PERMIT</type>
+						<filterType/>
+					</action>
+					<rawContext>0</rawContext>
+					<reserved/>
+					<filterId>208757</filterId>
+					<effectiveWeight>
+						<type>FWP_UINT64</type>
+						<uint64>412316868544</uint64>
+					</effectiveWeight>
+				</item>
 ```
 The capabilities field in a netEvent was added to the traces in the Windows 10
-May 2019 Update
+May 2019 Update.

From 4fc5bf0a7578056c563da078292ac7791fe903f8 Mon Sep 17 00:00:00 2001
From: Daniel Simpson <dansimp@microsoft.com>
Date: Thu, 13 Aug 2020 18:19:38 -0700
Subject: [PATCH 23/69] fixing H1s

---
 .../windows-firewall/troubleshooting-uwp-firewall.md | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/windows/security/threat-protection/windows-firewall/troubleshooting-uwp-firewall.md b/windows/security/threat-protection/windows-firewall/troubleshooting-uwp-firewall.md
index fd79a67511..1ea6cce448 100644
--- a/windows/security/threat-protection/windows-firewall/troubleshooting-uwp-firewall.md
+++ b/windows/security/threat-protection/windows-firewall/troubleshooting-uwp-firewall.md
@@ -39,9 +39,9 @@ filters ensures network isolation for UWP applications. Specifically, it guarant
 
 For more information on the filter arbitration algorithm and network isolation,
 see [Filter
-Arbitration](https://docs.microsoft.com/en-us/windows/win32/fwp/filter-arbitration)
+Arbitration](https://docs.microsoft.com/windows/win32/fwp/filter-arbitration)
 and
-[Isolation](https://docs.microsoft.com/en-us/windows/win32/secauthz/appcontainer-isolation).
+[Isolation](https://docs.microsoft.com/windows/win32/secauthz/appcontainer-isolation).
 
 The following sections cover debugging case examples for loopback and non-loopback UWP app network connectivity issues.
 
@@ -49,7 +49,7 @@ The following sections cover debugging case examples for loopback and non-loopba
 > As improvements to debugging and diagnostics in the Windows Filtering Platform are made, the trace examples in this document may not exactly match the
 traces collected on previous releases of Windows.
 
-# Debugging UWP App Loopback scenarios
+## Debugging UWP App Loopback scenarios
 
 If you need to establis a TCP/IP connection between two processes on the same host where one of them is a UWP app, you must enable loopback.
 
@@ -68,9 +68,9 @@ You can ensure loopback is enabled by checking the appx manifests of both the se
 
 For more information about loopback scenarios, see [Communicating with
 localhost
-(loopback)](https://docs.microsoft.com/en-us/windows/iot-core/develop-your-app/loopback)
+(loopback)](https://docs.microsoft.com/windows/iot-core/develop-your-app/loopback)
 
-# Debugging Live Drops
+## Debugging Live Drops
 
 If the issue happened recently, but you find you are not able to reproduce the issue, go to Debugging Past Drops for the appropriate trace commands.
 
@@ -996,7 +996,7 @@ on the device (MDM, Group Policy, etc) and make sure it includes the private tar
 	</effectiveWeight>
 </item>
 ```
-# Debugging Past Drops 
+## Debugging Past Drops 
 
 If you are debugging a network drop from the past or from a remote machine, you
 may have traces already collected from Feedback Hub, such as nettrace.etl and

From 794846bbb29b6ffba5ff81c394ebd57b0bf6aa87 Mon Sep 17 00:00:00 2001
From: damabe <v-damabe@microsoft.com>
Date: Thu, 13 Aug 2020 18:25:06 -0700
Subject: [PATCH 24/69] Updated short descriptions for SEO improvement

---
 .../appv-add-or-upgrade-packages-with-the-management-console.md | 2 +-
 .../app-v/appv-administering-appv-with-powershell.md            | 2 +-
 .../application-management/app-v/appv-available-mdm-settings.md | 2 +-
 windows/application-management/app-v/appv-capacity-planning.md  | 2 +-
 .../app-v/appv-client-configuration-settings.md                 | 2 +-
 ...configure-connection-groups-to-ignore-the-package-version.md | 2 +-
 .../app-v/appv-connect-to-the-management-console.md             | 2 +-
 .../app-v/appv-connection-group-virtual-environment.md          | 2 +-
 ...v-convert-a-package-created-in-a-previous-version-of-appv.md | 2 +-
 .../app-v/appv-create-a-connection-group.md                     | 2 +-
 .../app-v/appv-create-a-package-accelerator-with-powershell.md  | 2 +-
 .../appv-creating-and-managing-virtualized-applications.md      | 2 +-
 .../app-v/appv-delete-a-connection-group.md                     | 2 +-
 .../app-v/appv-delete-a-package-with-the-management-console.md  | 2 +-
 .../app-v/appv-deploy-appv-databases-with-sql-scripts.md        | 2 +-
 ...-packages-with-electronic-software-distribution-solutions.md | 2 +-
 .../application-management/app-v/appv-deploy-the-appv-server.md | 2 +-
 .../app-v/appv-deploying-microsoft-office-2010-wth-appv.md      | 2 +-
 .../app-v/appv-deploying-microsoft-office-2013-with-appv.md     | 2 +-
 .../app-v/appv-deploying-the-appv-sequencer-and-client.md       | 2 +-
 .../app-v/appv-deploying-the-appv-server.md                     | 2 +-
 .../application-management/app-v/appv-deployment-checklist.md   | 2 +-
 22 files changed, 22 insertions(+), 22 deletions(-)

diff --git a/windows/application-management/app-v/appv-add-or-upgrade-packages-with-the-management-console.md b/windows/application-management/app-v/appv-add-or-upgrade-packages-with-the-management-console.md
index ce050e817b..c26f77e8e4 100644
--- a/windows/application-management/app-v/appv-add-or-upgrade-packages-with-the-management-console.md
+++ b/windows/application-management/app-v/appv-add-or-upgrade-packages-with-the-management-console.md
@@ -1,6 +1,6 @@
 ---
 title: How to Add or Upgrade Packages by Using the Management Console (Windows 10)
-description: How to add or upgrade packages by using the Management Console
+description: Add or remove an administrator on the Microsoft Application Virtualization (App-V) server by using the Management Console.
 author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
diff --git a/windows/application-management/app-v/appv-administering-appv-with-powershell.md b/windows/application-management/app-v/appv-administering-appv-with-powershell.md
index ea02c9ad1f..58a0c8b25d 100644
--- a/windows/application-management/app-v/appv-administering-appv-with-powershell.md
+++ b/windows/application-management/app-v/appv-administering-appv-with-powershell.md
@@ -1,6 +1,6 @@
 ---
 title: Administering App-V by using Windows PowerShell (Windows 10)
-description: Administering App-V by Using Windows PowerShell
+description: Administer App-V by using Windows PowerShell and learn where to find more information about PowerShell for App-V.
 author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
diff --git a/windows/application-management/app-v/appv-available-mdm-settings.md b/windows/application-management/app-v/appv-available-mdm-settings.md
index 6bb52f7eb3..8c4f4b2b2d 100644
--- a/windows/application-management/app-v/appv-available-mdm-settings.md
+++ b/windows/application-management/app-v/appv-available-mdm-settings.md
@@ -1,6 +1,6 @@
 ---
 title: Available Mobile Device Management (MDM) settings for App-V (Windows 10)
-description: A list of the available MDM settings for App-V on Windows 10.
+description: Learn the available Mobile Device Management (MDM) settings you can use to configure App-V on Windows 10.
 author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
diff --git a/windows/application-management/app-v/appv-capacity-planning.md b/windows/application-management/app-v/appv-capacity-planning.md
index 099bcdf1c4..d3c80a88c9 100644
--- a/windows/application-management/app-v/appv-capacity-planning.md
+++ b/windows/application-management/app-v/appv-capacity-planning.md
@@ -1,6 +1,6 @@
 ---
 title: App-V Capacity Planning (Windows 10)
-description: App-V Capacity Planning
+description: Use these recommendations as a baseline to help determine capacity planning information that is appropriate to your organization’s App-V infrastructure.
 author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
diff --git a/windows/application-management/app-v/appv-client-configuration-settings.md b/windows/application-management/app-v/appv-client-configuration-settings.md
index 693a058d7e..f641b232d6 100644
--- a/windows/application-management/app-v/appv-client-configuration-settings.md
+++ b/windows/application-management/app-v/appv-client-configuration-settings.md
@@ -1,6 +1,6 @@
 ---
 title: About Client Configuration Settings (Windows 10)
-description: About Client Configuration Settings
+description: Learn about the App-V client configuration settings and how to use Windows PowerShell to modify the client configuration settings.
 author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
diff --git a/windows/application-management/app-v/appv-configure-connection-groups-to-ignore-the-package-version.md b/windows/application-management/app-v/appv-configure-connection-groups-to-ignore-the-package-version.md
index ae887fc389..52632f558e 100644
--- a/windows/application-management/app-v/appv-configure-connection-groups-to-ignore-the-package-version.md
+++ b/windows/application-management/app-v/appv-configure-connection-groups-to-ignore-the-package-version.md
@@ -1,6 +1,6 @@
 ---
 title: How to make a connection group ignore the package version (Windows 10)
-description: How to make a connection group ignore the package version.
+description: Learn how to make a connection group ignore the package version with the App-V Server Management Console.
 author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
diff --git a/windows/application-management/app-v/appv-connect-to-the-management-console.md b/windows/application-management/app-v/appv-connect-to-the-management-console.md
index f878e5f7a4..009019e015 100644
--- a/windows/application-management/app-v/appv-connect-to-the-management-console.md
+++ b/windows/application-management/app-v/appv-connect-to-the-management-console.md
@@ -1,6 +1,6 @@
 ---
 title: How to connect to the Management Console (Windows 10)
-description: How to Connect to the App-V Management Console.
+description: In this article, learn the procedure for connecting to the App-V Management Console through your web browser.
 author: lomayor
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
diff --git a/windows/application-management/app-v/appv-connection-group-virtual-environment.md b/windows/application-management/app-v/appv-connection-group-virtual-environment.md
index ed2d425dc4..a16ae77ec8 100644
--- a/windows/application-management/app-v/appv-connection-group-virtual-environment.md
+++ b/windows/application-management/app-v/appv-connection-group-virtual-environment.md
@@ -1,6 +1,6 @@
 ---
 title: About the connection group virtual environment (Windows 10)
-description: Overview of how the connection group virtual environment works.
+description: Learn how the connection group virtual environment works and how package priority is determined.
 author: lomayor
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
diff --git a/windows/application-management/app-v/appv-convert-a-package-created-in-a-previous-version-of-appv.md b/windows/application-management/app-v/appv-convert-a-package-created-in-a-previous-version-of-appv.md
index 794615f010..60c1c72c77 100644
--- a/windows/application-management/app-v/appv-convert-a-package-created-in-a-previous-version-of-appv.md
+++ b/windows/application-management/app-v/appv-convert-a-package-created-in-a-previous-version-of-appv.md
@@ -1,6 +1,6 @@
 ---
 title: How to convert a package created in a previous version of App-V (Windows 10)
-description: How to convert a package created in a previous version of App-V.
+description: Use the package converter utility to convert a virtual application package created in a previous version of App-V.
 author: lomayor
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
diff --git a/windows/application-management/app-v/appv-create-a-connection-group.md b/windows/application-management/app-v/appv-create-a-connection-group.md
index 9f08b25b41..829708fe4f 100644
--- a/windows/application-management/app-v/appv-create-a-connection-group.md
+++ b/windows/application-management/app-v/appv-create-a-connection-group.md
@@ -1,6 +1,6 @@
 ---
 title: How to create a connection group (Windows 10)
-description: How to create a connection group with the App-V Management Console.
+description: Learn how to create a connection group with the App-V Management Console and where to find information about managing connection groups.
 author: lomayor
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
diff --git a/windows/application-management/app-v/appv-create-a-package-accelerator-with-powershell.md b/windows/application-management/app-v/appv-create-a-package-accelerator-with-powershell.md
index fb72cbc762..600df5f713 100644
--- a/windows/application-management/app-v/appv-create-a-package-accelerator-with-powershell.md
+++ b/windows/application-management/app-v/appv-create-a-package-accelerator-with-powershell.md
@@ -1,6 +1,6 @@
 ---
 title: How to create a package accelerator by using Windows PowerShell (Windows 10)
-description: How to create a package accelerator with Windows PowerShell.
+description: Learn how to create an App-v Package Accelerator by using Windows PowerShell. App-V Package Accelerators automatically sequence large, complex applications.
 author: lomayor
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
diff --git a/windows/application-management/app-v/appv-creating-and-managing-virtualized-applications.md b/windows/application-management/app-v/appv-creating-and-managing-virtualized-applications.md
index 29d79221c5..b7ee707a61 100644
--- a/windows/application-management/app-v/appv-creating-and-managing-virtualized-applications.md
+++ b/windows/application-management/app-v/appv-creating-and-managing-virtualized-applications.md
@@ -1,6 +1,6 @@
 ---
 title: Creating and managing App-V virtualized applications (Windows 10)
-description: Creating and managing App-V virtualized applications
+description: Create and manage App-V virtualized applications to monitor and record the installation process for an application to be run as a virtualized application.
 author: lomayor
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
diff --git a/windows/application-management/app-v/appv-delete-a-connection-group.md b/windows/application-management/app-v/appv-delete-a-connection-group.md
index 9747e3066d..20c62b4398 100644
--- a/windows/application-management/app-v/appv-delete-a-connection-group.md
+++ b/windows/application-management/app-v/appv-delete-a-connection-group.md
@@ -1,6 +1,6 @@
 ---
 title: How to delete a connection group (Windows 10)
-description: How to delete a connection group.
+description: Learn how to delete an existing App-V connection group in the App-V Management Console and where to find information about managing connection groups.
 author: lomayor
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
diff --git a/windows/application-management/app-v/appv-delete-a-package-with-the-management-console.md b/windows/application-management/app-v/appv-delete-a-package-with-the-management-console.md
index 3b5027c30b..16a77e0287 100644
--- a/windows/application-management/app-v/appv-delete-a-package-with-the-management-console.md
+++ b/windows/application-management/app-v/appv-delete-a-package-with-the-management-console.md
@@ -1,6 +1,6 @@
 ---
 title: How to delete a package in the Management Console (Windows 10)
-description: How to delete a package in the Management Console.
+description: Learn how to delete a package in the App-V Management Console and where to find information about operations for App-V.
 author: lomayor
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
diff --git a/windows/application-management/app-v/appv-deploy-appv-databases-with-sql-scripts.md b/windows/application-management/app-v/appv-deploy-appv-databases-with-sql-scripts.md
index e866c21b92..4717b5e4ef 100644
--- a/windows/application-management/app-v/appv-deploy-appv-databases-with-sql-scripts.md
+++ b/windows/application-management/app-v/appv-deploy-appv-databases-with-sql-scripts.md
@@ -1,6 +1,6 @@
 ---
 title: How to Deploy the App-V Databases by Using SQL Scripts (Windows 10)
-description: These instructions can be used to deploy App-V databases by using SQL scripts.
+description: Learn how to use SQL scripts to install the App-V databases and upgrade the App-V databases to a later version.
 author: lomayor
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
diff --git a/windows/application-management/app-v/appv-deploy-appv-packages-with-electronic-software-distribution-solutions.md b/windows/application-management/app-v/appv-deploy-appv-packages-with-electronic-software-distribution-solutions.md
index 0c013faf96..3c47fd5076 100644
--- a/windows/application-management/app-v/appv-deploy-appv-packages-with-electronic-software-distribution-solutions.md
+++ b/windows/application-management/app-v/appv-deploy-appv-packages-with-electronic-software-distribution-solutions.md
@@ -1,6 +1,6 @@
 ---
 title: How to deploy App-V packages using electronic software distribution (Windows 10)
-description: How to deploy App-V packages using electronic software distribution.
+description: Learn how use an electronic software distribution (ESD) system to deploy App-V virtual applications to App-V clients.
 author: lomayor
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
diff --git a/windows/application-management/app-v/appv-deploy-the-appv-server.md b/windows/application-management/app-v/appv-deploy-the-appv-server.md
index 837d0e6a32..9284a9bfc6 100644
--- a/windows/application-management/app-v/appv-deploy-the-appv-server.md
+++ b/windows/application-management/app-v/appv-deploy-the-appv-server.md
@@ -1,6 +1,6 @@
 ---
 title: How to Deploy the App-V Server (Windows 10)
-description: Use these instructions to deploy the App-V Server in App-V for Windows 10.
+description: Use these instructions to deploy the Application Virtualization (App-V) Server in App-V for Windows 10.
 author: lomayor
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
diff --git a/windows/application-management/app-v/appv-deploying-microsoft-office-2010-wth-appv.md b/windows/application-management/app-v/appv-deploying-microsoft-office-2010-wth-appv.md
index b125e5282e..736d772dfc 100644
--- a/windows/application-management/app-v/appv-deploying-microsoft-office-2010-wth-appv.md
+++ b/windows/application-management/app-v/appv-deploying-microsoft-office-2010-wth-appv.md
@@ -1,6 +1,6 @@
 ---
 title: Deploying Microsoft Office 2010 by Using App-V (Windows 10)
-description: See the methods for creating Microsoft Office 2010 packages by Using App-V.
+description: Create Office 2010 packages for Microsoft Application Virtualization (App-V) using the App-V Sequencer or the App-V Package Accelerator.
 author: lomayor
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
diff --git a/windows/application-management/app-v/appv-deploying-microsoft-office-2013-with-appv.md b/windows/application-management/app-v/appv-deploying-microsoft-office-2013-with-appv.md
index 4379625ee0..fee5c296a1 100644
--- a/windows/application-management/app-v/appv-deploying-microsoft-office-2013-with-appv.md
+++ b/windows/application-management/app-v/appv-deploying-microsoft-office-2013-with-appv.md
@@ -1,6 +1,6 @@
 ---
 title: Deploying Microsoft Office 2013 by Using App-V (Windows 10)
-description: Deploying Microsoft Office 2013 by Using App-V
+description: Use Application Virtualization (App-V) to deliver Microsoft Office 2013 as a virtualized application to computers in your organization.
 author: lomayor
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
diff --git a/windows/application-management/app-v/appv-deploying-the-appv-sequencer-and-client.md b/windows/application-management/app-v/appv-deploying-the-appv-sequencer-and-client.md
index 4edf732dd1..8cb954168b 100644
--- a/windows/application-management/app-v/appv-deploying-the-appv-sequencer-and-client.md
+++ b/windows/application-management/app-v/appv-deploying-the-appv-sequencer-and-client.md
@@ -1,6 +1,6 @@
 ---
 title: Deploying the App-V Sequencer and configuring the client (Windows 10)
-description: Deploying the App-V Sequencer and configuring the client
+description: Learn how to deploy the App-V Sequencer and configure the client by using the ADMX template and Group Policy.
 author: lomayor
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
diff --git a/windows/application-management/app-v/appv-deploying-the-appv-server.md b/windows/application-management/app-v/appv-deploying-the-appv-server.md
index 576764fb91..97f97275be 100644
--- a/windows/application-management/app-v/appv-deploying-the-appv-server.md
+++ b/windows/application-management/app-v/appv-deploying-the-appv-server.md
@@ -1,6 +1,6 @@
 ---
 title: Deploying the App-V Server (Windows 10)
-description: Deploying the App-V Server in App-V for Windows 10
+description: Learn how to deploy the Application Virtualization (App-V) Server in App-V for Windows 10 by using different deployment configurations described in this article.
 author: lomayor
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
diff --git a/windows/application-management/app-v/appv-deployment-checklist.md b/windows/application-management/app-v/appv-deployment-checklist.md
index bb97e27472..d09d0141d8 100644
--- a/windows/application-management/app-v/appv-deployment-checklist.md
+++ b/windows/application-management/app-v/appv-deployment-checklist.md
@@ -1,6 +1,6 @@
 ---
 title: App-V Deployment Checklist (Windows 10)
-description: App-V Deployment Checklist
+description: Use the App-V deployment checklist to understand the recommended steps and items to consider when deploying App-V features.
 author: lomayor
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy

From 696dcf891379d27e8ade3a325968a40984d3fcb2 Mon Sep 17 00:00:00 2001
From: damabe <v-damabe@microsoft.com>
Date: Thu, 13 Aug 2020 19:25:10 -0700
Subject: [PATCH 25/69] Updated short descriptions for SEO improvement

---
 .../application-management/app-v/appv-dynamic-configuration.md  | 2 +-
 ...-packages-with-electronic-software-distribution-solutions.md | 2 +-
 .../app-v/appv-enable-the-app-v-desktop-client.md               | 2 +-
 windows/application-management/app-v/appv-getting-started.md    | 2 +-
 .../app-v/appv-high-level-architecture.md                       | 2 +-
 .../app-v/appv-managing-connection-groups.md                    | 2 +-
 .../app-v/appv-migrating-to-appv-from-a-previous-version.md     | 2 +-
 .../appv-modify-an-existing-virtual-application-package.md      | 2 +-
 .../app-v/appv-modify-client-configuration-with-powershell.md   | 2 +-
 .../app-v/appv-move-the-appv-server-to-another-computer.md      | 2 +-
 windows/application-management/app-v/appv-operations.md         | 2 +-
 .../application-management/app-v/appv-performance-guidance.md   | 2 +-
 windows/application-management/app-v/appv-planning-checklist.md | 2 +-
 13 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/windows/application-management/app-v/appv-dynamic-configuration.md b/windows/application-management/app-v/appv-dynamic-configuration.md
index 13a82055b6..196cb62ece 100644
--- a/windows/application-management/app-v/appv-dynamic-configuration.md
+++ b/windows/application-management/app-v/appv-dynamic-configuration.md
@@ -1,6 +1,6 @@
 ---
 title: About App-V Dynamic Configuration (Windows 10)
-description: About App-V Dynamic Configuration
+description: Learn how to create or edit an existing Application Virtualization (App-V) dynamic configuration file.
 author: lomayor
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
diff --git a/windows/application-management/app-v/appv-enable-administrators-to-publish-packages-with-electronic-software-distribution-solutions.md b/windows/application-management/app-v/appv-enable-administrators-to-publish-packages-with-electronic-software-distribution-solutions.md
index 656f0264ce..601bfd8297 100644
--- a/windows/application-management/app-v/appv-enable-administrators-to-publish-packages-with-electronic-software-distribution-solutions.md
+++ b/windows/application-management/app-v/appv-enable-administrators-to-publish-packages-with-electronic-software-distribution-solutions.md
@@ -1,6 +1,6 @@
 ---
 title: How to Enable Only Administrators to Publish Packages by Using an ESD (Windows 10)
-description: How to Enable Only Administrators to Publish Packages by Using an ESD
+description: Learn how to enable only administrators to publish packages by bsing an electronic software delivery (ESD).
 author: lomayor
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
diff --git a/windows/application-management/app-v/appv-enable-the-app-v-desktop-client.md b/windows/application-management/app-v/appv-enable-the-app-v-desktop-client.md
index d9644226fb..c7985565d4 100644
--- a/windows/application-management/app-v/appv-enable-the-app-v-desktop-client.md
+++ b/windows/application-management/app-v/appv-enable-the-app-v-desktop-client.md
@@ -1,6 +1,6 @@
 ---
 title: Enable the App-V in-box client (Windows 10)
-description: How to enable the App-V in-box client installed with Windows 10.
+description: Learn how to enable the Microsoft Application Virtualization (App-V) in-box client installed with Windows 10.
 author: lomayor
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
diff --git a/windows/application-management/app-v/appv-getting-started.md b/windows/application-management/app-v/appv-getting-started.md
index 2e1556cb8a..03f116312a 100644
--- a/windows/application-management/app-v/appv-getting-started.md
+++ b/windows/application-management/app-v/appv-getting-started.md
@@ -1,6 +1,6 @@
 ---
 title: Getting Started with App-V (Windows 10)
-description: Get started with Microsoft Application Virtualization (App-V) for Windows 10.
+description: Get started with Microsoft Application Virtualization (App-V) for Windows 10. App-V for Windows 10 delivers Win32 applications to users as virtual applications.
 author: lomayor
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
diff --git a/windows/application-management/app-v/appv-high-level-architecture.md b/windows/application-management/app-v/appv-high-level-architecture.md
index ab25607096..941e4f58e7 100644
--- a/windows/application-management/app-v/appv-high-level-architecture.md
+++ b/windows/application-management/app-v/appv-high-level-architecture.md
@@ -1,6 +1,6 @@
 ---
 title: High-level architecture for App-V (Windows 10)
-description: High-level Architecture for App-V.
+description: Use the information in this article to simplify your Microsoft Application Virtualization (App-V) deployment.
 author: lomayor
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
diff --git a/windows/application-management/app-v/appv-managing-connection-groups.md b/windows/application-management/app-v/appv-managing-connection-groups.md
index 5a94cbc421..9b5aa14320 100644
--- a/windows/application-management/app-v/appv-managing-connection-groups.md
+++ b/windows/application-management/app-v/appv-managing-connection-groups.md
@@ -1,6 +1,6 @@
 ---
 title: Managing Connection Groups (Windows 10)
-description: Managing Connection Groups
+description: Connection groups can allow administrators to manage packages independently and avoid having to add the same application multiple times to a client computer.
 author: lomayor
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
diff --git a/windows/application-management/app-v/appv-migrating-to-appv-from-a-previous-version.md b/windows/application-management/app-v/appv-migrating-to-appv-from-a-previous-version.md
index dff030f470..a3600bfa4c 100644
--- a/windows/application-management/app-v/appv-migrating-to-appv-from-a-previous-version.md
+++ b/windows/application-management/app-v/appv-migrating-to-appv-from-a-previous-version.md
@@ -1,6 +1,6 @@
 ---
 title: Migrating to App-V from a Previous Version (Windows 10)
-description: Migrating to App-V for Windows 10 from a previous version
+description: Learn how to migrate to Microsoft Application Virtualization (App-V) for Windows 10 from a previous version.
 author: lomayor
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
diff --git a/windows/application-management/app-v/appv-modify-an-existing-virtual-application-package.md b/windows/application-management/app-v/appv-modify-an-existing-virtual-application-package.md
index e2cb4eca48..c065c9a2a5 100644
--- a/windows/application-management/app-v/appv-modify-an-existing-virtual-application-package.md
+++ b/windows/application-management/app-v/appv-modify-an-existing-virtual-application-package.md
@@ -1,6 +1,6 @@
 ---
 title: How to Modify an Existing Virtual Application Package (Windows 10)
-description: How to Modify an Existing Virtual Application Package
+description: Learn how to modify an existing virtual application package and add a new application to an existing virtual application package.
 author: lomayor
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
diff --git a/windows/application-management/app-v/appv-modify-client-configuration-with-powershell.md b/windows/application-management/app-v/appv-modify-client-configuration-with-powershell.md
index 7fe2f3896f..816015f740 100644
--- a/windows/application-management/app-v/appv-modify-client-configuration-with-powershell.md
+++ b/windows/application-management/app-v/appv-modify-client-configuration-with-powershell.md
@@ -1,6 +1,6 @@
 ---
 title: How to Modify Client Configuration by Using Windows PowerShell (Windows 10)
-description: How to Modify Client Configuration by Using Windows PowerShell
+description: Learn how to modify the Application Virtualization (App-V) client configuration by using Windows PowerShell.
 author: lomayor
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
diff --git a/windows/application-management/app-v/appv-move-the-appv-server-to-another-computer.md b/windows/application-management/app-v/appv-move-the-appv-server-to-another-computer.md
index 5305207fe6..e34dd4f7dc 100644
--- a/windows/application-management/app-v/appv-move-the-appv-server-to-another-computer.md
+++ b/windows/application-management/app-v/appv-move-the-appv-server-to-another-computer.md
@@ -1,6 +1,6 @@
 ---
 title: How to Move the App-V Server to Another Computer (Windows 10)
-description: How to Move the App-V Server to Another Computer
+description: Learn how to create a new management server console in your environment and learn how to connect it to the App-V database.
 author: lomayor
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
diff --git a/windows/application-management/app-v/appv-operations.md b/windows/application-management/app-v/appv-operations.md
index c45c9ab9cf..b68da536ab 100644
--- a/windows/application-management/app-v/appv-operations.md
+++ b/windows/application-management/app-v/appv-operations.md
@@ -1,6 +1,6 @@
 ---
 title: Operations for App-V (Windows 10)
-description: Operations for App-V
+description: Learn about the various types of App-V administration and operating tasks that are typically performed by an administrator.
 author: lomayor
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
diff --git a/windows/application-management/app-v/appv-performance-guidance.md b/windows/application-management/app-v/appv-performance-guidance.md
index 65ccf02292..ea4f11a42b 100644
--- a/windows/application-management/app-v/appv-performance-guidance.md
+++ b/windows/application-management/app-v/appv-performance-guidance.md
@@ -1,6 +1,6 @@
 ---
 title: Performance Guidance for Application Virtualization (Windows 10)
-description: Performance Guidance for Application Virtualization
+description: Learn how to configure App-V for optimal performance, optimize virtual app packages, and provide a better user experience with RDS and VDI.
 author: lomayor
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
diff --git a/windows/application-management/app-v/appv-planning-checklist.md b/windows/application-management/app-v/appv-planning-checklist.md
index edaf668a89..4c098ba090 100644
--- a/windows/application-management/app-v/appv-planning-checklist.md
+++ b/windows/application-management/app-v/appv-planning-checklist.md
@@ -1,6 +1,6 @@
 ---
 title: App-V Planning Checklist (Windows 10)
-description: App-V Planning Checklist
+description: Learn about the recommended steps and items to consider when planning an Application Virtualization (App-V) deployment.
 author: lomayor
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy

From 802a6f0b4f8c9e633b4bcdae32cc59ee9edce00c Mon Sep 17 00:00:00 2001
From: damabe <v-damabe@microsoft.com>
Date: Thu, 13 Aug 2020 19:42:54 -0700
Subject: [PATCH 26/69] Updated short descriptions for SEO improvement

---
 .../app-v/appv-planning-folder-redirection-with-appv.md       | 2 +-
 .../app-v/appv-planning-for-appv-server-deployment.md         | 2 +-
 .../application-management/app-v/appv-planning-for-appv.md    | 2 +-
 .../app-v/appv-planning-for-high-availability-with-appv.md    | 4 ++--
 .../app-v/appv-planning-for-using-appv-with-office.md         | 2 +-
 .../app-v/appv-planning-to-deploy-appv.md                     | 2 +-
 6 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/windows/application-management/app-v/appv-planning-folder-redirection-with-appv.md b/windows/application-management/app-v/appv-planning-folder-redirection-with-appv.md
index c9c570009a..2a6724419a 100644
--- a/windows/application-management/app-v/appv-planning-folder-redirection-with-appv.md
+++ b/windows/application-management/app-v/appv-planning-folder-redirection-with-appv.md
@@ -1,6 +1,6 @@
 ---
 title: Planning to Use Folder Redirection with App-V (Windows 10)
-description: Planning to Use Folder Redirection with App-V
+description: Learn about folder redirection with App-V. Folder redirection enables users and administrators to redirect the path of a folder to a new location.
 author: lomayor
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
diff --git a/windows/application-management/app-v/appv-planning-for-appv-server-deployment.md b/windows/application-management/app-v/appv-planning-for-appv-server-deployment.md
index eaf7729f22..8aa07c226e 100644
--- a/windows/application-management/app-v/appv-planning-for-appv-server-deployment.md
+++ b/windows/application-management/app-v/appv-planning-for-appv-server-deployment.md
@@ -1,6 +1,6 @@
 ---
 title: Planning for the App-V Server Deployment (Windows 10)
-description: Planning for the App-V 5.1 Server Deployment
+description: Learn what you need to know so you can plan for the Microsoft Application Virtualization (App-V) 5.1 server deployment.
 author: lomayor
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
diff --git a/windows/application-management/app-v/appv-planning-for-appv.md b/windows/application-management/app-v/appv-planning-for-appv.md
index d54d848a2c..0ebf3ccaf3 100644
--- a/windows/application-management/app-v/appv-planning-for-appv.md
+++ b/windows/application-management/app-v/appv-planning-for-appv.md
@@ -1,6 +1,6 @@
 ---
 title: Planning for App-V (Windows 10)
-description: Planning for App-V
+description: Use the information in this article to plan to deploy App-V without disrupting your existing network or user experience.
 author: lomayor
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
diff --git a/windows/application-management/app-v/appv-planning-for-high-availability-with-appv.md b/windows/application-management/app-v/appv-planning-for-high-availability-with-appv.md
index af66e545e4..29d772054e 100644
--- a/windows/application-management/app-v/appv-planning-for-high-availability-with-appv.md
+++ b/windows/application-management/app-v/appv-planning-for-high-availability-with-appv.md
@@ -1,6 +1,6 @@
 ---
 title: Planning for High Availability with App-V Server
-description: Planning for High Availability with App-V Server
+description: Learn what you need to know so you can plan for high availability with Application Virtualization (App-V) server.
 author: lomayor
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
@@ -18,7 +18,7 @@ ms.topic: article
 
 Microsoft Application Virtualization (App-V) system configurations can take advantage of options that maintain a high available service level.
 
-The following sections will he following sections to help you understand the options to deploy App-V in a highly available configuration.
+The following sections will help you understand the options to deploy App-V in a highly available configuration.
 
 ## Support for Microsoft SQL Server clustering
 
diff --git a/windows/application-management/app-v/appv-planning-for-using-appv-with-office.md b/windows/application-management/app-v/appv-planning-for-using-appv-with-office.md
index da919b1dbf..91ade82d46 100644
--- a/windows/application-management/app-v/appv-planning-for-using-appv-with-office.md
+++ b/windows/application-management/app-v/appv-planning-for-using-appv-with-office.md
@@ -1,6 +1,6 @@
 ---
 title: Planning for Deploying App-V with Office (Windows 10)
-description: Planning for Using App-V with Office
+description: Use the information in this article to plan how to deploy Office within Microsoft Application Virtualization (App-V).
 author: lomayor
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
diff --git a/windows/application-management/app-v/appv-planning-to-deploy-appv.md b/windows/application-management/app-v/appv-planning-to-deploy-appv.md
index ee9e0b73a9..be621c72e2 100644
--- a/windows/application-management/app-v/appv-planning-to-deploy-appv.md
+++ b/windows/application-management/app-v/appv-planning-to-deploy-appv.md
@@ -1,6 +1,6 @@
 ---
 title: Planning to Deploy App-V (Windows 10)
-description: Planning to Deploy App-V
+description: Learn about the different deployment configurations and requirements to consider before you deploy App-V for Windows 10.
 author: lomayor
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy

From b9face3c3c360e0b06b534c8c5222c649a39d791 Mon Sep 17 00:00:00 2001
From: damabe <v-damabe@microsoft.com>
Date: Thu, 13 Aug 2020 20:35:06 -0700
Subject: [PATCH 27/69] Updated short descriptions for SEO improvement

---
 windows/application-management/app-v/appv-prerequisites.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/application-management/app-v/appv-prerequisites.md b/windows/application-management/app-v/appv-prerequisites.md
index bc458a3f94..652eabd063 100644
--- a/windows/application-management/app-v/appv-prerequisites.md
+++ b/windows/application-management/app-v/appv-prerequisites.md
@@ -1,6 +1,6 @@
 ---
 title: App-V Prerequisites (Windows 10)
-description: App-V Prerequisites
+description: Learn about the prerequisites you need before you begin installing Application Virtualization (App-V).
 author: lomayor
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy

From b6c526522ba5d6c97b69cb7007f8e8b585090524 Mon Sep 17 00:00:00 2001
From: damabe <v-damabe@microsoft.com>
Date: Thu, 13 Aug 2020 22:14:29 -0700
Subject: [PATCH 28/69] Updated short descriptions for SEO improvement

---
 .../app-v/appv-publish-a-connection-group.md                    | 2 +-
 windows/application-management/app-v/appv-reporting.md          | 2 +-
 .../app-v/appv-security-considerations.md                       | 2 +-
 .../app-v/appv-sequence-a-new-application.md                    | 2 +-
 .../app-v/appv-sequence-a-package-with-powershell.md            | 2 +-
 .../application-management/app-v/appv-technical-reference.md    | 2 +-
 windows/application-management/app-v/appv-troubleshooting.md    | 2 +-
 ...ing-to-app-v-for-windows-10-from-an-existing-installation.md | 2 +-
 .../app-v/appv-using-the-client-management-console.md           | 2 +-
 .../app-v/appv-viewing-appv-server-publishing-metadata.md       | 2 +-
 windows/application-management/index.md                         | 2 +-
 windows/application-management/manage-windows-mixed-reality.md  | 1 +
 windows/application-management/msix-app-packaging-tool.md       | 2 +-
 windows/application-management/sideload-apps-in-windows-10.md   | 2 +-
 .../client-management/advanced-troubleshooting-boot-problems.md | 2 +-
 .../advanced-troubleshooting-wireless-network-connectivity.md   | 2 +-
 .../client-management/change-history-for-client-management.md   | 2 +-
 .../client-management/generate-kernel-or-complete-crash-dump.md | 2 +-
 windows/client-management/img-boot-sequence.md                  | 2 +-
 windows/client-management/introduction-page-file.md             | 2 +-
 20 files changed, 20 insertions(+), 19 deletions(-)

diff --git a/windows/application-management/app-v/appv-publish-a-connection-group.md b/windows/application-management/app-v/appv-publish-a-connection-group.md
index 41d35e29a0..e48f4c43c6 100644
--- a/windows/application-management/app-v/appv-publish-a-connection-group.md
+++ b/windows/application-management/app-v/appv-publish-a-connection-group.md
@@ -1,6 +1,6 @@
 ---
 title: How to Publish a Connection Group (Windows 10)
-description: How to Publish a Connection Group
+description: Learn how to publish a connection group to computers that run the Application Virtualization (App-V) client.
 author: lomayor
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
diff --git a/windows/application-management/app-v/appv-reporting.md b/windows/application-management/app-v/appv-reporting.md
index 57a4526ecf..41c995543f 100644
--- a/windows/application-management/app-v/appv-reporting.md
+++ b/windows/application-management/app-v/appv-reporting.md
@@ -1,6 +1,6 @@
 ---
 title: About App-V Reporting (Windows 10)
-description: About App-V Reporting
+description: Learn how the App-V reporting feature collects information about computers running the App-V client and virtual application package usage.
 author: lomayor
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
diff --git a/windows/application-management/app-v/appv-security-considerations.md b/windows/application-management/app-v/appv-security-considerations.md
index ab6c1c4c32..d2dd484a97 100644
--- a/windows/application-management/app-v/appv-security-considerations.md
+++ b/windows/application-management/app-v/appv-security-considerations.md
@@ -1,6 +1,6 @@
 ---
 title: App-V Security Considerations (Windows 10)
-description: App-V Security Considerations
+description: Learn about accounts and groups, log files, and other security-related considerations for Microsoft Application Virtualization (App-V).
 author: lomayor
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
diff --git a/windows/application-management/app-v/appv-sequence-a-new-application.md b/windows/application-management/app-v/appv-sequence-a-new-application.md
index c3e16261db..2eb919d9b5 100644
--- a/windows/application-management/app-v/appv-sequence-a-new-application.md
+++ b/windows/application-management/app-v/appv-sequence-a-new-application.md
@@ -1,6 +1,6 @@
 ---
 title: Manually sequence a new app using the Microsoft Application Virtualization Sequencer (App-V Sequencer) (Windows 10)
-description: How to manually sequence a new app using the App-V Sequencer
+description: Learn how to manually sequence a new app by using the App-V Sequencer that's included with the Windows ADK.
 author: lomayor
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
diff --git a/windows/application-management/app-v/appv-sequence-a-package-with-powershell.md b/windows/application-management/app-v/appv-sequence-a-package-with-powershell.md
index 349ead11a5..2a353b9121 100644
--- a/windows/application-management/app-v/appv-sequence-a-package-with-powershell.md
+++ b/windows/application-management/app-v/appv-sequence-a-package-with-powershell.md
@@ -1,6 +1,6 @@
 ---
 title: How to sequence a package by using Windows PowerShell (Windows 10)
-description: How to sequence a package by using Windows PowerShell
+description: Learn how to sequence a new Microsoft Application Virtualization (App-V) package by using Windows PowerShell.
 author: lomayor
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
diff --git a/windows/application-management/app-v/appv-technical-reference.md b/windows/application-management/app-v/appv-technical-reference.md
index e0f6e0f48d..8cd6653c77 100644
--- a/windows/application-management/app-v/appv-technical-reference.md
+++ b/windows/application-management/app-v/appv-technical-reference.md
@@ -1,6 +1,6 @@
 ---
 title: Technical Reference for App-V (Windows 10)
-description: Technical Reference for App-V
+description: Learn strategy and context for a number of performance optimization practices in this techincal reference for Application Virtualization (App-V).
 author: lomayor
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
diff --git a/windows/application-management/app-v/appv-troubleshooting.md b/windows/application-management/app-v/appv-troubleshooting.md
index fd794d1044..29240949b5 100644
--- a/windows/application-management/app-v/appv-troubleshooting.md
+++ b/windows/application-management/app-v/appv-troubleshooting.md
@@ -1,6 +1,6 @@
 ---
 title: Troubleshooting App-V (Windows 10)
-description: Troubleshooting App-V
+description: Learn how to find information about troubleshooting Application Virtualization (App-V) and information about other App-V topics.
 author: lomayor
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
diff --git a/windows/application-management/app-v/appv-upgrading-to-app-v-for-windows-10-from-an-existing-installation.md b/windows/application-management/app-v/appv-upgrading-to-app-v-for-windows-10-from-an-existing-installation.md
index 4aedf60d24..8660d86846 100644
--- a/windows/application-management/app-v/appv-upgrading-to-app-v-for-windows-10-from-an-existing-installation.md
+++ b/windows/application-management/app-v/appv-upgrading-to-app-v-for-windows-10-from-an-existing-installation.md
@@ -1,6 +1,6 @@
 ---
 title: Upgrading to App-V for Windows 10 from an existing installation (Windows 10)
-description: Upgrading to App-V for Windows 10 from an existing installation
+description: Learn about upgrading to Application Virtualization (App-V) for Windows 10 from an existing installation.
 author: lomayor
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
diff --git a/windows/application-management/app-v/appv-using-the-client-management-console.md b/windows/application-management/app-v/appv-using-the-client-management-console.md
index b6691c2fc5..7dc0a15d0a 100644
--- a/windows/application-management/app-v/appv-using-the-client-management-console.md
+++ b/windows/application-management/app-v/appv-using-the-client-management-console.md
@@ -1,6 +1,6 @@
 ---
 title: Using the App-V Client Management Console (Windows 10)
-description: Using the App-V Client Management Console
+description: Learn how to use the Application Virtualization (App-V) client management console to manage packages on the computer running the App-V client.
 author: lomayor
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
diff --git a/windows/application-management/app-v/appv-viewing-appv-server-publishing-metadata.md b/windows/application-management/app-v/appv-viewing-appv-server-publishing-metadata.md
index eac57684c6..acbd96ca6e 100644
--- a/windows/application-management/app-v/appv-viewing-appv-server-publishing-metadata.md
+++ b/windows/application-management/app-v/appv-viewing-appv-server-publishing-metadata.md
@@ -1,6 +1,6 @@
 ---
 title: Viewing App-V Server Publishing Metadata (Windows 10)
-description: Viewing App-V Server Publishing Metadata
+description: Use this procedure to view App-V Server publishing metadata, which can help you resolve publishing-related issues.
 author: lomayor
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
diff --git a/windows/application-management/index.md b/windows/application-management/index.md
index fef303c216..f9a00fdc84 100644
--- a/windows/application-management/index.md
+++ b/windows/application-management/index.md
@@ -1,6 +1,6 @@
 ---
 title: Windows 10 application management    
-description: Windows 10 application management
+description: Learn about managing applications in Windows 10 and Windows 10 Mobile clients, including how to remove background task resource restrictions.
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/windows/application-management/manage-windows-mixed-reality.md b/windows/application-management/manage-windows-mixed-reality.md
index 082fa016f4..ec589a2391 100644
--- a/windows/application-management/manage-windows-mixed-reality.md
+++ b/windows/application-management/manage-windows-mixed-reality.md
@@ -1,5 +1,6 @@
 ---
 title: Enable or block Windows Mixed Reality apps in the enterprise (Windows 10)
+description: Learn how to enable Windows Mixed Reality apps in WSUS or block the Windows Mixed Reality portal in enterprises.
 ms.reviewer: 
 manager: dansimp
 description: Learn how to enable or block Windows Mixed Reality apps.
diff --git a/windows/application-management/msix-app-packaging-tool.md b/windows/application-management/msix-app-packaging-tool.md
index 91ef9b0c48..b1c60124ea 100644
--- a/windows/application-management/msix-app-packaging-tool.md
+++ b/windows/application-management/msix-app-packaging-tool.md
@@ -1,6 +1,6 @@
 ---
 title: Repackage your existing win32 applications to the MSIX format.
-description: Learn how to install and use the MSIX packaging tool.
+description: Learn how to install and use the MSIX packaging tool to repackage your existing win32 applications to the MSIX format.
 keywords: ["MSIX", "application", "app", "win32", "packaging tool"]
 ms.prod: w10
 ms.mktglfcycl: manage
diff --git a/windows/application-management/sideload-apps-in-windows-10.md b/windows/application-management/sideload-apps-in-windows-10.md
index 2dc4591d51..7305ea48e2 100644
--- a/windows/application-management/sideload-apps-in-windows-10.md
+++ b/windows/application-management/sideload-apps-in-windows-10.md
@@ -1,6 +1,6 @@
 ---
 title: Sideload LOB apps in Windows 10 (Windows 10)
-description: Sideload line-of-business apps in Windows 10.
+description: Learn how to sideload line-of-business (LOB) apps in Windows 10. When you sideload an app, you deploy a signed app package to a device.
 ms.assetid: C46B27D0-375B-4F7A-800E-21595CF1D53D
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/client-management/advanced-troubleshooting-boot-problems.md b/windows/client-management/advanced-troubleshooting-boot-problems.md
index 5986263a1e..d236ee54f8 100644
--- a/windows/client-management/advanced-troubleshooting-boot-problems.md
+++ b/windows/client-management/advanced-troubleshooting-boot-problems.md
@@ -1,6 +1,6 @@
 ---
 title: Advanced troubleshooting for Windows boot problems
-description: Learn how to troubleshoot when Windows is unable to boot
+description: Learn to troubleshoot when Windows can't boot. This article includes advanced troubleshooting techniques intended for use by support agents and IT professionals.
 ms.prod: w10
 ms.sitesec: library
 author: dansimp
diff --git a/windows/client-management/advanced-troubleshooting-wireless-network-connectivity.md b/windows/client-management/advanced-troubleshooting-wireless-network-connectivity.md
index c04dae805a..ce50bd2b54 100644
--- a/windows/client-management/advanced-troubleshooting-wireless-network-connectivity.md
+++ b/windows/client-management/advanced-troubleshooting-wireless-network-connectivity.md
@@ -2,7 +2,7 @@
 title: Advanced Troubleshooting Wireless Network Connectivity
 ms.reviewer: 
 manager: dansimp
-description: Learn how troubleshooting of establishing Wi-Fi connections
+description: Learn how to troubleshoot Wi-Fi connections. Troubleshooting Wi-Fi connections requires understanding the basic flow of the Wi-Fi autoconnect state machine.
 keywords: troubleshooting, wireless network connectivity, wireless, Wi-Fi
 ms.prod: w10
 ms.mktglfcycl: 
diff --git a/windows/client-management/change-history-for-client-management.md b/windows/client-management/change-history-for-client-management.md
index fa3febbd0f..3c7c213761 100644
--- a/windows/client-management/change-history-for-client-management.md
+++ b/windows/client-management/change-history-for-client-management.md
@@ -1,6 +1,6 @@
 ---
 title: Change history for Client management (Windows 10)
-description: View changes to documentation for client management in Windows 10.
+description: Learn about new and updated topics in the Client management documentation for Windows 10 and Windows 10 Mobile.
 keywords: 
 ms.prod: w10
 ms.mktglfcycl: manage
diff --git a/windows/client-management/generate-kernel-or-complete-crash-dump.md b/windows/client-management/generate-kernel-or-complete-crash-dump.md
index 52a10357c5..835007dc33 100644
--- a/windows/client-management/generate-kernel-or-complete-crash-dump.md
+++ b/windows/client-management/generate-kernel-or-complete-crash-dump.md
@@ -1,6 +1,6 @@
 ---
 title: Generate a kernel or complete crash dump
-description: Learn how to generate a kernel or complete crash dump.
+description: Learn how to generate a kernel or complete crash dump, and then use the output to troubleshoot several issues.
 ms.prod: w10
 ms.sitesec: library
 ms.topic: troubleshooting
diff --git a/windows/client-management/img-boot-sequence.md b/windows/client-management/img-boot-sequence.md
index dbcd186131..b1077e5be6 100644
--- a/windows/client-management/img-boot-sequence.md
+++ b/windows/client-management/img-boot-sequence.md
@@ -1,6 +1,6 @@
 ---
 title: Boot sequence flowchart
-description: A full-sized view of the boot sequence flowchart.
+description: View a full-sized view of the boot sequence flowchart. Use the link to return to the Advanced troubleshooting for Windows boot problems article.
 ms.date: 11/16/2018
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/client-management/introduction-page-file.md b/windows/client-management/introduction-page-file.md
index 2f12bd900f..b1964db01a 100644
--- a/windows/client-management/introduction-page-file.md
+++ b/windows/client-management/introduction-page-file.md
@@ -1,6 +1,6 @@
 ---
 title: Introduction to the page file
-description: Learn about the page files in Windows.
+description: Learn about the page files in Windows. A page file is an optional, hidden system file on a hard disk.
 ms.prod: w10
 ms.sitesec: library
 ms.topic: troubleshooting

From 4dfc8e526f0239f5c097cdf5f5b41f2ee00c2a62 Mon Sep 17 00:00:00 2001
From: damabe <v-damabe@microsoft.com>
Date: Thu, 13 Aug 2020 23:38:02 -0700
Subject: [PATCH 29/69] Updated short descriptions for SEO improvement

---
 .../client-management/manage-settings-app-with-group-policy.md  | 2 +-
 windows/client-management/mdm/accounts-ddf-file.md              | 2 +-
 windows/client-management/mdm/activesync-csp.md                 | 2 +-
 windows/client-management/mdm/activesync-ddf-file.md            | 2 +-
 windows/client-management/mdm/alljoynmanagement-ddf.md          | 2 +-
 windows/client-management/mdm/application-csp.md                | 2 +-
 windows/client-management/mdm/applocker-csp.md                  | 2 +-
 windows/client-management/mdm/applocker-ddf-file.md             | 2 +-
 windows/client-management/mdm/applocker-xsd.md                  | 2 +-
 windows/client-management/mdm/assignedaccess-ddf.md             | 2 +-
 windows/client-management/mdm/bitlocker-csp.md                  | 2 +-
 windows/client-management/mdm/bitlocker-ddf-file.md             | 2 +-
 windows/client-management/mdm/bootstrap-csp.md                  | 2 +-
 windows/client-management/mdm/browserfavorite-csp.md            | 2 +-
 windows/client-management/mdm/cellularsettings-csp.md           | 2 +-
 .../client-management/mdm/certificate-renewal-windows-mdm.md    | 2 +-
 .../client-management/mdm/clientcertificateinstall-ddf-file.md  | 2 +-
 windows/client-management/mdm/cm-cellularentries-csp.md         | 2 +-
 windows/client-management/mdm/cmpolicyenterprise-csp.md         | 2 +-
 windows/client-management/mdm/cmpolicyenterprise-ddf-file.md    | 2 +-
 20 files changed, 20 insertions(+), 20 deletions(-)

diff --git a/windows/client-management/manage-settings-app-with-group-policy.md b/windows/client-management/manage-settings-app-with-group-policy.md
index 97ea145013..dc31960057 100644
--- a/windows/client-management/manage-settings-app-with-group-policy.md
+++ b/windows/client-management/manage-settings-app-with-group-policy.md
@@ -1,6 +1,6 @@
 ---
 title: Manage the Settings app with Group Policy (Windows 10)
-description: Find out how to manage the Settings app with Group Policy.
+description: Find out how to manage the Settings app with Group Policy so you can hide specific pages from users.
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/windows/client-management/mdm/accounts-ddf-file.md b/windows/client-management/mdm/accounts-ddf-file.md
index c4a1538d53..c1b570d222 100644
--- a/windows/client-management/mdm/accounts-ddf-file.md
+++ b/windows/client-management/mdm/accounts-ddf-file.md
@@ -1,6 +1,6 @@
 ---
 title: Accounts DDF file
-description: XML file containing the device description framework for the Accounts configuration service provider.
+description: XML file containing the device description framework (DDF) for the Accounts configuration service provider.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/activesync-csp.md b/windows/client-management/mdm/activesync-csp.md
index e2f9441b9c..37f6157570 100644
--- a/windows/client-management/mdm/activesync-csp.md
+++ b/windows/client-management/mdm/activesync-csp.md
@@ -1,6 +1,6 @@
 ---
 title: ActiveSync CSP
-description: ActiveSync CSP
+description: Learn how the ActiveSync configuration service provider is used to set up and change settings for Exchange ActiveSync. 
 ms.assetid: c65093ef-bd36-4f32-9dab-edb7bcfb3188
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/client-management/mdm/activesync-ddf-file.md b/windows/client-management/mdm/activesync-ddf-file.md
index 6e4c1c5000..1b1ae61c78 100644
--- a/windows/client-management/mdm/activesync-ddf-file.md
+++ b/windows/client-management/mdm/activesync-ddf-file.md
@@ -1,6 +1,6 @@
 ---
 title: ActiveSync DDF file
-description: ActiveSync DDF file
+description: Learn about the OMA DM device description framework (DDF) for the ActiveSync configuration service provider.
 ms.assetid: c4cd4816-ad8f-45b2-9b81-8abb18254096
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/client-management/mdm/alljoynmanagement-ddf.md b/windows/client-management/mdm/alljoynmanagement-ddf.md
index 2c8cfbc647..4ad36bbd99 100644
--- a/windows/client-management/mdm/alljoynmanagement-ddf.md
+++ b/windows/client-management/mdm/alljoynmanagement-ddf.md
@@ -1,6 +1,6 @@
 ---
 title: AllJoynManagement DDF
-description: Learn the OMA DM device description framework (DDF) for the **AllJoynManagement** configuration service provider.
+description: Learn the OMA DM device description framework (DDF) for the AllJoynManagement configuration service provider.
 ms.assetid: 540C2E60-A041-4749-A027-BBAF0BB046E4
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/client-management/mdm/application-csp.md b/windows/client-management/mdm/application-csp.md
index d4fe92e943..69a0b61ca3 100644
--- a/windows/client-management/mdm/application-csp.md
+++ b/windows/client-management/mdm/application-csp.md
@@ -1,6 +1,6 @@
 ---
 title: APPLICATION configuration service provider
-description: APPLICATION configuration service provider
+description: Learn how the APPLICATION configuration service provider is used to configure an application transport using Open Mobile Alliance (OMA) Client Provisioning.
 ms.assetid: 0705b5e9-a1e7-4d70-a73d-7f758ffd8099
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/client-management/mdm/applocker-csp.md b/windows/client-management/mdm/applocker-csp.md
index 4fe03939a0..cfe9b24bd5 100644
--- a/windows/client-management/mdm/applocker-csp.md
+++ b/windows/client-management/mdm/applocker-csp.md
@@ -1,6 +1,6 @@
 ---
 title: AppLocker CSP
-description: AppLocker CSP
+description: Learn how the AppLocker configuration service provider is used to specify which applications are allowed or disallowed.
 ms.assetid: 32FEA2C9-3CAD-40C9-8E4F-E3C69637580F
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/client-management/mdm/applocker-ddf-file.md b/windows/client-management/mdm/applocker-ddf-file.md
index ffd93b2784..4ea2ef6556 100644
--- a/windows/client-management/mdm/applocker-ddf-file.md
+++ b/windows/client-management/mdm/applocker-ddf-file.md
@@ -1,6 +1,6 @@
 ---
 title: AppLocker DDF file
-description: See the OMA DM device description framework (DDF) for the AppLocker DDF file configuration service provider.
+description: Learn about the OMA DM device description framework (DDF) for the AppLocker DDF file configuration service provider.
 ms.assetid: 79E199E0-5454-413A-A57A-B536BDA22496
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/client-management/mdm/applocker-xsd.md b/windows/client-management/mdm/applocker-xsd.md
index d07e9eea71..3e03f501a8 100644
--- a/windows/client-management/mdm/applocker-xsd.md
+++ b/windows/client-management/mdm/applocker-xsd.md
@@ -1,6 +1,6 @@
 ---
 title: AppLocker XSD
-description: Here's the XSD for the AppLocker CSP.
+description: View the XSD for the AppLocker CSP. The AppLocker CSP XSD provides an example of how the schema is organized.
 ms.assetid: 70CF48DD-AD7D-4BCF-854F-A41BFD95F876
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/client-management/mdm/assignedaccess-ddf.md b/windows/client-management/mdm/assignedaccess-ddf.md
index c4844e943d..703958aa0e 100644
--- a/windows/client-management/mdm/assignedaccess-ddf.md
+++ b/windows/client-management/mdm/assignedaccess-ddf.md
@@ -1,6 +1,6 @@
 ---
 title: AssignedAccess DDF
-description: AssignedAccess DDF
+description: Learn how the OMA DM device description framework (DDF) for the AssignedAccess configuration service provider.
 ms.assetid: 224FADDB-0EFD-4E5A-AE20-1BD4ABE24306
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/client-management/mdm/bitlocker-csp.md b/windows/client-management/mdm/bitlocker-csp.md
index b84c02e4e8..07f3aa7f0f 100644
--- a/windows/client-management/mdm/bitlocker-csp.md
+++ b/windows/client-management/mdm/bitlocker-csp.md
@@ -1,6 +1,6 @@
 ---
 title: BitLocker CSP
-description: BitLocker CSP
+description: Learn how the BitLocker configuration service provider (CSP) is used by the enterprise to manage encryption of PCs and devices.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/bitlocker-ddf-file.md b/windows/client-management/mdm/bitlocker-ddf-file.md
index edf7ea7a4b..693a48b687 100644
--- a/windows/client-management/mdm/bitlocker-ddf-file.md
+++ b/windows/client-management/mdm/bitlocker-ddf-file.md
@@ -1,6 +1,6 @@
 ---
 title: BitLocker DDF file
-description: BitLocker DDF file
+description: Learn about the OMA DM device description framework (DDF) for the BitLocker configuration service provider.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/bootstrap-csp.md b/windows/client-management/mdm/bootstrap-csp.md
index 00e4fe59b5..2381889266 100644
--- a/windows/client-management/mdm/bootstrap-csp.md
+++ b/windows/client-management/mdm/bootstrap-csp.md
@@ -1,6 +1,6 @@
 ---
 title: BOOTSTRAP CSP
-description: Use the BOOTSTRAP configuration service provider sets the Trusted Provisioning Server (TPS) for the device.
+description: Use the BOOTSTRAP configuration service provider to set the Trusted Provisioning Server (TPS) for the device.
 ms.assetid: b8acbddc-347f-4543-a45b-ad2ffae3ffd0
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/client-management/mdm/browserfavorite-csp.md b/windows/client-management/mdm/browserfavorite-csp.md
index 9e1c5633df..908672c4ef 100644
--- a/windows/client-management/mdm/browserfavorite-csp.md
+++ b/windows/client-management/mdm/browserfavorite-csp.md
@@ -1,6 +1,6 @@
 ---
 title: BrowserFavorite CSP
-description: BrowserFavorite CSP
+description: Learn how the BrowserFavorite configuration service provider is used to add and remove URLs from the favorites list on a device.
 ms.assetid: 5d2351ff-2d6a-4273-9b09-224623723cbf
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/client-management/mdm/cellularsettings-csp.md b/windows/client-management/mdm/cellularsettings-csp.md
index edb5e3bdfa..953ddf78ae 100644
--- a/windows/client-management/mdm/cellularsettings-csp.md
+++ b/windows/client-management/mdm/cellularsettings-csp.md
@@ -1,6 +1,6 @@
 ---
 title: CellularSettings CSP
-description: CellularSettings CSP
+description: Learn how the CellularSettings configuration service provider is used to configure cellular settings on a mobile device.
 ms.assetid: ce8b6f16-37ca-4aaf-98b0-306d12e326df
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/client-management/mdm/certificate-renewal-windows-mdm.md b/windows/client-management/mdm/certificate-renewal-windows-mdm.md
index f6b0b2998b..0db0669275 100644
--- a/windows/client-management/mdm/certificate-renewal-windows-mdm.md
+++ b/windows/client-management/mdm/certificate-renewal-windows-mdm.md
@@ -1,6 +1,6 @@
 ---
 title: Certificate Renewal
-description: Find all the resources needed to provide continuous access to client certificates.
+description: Learn how to find all the resources that you need to provide continuous access to client certificates.
 MS-HAID: 
   - 'p\_phdevicemgmt.certificate\_renewal'
   - 'p\_phDeviceMgmt.certificate\_renewal\_windows\_mdm'
diff --git a/windows/client-management/mdm/clientcertificateinstall-ddf-file.md b/windows/client-management/mdm/clientcertificateinstall-ddf-file.md
index 8601f82b20..ed787a3b0f 100644
--- a/windows/client-management/mdm/clientcertificateinstall-ddf-file.md
+++ b/windows/client-management/mdm/clientcertificateinstall-ddf-file.md
@@ -1,6 +1,6 @@
 ---
 title: ClientCertificateInstall DDF file
-description: ClientCertificateInstall DDF file
+description: Learn about the OMA DM device description framework (DDF) for the ClientCertificateInstall configuration service provider.
 ms.assetid: 7F65D045-A750-4CDE-A1CE-7D152AA060CA
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/client-management/mdm/cm-cellularentries-csp.md b/windows/client-management/mdm/cm-cellularentries-csp.md
index 02f2910d16..5063181c3f 100644
--- a/windows/client-management/mdm/cm-cellularentries-csp.md
+++ b/windows/client-management/mdm/cm-cellularentries-csp.md
@@ -1,6 +1,6 @@
 ---
 title: CM\_CellularEntries CSP
-description: Configure the General Packet Radio Service (GPRS) entries using the CM\_CellularEntries CSP.
+description: Learn how to configure the General Packet Radio Service (GPRS) entries using the CM\_CellularEntries CSP.
 ms.assetid: f8dac9ef-b709-4b76-b6f5-34c2e6a3c847
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/client-management/mdm/cmpolicyenterprise-csp.md b/windows/client-management/mdm/cmpolicyenterprise-csp.md
index 08d0040594..df773dcb43 100644
--- a/windows/client-management/mdm/cmpolicyenterprise-csp.md
+++ b/windows/client-management/mdm/cmpolicyenterprise-csp.md
@@ -1,6 +1,6 @@
 ---
 title: CMPolicyEnterprise CSP
-description: CMPolicyEnterprise CSP
+description: Learn how the CMPolicyEnterprise CSP is used to define rules that the Connection Manager uses to identify the correct connection for a connection request.
 ms.assetid: A0BE3458-ABED-4F80-B467-F842157B94BF
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/client-management/mdm/cmpolicyenterprise-ddf-file.md b/windows/client-management/mdm/cmpolicyenterprise-ddf-file.md
index 1eb4a02627..5c1c136c23 100644
--- a/windows/client-management/mdm/cmpolicyenterprise-ddf-file.md
+++ b/windows/client-management/mdm/cmpolicyenterprise-ddf-file.md
@@ -1,6 +1,6 @@
 ---
 title: CMPolicyEnterprise DDF file
-description: CMPolicyEnterprise DDF file
+description: Learn about the OMA DM device description framework (DDF) for the CMPolicyEnterprise configuration service provider.
 ms.assetid: 065EF07A-0CF3-4EE5-B620-3464A75B7EED
 ms.reviewer: 
 manager: dansimp

From ee0509798aa1fd5162d5f1967ff8503fe3515d6f Mon Sep 17 00:00:00 2001
From: Joey Caparas <macapara@microsoft.com>
Date: Fri, 14 Aug 2020 12:32:45 -0700
Subject: [PATCH 30/69] update toc add back topics

---
 .../threat-protection/windows-firewall/TOC.md | 104 ++++++++++++------
 .../firewall-policy-design-example.md         |   4 +-
 ...wall-with-advanced-security-design-plan.md |   2 +-
 ...with-advanced-security-deployment-guide.md |  12 +-
 ...windows-firewall-with-advanced-security.md |  19 ++--
 5 files changed, 84 insertions(+), 57 deletions(-)

diff --git a/windows/security/threat-protection/windows-firewall/TOC.md b/windows/security/threat-protection/windows-firewall/TOC.md
index 7861f11250..038232e7da 100644
--- a/windows/security/threat-protection/windows-firewall/TOC.md
+++ b/windows/security/threat-protection/windows-firewall/TOC.md
@@ -1,38 +1,51 @@
 # [Windows Firewall with Advanced Security](windows-firewall-with-advanced-security.md)
 
-## [Plan/Design]()
+## [Plan deployment]()
 
-### [Design Guide](windows-firewall-with-advanced-security-design-guide.md)
+### [Design guide](windows-firewall-with-advanced-security-design-guide.md)
 
-### [Design Process](understanding-the-windows-firewall-with-advanced-security-design-process.md)
+### [Design process](understanding-the-windows-firewall-with-advanced-security-design-process.md)
 
-### [Deployment Goals]()
-#### [Identify deployment goals](identifying-your-windows-firewall-with-advanced-security-deployment-goals.md)
+### [Implementation goals]()
+#### [Identify implementation goals](identifying-your-windows-firewall-with-advanced-security-deployment-goals.md)
 #### [Protect Devices from Unwanted Network Traffic](protect-devices-from-unwanted-network-traffic.md)
 #### [Restrict Access to Only Trusted Devices](restrict-access-to-only-trusted-devices.md)
 #### [Require Encryption](require-encryption-when-accessing-sensitive-network-resources.md)
 #### [Restrict Access](restrict-access-to-only-specified-users-or-devices.md)
 
-### [Deployment designs]()
-#### [Mapping Goals to a Design](mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md)
-#### [Basic Design](basic-firewall-policy-design.md)
-#### [Domain Isolation Design](domain-isolation-policy-design.md)
-#### [Server Isolation Design](server-isolation-policy-design.md)
-#### [Certificate-based Isolation Design](certificate-based-isolation-policy-design.md)
+### [Implementation designs]()
+#### [Mapping goals to a design](mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md)
 
-### [Design plans]()
-#### [Planning Your Design](planning-your-windows-firewall-with-advanced-security-design.md)
-#### [Planning Settings for a Basic Firewall Policy](planning-settings-for-a-basic-firewall-policy.md)
-##### [Planning Domain Isolation Zones]()
-###### [Domain Isolation Zones](planning-domain-isolation-zones.md)
-###### [Exemption List](exemption-list.md)
-###### [Isolated Domain](isolated-domain.md)
-###### [Boundary Zone](boundary-zone.md)
-###### [Encryption Zone](encryption-zone.md)
+#### [Basic design](basic-firewall-policy-design.md)
+##### [Basic Design Example](firewall-policy-design-example.md)
 
-#### [Planning Server Isolation Zones](planning-server-isolation-zones.md)
 
-#### [Planning Certificate-based Authentication](planning-certificate-based-authentication.md)
+#### [Domain isolation design](domain-isolation-policy-design.md)
+##### [Domain Isolation Design Example](domain-isolation-policy-design-example.md)
+
+
+#### [Server isolation design](server-isolation-policy-design.md)
+##### [Server Isolation Design Example](server-isolation-policy-design-example.md)
+
+
+#### [Certificate-based isolation design](certificate-based-isolation-policy-design.md)
+##### [Certificate-based Isolation Design Example](certificate-based-isolation-policy-design-example.md)
+
+### [Design planning]()
+#### [Planning your design](planning-your-windows-firewall-with-advanced-security-design.md)
+
+#### [Planning settings for a basic firewall policy](planning-settings-for-a-basic-firewall-policy.md)
+
+#### [Planning domain isolation zones]()
+##### [Domain isolation zones](planning-domain-isolation-zones.md)
+##### [Exemption list](exemption-list.md)
+##### [Isolated domain](isolated-domain.md)
+##### [Boundary zone](boundary-zone.md)
+##### [Encryption zone](encryption-zone.md)
+
+#### [Planning server isolation zones](planning-server-isolation-zones.md)
+
+#### [Planning certificate-based authentication](planning-certificate-based-authentication.md)
 ##### [Documenting the Zones](documenting-the-zones.md)
 
 ##### [Planning Group Policy Deployment for Your Isolation Zones](planning-group-policy-deployment-for-your-isolation-zones.md)
@@ -54,9 +67,31 @@
 ###### [Planning GPO Deployment](planning-gpo-deployment.md)
 
 
+### [Planning to deploy](planning-to-deploy-windows-firewall-with-advanced-security.md)
+
+
 ## [Deployment guide]()
-### [Planning to Deploy](planning-to-deploy-windows-firewall-with-advanced-security.md)
-### [Implementing Your Plan](implementing-your-windows-firewall-with-advanced-security-design-plan.md)
+### [Deployment overview](windows-firewall-with-advanced-security-deployment-guide.md)
+
+### [Implementing your plan](implementing-your-windows-firewall-with-advanced-security-design-plan.md)
+
+### [Basic firewall deployment]()
+#### [Checklist: Implementing a basic firewall policy design](checklist-implementing-a-basic-firewall-policy-design.md)
+
+
+
+### [Domain isolation deployment]()
+#### [Checklist: Implementing a Domain Isolation Policy Design](checklist-implementing-a-domain-isolation-policy-design.md)
+
+
+
+### [Server isolation deployment]()
+#### [Checklist: Implementing a Standalone Server Isolation Policy Design](checklist-implementing-a-standalone-server-isolation-policy-design.md)
+
+
+
+### [Certificate-based authentication]()
+#### [Checklist: Implementing a Certificate-based Isolation Policy Design](checklist-implementing-a-certificate-based-isolation-policy-design.md)
 
 
 
@@ -109,20 +144,19 @@
 
 ## [References]()
 ### [Checklist: Creating Group Policy Objects](checklist-creating-group-policy-objects.md)
-### [Checklist: Implementing a Basic Firewall Policy Design](checklist-implementing-a-basic-firewall-policy-design.md)
-### [Checklist: Configuring Basic Firewall Settings](checklist-configuring-basic-firewall-settings.md)
 ### [Checklist: Creating Inbound Firewall Rules](checklist-creating-inbound-firewall-rules.md)
 ### [Checklist: Creating Outbound Firewall Rules](checklist-creating-outbound-firewall-rules.md)
-### [Checklist: Implementing a Domain Isolation Policy Design](checklist-implementing-a-domain-isolation-policy-design.md)
-#### [Checklist: Configuring Rules for the Isolated Domain](checklist-configuring-rules-for-the-isolated-domain.md)
-#### [Checklist: Configuring Rules for the Boundary Zone](checklist-configuring-rules-for-the-boundary-zone.md)
-#### [Checklist: Configuring Rules for the Encryption Zone](checklist-configuring-rules-for-the-encryption-zone.md)
-#### [Checklist: Configuring Rules for an Isolated Server Zone](checklist-configuring-rules-for-an-isolated-server-zone.md)
-### [Checklist: Implementing a Standalone Server Isolation Policy Design](checklist-implementing-a-standalone-server-isolation-policy-design.md)
-#### [Checklist: Configuring Rules for Servers in a Standalone Isolated Server Zone](checklist-configuring-rules-for-servers-in-a-standalone-isolated-server-zone.md)
-#### [Checklist: Creating Rules for Clients of a Standalone Isolated Server Zone](checklist-creating-rules-for-clients-of-a-standalone-isolated-server-zone.md)
+### [Checklist: Configuring Basic Firewall Settings](checklist-configuring-basic-firewall-settings.md)
+
+
+### [Checklist: Configuring Rules for the Isolated Domain](checklist-configuring-rules-for-the-isolated-domain.md)
+### [Checklist: Configuring Rules for the Boundary Zone](checklist-configuring-rules-for-the-boundary-zone.md)
+### [Checklist: Configuring Rules for the Encryption Zone](checklist-configuring-rules-for-the-encryption-zone.md)
+### [Checklist: Configuring Rules for an Isolated Server Zone](checklist-configuring-rules-for-an-isolated-server-zone.md)
+
+### [Checklist: Configuring Rules for Servers in a Standalone Isolated Server Zone](checklist-configuring-rules-for-servers-in-a-standalone-isolated-server-zone.md)
+### [Checklist: Creating Rules for Clients of a Standalone Isolated Server Zone](checklist-creating-rules-for-clients-of-a-standalone-isolated-server-zone.md)
 
-### [Checklist: Implementing a Certificate-based Isolation Policy Design](checklist-implementing-a-certificate-based-isolation-policy-design.md)
 
 ### [Appendix A: Sample GPO Template Files for Settings Used in this Guide](appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md)
 
diff --git a/windows/security/threat-protection/windows-firewall/firewall-policy-design-example.md b/windows/security/threat-protection/windows-firewall/firewall-policy-design-example.md
index 5127569bc4..ef30c1a5cd 100644
--- a/windows/security/threat-protection/windows-firewall/firewall-policy-design-example.md
+++ b/windows/security/threat-protection/windows-firewall/firewall-policy-design-example.md
@@ -1,5 +1,5 @@
 ---
-title: Firewall Policy Design Example (Windows 10)
+title: Basic Firewall Policy Design Example (Windows 10)
 description: Firewall Policy Design Example
 ms.assetid: 0dc3bcfe-7a4d-4a15-93a9-64b13bd775a7
 ms.reviewer: 
@@ -17,7 +17,7 @@ ms.topic: conceptual
 ms.date: 08/17/2017
 ---
 
-# Firewall Policy Design Example
+# Basic Firewall Policy Design Example
 
 **Applies to**
 -   Windows 10
diff --git a/windows/security/threat-protection/windows-firewall/implementing-your-windows-firewall-with-advanced-security-design-plan.md b/windows/security/threat-protection/windows-firewall/implementing-your-windows-firewall-with-advanced-security-design-plan.md
index c56fd15494..841c88ae5d 100644
--- a/windows/security/threat-protection/windows-firewall/implementing-your-windows-firewall-with-advanced-security-design-plan.md
+++ b/windows/security/threat-protection/windows-firewall/implementing-your-windows-firewall-with-advanced-security-design-plan.md
@@ -48,7 +48,7 @@ Use the following parent checklists in this section of the guide to become famil
 
 -   [Checklist: Implementing a Domain Isolation Policy Design](checklist-implementing-a-domain-isolation-policy-design.md)
 
--   [Checklist: Implementing a Domain Isolation Policy Design](checklist-implementing-a-domain-isolation-policy-design.md)
+-   [Checklist: Implementing a Standalone Server Isolation Policy Design](checklist-implementing-a-standalone-server-isolation-policy-design.md)
 
 -   [Checklist: Implementing a Certificate-based Isolation Policy Design](checklist-implementing-a-certificate-based-isolation-policy-design.md)
 
diff --git a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-deployment-guide.md b/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-deployment-guide.md
index d91723c3d2..dbfd48ddf6 100644
--- a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-deployment-guide.md
+++ b/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-deployment-guide.md
@@ -1,6 +1,6 @@
 ---
-title: Deploy Windows Defender Firewall with Advanced Security (Windows 10)
-description: Windows Defender Firewall with Advanced Security Deployment Guide
+title: Windows Defender Firewall with Advanced Security deployment overview (Windows 10)
+description: Windows Defender Firewall with Advanced Security deployment overview
 ms.assetid: 56b51b97-1c38-481e-bbda-540f1216ad56
 ms.reviewer: 
 ms.author: dansimp
@@ -17,7 +17,7 @@ ms.topic: conceptual
 ms.date: 08/17/2017
 ---
 
-# Windows Defender Firewall with Advanced Security Deployment Guide
+# Windows Defender Firewall with Advanced Security deployment overview
 
 **Applies to**
 -   Windows 10
@@ -61,10 +61,4 @@ This guide does not provide:
 
 -   Guidance for setting up certification authorities (CAs) to create certificates for certificate-based authentication.
 
-## Overview of Windows Defender Firewall with Advanced Security
-
-Windows Defender Firewall in Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2 is a stateful host firewall that helps secure the device by allowing you to create rules that determine which network traffic is permitted to enter the device from the network and which network traffic the device is allowed to send to the network. Windows Defender Firewall also supports Internet Protocol security (IPsec), which you can use to require authentication from any device that is attempting to communicate with your device. When authentication is required, devices that cannot be authenticated as a trusted device cannot communicate with your device. You can also use IPsec to require that certain network traffic is encrypted to prevent it from being read by network packet analyzers that could be attached to the network by a malicious user.
-
-The Windows Defender Firewall with Advanced Security MMC snap-in is more flexible and provides much more functionality than the consumer-friendly Windows Defender Firewall interface found in the Control Panel. Both interfaces interact with the same underlying services, but provide different levels of control over those services. While the Windows Defender Firewall Control Panel program can protect a single device in a home environment, it does not provide enough centralized management or security features to help secure more complex network traffic found in a typical business enterprise environment.
-
 For more information about Windows Defender Firewall with Advanced Security, see [Windows Defender Firewall with Advanced Security Overview](windows-firewall-with-advanced-security.md).
diff --git a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security.md b/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security.md
index 3261e0545f..37d4d64de1 100644
--- a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security.md
+++ b/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security.md
@@ -25,10 +25,17 @@ ms.custom: asr
 
 This is an overview of the Windows Defender Firewall with Advanced Security (WFAS) and Internet Protocol security (IPsec) features.
 
+## Overview of Windows Defender Firewall with Advanced Security
+
+Windows Defender Firewall in Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2 is a stateful host firewall that helps secure the device by allowing you to create rules that determine which network traffic is permitted to enter the device from the network and which network traffic the device is allowed to send to the network. Windows Defender Firewall also supports Internet Protocol security (IPsec), which you can use to require authentication from any device that is attempting to communicate with your device. When authentication is required, devices that cannot be authenticated as a trusted device cannot communicate with your device. You can also use IPsec to require that certain network traffic is encrypted to prevent it from being read by network packet analyzers that could be attached to the network by a malicious user.
+
+The Windows Defender Firewall with Advanced Security MMC snap-in is more flexible and provides much more functionality than the consumer-friendly Windows Defender Firewall interface found in the Control Panel. Both interfaces interact with the same underlying services, but provide different levels of control over those services. While the Windows Defender Firewall Control Panel program can protect a single device in a home environment, it does not provide enough centralized management or security features to help secure more complex network traffic found in a typical business enterprise environment.
+
+
+
 ## Feature description
 
-Windows Defender Firewall with Advanced Security
-is an important part of a layered security model. By providing host-based, two-way network traffic filtering for a device, Windows Defender Firewall blocks unauthorized network traffic flowing into or out of the local device. Windows Defender Firewall also works with Network Awareness so that it can apply security settings appropriate to the types of networks to which the device is connected. Windows Defender Firewall and Internet Protocol Security (IPsec) configuration settings are integrated into a single Microsoft Management Console (MMC) named Windows Defender Firewall, so Windows Defender Firewall is also an important part of your network’s isolation strategy.
+Windows Defender Firewall with Advanced Security is an important part of a layered security model. By providing host-based, two-way network traffic filtering for a device, Windows Defender Firewall blocks unauthorized network traffic flowing into or out of the local device. Windows Defender Firewall also works with Network Awareness so that it can apply security settings appropriate to the types of networks to which the device is connected. Windows Defender Firewall and Internet Protocol Security (IPsec) configuration settings are integrated into a single Microsoft Management Console (MMC) named Windows Defender Firewall, so Windows Defender Firewall is also an important part of your network’s isolation strategy.
 
 ## Practical applications
 
@@ -41,12 +48,4 @@ To help address your organizational network security challenges, Windows Defende
 
 -   **Extends the value of existing investments.**  Because Windows Defender Firewall is a host-based firewall that is included with the operating system, there is no additional hardware or software required. Windows Defender Firewall is also designed to complement existing non-Microsoft network security solutions through a documented application programming interface (API).
 
-## In this section
 
-| Topic | Description
-| - | - |
-| [Isolating Microsoft Store Apps on Your Network](isolating-apps-on-your-network.md) | You can customize your Windows Defender Firewall configuration to isolate the network access of Microsoft Store apps that run on devices. |
-| [Securing End-to-End IPsec Connections by Using IKEv2](securing-end-to-end-ipsec-connections-by-using-ikev2.md) | You can use IKEv2 to help secure your end-to-end IPSec connections. |
-| [Windows Defender Firewall with Advanced Security Administration with Windows PowerShell](windows-firewall-with-advanced-security-administration-with-windows-powershell.md) | Learn more about using Windows PowerShell to manage the Windows Defender Firewall. |
-| [Windows Defender Firewall with Advanced Security Design Guide](windows-firewall-with-advanced-security-design-guide.md) | Learn how to create a design for deploying Windows Defender Firewall with Advanced Security. |
-| [Windows Defender Firewall with Advanced Security Deployment Guide](windows-firewall-with-advanced-security-deployment-guide.md) |  Learn how to deploy Windows Defender Firewall with Advanced Security. |

From 110213ea267937f0ee3c91008021d880f7a9123e Mon Sep 17 00:00:00 2001
From: Joey Caparas <macapara@microsoft.com>
Date: Fri, 14 Aug 2020 12:59:10 -0700
Subject: [PATCH 31/69] add troubleshooting topic

---
 windows/security/threat-protection/windows-firewall/TOC.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/windows-firewall/TOC.md b/windows/security/threat-protection/windows-firewall/TOC.md
index 038232e7da..874e91f06d 100644
--- a/windows/security/threat-protection/windows-firewall/TOC.md
+++ b/windows/security/threat-protection/windows-firewall/TOC.md
@@ -163,7 +163,7 @@
 
 
 ## [Troubleshooting]()
-
+### [Troubleshooting UWP App Connectivity Issues in Windows Firewall](troubleshooting-uwp-firewall.md)
 
 
 

From 774963624d0ed22ce68bc332e8615c39ec7705c3 Mon Sep 17 00:00:00 2001
From: Joey Caparas <macapara@microsoft.com>
Date: Fri, 14 Aug 2020 13:28:18 -0700
Subject: [PATCH 32/69] cleannnnnnn up

---
 .../threat-protection/windows-firewall/TOC.md | 98 +++++++++----------
 ...with-advanced-security-deployment-goals.md | 17 ++--
 ...t-devices-from-unwanted-network-traffic.md |  4 +-
 ...restrict-access-to-only-trusted-devices.md |  6 +-
 ...all-with-advanced-security-design-guide.md |  7 +-
 5 files changed, 65 insertions(+), 67 deletions(-)

diff --git a/windows/security/threat-protection/windows-firewall/TOC.md b/windows/security/threat-protection/windows-firewall/TOC.md
index 874e91f06d..e8109bbb5d 100644
--- a/windows/security/threat-protection/windows-firewall/TOC.md
+++ b/windows/security/threat-protection/windows-firewall/TOC.md
@@ -48,23 +48,23 @@
 #### [Planning certificate-based authentication](planning-certificate-based-authentication.md)
 ##### [Documenting the Zones](documenting-the-zones.md)
 
-##### [Planning Group Policy Deployment for Your Isolation Zones](planning-group-policy-deployment-for-your-isolation-zones.md)
-###### [Planning Isolation Groups for the Zones](planning-isolation-groups-for-the-zones.md)
-###### [Planning Network Access Groups](planning-network-access-groups.md)
+##### [Planning group policy deployment for your isolation zones](planning-group-policy-deployment-for-your-isolation-zones.md)
+###### [Planning isolation groups for the zones](planning-isolation-groups-for-the-zones.md)
+###### [Planning network access groups](planning-network-access-groups.md)
 
 ###### [Planning the GPOs](planning-the-gpos.md)
 ####### [Firewall GPOs](firewall-gpos.md)
 ######## [GPO_DOMISO_Firewall](gpo-domiso-firewall.md)
-####### [Isolated Domain GPOs](isolated-domain-gpos.md)
+####### [Isolated domain GPOs](isolated-domain-gpos.md)
 ######## [GPO_DOMISO_IsolatedDomain_Clients](gpo-domiso-isolateddomain-clients.md)
 ######## [GPO_DOMISO_IsolatedDomain_Servers](gpo-domiso-isolateddomain-servers.md)
-####### [Boundary Zone GPOs](boundary-zone-gpos.md)
+####### [Boundary zone GPOs](boundary-zone-gpos.md)
 ######## [GPO_DOMISO_Boundary](gpo-domiso-boundary.md)
-####### [Encryption Zone GPOs](encryption-zone-gpos.md)
+####### [Encryption zone GPOs](encryption-zone-gpos.md)
 ######## [GPO_DOMISO_Encryption](gpo-domiso-encryption.md)
-####### [Server Isolation GPOs](server-isolation-gpos.md)
+####### [Server isolation GPOs](server-isolation-gpos.md)
 
-###### [Planning GPO Deployment](planning-gpo-deployment.md)
+###### [Planning GPO deployment](planning-gpo-deployment.md)
 
 
 ### [Planning to deploy](planning-to-deploy-windows-firewall-with-advanced-security.md)
@@ -102,68 +102,68 @@
 
 
 ## [How-to]()
-### [Add Production Devices to the Membership Group for a Zone](add-production-devices-to-the-membership-group-for-a-zone.md)
-### [Add Test Devices to the Membership Group for a Zone](add-test-devices-to-the-membership-group-for-a-zone.md)
-### [Assign Security Group Filters to the GPO](assign-security-group-filters-to-the-gpo.md)
-### [Change Rules from Request to Require Mode](change-rules-from-request-to-require-mode.md)
-### [Configure Authentication Methods](configure-authentication-methods.md)
-### [Configure Data Protection (Quick Mode) Settings](configure-data-protection-quick-mode-settings.md)
-### [Configure Group Policy to Autoenroll and Deploy Certificates](configure-group-policy-to-autoenroll-and-deploy-certificates.md)
-### [Configure Key Exchange (Main Mode) Settings](configure-key-exchange-main-mode-settings.md)
-### [Configure the Rules to Require Encryption](configure-the-rules-to-require-encryption.md)
-### [Configure the Windows Firewall Log](configure-the-windows-firewall-log.md)
-### [Configure the Workstation Authentication Certificate Template](configure-the-workstation-authentication-certificate-template.md)
-### [Configure Windows Firewall to Suppress Notifications When a Program Is Blocked](configure-windows-firewall-to-suppress-notifications-when-a-program-is-blocked.md)
-### [Confirm That Certificates Are Deployed Correctly](confirm-that-certificates-are-deployed-correctly.md)
-### [Copy a GPO to Create a New GPO](copy-a-gpo-to-create-a-new-gpo.md)
+### [Add Production devices to the membership group for a zone](add-production-devices-to-the-membership-group-for-a-zone.md)
+### [Add test devices to the membership group for a zone](add-test-devices-to-the-membership-group-for-a-zone.md)
+### [Assign security group filters to the GPO](assign-security-group-filters-to-the-gpo.md)
+### [Change rules from request to require mode](Change-Rules-From-Request-To-Require-Mode.Md)
+### [Configure authentication methods](Configure-authentication-methods.md)
+### [Configure data protection (Quick Mode) settings](configure-data-protection-quick-mode-settings.md)
+### [Configure Group Policy to autoenroll and deploy certificates](configure-group-policy-to-autoenroll-and-deploy-certificates.md)
+### [Configure key exchange (main mode) settings](configure-key-exchange-main-mode-settings.md)
+### [Configure the rules to require encryption](configure-the-rules-to-require-encryption.md)
+### [Configure the Windows Firewall log](configure-the-windows-firewall-log.md)
+### [Configure the workstation authentication certificate template](configure-the-workstation-authentication-certificate-template.md)
+### [Configure Windows Firewall to suppress notifications when a program is blocked](configure-windows-firewall-to-suppress-notifications-when-a-program-is-blocked.md)
+### [Confirm that certificates are deployed correctly](confirm-that-certificates-are-deployed-correctly.md)
+### [Copy a GPO to create a new GPO](copy-a-gpo-to-create-a-new-gpo.md)
 ### [Create a Group Account in Active Directory](create-a-group-account-in-active-directory.md)
 ### [Create a Group Policy Object](create-a-group-policy-object.md)
-### [Create an Authentication Exemption List Rule](create-an-authentication-exemption-list-rule.md)
-### [Create an Authentication Request Rule](create-an-authentication-request-rule.md)
-### [Create an Inbound ICMP Rule](create-an-inbound-icmp-rule.md)
-### [Create an Inbound Port Rule](create-an-inbound-port-rule.md)
-### [Create an Inbound Program or Service Rule](create-an-inbound-program-or-service-rule.md)
-### [Create an Outbound Port Rule](create-an-outbound-port-rule.md)
-### [Create an Outbound Program or Service Rule](create-an-outbound-program-or-service-rule.md)
-### [Create Inbound Rules to Support RPC](create-inbound-rules-to-support-rpc.md)
-### [Create WMI Filters for the GPO](create-wmi-filters-for-the-gpo.md)
+### [Create an authentication exemption list rule](create-an-authentication-exemption-list-rule.md)
+### [Create an authentication request rule](create-an-authentication-request-rule.md)
+### [Create an inbound ICMP rule](create-an-inbound-icmp-rule.md)
+### [Create an inbound port rule](create-an-inbound-port-rule.md)
+### [Create an inbound program or service rule](create-an-inbound-program-or-service-rule.md)
+### [Create an outbound port rule](create-an-outbound-port-rule.md)
+### [Create an outbound program or service rule](create-an-outbound-program-or-service-rule.md)
+### [Create inbound rules to support RPC](create-inbound-rules-to-support-rpc.md)
+### [Create WMI filters for the GPO](create-wmi-filters-for-the-gpo.md)
 ### [Create Windows Firewall rules in Intune](create-windows-firewall-rules-in-intune.md)
-### [Enable Predefined Inbound Rules](enable-predefined-inbound-rules.md)
-### [Enable Predefined Outbound Rules](enable-predefined-outbound-rules.md)
-### [Exempt ICMP from Authentication](exempt-icmp-from-authentication.md)
-### [Link the GPO to the Domain](link-the-gpo-to-the-domain.md)
-### [Modify GPO Filters](modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md)
-### [Open IP Security Policies](open-the-group-policy-management-console-to-ip-security-policies.md)
+### [Enable predefined inbound rules](enable-predefined-inbound-rules.md)
+### [Enable predefined outbound rules](enable-predefined-outbound-rules.md)
+### [Exempt ICMP from authentication](exempt-icmp-from-authentication.md)
+### [Link the GPO to the domain](link-the-gpo-to-the-domain.md)
+### [Modify GPO filters](modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md)
+### [Open IP security policies](open-the-group-policy-management-console-to-ip-security-policies.md)
 ### [Open Group Policy](open-the-group-policy-management-console-to-windows-firewall.md)
 ### [Open Group Policy](open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md)
 ### [Open Windows Firewall](open-windows-firewall-with-advanced-security.md)
-### [Restrict Server Access](restrict-server-access-to-members-of-a-group-only.md)
+### [Restrict server access](restrict-server-access-to-members-of-a-group-only.md)
 ### [Enable Windows Firewall](turn-on-windows-firewall-and-configure-default-behavior.md)
 ### [Verify Network Traffic](verify-that-network-traffic-is-authenticated.md)
-### [Verify Network Traffic](verify-that-network-traffic-is-authenticated.md)
+
 
 ## [References]()
-### [Checklist: Creating Group Policy Objects](checklist-creating-group-policy-objects.md)
-### [Checklist: Creating Inbound Firewall Rules](checklist-creating-inbound-firewall-rules.md)
+### [Checklist: Creating Group Policy objects](checklist-creating-group-policy-objects.md)
+### [Checklist: Creating inbound firewall rules](checklist-creating-inbound-firewall-rules.md)
 ### [Checklist: Creating Outbound Firewall Rules](checklist-creating-outbound-firewall-rules.md)
 ### [Checklist: Configuring Basic Firewall Settings](checklist-configuring-basic-firewall-settings.md)
 
 
-### [Checklist: Configuring Rules for the Isolated Domain](checklist-configuring-rules-for-the-isolated-domain.md)
-### [Checklist: Configuring Rules for the Boundary Zone](checklist-configuring-rules-for-the-boundary-zone.md)
-### [Checklist: Configuring Rules for the Encryption Zone](checklist-configuring-rules-for-the-encryption-zone.md)
-### [Checklist: Configuring Rules for an Isolated Server Zone](checklist-configuring-rules-for-an-isolated-server-zone.md)
+### [Checklist: Configuring rules for the isolated domain](checklist-configuring-rules-for-the-isolated-domain.md)
+### [Checklist: Configuring rules for the boundary zone](checklist-configuring-rules-for-the-boundary-zone.md)
+### [Checklist: Configuring rules for the encryption zone](checklist-configuring-rules-for-the-encryption-zone.md)
+### [Checklist: Configuring rules for an isolated server zone](checklist-configuring-rules-for-an-isolated-server-zone.md)
 
-### [Checklist: Configuring Rules for Servers in a Standalone Isolated Server Zone](checklist-configuring-rules-for-servers-in-a-standalone-isolated-server-zone.md)
-### [Checklist: Creating Rules for Clients of a Standalone Isolated Server Zone](checklist-creating-rules-for-clients-of-a-standalone-isolated-server-zone.md)
+### [Checklist: Configuring rules for servers in a standalone isolated server zone](checklist-configuring-rules-for-servers-in-a-standalone-isolated-server-zone.md)
+### [Checklist: Creating rules for clients of a standalone isolated server zone](checklist-creating-rules-for-clients-of-a-standalone-isolated-server-zone.md)
 
 
-### [Appendix A: Sample GPO Template Files for Settings Used in this Guide](appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md)
+### [Appendix A: Sample GPO template files for settings used in this guide](appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md)
 
 
 
 ## [Troubleshooting]()
-### [Troubleshooting UWP App Connectivity Issues in Windows Firewall](troubleshooting-uwp-firewall.md)
+### [Troubleshooting UWP app connectivity issues in Windows Firewall](troubleshooting-uwp-firewall.md)
 
 
 
diff --git a/windows/security/threat-protection/windows-firewall/identifying-your-windows-firewall-with-advanced-security-deployment-goals.md b/windows/security/threat-protection/windows-firewall/identifying-your-windows-firewall-with-advanced-security-deployment-goals.md
index 5e3a16c452..96725d8ff3 100644
--- a/windows/security/threat-protection/windows-firewall/identifying-your-windows-firewall-with-advanced-security-deployment-goals.md
+++ b/windows/security/threat-protection/windows-firewall/identifying-your-windows-firewall-with-advanced-security-deployment-goals.md
@@ -1,6 +1,6 @@
 ---
-title: Identify Goals for your WFAS Deployment (Windows 10)
-description: Identifying Your Windows Defender Firewall with Advanced Security (WFAS) Deployment Goals
+title: Identify implementation goals for Windows Defender Firewall with Advanced Security Deployment (Windows 10)
+description: Identifying Your Windows Defender Firewall with Advanced Security (WFAS) implementation goals
 ms.assetid: 598cf45e-2e1c-4947-970f-361dfa264bba
 ms.reviewer: 
 ms.author: dansimp
@@ -17,22 +17,21 @@ ms.topic: conceptual
 ms.date: 08/17/2017
 ---
 
-# Identifying Your Windows Defender Firewall with Advanced Security Deployment Goals
-
+# Identifying Windows Defender Firewall with Advanced Security implementation goals 
 **Applies to**
 -   Windows 10
 -   Windows Server 2016
 
-Correctly identifying your Windows Defender Firewall with Advanced Security deployment goals is essential for the success of your Windows Defender Firewall design project. Form a project team that can clearly articulate deployment issues in a vision statement. When you write your vision statement, identify, clarify, and refine your deployment goals. Prioritize and, if possible, combine your deployment goals so that you can design and deploy Windows Defender Firewall by using an iterative approach. You can take advantage of the predefined Windows Defender Firewall deployment goals presented in this guide that are relevant to your scenarios.
+Correctly identifying your Windows Defender Firewall with Advanced Security implementation goals is essential for the success of your Windows Defender Firewall design project. Form a project team that can clearly articulate deployment issues in a vision statement. When you write your vision statement, identify, clarify, and refine your implementation goals. Prioritize and, if possible, combine your implementation goals so that you can design and deploy Windows Defender Firewall by using an iterative approach. You can take advantage of the predefined Windows Defender Firewall implementation goals presented in this guide that are relevant to your scenarios.
 
-The following table lists the three main tasks for articulating, refining, and subsequently documenting your Windows Defender Firewall deployment goals:
+The following table lists the three main tasks for articulating, refining, and subsequently documenting your Windows Defender Firewall implementation goals:
 
 
 |                                                                                            Deployment goal tasks                                                                                             |                                                                                                                                                                                                                                                                  Reference links                                                                                                                                                                                                                                                                   |
 |--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| Evaluate predefined Windows Defender Firewall with Advanced Security deployment goals that are provided in this section of the guide, and combine one or more goals to reach your organizational objectives. | Predefined deployment goals:  <p><ul><li>[Protect Devices from Unwanted Network Traffic](protect-devices-from-unwanted-network-traffic.md)</li><p><li>[Restrict Access to Only Trusted Devices](restrict-access-to-only-trusted-devices.md)</li> <p><li>[Require Encryption When Accessing Sensitive Network Resources](require-encryption-when-accessing-sensitive-network-resources.md)</li> <p><li>[Restrict Access to Sensitive Resources to Only Specified Users or Devices](restrict-access-to-only-specified-users-or-devices.md)</li></ul> |
-|                                   Map one goal or a combination of the predefined deployment goals to an existing Windows Defender Firewall with Advanced Security design.                                   |                                                                                                                                                                        <ul><li>[Mapping Your Deployment Goals to a Windows Defender Firewall with Advanced Security Design](mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md)</li></ul>                                                                                                                                                                        |
-|                 Based on the status of your current infrastructure, document your deployment goals for your Windows Defender Firewall with Advanced Security design into a deployment plan.                  |                                                                                                                              <ul><li>[Designing A Windows Defender Firewall Strategy](designing-a-windows-firewall-with-advanced-security-strategy.md)</li> <p><li>[Planning Your Windows Defender Firewall Design with Advanced Security](planning-your-windows-firewall-with-advanced-security-design.md)</li></ul>                                                                                                                              |
+| Evaluate predefined Windows Defender Firewall with Advanced Security implementation goals that are provided in this section of the guide, and combine one or more goals to reach your organizational objectives. | Predefined implementation goals:  <p><ul><li>[Protect Devices from Unwanted Network Traffic](protect-devices-from-unwanted-network-traffic.md)</li><p><li>[Restrict Access to Only Trusted Devices](restrict-access-to-only-trusted-devices.md)</li> <p><li>[Require Encryption When Accessing Sensitive Network Resources](require-encryption-when-accessing-sensitive-network-resources.md)</li> <p><li>[Restrict Access to Sensitive Resources to Only Specified Users or Devices](restrict-access-to-only-specified-users-or-devices.md)</li></ul> |
+|                                   Map one goal or a combination of the predefined implementation goals to an existing Windows Defender Firewall with Advanced Security design.                                   |                                                                                                                                                                        <ul><li>[Mapping Your implementation goals to a Windows Defender Firewall with Advanced Security Design](mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md)</li></ul>                                                                                                                                                                        |
+|                 Based on the status of your current infrastructure, document your implementation goals for your Windows Defender Firewall with Advanced Security design into a deployment plan.                  |                                                                                                                              <ul><li>[Designing A Windows Defender Firewall Strategy](designing-a-windows-firewall-with-advanced-security-strategy.md)</li> <p><li>[Planning Your Windows Defender Firewall Design with Advanced Security](planning-your-windows-firewall-with-advanced-security-design.md)</li></ul>                                                                                                                              |
 
 <br />
 
diff --git a/windows/security/threat-protection/windows-firewall/protect-devices-from-unwanted-network-traffic.md b/windows/security/threat-protection/windows-firewall/protect-devices-from-unwanted-network-traffic.md
index a3ca3c4b6e..76364690ae 100644
--- a/windows/security/threat-protection/windows-firewall/protect-devices-from-unwanted-network-traffic.md
+++ b/windows/security/threat-protection/windows-firewall/protect-devices-from-unwanted-network-traffic.md
@@ -1,5 +1,5 @@
 ---
-title: Protect Devices from Unwanted Network Traffic (Windows 10)
+title: Protect devices from unwanted network traffic (Windows 10)
 description: Protect Devices from Unwanted Network Traffic
 ms.assetid: 307d2b38-e8c4-4358-ae16-f2143af965dc
 ms.reviewer: 
@@ -17,7 +17,7 @@ ms.topic: conceptual
 ms.date: 04/19/2017
 ---
 
-# Protect Devices from Unwanted Network Traffic
+# Protect devices from unwanted network traffic 
 
 **Applies to**
 -   Windows 10
diff --git a/windows/security/threat-protection/windows-firewall/restrict-access-to-only-trusted-devices.md b/windows/security/threat-protection/windows-firewall/restrict-access-to-only-trusted-devices.md
index cbdd8e51d9..56b9898e53 100644
--- a/windows/security/threat-protection/windows-firewall/restrict-access-to-only-trusted-devices.md
+++ b/windows/security/threat-protection/windows-firewall/restrict-access-to-only-trusted-devices.md
@@ -1,6 +1,6 @@
 ---
-title: Restrict Access to Only Trusted Devices (Windows 10)
-description: Restrict Access to Only Trusted Devices
+title: Restrict access to only trusted devices (Windows 10)
+description: estrict access to only trusted devices
 ms.assetid: bc1f49a4-7d54-4857-8af9-b7c79f47273b
 ms.reviewer: 
 ms.author: dansimp
@@ -17,7 +17,7 @@ ms.topic: conceptual
 ms.date: 08/17/2017
 ---
 
-# Restrict Access to Only Trusted Devices
+# Restrict access to only trusted devices
 
 **Applies to**
 -   Windows 10
diff --git a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-design-guide.md b/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-design-guide.md
index 70c8912478..0cda980c2c 100644
--- a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-design-guide.md
+++ b/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-design-guide.md
@@ -1,6 +1,6 @@
 ---
-title: Windows Defender Firewall with Advanced Security Design Guide (Windows 10)
-description: Windows Defender Firewall with Advanced Security Design Guide
+title: Windows Defender Firewall with Advanced Security design guide (Windows 10)
+description: Windows Defender Firewall with Advanced Security design guide
 ms.assetid: 5c631389-f232-4b95-9e48-ec02b8677d51
 ms.reviewer: 
 ms.author: dansimp
@@ -17,8 +17,7 @@ ms.topic: conceptual
 ms.date: 10/05/2017
 ---
 
-# Windows Defender Firewall with Advanced Security
-Design Guide
+# Windows Defender Firewall with Advanced Security design guide
 
 **Applies to**
 -   Windows 10

From d3f75c7897da0ed2e7e2892dc073c42e5fb71e2c Mon Sep 17 00:00:00 2001
From: Joey Caparas <macapara@microsoft.com>
Date: Fri, 14 Aug 2020 13:46:54 -0700
Subject: [PATCH 33/69] more clean up

---
 .../threat-protection/windows-firewall/TOC.md | 22 +++++++++----------
 ...rtificate-based-isolation-policy-design.md |  6 ++---
 ...rtificate-based-isolation-policy-design.md |  2 +-
 ...enting-a-domain-isolation-policy-design.md |  2 +-
 ...andalone-server-isolation-policy-design.md |  2 +-
 .../domain-isolation-policy-design.md         |  2 +-
 ...-firewall-with-advanced-security-design.md | 10 ++++-----
 .../server-isolation-policy-design.md         |  2 +-
 ...l-with-advanced-security-design-process.md |  7 +++---
 ...all-with-advanced-security-design-guide.md |  7 +++---
 10 files changed, 30 insertions(+), 32 deletions(-)

diff --git a/windows/security/threat-protection/windows-firewall/TOC.md b/windows/security/threat-protection/windows-firewall/TOC.md
index e8109bbb5d..e5edff503e 100644
--- a/windows/security/threat-protection/windows-firewall/TOC.md
+++ b/windows/security/threat-protection/windows-firewall/TOC.md
@@ -8,28 +8,28 @@
 
 ### [Implementation goals]()
 #### [Identify implementation goals](identifying-your-windows-firewall-with-advanced-security-deployment-goals.md)
-#### [Protect Devices from Unwanted Network Traffic](protect-devices-from-unwanted-network-traffic.md)
-#### [Restrict Access to Only Trusted Devices](restrict-access-to-only-trusted-devices.md)
-#### [Require Encryption](require-encryption-when-accessing-sensitive-network-resources.md)
-#### [Restrict Access](restrict-access-to-only-specified-users-or-devices.md)
+#### [Protect devices from unwanted network traffic](protect-devices-from-unwanted-network-traffic.md)
+#### [Restrict access to only trusted devices](restrict-access-to-only-trusted-devices.md)
+#### [Require encryption](require-encryption-when-accessing-sensitive-network-resources.md)
+#### [Restrict access](restrict-access-to-only-specified-users-or-devices.md)
 
 ### [Implementation designs]()
 #### [Mapping goals to a design](mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md)
 
-#### [Basic design](basic-firewall-policy-design.md)
-##### [Basic Design Example](firewall-policy-design-example.md)
+#### [Basic firewall design](basic-firewall-policy-design.md)
+##### [Basic firewall design example](firewall-policy-design-example.md)
 
 
 #### [Domain isolation design](domain-isolation-policy-design.md)
-##### [Domain Isolation Design Example](domain-isolation-policy-design-example.md)
+##### [Domain isolation design example](domain-isolation-policy-design-example.md)
 
 
 #### [Server isolation design](server-isolation-policy-design.md)
-##### [Server Isolation Design Example](server-isolation-policy-design-example.md)
+##### [Server Isolation design example](server-isolation-policy-design-example.md)
 
 
 #### [Certificate-based isolation design](certificate-based-isolation-policy-design.md)
-##### [Certificate-based Isolation Design Example](certificate-based-isolation-policy-design-example.md)
+##### [Certificate-based Isolation design example](certificate-based-isolation-policy-design-example.md)
 
 ### [Design planning]()
 #### [Planning your design](planning-your-windows-firewall-with-advanced-security-design.md)
@@ -145,8 +145,8 @@
 ## [References]()
 ### [Checklist: Creating Group Policy objects](checklist-creating-group-policy-objects.md)
 ### [Checklist: Creating inbound firewall rules](checklist-creating-inbound-firewall-rules.md)
-### [Checklist: Creating Outbound Firewall Rules](checklist-creating-outbound-firewall-rules.md)
-### [Checklist: Configuring Basic Firewall Settings](checklist-configuring-basic-firewall-settings.md)
+### [Checklist: Creating outbound firewall rules](checklist-creating-outbound-firewall-rules.md)
+### [Checklist: Configuring basic firewall settings](checklist-configuring-basic-firewall-settings.md)
 
 
 ### [Checklist: Configuring rules for the isolated domain](checklist-configuring-rules-for-the-isolated-domain.md)
diff --git a/windows/security/threat-protection/windows-firewall/certificate-based-isolation-policy-design.md b/windows/security/threat-protection/windows-firewall/certificate-based-isolation-policy-design.md
index 71775ab476..38ec0654bb 100644
--- a/windows/security/threat-protection/windows-firewall/certificate-based-isolation-policy-design.md
+++ b/windows/security/threat-protection/windows-firewall/certificate-based-isolation-policy-design.md
@@ -17,7 +17,7 @@ ms.topic: conceptual
 ms.date: 08/17/2017
 ---
 
-# Certificate-based Isolation Policy Design
+# Certificate-based isolation policy design
 
 **Applies to**
 -   Windows 10
@@ -35,7 +35,7 @@ For Windows devices that are part of an Active Directory domain, you can use Gro
 
 For more info about this design:
 
--   This design coincides with the deployment goals to [Protect Devices from Unwanted Network Traffic](protect-devices-from-unwanted-network-traffic.md), [Restrict Access to Only Trusted Devices](restrict-access-to-only-trusted-devices.md), and optionally [Require Encryption When Accessing Sensitive Network Resources](require-encryption-when-accessing-sensitive-network-resources.md).
+-   This design coincides with the implementation goals to [Protect Devices from Unwanted Network Traffic](protect-devices-from-unwanted-network-traffic.md), [Restrict Access to Only Trusted Devices](restrict-access-to-only-trusted-devices.md), and optionally [Require Encryption When Accessing Sensitive Network Resources](require-encryption-when-accessing-sensitive-network-resources.md).
 
 -   To learn more about this design, see [Certificate-based Isolation Policy Design Example](certificate-based-isolation-policy-design-example.md).
 
@@ -45,4 +45,4 @@ For more info about this design:
 
 -   For a list of tasks that you can use to deploy your certificate-based policy design, see [Checklist: Implementing a Certificate-based Isolation Policy Design](checklist-implementing-a-certificate-based-isolation-policy-design.md).
 
-**Next:** [Evaluating Windows Defender Firewall with Advanced Security Design Examples](evaluating-windows-firewall-with-advanced-security-design-examples.md)
+
diff --git a/windows/security/threat-protection/windows-firewall/checklist-implementing-a-certificate-based-isolation-policy-design.md b/windows/security/threat-protection/windows-firewall/checklist-implementing-a-certificate-based-isolation-policy-design.md
index 4d6b02ef58..573b76aa96 100644
--- a/windows/security/threat-protection/windows-firewall/checklist-implementing-a-certificate-based-isolation-policy-design.md
+++ b/windows/security/threat-protection/windows-firewall/checklist-implementing-a-certificate-based-isolation-policy-design.md
@@ -31,7 +31,7 @@ This parent checklist includes cross-reference links to important concepts about
 
 | Task | Reference |
 | - | - |
-| Review important concepts and examples for certificate-based authentication to determine if this design meets your deployment goals and the needs of your organization.| [Identifying Your Windows Defender Firewall with Advanced Security Deployment Goals](identifying-your-windows-firewall-with-advanced-security-deployment-goals.md)<br/>[Certificate-based Isolation Policy Design](certificate-based-isolation-policy-design.md)<br/>[Certificate-based Isolation Policy Design Example](certificate-based-isolation-policy-design-example.md)<br/>[Planning Certificate-based Authentication](planning-certificate-based-authentication.md) |
+| Review important concepts and examples for certificate-based authentication to determine if this design meets your implementation goals and the needs of your organization.| [Identifying Your Windows Defender Firewall with Advanced Security Deployment Goals](identifying-your-windows-firewall-with-advanced-security-deployment-goals.md)<br/>[Certificate-based Isolation Policy Design](certificate-based-isolation-policy-design.md)<br/>[Certificate-based Isolation Policy Design Example](certificate-based-isolation-policy-design-example.md)<br/>[Planning Certificate-based Authentication](planning-certificate-based-authentication.md) |
 | Install the Active Directory Certificate Services (AD CS) role as an enterprise root issuing certification authority (CA). This step is required only if you have not already deployed a CA on your network.| |
 | Configure the certificate template for workstation authentication certificates.| [Configure the Workstation Authentication Certificate Template](configure-the-workstation-authentication-certificate-template.md)| 
 | Configure Group Policy to automatically deploy certificates based on your template to workstation devices. | [Configure Group Policy to Autoenroll and Deploy Certificates](configure-group-policy-to-autoenroll-and-deploy-certificates.md)| 
diff --git a/windows/security/threat-protection/windows-firewall/checklist-implementing-a-domain-isolation-policy-design.md b/windows/security/threat-protection/windows-firewall/checklist-implementing-a-domain-isolation-policy-design.md
index 139618cb53..d946ecab9e 100644
--- a/windows/security/threat-protection/windows-firewall/checklist-implementing-a-domain-isolation-policy-design.md
+++ b/windows/security/threat-protection/windows-firewall/checklist-implementing-a-domain-isolation-policy-design.md
@@ -33,7 +33,7 @@ The procedures in this section use the Group Policy MMC snap-ins to configure th
 
 | Task | Reference |
 | - | - |
-| Review important concepts and examples for the domain isolation policy design, determine your Windows Defender Firewall with Advanced Security deployment goals, and customize this design to meet the needs of your organization.| [Identifying Your Windows Defender Firewall with Advanced Security Deployment Goals](identifying-your-windows-firewall-with-advanced-security-deployment-goals.md)<br/>[Domain Isolation Policy Design](domain-isolation-policy-design.md)<br/>[Domain Isolation Policy Design Example](domain-isolation-policy-design-example.md)<br/>[Planning Domain Isolation Zones](planning-domain-isolation-zones.md) |
+| Review important concepts and examples for the domain isolation policy design, determine your Windows Defender Firewall with Advanced Security implementation goals, and customize this design to meet the needs of your organization.| [Identifying Your Windows Defender Firewall with Advanced Security Deployment Goals](identifying-your-windows-firewall-with-advanced-security-deployment-goals.md)<br/>[Domain Isolation Policy Design](domain-isolation-policy-design.md)<br/>[Domain Isolation Policy Design Example](domain-isolation-policy-design-example.md)<br/>[Planning Domain Isolation Zones](planning-domain-isolation-zones.md) |
 | Create the GPOs and connection security rules for the isolated domain.| [Checklist: Configuring Rules for the Isolated Domain](checklist-configuring-rules-for-the-isolated-domain.md)| 
 | Create the GPOs and connection security rules for the boundary zone.| [Checklist: Configuring Rules for the Boundary Zone](checklist-configuring-rules-for-the-boundary-zone.md)| 
 | Create the GPOs and connection security rules for the encryption zone.| [Checklist: Configuring Rules for the Encryption Zone](checklist-configuring-rules-for-the-encryption-zone.md)| 
diff --git a/windows/security/threat-protection/windows-firewall/checklist-implementing-a-standalone-server-isolation-policy-design.md b/windows/security/threat-protection/windows-firewall/checklist-implementing-a-standalone-server-isolation-policy-design.md
index 05aad0007e..2ed1fd1e5e 100644
--- a/windows/security/threat-protection/windows-firewall/checklist-implementing-a-standalone-server-isolation-policy-design.md
+++ b/windows/security/threat-protection/windows-firewall/checklist-implementing-a-standalone-server-isolation-policy-design.md
@@ -33,7 +33,7 @@ This parent checklist includes cross-reference links to important concepts about
 
 | Task | Reference |
 | - | - |
-| Review important concepts and examples for the server isolation policy design to determine if this design meets your deployment goals and the needs of your organization.| [Identifying Your Windows Defender Firewall with Advanced Security Deployment Goals](identifying-your-windows-firewall-with-advanced-security-deployment-goals.md)<br/>[Server Isolation Policy Design](server-isolation-policy-design.md)<br/>[Server Isolation Policy Design Example](server-isolation-policy-design-example.md)<br/>[Planning Server Isolation Zones](planning-server-isolation-zones.md) |
+| Review important concepts and examples for the server isolation policy design to determine if this design meets your implementation goals and the needs of your organization.| [Identifying Your Windows Defender Firewall with Advanced Security Deployment Goals](identifying-your-windows-firewall-with-advanced-security-deployment-goals.md)<br/>[Server Isolation Policy Design](server-isolation-policy-design.md)<br/>[Server Isolation Policy Design Example](server-isolation-policy-design-example.md)<br/>[Planning Server Isolation Zones](planning-server-isolation-zones.md) |
 | Create the GPOs and connection security rules for isolated servers.| [Checklist: Configuring Rules for Servers in a Standalone Isolated Server Zone](checklist-configuring-rules-for-servers-in-a-standalone-isolated-server-zone.md)| 
 | Create the GPOs and connection security rules for the client devices that must connect to the isolated servers. | [Checklist: Creating Rules for Clients of a Standalone Isolated Server Zone](checklist-creating-rules-for-clients-of-a-standalone-isolated-server-zone.md)| 
 | Verify that the connection security rules are protecting network traffic on your test devices. | [Verify That Network Traffic Is Authenticated](verify-that-network-traffic-is-authenticated.md)| 
diff --git a/windows/security/threat-protection/windows-firewall/domain-isolation-policy-design.md b/windows/security/threat-protection/windows-firewall/domain-isolation-policy-design.md
index 948932fb53..b618fe6d2d 100644
--- a/windows/security/threat-protection/windows-firewall/domain-isolation-policy-design.md
+++ b/windows/security/threat-protection/windows-firewall/domain-isolation-policy-design.md
@@ -59,7 +59,7 @@ In order to expand the isolated domain to include Devices that cannot be part of
 
 For more info about this design:
 
--   This design coincides with the deployment goals to [Protect Devices from Unwanted Network Traffic](protect-devices-from-unwanted-network-traffic.md), [Restrict Access to Only Trusted Devices](restrict-access-to-only-trusted-devices.md), and optionally [Require Encryption When Accessing Sensitive Network Resources](require-encryption-when-accessing-sensitive-network-resources.md).
+-   This design coincides with the implementation goals to [Protect Devices from Unwanted Network Traffic](protect-devices-from-unwanted-network-traffic.md), [Restrict Access to Only Trusted Devices](restrict-access-to-only-trusted-devices.md), and optionally [Require Encryption When Accessing Sensitive Network Resources](require-encryption-when-accessing-sensitive-network-resources.md).
 
 -   To learn more about this design, see the [Domain Isolation Policy Design Example](domain-isolation-policy-design-example.md).
 
diff --git a/windows/security/threat-protection/windows-firewall/mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md b/windows/security/threat-protection/windows-firewall/mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md
index 9c73c224b9..6f6cd2d1a1 100644
--- a/windows/security/threat-protection/windows-firewall/mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md
+++ b/windows/security/threat-protection/windows-firewall/mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md
@@ -1,6 +1,6 @@
 ---
-title: Mapping Your Deployment Goals to a Windows Firewall with Advanced Security Design (Windows 10)
-description: Mapping Your Deployment Goals to a Windows Firewall with Advanced Security Design
+title: Mapping your implementation goals to a Windows Firewall with Advanced Security design (Windows 10)
+description:  Mapping your implementation goals to a Windows Firewall with Advanced Security design
 ms.assetid: 7e68c59e-ba40-49c4-8e47-5de5d6b5eb22
 ms.reviewer: 
 ms.author: dansimp
@@ -17,17 +17,17 @@ ms.topic: conceptual
 ms.date: 04/19/2017
 ---
 
-# Mapping Your Deployment Goals to a Windows Firewall with Advanced Security Design
+#  Mapping your implementation goals to a Windows Firewall with Advanced Security design
 
 **Applies to**
 -   Windows 10
 -   Windows Server 2016
 
-After you finish reviewing the existing Windows Firewall with Advanced Security deployment goals and you determine which goals are important to your specific deployment, you can map those goals to a specific Windows Firewall with Advanced Security design.
+After you finish reviewing the existing Windows Firewall with Advanced Security implementation goals and you determine which goals are important to your specific deployment, you can map those goals to a specific Windows Firewall with Advanced Security design.
 
 >**Important:**  The first three designs presented in this guide build on each other to progress from simpler to more complex. Therefore during deployment, consider implementing them in the order presented. Each deployed design also provides a stable position from which to evaluate your progress, and to make sure that your goals are being met before you continue to the next design.
 
-Use the following table to determine which Windows Firewall with Advanced Security design maps to the appropriate combination of Windows Firewall with Advanced Security deployment goals for your organization. This table refers only to the Windows Firewall with Advanced Security designs as described in this guide. However, you can create a hybrid or custom Windows Firewall with Advanced Security design by using any combination of the Windows Firewall with Advanced Security deployment goals to meet the needs of your organization.
+Use the following table to determine which Windows Firewall with Advanced Security design maps to the appropriate combination of Windows Firewall with Advanced Security implementation goals for your organization. This table refers only to the Windows Firewall with Advanced Security designs as described in this guide. However, you can create a hybrid or custom Windows Firewall with Advanced Security design by using any combination of the Windows Firewall with Advanced Security implementation goals to meet the needs of your organization.
 
 | Deployment Goals | Basic Firewall Policy Design | Domain Isolation Policy Design | Server Isolation Policy Design | Certificate-based Isolation Policy Design |
 | - |- | - | - | - |
diff --git a/windows/security/threat-protection/windows-firewall/server-isolation-policy-design.md b/windows/security/threat-protection/windows-firewall/server-isolation-policy-design.md
index 1eeea3dc76..23a6808219 100644
--- a/windows/security/threat-protection/windows-firewall/server-isolation-policy-design.md
+++ b/windows/security/threat-protection/windows-firewall/server-isolation-policy-design.md
@@ -49,7 +49,7 @@ This design can be applied to devices that are part of an Active Directory fores
 
 For more info about this design:
 
--   This design coincides with the deployment goals to [Protect Devices from Unwanted Network Traffic](protect-devices-from-unwanted-network-traffic.md), [Restrict Access to Only Trusted Devices](restrict-access-to-only-trusted-devices.md), [Restrict Access to Only Specified Users or Devices](restrict-access-to-only-specified-users-or-devices.md), and [Require Encryption When Accessing Sensitive Network Resources](require-encryption-when-accessing-sensitive-network-resources.md).
+-   This design coincides with the implementation goals to [Protect Devices from Unwanted Network Traffic](protect-devices-from-unwanted-network-traffic.md), [Restrict Access to Only Trusted Devices](restrict-access-to-only-trusted-devices.md), [Restrict Access to Only Specified Users or Devices](restrict-access-to-only-specified-users-or-devices.md), and [Require Encryption When Accessing Sensitive Network Resources](require-encryption-when-accessing-sensitive-network-resources.md).
 
 -   To learn more about this design, see [Server Isolation Policy Design Example](server-isolation-policy-design-example.md).
 
diff --git a/windows/security/threat-protection/windows-firewall/understanding-the-windows-firewall-with-advanced-security-design-process.md b/windows/security/threat-protection/windows-firewall/understanding-the-windows-firewall-with-advanced-security-design-process.md
index 26796b6814..0449d6b01f 100644
--- a/windows/security/threat-protection/windows-firewall/understanding-the-windows-firewall-with-advanced-security-design-process.md
+++ b/windows/security/threat-protection/windows-firewall/understanding-the-windows-firewall-with-advanced-security-design-process.md
@@ -20,13 +20,12 @@ ms.author: dansimp
 
 Designing any deployment starts by performing several important tasks:
 
--   [Identifying Your Windows Defender Firewall with Advanced Security Design Goals](identifying-your-windows-firewall-with-advanced-security-deployment-goals.md)
+-   [Identifying your windows defender firewall with advanced security design goals](identifying-your-windows-firewall-with-advanced-security-deployment-goals.md)
 
--   [Mapping Your Deployment Goals to a Windows Defender Firewall with Advanced Security Design](mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md)
+-   [Mapping your implementation goals to a Windows Defender Firewall with Advanced Security design](mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md)
 
--   [Evaluating Windows Defender Firewall with Advanced Security Design Examples](evaluating-windows-firewall-with-advanced-security-design-examples.md)
 
-After you identify your deployment goals and map them to a Windows Defender Firewall with Advanced Security design, you can begin documenting the design based on the processes that are described in the following topics:
+After you identify your implementation goals and map them to a Windows Defender Firewall with Advanced Security design, you can begin documenting the design based on the processes that are described in the following topics:
 
 -   [Designing A Windows Defender Firewall with Advanced Security Strategy](designing-a-windows-firewall-with-advanced-security-strategy.md)
 
diff --git a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-design-guide.md b/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-design-guide.md
index 0cda980c2c..58bc8e79a9 100644
--- a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-design-guide.md
+++ b/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-design-guide.md
@@ -39,7 +39,7 @@ Windows Defender Firewall should be part of a comprehensive security solution th
 
 To successfully use this guide, you need a good understanding of both the capabilities provided by Windows Defender Firewall, and how to deliver configuration settings to your managed devices by using Group Policy in Active Directory.
 
-You can use the deployment goals to form one of these Windows Defender Firewall with Advanced Security designs, or a custom design that combines elements from those presented here:
+You can use the implementation goals to form one of these Windows Defender Firewall with Advanced Security designs, or a custom design that combines elements from those presented here:
 
 -   **Basic firewall policy design**. Restricts network traffic in and out of your devices to only that which is needed and authorized.
 
@@ -67,9 +67,8 @@ Deployment Guide at these locations:
 | Topic | Description
 | - | - |
 | [Understanding the Windows Defender Firewall with Advanced Security Design Process](understanding-the-windows-firewall-with-advanced-security-design-process.md) | Learn how to get started with the Windows Defender Firewall with Advanced Security design process. |
-| [Identifying Your Windows Defender Firewall with Advanced Security Deployment Goals](identifying-your-windows-firewall-with-advanced-security-deployment-goals.md) | Learn how to identify your Windows Defender Firewall with Advanced Security deployment goals. |
-| [Mapping Your Deployment Goals to a Windows Defender Firewall with Advanced Security Design](mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md) | After you finish reviewing the existing Windows Defender Firewall with Advanced Security deployment goals and you determine which goals are important to your specific deployment, you can map those goals to a specific Windows Defender Firewall with Advanced Security design. |
-| [Evaluating Windows Defender Firewall with Advanced Security Design Examples](evaluating-windows-firewall-with-advanced-security-design-examples.md) | Learn how to use Windows Defender Firewall to improve the security of the computers connected to the network. |
+| [Identifying Your Windows Defender Firewall with Advanced Security Deployment Goals](identifying-your-windows-firewall-with-advanced-security-deployment-goals.md) | Learn how to identify your Windows Defender Firewall with Advanced Security implementation goals. |
+| [Mapping Your Deployment Goals to a Windows Defender Firewall with Advanced Security Design](mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md) | After you finish reviewing the existing Windows Defender Firewall with Advanced Security implementation goals and you determine which goals are important to your specific deployment, you can map those goals to a specific Windows Defender Firewall with Advanced Security design. |
 | [Designing a Windows Defender Firewall with Advanced Security Strategy](designing-a-windows-firewall-with-advanced-security-strategy.md) | To select the most effective design for helping to protect the network, you must spend time collecting key information about your current computer environment. |
 | [Planning Your Windows Defender Firewall with Advanced Security Design](planning-your-windows-firewall-with-advanced-security-design.md) | After you have gathered the relevant information in the previous sections, and understand the basics of the designs as described earlier in this guide, you can select the design (or combination of designs) that meet your needs. |
 | [Appendix A: Sample GPO Template Files for Settings Used in this Guide](appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md) | You can import an XML file containing customized registry preferences into a Group Policy Object (GPO) by using the Preferences feature of the Group Policy Management Console (GPMC). |

From 0813a2dd0179ebd2da84f4ed8a409e8ab5773354 Mon Sep 17 00:00:00 2001
From: damabe <v-damabe@microsoft.com>
Date: Fri, 14 Aug 2020 21:15:21 -0700
Subject: [PATCH 34/69] Updated short descriptions for SEO improvement

---
 windows/client-management/mdm/cm-proxyentries-csp.md        | 2 +-
 windows/client-management/mdm/customdeviceui-csp.md         | 2 +-
 windows/client-management/mdm/customdeviceui-ddf.md         | 2 +-
 windows/client-management/mdm/defender-csp.md               | 2 +-
 windows/client-management/mdm/defender-ddf.md               | 2 +-
 windows/client-management/mdm/devdetail-csp.md              | 2 +-
 windows/client-management/mdm/devdetail-ddf-file.md         | 2 +-
 windows/client-management/mdm/deviceinstanceservice-csp.md  | 2 +-
 windows/client-management/mdm/devicelock-csp.md             | 2 +-
 windows/client-management/mdm/devicelock-ddf-file.md        | 2 +-
 windows/client-management/mdm/devinfo-ddf-file.md           | 2 +-
 windows/client-management/mdm/diagnosticlog-csp.md          | 2 +-
 windows/client-management/mdm/diagnosticlog-ddf.md          | 2 +-
 windows/client-management/mdm/dmacc-csp.md                  | 2 +-
 windows/client-management/mdm/dmacc-ddf-file.md             | 2 +-
 windows/client-management/mdm/dmclient-ddf-file.md          | 2 +-
 windows/client-management/mdm/dmprocessconfigxmlfiltered.md | 2 +-
 windows/client-management/mdm/dmsessionactions-csp.md       | 2 +-
 18 files changed, 18 insertions(+), 18 deletions(-)

diff --git a/windows/client-management/mdm/cm-proxyentries-csp.md b/windows/client-management/mdm/cm-proxyentries-csp.md
index 828700b85a..816b5c188b 100644
--- a/windows/client-management/mdm/cm-proxyentries-csp.md
+++ b/windows/client-management/mdm/cm-proxyentries-csp.md
@@ -1,6 +1,6 @@
 ---
 title: CM\_ProxyEntries CSP
-description: Configure proxy connections on mobile devices using CM\_ProxyEntries CSP.
+description: Learn how the CM\_ProxyEntries configuration service provider is used to configure proxy connections on the mobile device.
 ms.assetid: f4c3dc71-c85a-4c68-9ce9-19f408ff7a0a
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/client-management/mdm/customdeviceui-csp.md b/windows/client-management/mdm/customdeviceui-csp.md
index 05add93e6a..17b165ed51 100644
--- a/windows/client-management/mdm/customdeviceui-csp.md
+++ b/windows/client-management/mdm/customdeviceui-csp.md
@@ -1,6 +1,6 @@
 ---
 title: CustomDeviceUI CSP
-description: CustomDeviceUI CSP
+description: Learn how the CustomDeviceUI configuration service provider (CSP) allows OEMs to implement their custom foreground application.
 ms.assetid: 20ED1867-7B9E-4455-B397-53B8B15C95A3
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/client-management/mdm/customdeviceui-ddf.md b/windows/client-management/mdm/customdeviceui-ddf.md
index 12b590ef8c..7623b155f2 100644
--- a/windows/client-management/mdm/customdeviceui-ddf.md
+++ b/windows/client-management/mdm/customdeviceui-ddf.md
@@ -1,6 +1,6 @@
 ---
 title: CustomDeviceUI DDF
-description: CustomDeviceUI DDF
+description: Learn about the OMA DM device description framework (DDF) for the CustomDeviceUI configuration service provider.
 ms.assetid: E6D6B902-C57C-48A6-9654-CCBA3898455E
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/client-management/mdm/defender-csp.md b/windows/client-management/mdm/defender-csp.md
index cb96fa1fb1..da9959c0a2 100644
--- a/windows/client-management/mdm/defender-csp.md
+++ b/windows/client-management/mdm/defender-csp.md
@@ -1,6 +1,6 @@
 ---
 title: Defender CSP
-description: See how the Windows Defender configuration service provider is used to configure various Windows Defender actions across the enterprise.
+description: Learn how the Windows Defender configuration service provider is used to configure various Windows Defender actions across the enterprise.
 ms.assetid: 481AA74F-08B2-4A32-B95D-5A3FD05B335C
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/client-management/mdm/defender-ddf.md b/windows/client-management/mdm/defender-ddf.md
index 508d2f5d0d..a63f4dec92 100644
--- a/windows/client-management/mdm/defender-ddf.md
+++ b/windows/client-management/mdm/defender-ddf.md
@@ -1,6 +1,6 @@
 ---
 title: Defender DDF file
-description: See how the OMA DM device description framework (DDF) for the **Defender** configuration service provider is used.
+description: Learn how the OMA DM device description framework (DDF) for the Defender configuration service provider is used.
 ms.assetid: 39B9E6CF-4857-4199-B3C3-EC740A439F65
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/client-management/mdm/devdetail-csp.md b/windows/client-management/mdm/devdetail-csp.md
index 285d96ddf8..11ab51bf9e 100644
--- a/windows/client-management/mdm/devdetail-csp.md
+++ b/windows/client-management/mdm/devdetail-csp.md
@@ -1,6 +1,6 @@
 ---
 title: DevDetail CSP
-description: DevDetail CSP
+description: Learn how the DevDetail configuration service provider handles the management object which provides device-specific parameters to the OMA DM server.
 ms.assetid: 719bbd2d-508d-439b-b175-0874c7e6c360
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/client-management/mdm/devdetail-ddf-file.md b/windows/client-management/mdm/devdetail-ddf-file.md
index 0ab07220b6..25be11c21b 100644
--- a/windows/client-management/mdm/devdetail-ddf-file.md
+++ b/windows/client-management/mdm/devdetail-ddf-file.md
@@ -1,6 +1,6 @@
 ---
 title: DevDetail DDF file
-description: DevDetail DDF file
+description: Learn about the OMA DM device description framework (DDF) for the DevDetail configuration service provider.
 ms.assetid: 645fc2b5-2d2c-43b1-9058-26bedbe9f00d
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/client-management/mdm/deviceinstanceservice-csp.md b/windows/client-management/mdm/deviceinstanceservice-csp.md
index 09d6af05e4..d7b8e34afb 100644
--- a/windows/client-management/mdm/deviceinstanceservice-csp.md
+++ b/windows/client-management/mdm/deviceinstanceservice-csp.md
@@ -1,6 +1,6 @@
 ---
 title: DeviceInstanceService CSP
-description: DeviceInstanceService CSP
+description: Learn how the he DeviceInstanceService configuration service provider (CSP) provides some device inventory information that could be useful for an enterprise.
 ms.assetid: f113b6bb-6ce1-45ad-b725-1b6610721e2d
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/client-management/mdm/devicelock-csp.md b/windows/client-management/mdm/devicelock-csp.md
index 246408076e..cef65071ec 100644
--- a/windows/client-management/mdm/devicelock-csp.md
+++ b/windows/client-management/mdm/devicelock-csp.md
@@ -1,6 +1,6 @@
 ---
 title: DeviceLock CSP
-description: DeviceLock CSP
+description: Learn how the DeviceLock configuration service provider (CSP) is used by the enterprise management server to configure device lock related policies.
 ms.assetid: 9a547efb-738e-4677-95d3-5506d350d8ab
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/client-management/mdm/devicelock-ddf-file.md b/windows/client-management/mdm/devicelock-ddf-file.md
index 545ebcdb9b..eb63ef11fe 100644
--- a/windows/client-management/mdm/devicelock-ddf-file.md
+++ b/windows/client-management/mdm/devicelock-ddf-file.md
@@ -1,6 +1,6 @@
 ---
 title: DeviceLock DDF file
-description: DeviceLock DDF file
+description: Learn about the OMA DM device description framework (DDF) for the DeviceLock configuration service provider (CSP).
 ms.assetid: 46a691b9-6350-4987-bfc7-f8b1eece3ad9
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/client-management/mdm/devinfo-ddf-file.md b/windows/client-management/mdm/devinfo-ddf-file.md
index b81a21b82e..aec2b4cc91 100644
--- a/windows/client-management/mdm/devinfo-ddf-file.md
+++ b/windows/client-management/mdm/devinfo-ddf-file.md
@@ -1,6 +1,6 @@
 ---
 title: DevInfo DDF file
-description: DevInfo DDF file
+description: Learn about the OMA DM device description framework (DDF) for the DevInfo configuration service provider (CSP).
 ms.assetid: beb07cc6-4133-4c0f-aa05-64db2b4a004f
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/client-management/mdm/diagnosticlog-csp.md b/windows/client-management/mdm/diagnosticlog-csp.md
index 2f00912ad8..2c49067d90 100644
--- a/windows/client-management/mdm/diagnosticlog-csp.md
+++ b/windows/client-management/mdm/diagnosticlog-csp.md
@@ -1,6 +1,6 @@
 ---
 title: DiagnosticLog CSP
-description: DiagnosticLog CSP
+description: Learn about the feature areas of the DiagnosticLog configuration service provider (CSP), including the DiagnosticLog area and Policy area.
 ms.assetid: F76E0056-3ACD-48B2-BEA1-1048C96571C3
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/client-management/mdm/diagnosticlog-ddf.md b/windows/client-management/mdm/diagnosticlog-ddf.md
index 8bedac1205..f635ed44c6 100644
--- a/windows/client-management/mdm/diagnosticlog-ddf.md
+++ b/windows/client-management/mdm/diagnosticlog-ddf.md
@@ -1,6 +1,6 @@
 ---
 title: DiagnosticLog DDF
-description: DiagnosticLog DDF
+description: Learn about the the OMA DM device description framework (DDF) for the DiagnosticLog configuration service provider (CSP).
 ms.assetid: 9DD75EDA-5913-45B4-9BED-20E30CDEBE16
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/client-management/mdm/dmacc-csp.md b/windows/client-management/mdm/dmacc-csp.md
index aa61f9d50b..4a45bf4eb2 100644
--- a/windows/client-management/mdm/dmacc-csp.md
+++ b/windows/client-management/mdm/dmacc-csp.md
@@ -1,6 +1,6 @@
 ---
 title: DMAcc CSP
-description: DMAcc CSP
+description: Learn how the DMAcc configuration service provider (CSP) allows an OMA Device Management (DM) version 1.2 server to handle OMA DM account objects.
 ms.assetid: 43e73d8a-6617-44e7-8459-5c96f4422e63
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/client-management/mdm/dmacc-ddf-file.md b/windows/client-management/mdm/dmacc-ddf-file.md
index 232f5672cd..b10dcad38a 100644
--- a/windows/client-management/mdm/dmacc-ddf-file.md
+++ b/windows/client-management/mdm/dmacc-ddf-file.md
@@ -1,6 +1,6 @@
 ---
 title: DMAcc DDF file
-description: DMAcc DDF file
+description: Learn about the OMA DM device description framework (DDF) for the DMAcc configuration service provider (CSP).
 ms.assetid: 44dc99aa-2a85-498b-8f52-a81863765606
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/client-management/mdm/dmclient-ddf-file.md b/windows/client-management/mdm/dmclient-ddf-file.md
index 44ff431b60..c5ba87da90 100644
--- a/windows/client-management/mdm/dmclient-ddf-file.md
+++ b/windows/client-management/mdm/dmclient-ddf-file.md
@@ -1,6 +1,6 @@
 ---
 title: DMClient DDF file
-description: DMClient DDF file
+description: Learn about the OMA DM device description framework (DDF) for the DMClient configuration service provider (CSP).
 ms.assetid: A21B33AF-DB76-4059-8170-FADF2CB898A0
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/client-management/mdm/dmprocessconfigxmlfiltered.md b/windows/client-management/mdm/dmprocessconfigxmlfiltered.md
index 2e1b590d91..b9ed5780d0 100644
--- a/windows/client-management/mdm/dmprocessconfigxmlfiltered.md
+++ b/windows/client-management/mdm/dmprocessconfigxmlfiltered.md
@@ -1,6 +1,6 @@
 ---
 title: DMProcessConfigXMLFiltered function
-description: Configures phone settings by using OMA Client Provisioning XML.
+description: Learn how the DMProcessConfigXMLFiltered function configures phone settings by using OMA Client Provisioning XML.
 Search.Refinement.TopicID: 184
 ms.assetid: 31D79901-6206-454C-AE78-9B85A3B3487F
 ms.reviewer: 
diff --git a/windows/client-management/mdm/dmsessionactions-csp.md b/windows/client-management/mdm/dmsessionactions-csp.md
index b395c7c3ba..65aeb1a961 100644
--- a/windows/client-management/mdm/dmsessionactions-csp.md
+++ b/windows/client-management/mdm/dmsessionactions-csp.md
@@ -1,6 +1,6 @@
 ---
 title: DMSessionActions CSP
-description: DMSessionActions CSP
+description: Learn how the DMSessionActions configuration service provider (CSP) is used to manage the number of sessions the client skips if the device is in a low power state.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10

From c80831853eb10c32e2a398ff68dc709a653b2da2 Mon Sep 17 00:00:00 2001
From: damabe <v-damabe@microsoft.com>
Date: Fri, 14 Aug 2020 21:35:31 -0700
Subject: [PATCH 35/69] Updated short descriptions for SEO improvement

---
 windows/client-management/mdm/dmsessionactions-ddf.md  | 2 +-
 windows/client-management/mdm/dynamicmanagement-csp.md | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/client-management/mdm/dmsessionactions-ddf.md b/windows/client-management/mdm/dmsessionactions-ddf.md
index aef1210842..61b4b4754a 100644
--- a/windows/client-management/mdm/dmsessionactions-ddf.md
+++ b/windows/client-management/mdm/dmsessionactions-ddf.md
@@ -1,6 +1,6 @@
 ---
 title: DMSessionActions DDF file
-description: DMSessionActions DDF file
+description: Learn about the OMA DM device description framework (DDF) for the DMSessionActions configuration service provider (CSP).
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/dynamicmanagement-csp.md b/windows/client-management/mdm/dynamicmanagement-csp.md
index e7d55aedc0..b6fe50d931 100644
--- a/windows/client-management/mdm/dynamicmanagement-csp.md
+++ b/windows/client-management/mdm/dynamicmanagement-csp.md
@@ -1,6 +1,6 @@
 ---
 title: DynamicManagement CSP
-description: DynamicManagement CSP
+description: Learn how the Dynamic Management configuration service provider (CSP) enables configuration of policies that change how the device is managed.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10

From feee20e4a08b8023437b6a2fe1988997e16520de Mon Sep 17 00:00:00 2001
From: damabe <v-damabe@microsoft.com>
Date: Fri, 14 Aug 2020 23:07:55 -0700
Subject: [PATCH 36/69] Updated short descriptions for SEO improvement

---
 windows/client-management/mdm/dynamicmanagement-ddf.md          | 2 +-
 windows/client-management/mdm/email2-csp.md                     | 2 +-
 windows/client-management/mdm/email2-ddf-file.md                | 2 +-
 .../client-management/mdm/enable-admx-backed-policies-in-mdm.md | 2 +-
 ...roll-a-windows-10-device-automatically-using-group-policy.md | 2 +-
 .../client-management/mdm/enrollmentstatustracking-csp-ddf.md   | 2 +-
 windows/client-management/mdm/enterpriseapn-ddf.md              | 2 +-
 windows/client-management/mdm/enterpriseappvmanagement-csp.md   | 2 +-
 windows/client-management/mdm/enterpriseappvmanagement-ddf.md   | 2 +-
 windows/client-management/mdm/enterpriseassignedaccess-csp.md   | 2 +-
 windows/client-management/mdm/enterpriseext-csp.md              | 2 +-
 windows/client-management/mdm/enterpriseext-ddf.md              | 2 +-
 windows/client-management/mdm/enterpriseextfilesystem-ddf.md    | 2 +-
 .../client-management/mdm/enterprisemodernappmanagement-csp.md  | 2 +-
 .../client-management/mdm/enterprisemodernappmanagement-ddf.md  | 2 +-
 .../client-management/mdm/enterprisemodernappmanagement-xsd.md  | 2 +-
 windows/client-management/mdm/esim-enterprise-management.md     | 2 +-
 windows/client-management/mdm/euiccs-csp.md                     | 2 +-
 windows/client-management/mdm/euiccs-ddf-file.md                | 2 +-
 windows/client-management/mdm/filesystem-csp.md                 | 2 +-
 20 files changed, 20 insertions(+), 20 deletions(-)

diff --git a/windows/client-management/mdm/dynamicmanagement-ddf.md b/windows/client-management/mdm/dynamicmanagement-ddf.md
index 3439bf646a..2690fa4e23 100644
--- a/windows/client-management/mdm/dynamicmanagement-ddf.md
+++ b/windows/client-management/mdm/dynamicmanagement-ddf.md
@@ -1,6 +1,6 @@
 ---
 title: DynamicManagement DDF file
-description: DynamicManagement DDF file
+description: Learn about the OMA DM device description framework (DDF) for the DynamicManagement configuration service provider (CSP).
 ms.assetid: 7e266db0-2fd9-4412-b428-4550f41a1738
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/client-management/mdm/email2-csp.md b/windows/client-management/mdm/email2-csp.md
index ddb14a8d3f..844fc1be39 100644
--- a/windows/client-management/mdm/email2-csp.md
+++ b/windows/client-management/mdm/email2-csp.md
@@ -1,6 +1,6 @@
 ---
 title: EMAIL2 CSP
-description: EMAIL2 CSP
+description: Learn how the EMAIL2 configuration service provider (CSP) is used to configure Simple Mail Transfer Protocol (SMTP) email accounts.
 ms.assetid: bcfc9d98-bc2e-42c6-9b81-0b5bf65ce2b8
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/client-management/mdm/email2-ddf-file.md b/windows/client-management/mdm/email2-ddf-file.md
index f24a64e3e3..4f11b5b64d 100644
--- a/windows/client-management/mdm/email2-ddf-file.md
+++ b/windows/client-management/mdm/email2-ddf-file.md
@@ -1,6 +1,6 @@
 ---
 title: EMAIL2 DDF file
-description: EMAIL2 DDF file
+description: Learn how the OMA DM device description framework (DDF) for the EMAIL2 configuration service provider (CSP).
 ms.assetid: 7e266db0-2fd9-4412-b428-4550f41a1738
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/client-management/mdm/enable-admx-backed-policies-in-mdm.md b/windows/client-management/mdm/enable-admx-backed-policies-in-mdm.md
index 1f420a71c4..805f9ee481 100644
--- a/windows/client-management/mdm/enable-admx-backed-policies-in-mdm.md
+++ b/windows/client-management/mdm/enable-admx-backed-policies-in-mdm.md
@@ -1,6 +1,6 @@
 ---
 title: Enable ADMX-backed policies in MDM
-description: Use this is a step-by-step guide to configuring ADMX-backed policies in MDM.
+description: Use this step-by-step guide to configure a selected set of Group Policy administrative templates (ADMX-backed policies) in Mobile Device Management (MDM).
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md b/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md
index f45e20d377..349687ed6c 100644
--- a/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md
+++ b/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md
@@ -1,6 +1,6 @@
 ---
 title: Enroll a Windows 10 device automatically using Group Policy
-description: Enroll a Windows 10 device automatically using Group Policy
+description: Learn how to use a Group Policy to trigger auto-enrollment to MDM for Active Directory (AD) domain-joined devices.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/enrollmentstatustracking-csp-ddf.md b/windows/client-management/mdm/enrollmentstatustracking-csp-ddf.md
index e70eed0ce5..98739efcb1 100644
--- a/windows/client-management/mdm/enrollmentstatustracking-csp-ddf.md
+++ b/windows/client-management/mdm/enrollmentstatustracking-csp-ddf.md
@@ -1,6 +1,6 @@
 ---
 title: EnrollmentStatusTracking DDF
-description: View the OMA DM device description framework (DDF) for the EnrollmentStatusTracking configuration service provider. DDF files are used only with OMA DM provisioning XML.
+description: View the OMA DM DDF for the EnrollmentStatusTracking configuration service provider. DDF files are used only with OMA DM provisioning XML.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/enterpriseapn-ddf.md b/windows/client-management/mdm/enterpriseapn-ddf.md
index 319356f336..5e7af9b60d 100644
--- a/windows/client-management/mdm/enterpriseapn-ddf.md
+++ b/windows/client-management/mdm/enterpriseapn-ddf.md
@@ -1,6 +1,6 @@
 ---
 title: EnterpriseAPN DDF
-description: EnterpriseAPN DDF
+description: Learn about the OMA DM device description framework (DDF) for the EnterpriseAPN configuration service provider (CSP).
 ms.assetid: A953ADEF-4523-425F-926C-48DA62EB9E21
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/client-management/mdm/enterpriseappvmanagement-csp.md b/windows/client-management/mdm/enterpriseappvmanagement-csp.md
index 22445122ec..272f60f44f 100644
--- a/windows/client-management/mdm/enterpriseappvmanagement-csp.md
+++ b/windows/client-management/mdm/enterpriseappvmanagement-csp.md
@@ -1,6 +1,6 @@
 ---
 title: EnterpriseAppVManagement CSP
-description: Examine the tree format for EnterpriseAppVManagement configuration service provider (CSP) to manage virtual applications in Windows 10 PCs.(Enterprise and Education editions). 
+description: Examine the tree format for EnterpriseAppVManagement CSP to manage virtual applications in Windows 10 PCs.(Enterprise and Education editions). 
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/enterpriseappvmanagement-ddf.md b/windows/client-management/mdm/enterpriseappvmanagement-ddf.md
index 626981e0ff..8cf951cf55 100644
--- a/windows/client-management/mdm/enterpriseappvmanagement-ddf.md
+++ b/windows/client-management/mdm/enterpriseappvmanagement-ddf.md
@@ -1,6 +1,6 @@
 ---
 title: EnterpriseAppVManagement DDF file
-description: EnterpriseAppVManagement DDF file
+description: Learn about the OMA DM device description framework (DDF) for the EnterpriseAppVManagement configuration service provider (CSP).
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/enterpriseassignedaccess-csp.md b/windows/client-management/mdm/enterpriseassignedaccess-csp.md
index 2df97c9bf4..45d11904d5 100644
--- a/windows/client-management/mdm/enterpriseassignedaccess-csp.md
+++ b/windows/client-management/mdm/enterpriseassignedaccess-csp.md
@@ -1,6 +1,6 @@
 ---
 title: EnterpriseAssignedAccess CSP
-description: Use the EnterpriseAssignedAccess CSP to configure custom layouts on a device. 
+description: Use the EnterpriseAssignedAccess configuration service provider (CSP) to configure custom layouts on a device. 
 ms.assetid: 5F88E567-77AA-4822-A0BC-3B31100639AA
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/client-management/mdm/enterpriseext-csp.md b/windows/client-management/mdm/enterpriseext-csp.md
index 782bc735ed..24cadf3270 100644
--- a/windows/client-management/mdm/enterpriseext-csp.md
+++ b/windows/client-management/mdm/enterpriseext-csp.md
@@ -1,6 +1,6 @@
 ---
 title: EnterpriseExt CSP
-description: EnterpriseExt CSP
+description: Learn how the EnterpriseExt CSP allows OEMs to set their own unique ID for their devices, set display brightness values, and set the LED behavior.
 ms.assetid: ACA5CD79-BBD5-4DD1-86DA-0285B93982BD
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/client-management/mdm/enterpriseext-ddf.md b/windows/client-management/mdm/enterpriseext-ddf.md
index e30ceeb37f..4b3d4b0afd 100644
--- a/windows/client-management/mdm/enterpriseext-ddf.md
+++ b/windows/client-management/mdm/enterpriseext-ddf.md
@@ -1,6 +1,6 @@
 ---
 title: EnterpriseExt DDF
-description: EnterpriseExt DDF
+description: Learn about the OMA DM device description framework (DDF) for the EnterpriseExt configuration service provider (CSP).
 ms.assetid: 71BF81D4-FBEC-4B03-BF99-F7A5EDD4F91B
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/client-management/mdm/enterpriseextfilesystem-ddf.md b/windows/client-management/mdm/enterpriseextfilesystem-ddf.md
index 997493aee9..7efb54af20 100644
--- a/windows/client-management/mdm/enterpriseextfilesystem-ddf.md
+++ b/windows/client-management/mdm/enterpriseextfilesystem-ddf.md
@@ -1,6 +1,6 @@
 ---
 title: EnterpriseExtFileSystem DDF
-description: EnterpriseExtFileSystem DDF
+description: Learn about the OMA DM device description framework (DDF) for the EnterpriseExtFileSystem configuration service provider (CSP).
 ms.assetid: 2D292E4B-15EE-4AEB-8884-6FEE8B92D2D1
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/client-management/mdm/enterprisemodernappmanagement-csp.md b/windows/client-management/mdm/enterprisemodernappmanagement-csp.md
index 5384ce0168..77b6e72ff9 100644
--- a/windows/client-management/mdm/enterprisemodernappmanagement-csp.md
+++ b/windows/client-management/mdm/enterprisemodernappmanagement-csp.md
@@ -1,6 +1,6 @@
 ---
 title: EnterpriseModernAppManagement CSP
-description: EnterpriseModernAppManagement CSP
+description: Learn how the EnterpriseModernAppManagement configuration service provider (CSP) is used for the provisioning and reporting of modern enterprise apps.
 ms.assetid: 9DD0741A-A229-41A0-A85A-93E185207C42
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/client-management/mdm/enterprisemodernappmanagement-ddf.md b/windows/client-management/mdm/enterprisemodernappmanagement-ddf.md
index aa2cdb680b..237000b2f0 100644
--- a/windows/client-management/mdm/enterprisemodernappmanagement-ddf.md
+++ b/windows/client-management/mdm/enterprisemodernappmanagement-ddf.md
@@ -1,6 +1,6 @@
 ---
 title: EnterpriseModernAppManagement DDF
-description: EnterpriseModernAppManagement DDF
+description: Learn about the OMA DM device description framework (DDF) for the EnterpriseModernAppManagement configuration service provider (CSP).
 ms.assetid: 
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/client-management/mdm/enterprisemodernappmanagement-xsd.md b/windows/client-management/mdm/enterprisemodernappmanagement-xsd.md
index f7544b10a4..f8b15504cc 100644
--- a/windows/client-management/mdm/enterprisemodernappmanagement-xsd.md
+++ b/windows/client-management/mdm/enterprisemodernappmanagement-xsd.md
@@ -1,6 +1,6 @@
 ---
 title: EnterpriseModernAppManagement XSD
-description: Use the EnterpriseModernAppManagement XSD for set application parameters.
+description: In this article, view the EnterpriseModernAppManagement XSD example so you can set application parameters.
 ms.assetid: D393D094-25E5-4E66-A60F-B59CC312BF57
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/client-management/mdm/esim-enterprise-management.md b/windows/client-management/mdm/esim-enterprise-management.md
index 9251f6a755..79545b45cc 100644
--- a/windows/client-management/mdm/esim-enterprise-management.md
+++ b/windows/client-management/mdm/esim-enterprise-management.md
@@ -1,6 +1,6 @@
 ---
 title: eSIM Enterprise Management
-description: Managing eSIM devices in an enterprise
+description: Learn how Mobile Device Management (MDM) Providers support the eSIM Profile Management Solution on Windows.
 keywords: eSIM enterprise management
 ms.prod: w10
 ms.mktglfcycl:
diff --git a/windows/client-management/mdm/euiccs-csp.md b/windows/client-management/mdm/euiccs-csp.md
index 43626310a0..1f42e3e43d 100644
--- a/windows/client-management/mdm/euiccs-csp.md
+++ b/windows/client-management/mdm/euiccs-csp.md
@@ -1,6 +1,6 @@
 ---
 title: eUICCs CSP
-description: eUICCs CSP
+description: Learn how the eUICCs CSP is used to support eUICC enterprise use cases and enables the IT admin to manage (assign, re-assign, remove) subscriptions to employees.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/euiccs-ddf-file.md b/windows/client-management/mdm/euiccs-ddf-file.md
index 3f3e71df8d..38bb8e5f6f 100644
--- a/windows/client-management/mdm/euiccs-ddf-file.md
+++ b/windows/client-management/mdm/euiccs-ddf-file.md
@@ -1,6 +1,6 @@
 ---
 title: eUICCs DDF file
-description: eUICCs DDF file
+description: Learn about the OMA DM device description framework (DDF) for the eUICCs configuration service provider (CSP).
 ms.assetid: c4cd4816-ad8f-45b2-9b81-8abb18254096
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/client-management/mdm/filesystem-csp.md b/windows/client-management/mdm/filesystem-csp.md
index 653b03b527..9bad3fe712 100644
--- a/windows/client-management/mdm/filesystem-csp.md
+++ b/windows/client-management/mdm/filesystem-csp.md
@@ -1,6 +1,6 @@
 ---
 title: FileSystem CSP
-description: FileSystem CSP
+description: Learn how the FileSystem CSP is used to query, add, modify, and delete files, file directories, and file attributes on the mobile device.
 ms.assetid: 9117ee16-ca7a-4efa-9270-c9ac8547e541
 ms.reviewer: 
 manager: dansimp

From 997d2746a6b57db50732abf4e72e6fa1f6b93944 Mon Sep 17 00:00:00 2001
From: Dan Mabee <v-damabe@microsoft.com>
Date: Fri, 14 Aug 2020 23:19:55 -0700
Subject: [PATCH 37/69] Update deviceinstanceservice-csp.md

---
 windows/client-management/mdm/deviceinstanceservice-csp.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/client-management/mdm/deviceinstanceservice-csp.md b/windows/client-management/mdm/deviceinstanceservice-csp.md
index d7b8e34afb..f24564545c 100644
--- a/windows/client-management/mdm/deviceinstanceservice-csp.md
+++ b/windows/client-management/mdm/deviceinstanceservice-csp.md
@@ -1,6 +1,6 @@
 ---
 title: DeviceInstanceService CSP
-description: Learn how the he DeviceInstanceService configuration service provider (CSP) provides some device inventory information that could be useful for an enterprise.
+description: Learn how the DeviceInstanceService configuration service provider (CSP) provides some device inventory information that could be useful for an enterprise.
 ms.assetid: f113b6bb-6ce1-45ad-b725-1b6610721e2d
 ms.reviewer: 
 manager: dansimp

From bc3408a7774262f169d56d9b7f384bd4b4f73f73 Mon Sep 17 00:00:00 2001
From: damabe <v-damabe@microsoft.com>
Date: Sun, 16 Aug 2020 20:59:48 -0700
Subject: [PATCH 38/69] Update short descriptions for SEO improvement

---
 windows/client-management/mdm/healthattestation-csp.md          | 2 +-
 windows/client-management/mdm/healthattestation-ddf.md          | 2 +-
 .../client-management/mdm/mdm-enrollment-of-windows-devices.md  | 2 +-
 windows/client-management/mdm/messaging-csp.md                  | 2 +-
 windows/client-management/mdm/multisim-csp.md                   | 2 +-
 windows/client-management/mdm/nap-csp.md                        | 2 +-
 windows/client-management/mdm/napdef-csp.md                     | 2 +-
 windows/client-management/mdm/networkproxy-csp.md               | 2 +-
 windows/client-management/mdm/networkqospolicy-ddf.md           | 2 +-
 windows/client-management/mdm/nodecache-ddf-file.md             | 2 +-
 windows/client-management/mdm/personalization-ddf.md            | 2 +-
 .../mdm/policy-configuration-service-provider.md                | 2 +-
 windows/client-management/mdm/policy-csp-abovelock.md           | 2 +-
 windows/client-management/mdm/policy-csp-accounts.md            | 2 +-
 windows/client-management/mdm/policy-csp-activexcontrols.md     | 2 +-
 windows/client-management/mdm/policy-csp-applicationdefaults.md | 2 +-
 .../client-management/mdm/policy-csp-applicationmanagement.md   | 2 +-
 windows/client-management/mdm/policy-csp-appruntime.md          | 2 +-
 windows/client-management/mdm/policy-csp-appvirtualization.md   | 2 +-
 windows/client-management/mdm/policy-csp-attachmentmanager.md   | 2 +-
 20 files changed, 20 insertions(+), 20 deletions(-)

diff --git a/windows/client-management/mdm/healthattestation-csp.md b/windows/client-management/mdm/healthattestation-csp.md
index e24210c9e0..0124df555f 100644
--- a/windows/client-management/mdm/healthattestation-csp.md
+++ b/windows/client-management/mdm/healthattestation-csp.md
@@ -1,6 +1,6 @@
 ---
 title: Device HealthAttestation CSP
-description: Device HealthAttestation CSP
+description: Learn how the DHA-CSP enables enterprise IT managers to assess if a device is booted to a trusted and compliant state, and take enterprise policy actions.
 ms.assetid: 6F2D783C-F6B4-4A81-B9A2-522C4661D1AC
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/client-management/mdm/healthattestation-ddf.md b/windows/client-management/mdm/healthattestation-ddf.md
index 21934f6452..d7209b1cf2 100644
--- a/windows/client-management/mdm/healthattestation-ddf.md
+++ b/windows/client-management/mdm/healthattestation-ddf.md
@@ -1,6 +1,6 @@
 ---
 title: HealthAttestation DDF
-description: HealthAttestation DDF
+description: Learn about the OMA DM device description framework (DDF) for the HealthAttestation configuration service provider.
 ms.assetid: D20AC78D-D2D4-434B-B9FD-294BCD9D1DDE
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/client-management/mdm/mdm-enrollment-of-windows-devices.md b/windows/client-management/mdm/mdm-enrollment-of-windows-devices.md
index 7b8e606d40..1c9ca9aba5 100644
--- a/windows/client-management/mdm/mdm-enrollment-of-windows-devices.md
+++ b/windows/client-management/mdm/mdm-enrollment-of-windows-devices.md
@@ -1,6 +1,6 @@
 ---
 title: MDM enrollment of Windows 10-based devices
-description: MDM enrollment of Windows 10-based devices
+description: Learn about mobile device management (MDM) enrollment of Windows 10-based devices to simplify access to your organization’s resources.
 MS-HAID:
 - 'p\_phdevicemgmt.enrollment\_ui'
 - 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices'
diff --git a/windows/client-management/mdm/messaging-csp.md b/windows/client-management/mdm/messaging-csp.md
index cc739605f3..e9383e871f 100644
--- a/windows/client-management/mdm/messaging-csp.md
+++ b/windows/client-management/mdm/messaging-csp.md
@@ -1,6 +1,6 @@
 ---
 title: Messaging CSP
-description: Use the Messaging CSP to configure the ability to get text messages audited on a mobile device.
+description: Use the Messaging configuration service provider (CSP) to configure the ability to get text messages audited on a mobile device.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/multisim-csp.md b/windows/client-management/mdm/multisim-csp.md
index 7d719b40aa..3597ffa5fe 100644
--- a/windows/client-management/mdm/multisim-csp.md
+++ b/windows/client-management/mdm/multisim-csp.md
@@ -1,6 +1,6 @@
 ---
 title: MultiSIM CSP
-description: MultiSIM CSP allows the enterprise to manage devices with dual SIM single active configuration.
+description: MultiSIM configuration service provider (CSP) allows the enterprise to manage devices with dual SIM single active configuration.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/nap-csp.md b/windows/client-management/mdm/nap-csp.md
index c4dbd6410a..dcaef76767 100644
--- a/windows/client-management/mdm/nap-csp.md
+++ b/windows/client-management/mdm/nap-csp.md
@@ -1,6 +1,6 @@
 ---
 title: NAP CSP
-description: NAP CSP
+description: Learn how the Network Access Point (NAP) configuration service provider (CSP) is used to manage and query GPRS and CDMA connections.
 ms.assetid: 82f04492-88a6-4afd-af10-a62b8d444d21
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/client-management/mdm/napdef-csp.md b/windows/client-management/mdm/napdef-csp.md
index 80a87e53d1..1b5f5ecdd4 100644
--- a/windows/client-management/mdm/napdef-csp.md
+++ b/windows/client-management/mdm/napdef-csp.md
@@ -1,6 +1,6 @@
 ---
 title: NAPDEF CSP
-description: NAPDEF CSP
+description: Learn how the NAPDEF configuration service provider (CSP) is used to add, modify, or delete WAP network access points (NAPs).
 ms.assetid: 9bcc65dd-a72b-4f90-aba7-4066daa06988
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/client-management/mdm/networkproxy-csp.md b/windows/client-management/mdm/networkproxy-csp.md
index c82e246263..43aff61d37 100644
--- a/windows/client-management/mdm/networkproxy-csp.md
+++ b/windows/client-management/mdm/networkproxy-csp.md
@@ -1,6 +1,6 @@
 ---
 title: NetworkProxy CSP
-description: NetworkProxy CSP
+description: Learn how the NetworkProxy configuration service provider (CSP) is used to configure a proxy server for ethernet and Wi-Fi connections.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/networkqospolicy-ddf.md b/windows/client-management/mdm/networkqospolicy-ddf.md
index 7535a3ce20..c2d3ea4a5e 100644
--- a/windows/client-management/mdm/networkqospolicy-ddf.md
+++ b/windows/client-management/mdm/networkqospolicy-ddf.md
@@ -1,6 +1,6 @@
 ---
 title: NetworkQoSPolicy DDF
-description: View the OMA DM device description framework (DDF) for the NetworkQoSPolicy configuration service provider. DDF files are used only with OMA DM provisioning XML
+description: View the OMA DM device description framework (DDF) for the NetworkQoSPolicy configuration service provider. DDF files are used only with OMA DM provisioning XML.
 ms.assetid:
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/client-management/mdm/nodecache-ddf-file.md b/windows/client-management/mdm/nodecache-ddf-file.md
index 7d58ebbea3..06a74f2979 100644
--- a/windows/client-management/mdm/nodecache-ddf-file.md
+++ b/windows/client-management/mdm/nodecache-ddf-file.md
@@ -1,6 +1,6 @@
 ---
 title: NodeCache DDF file
-description: NodeCache DDF file
+description: Learn about the OMA DM device description framework (DDF) for the NodeCache configuration service provider (CSP).
 ms.assetid: d7605098-12aa-4423-89ae-59624fa31236
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/client-management/mdm/personalization-ddf.md b/windows/client-management/mdm/personalization-ddf.md
index eef4903c8c..5a9ac5cc69 100644
--- a/windows/client-management/mdm/personalization-ddf.md
+++ b/windows/client-management/mdm/personalization-ddf.md
@@ -1,6 +1,6 @@
 ---
 title: Personalization DDF file
-description: Learn how to set the OMA DM device description framework (DDF) for the **Personalization** configuration service provider. 
+description: Learn how to set the OMA DM device description framework (DDF) for the Personalization configuration service provider (CSP). 
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md
index 5e23762281..d7f6716dcc 100644
--- a/windows/client-management/mdm/policy-configuration-service-provider.md
+++ b/windows/client-management/mdm/policy-configuration-service-provider.md
@@ -1,6 +1,6 @@
 ---
 title: Policy CSP
-description: Policy CSP
+description: Learn how the Policy configuration service provider (CSP) enables the enterprise to configure policies on Windows 10.
 ms.assetid: 4F3A1134-D401-44FC-A583-6EDD3070BA4F
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/client-management/mdm/policy-csp-abovelock.md b/windows/client-management/mdm/policy-csp-abovelock.md
index ebc28b415c..23c1bb8142 100644
--- a/windows/client-management/mdm/policy-csp-abovelock.md
+++ b/windows/client-management/mdm/policy-csp-abovelock.md
@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - AboveLock
-description: Learn the various AboveLock Policy CSP for Windows editions of Home, Pro, Business, and more. 
+description: Learn the various AboveLock Policy configuration service provider (CSP) for Windows editions of Home, Pro, Business, and more. 
 ms.author: dansimp
 ms.localizationpriority: medium
 ms.topic: article
diff --git a/windows/client-management/mdm/policy-csp-accounts.md b/windows/client-management/mdm/policy-csp-accounts.md
index fad4a74ad7..4367ed3ed6 100644
--- a/windows/client-management/mdm/policy-csp-accounts.md
+++ b/windows/client-management/mdm/policy-csp-accounts.md
@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - Accounts
-description: Policy CSP - Accounts
+description: Learn about the Policy configuration service provider (CSP). This articles describes account policies. 
 ms.author: dansimp
 ms.localizationpriority: medium
 ms.topic: article
diff --git a/windows/client-management/mdm/policy-csp-activexcontrols.md b/windows/client-management/mdm/policy-csp-activexcontrols.md
index 9c2b674cee..d760021b1e 100644
--- a/windows/client-management/mdm/policy-csp-activexcontrols.md
+++ b/windows/client-management/mdm/policy-csp-activexcontrols.md
@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - ActiveXControls
-description: Learn the ins and outs of various Policy CSP - ActiveXControls settings, including SyncML, for Windows 10.
+description: Learn about various Policy configuration service provider (CSP) - ActiveXControls settings, including SyncML, for Windows 10.
 ms.author: dansimp
 ms.localizationpriority: medium
 ms.topic: article
diff --git a/windows/client-management/mdm/policy-csp-applicationdefaults.md b/windows/client-management/mdm/policy-csp-applicationdefaults.md
index ccc641c6a3..eb4a7086d1 100644
--- a/windows/client-management/mdm/policy-csp-applicationdefaults.md
+++ b/windows/client-management/mdm/policy-csp-applicationdefaults.md
@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - ApplicationDefaults
-description: Policy CSP - ApplicationDefaults
+description: Learn about various Policy configuration service provider (CSP) - ApplicationDefaults, including SyncML, for Windows 10.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/policy-csp-applicationmanagement.md b/windows/client-management/mdm/policy-csp-applicationmanagement.md
index 6b55aa34e3..1f128f9b64 100644
--- a/windows/client-management/mdm/policy-csp-applicationmanagement.md
+++ b/windows/client-management/mdm/policy-csp-applicationmanagement.md
@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - ApplicationManagement
-description: Policy CSP - ApplicationManagement
+description: Learn about various Policy configuration service provider (CSP) - ApplicationManagement, including SyncML, for Windows 10.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/policy-csp-appruntime.md b/windows/client-management/mdm/policy-csp-appruntime.md
index 6e15e10e88..2a224f8bfe 100644
--- a/windows/client-management/mdm/policy-csp-appruntime.md
+++ b/windows/client-management/mdm/policy-csp-appruntime.md
@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - AppRuntime
-description: Control whether Microsoft accounts are optional for Windows Store apps that require an account to sign in.Policy CSP - AppRuntime.
+description: Learn how the Policy CSP - AppRuntime setting controls whether Microsoft accounts are optional for Windows Store apps that require an account to sign in.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/policy-csp-appvirtualization.md b/windows/client-management/mdm/policy-csp-appvirtualization.md
index 29788ea127..63cdb4036d 100644
--- a/windows/client-management/mdm/policy-csp-appvirtualization.md
+++ b/windows/client-management/mdm/policy-csp-appvirtualization.md
@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - AppVirtualization
-description: Policy CSP - AppVirtualization
+description: Learn how the Policy CSP - AppVirtualization setting allows you to enable or disable Microsoft Application Virtualization (App-V) feature.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/policy-csp-attachmentmanager.md b/windows/client-management/mdm/policy-csp-attachmentmanager.md
index cb2130e778..cf8e105de8 100644
--- a/windows/client-management/mdm/policy-csp-attachmentmanager.md
+++ b/windows/client-management/mdm/policy-csp-attachmentmanager.md
@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - AttachmentManager
-description: Manage Windows marks file attachments with information about their zone of origin (such as restricted, Internet, intranet, local).
+description: Manage Windows marks file attachments with information about their zone of origin, such as restricted, Internet, intranet, local.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10

From d21e60247429dd067d8812fa00b9df9f315e1178 Mon Sep 17 00:00:00 2001
From: Dan Mabee <v-damabe@microsoft.com>
Date: Sun, 16 Aug 2020 21:14:51 -0700
Subject: [PATCH 39/69] Update policy-csp-attachmentmanager.md

---
 windows/client-management/mdm/policy-csp-attachmentmanager.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/client-management/mdm/policy-csp-attachmentmanager.md b/windows/client-management/mdm/policy-csp-attachmentmanager.md
index cf8e105de8..e808f11e13 100644
--- a/windows/client-management/mdm/policy-csp-attachmentmanager.md
+++ b/windows/client-management/mdm/policy-csp-attachmentmanager.md
@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - AttachmentManager
-description: Manage Windows marks file attachments with information about their zone of origin, such as restricted, Internet, intranet, local.
+description: Manage Windows marks file attachments with information about their zone of origin, such as restricted, internet, intranet, local.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10

From 286b8fa706326ed5598e5d5ce0e5b7190768f5bb Mon Sep 17 00:00:00 2001
From: damabe <v-damabe@microsoft.com>
Date: Sun, 16 Aug 2020 22:39:27 -0700
Subject: [PATCH 40/69] Update short descriptions for SEO improvement

---
 windows/client-management/mdm/policy-csp-audit.md               | 2 +-
 windows/client-management/mdm/policy-csp-authentication.md      | 2 +-
 windows/client-management/mdm/policy-csp-autoplay.md            | 2 +-
 windows/client-management/mdm/policy-csp-bluetooth.md           | 2 +-
 windows/client-management/mdm/policy-csp-browser.md             | 2 +-
 windows/client-management/mdm/policy-csp-camera.md              | 2 +-
 windows/client-management/mdm/policy-csp-cellular.md            | 2 +-
 windows/client-management/mdm/policy-csp-connectivity.md        | 2 +-
 .../client-management/mdm/policy-csp-controlpolicyconflict.md   | 2 +-
 windows/client-management/mdm/policy-csp-credentialproviders.md | 2 +-
 .../client-management/mdm/policy-csp-credentialsdelegation.md   | 2 +-
 windows/client-management/mdm/policy-csp-credentialsui.md       | 2 +-
 windows/client-management/mdm/policy-csp-cryptography.md        | 2 +-
 windows/client-management/mdm/policy-csp-dataprotection.md      | 2 +-
 windows/client-management/mdm/policy-csp-datausage.md           | 2 +-
 windows/client-management/mdm/policy-csp-defender.md            | 2 +-
 .../client-management/mdm/policy-csp-deliveryoptimization.md    | 2 +-
 windows/client-management/mdm/policy-csp-desktop.md             | 2 +-
 windows/client-management/mdm/policy-csp-deviceguard.md         | 2 +-
 .../client-management/mdm/policy-csp-devicehealthmonitoring.md  | 2 +-
 20 files changed, 20 insertions(+), 20 deletions(-)

diff --git a/windows/client-management/mdm/policy-csp-audit.md b/windows/client-management/mdm/policy-csp-audit.md
index ffd4519182..7d0997f275 100644
--- a/windows/client-management/mdm/policy-csp-audit.md
+++ b/windows/client-management/mdm/policy-csp-audit.md
@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - Audit
-description: Policy CSP - Audit
+description: Learn how the Policy CSP - Audit setting causes an audit event to be generated when an account can't log on to a computer because the account is locked out.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/policy-csp-authentication.md b/windows/client-management/mdm/policy-csp-authentication.md
index 96f9787790..51f56ffbbb 100644
--- a/windows/client-management/mdm/policy-csp-authentication.md
+++ b/windows/client-management/mdm/policy-csp-authentication.md
@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - Authentication
-description: Policy CSP - Authentication
+description: The Policy CSP - Authentication setting allows the Azure AD tenant administrators to enable self service password reset feature on the Windows sign in screen.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/policy-csp-autoplay.md b/windows/client-management/mdm/policy-csp-autoplay.md
index 36a05de8df..15b769497e 100644
--- a/windows/client-management/mdm/policy-csp-autoplay.md
+++ b/windows/client-management/mdm/policy-csp-autoplay.md
@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - Autoplay
-description: Policy CSP - Autoplay
+description: Learn how the Policy CSP - Autoplay setting disallows AutoPlay for MTP devices like cameras or phones.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/policy-csp-bluetooth.md b/windows/client-management/mdm/policy-csp-bluetooth.md
index 28123a7dc0..6426fba5e8 100644
--- a/windows/client-management/mdm/policy-csp-bluetooth.md
+++ b/windows/client-management/mdm/policy-csp-bluetooth.md
@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - Bluetooth
-description: Policy CSP - Bluetooth
+description: Learn how the Policy CSP - Bluetooth setting specifies whether the device can send out Bluetooth advertisements.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/policy-csp-browser.md b/windows/client-management/mdm/policy-csp-browser.md
index 206e99f3db..d2c9190e0b 100644
--- a/windows/client-management/mdm/policy-csp-browser.md
+++ b/windows/client-management/mdm/policy-csp-browser.md
@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - Browser
-description: Learn how to set the Policy CSP - Browser settings for Microsoft Edge, version 45 and earlier.
+description: Learn how to use the Policy CSP - Browser settings so you can configure Microsoft Edge browser, version 45 and earlier.
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
diff --git a/windows/client-management/mdm/policy-csp-camera.md b/windows/client-management/mdm/policy-csp-camera.md
index 0def6900f0..93e5c5d6cf 100644
--- a/windows/client-management/mdm/policy-csp-camera.md
+++ b/windows/client-management/mdm/policy-csp-camera.md
@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - Camera
-description: Policy CSP - Camera
+description: Learn how to use the Policy CSP - Camera setting so that you can configure it to disable or enable the camera.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/policy-csp-cellular.md b/windows/client-management/mdm/policy-csp-cellular.md
index 3d156b1c89..ccd0ab26c1 100644
--- a/windows/client-management/mdm/policy-csp-cellular.md
+++ b/windows/client-management/mdm/policy-csp-cellular.md
@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - Cellular
-description: Policy CSP - Cellular
+description: Learn how to use the Policy CSP - Cellular setting so you can specify whether Windows apps can access cellular data.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/policy-csp-connectivity.md b/windows/client-management/mdm/policy-csp-connectivity.md
index ee83ad3d00..503ee130bc 100644
--- a/windows/client-management/mdm/policy-csp-connectivity.md
+++ b/windows/client-management/mdm/policy-csp-connectivity.md
@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - Connectivity
-description: Policy CSP - Connectivity
+description: Learn how to use the Policy CSP - Connectivity setting to allow the user to enable Bluetooth or restrict access.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/policy-csp-controlpolicyconflict.md b/windows/client-management/mdm/policy-csp-controlpolicyconflict.md
index a822c7a831..9a867b0778 100644
--- a/windows/client-management/mdm/policy-csp-controlpolicyconflict.md
+++ b/windows/client-management/mdm/policy-csp-controlpolicyconflict.md
@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - ControlPolicyConflict
-description: Policy CSP - ControlPolicyConflict
+description: Use the Policy CSP - ControlPolicyConflict setting to control which policy is used whenever both the MDM policy and its equivalent Group Policy are set on the device.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/policy-csp-credentialproviders.md b/windows/client-management/mdm/policy-csp-credentialproviders.md
index 425fcf361a..89e4817ce7 100644
--- a/windows/client-management/mdm/policy-csp-credentialproviders.md
+++ b/windows/client-management/mdm/policy-csp-credentialproviders.md
@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - CredentialProviders
-description: Learn the policy CSP for credential provider  set up, sign in, PIN requests and so on. 
+description: Learn how to use the policy CSP for credential provider so you can control whether a domain user can sign in using a convenience PIN.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/policy-csp-credentialsdelegation.md b/windows/client-management/mdm/policy-csp-credentialsdelegation.md
index c8416c3bb9..71447f45ab 100644
--- a/windows/client-management/mdm/policy-csp-credentialsdelegation.md
+++ b/windows/client-management/mdm/policy-csp-credentialsdelegation.md
@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - CredentialsDelegation
-description: Policy CSP - CredentialsDelegation
+description: Learn how to use the Policy CSP - CredentialsDelegation setting so that remote host can allow delegation of non-exportable credentials.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/policy-csp-credentialsui.md b/windows/client-management/mdm/policy-csp-credentialsui.md
index 349800035d..5ccf34a12e 100644
--- a/windows/client-management/mdm/policy-csp-credentialsui.md
+++ b/windows/client-management/mdm/policy-csp-credentialsui.md
@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - CredentialsUI
-description: Policy CSP - CredentialsUI
+description: Learn how to use the Policy CSP - CredentialsUI setting to configure the display of the password reveal button in password entry user experiences.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/policy-csp-cryptography.md b/windows/client-management/mdm/policy-csp-cryptography.md
index 55ceb74581..b141d4387b 100644
--- a/windows/client-management/mdm/policy-csp-cryptography.md
+++ b/windows/client-management/mdm/policy-csp-cryptography.md
@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - Cryptography
-description: Policy CSP - Cryptography
+description: Learn how to use the Policy CSP - Cryptography setting to allow or disallow the Federal Information Processing Standard (FIPS) policy.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/policy-csp-dataprotection.md b/windows/client-management/mdm/policy-csp-dataprotection.md
index 4c71a876a5..9da8c6ce2c 100644
--- a/windows/client-management/mdm/policy-csp-dataprotection.md
+++ b/windows/client-management/mdm/policy-csp-dataprotection.md
@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - DataProtection
-description: Policy CSP - DataProtection
+description: Use the Policy CSP - DataProtection setting to block direct memory access (DMA) for all hot pluggable PCI downstream ports until a user logs into Windows.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/policy-csp-datausage.md b/windows/client-management/mdm/policy-csp-datausage.md
index 28f919ead9..cb540b3415 100644
--- a/windows/client-management/mdm/policy-csp-datausage.md
+++ b/windows/client-management/mdm/policy-csp-datausage.md
@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - DataUsage
-description: Policy CSP - DataUsage
+description: Learn how to use the Policy CSP - DataUsage setting to configure the cost of 4G connections on the local machine. 
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/policy-csp-defender.md b/windows/client-management/mdm/policy-csp-defender.md
index c2fb83fe51..79fe896cdf 100644
--- a/windows/client-management/mdm/policy-csp-defender.md
+++ b/windows/client-management/mdm/policy-csp-defender.md
@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - Defender
-description: Policy CSP - Defender
+description: Learn how to use the Policy CSP - Defender setting so you can allow or disallow scanning of archives.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/policy-csp-deliveryoptimization.md b/windows/client-management/mdm/policy-csp-deliveryoptimization.md
index bdf3985bb6..4061074c76 100644
--- a/windows/client-management/mdm/policy-csp-deliveryoptimization.md
+++ b/windows/client-management/mdm/policy-csp-deliveryoptimization.md
@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - DeliveryOptimization
-description: Policy CSP - DeliveryOptimization
+description: Learn how to use the Policy CSP - DeliveryOptimization setting to configure one or more Microsoft Connected Cache servers to be used by Delivery Optimization.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/policy-csp-desktop.md b/windows/client-management/mdm/policy-csp-desktop.md
index 0ade992a1d..dfbed26745 100644
--- a/windows/client-management/mdm/policy-csp-desktop.md
+++ b/windows/client-management/mdm/policy-csp-desktop.md
@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - Desktop
-description: Policy CSP - Desktop
+description: Learn how to use the Policy CSP - Desktop setting to prevent users from changing the path to their profile folders.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/policy-csp-deviceguard.md b/windows/client-management/mdm/policy-csp-deviceguard.md
index 163655f59f..842a8a3eff 100644
--- a/windows/client-management/mdm/policy-csp-deviceguard.md
+++ b/windows/client-management/mdm/policy-csp-deviceguard.md
@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - DeviceGuard
-description: Policy CSP - DeviceGuard
+description: Learn how to use the Policy CSP - DeviceGuard policy to allow the IT admin to configure the launch of System Guard.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/policy-csp-devicehealthmonitoring.md b/windows/client-management/mdm/policy-csp-devicehealthmonitoring.md
index 8277ae0425..60d4832fae 100644
--- a/windows/client-management/mdm/policy-csp-devicehealthmonitoring.md
+++ b/windows/client-management/mdm/policy-csp-devicehealthmonitoring.md
@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - DeviceHealthMonitoring
-description: Learn which DeviceHealthMonitoring policies are supported for your edition of Windows.
+description: Learn how the Policy CSP - DeviceHealthMonitoring setting is used as an opt-in health monitoring connection between the device and Microsoft.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10

From 6f599b8d6f8d371c58c1d5a0a26bf971f94f7d90 Mon Sep 17 00:00:00 2001
From: Dan Mabee <v-damabe@microsoft.com>
Date: Sun, 16 Aug 2020 22:42:11 -0700
Subject: [PATCH 41/69] Update policy-csp-deviceguard.md

---
 windows/client-management/mdm/policy-csp-deviceguard.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/client-management/mdm/policy-csp-deviceguard.md b/windows/client-management/mdm/policy-csp-deviceguard.md
index 842a8a3eff..9512ffde73 100644
--- a/windows/client-management/mdm/policy-csp-deviceguard.md
+++ b/windows/client-management/mdm/policy-csp-deviceguard.md
@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - DeviceGuard
-description: Learn how to use the Policy CSP - DeviceGuard policy to allow the IT admin to configure the launch of System Guard.
+description: Learn how to use the Policy CSP - DeviceGuard setting to allow the IT admin to configure the launch of System Guard.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10

From 44bbb3d9e0004ee0a026b98f25e333b55191fe96 Mon Sep 17 00:00:00 2001
From: Kelly Baker <v-kbaker@microsoft.com>
Date: Mon, 17 Aug 2020 10:29:10 -0700
Subject: [PATCH 42/69] Update provisioning-create-package.md

---
 .../provisioning-create-package.md            | 50 ++++++++++---------
 1 file changed, 26 insertions(+), 24 deletions(-)

diff --git a/windows/configuration/provisioning-packages/provisioning-create-package.md b/windows/configuration/provisioning-packages/provisioning-create-package.md
index 3c75f63d1f..f9816492d7 100644
--- a/windows/configuration/provisioning-packages/provisioning-create-package.md
+++ b/windows/configuration/provisioning-packages/provisioning-create-package.md
@@ -1,6 +1,6 @@
 ---
 title: Create a provisioning package (Windows 10)
-description: Learn how to create a provisioning package for Windows 10. Provisioning packages let you quickly configure a device without having to install a new image.
+description: Learn how to create a provisioning package for Windows 10, which lets you quickly configure a device without having to install a new image.
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -26,39 +26,41 @@ You can use Windows Configuration Designer to create a provisioning package (.pp
 >[Learn how to install Windows Configuration Designer.](provisioning-install-icd.md)
 
 > [!TIP]
-> We recommend creating a local admin account when developing and testing your provisioning package. We also recommend using a “least privileged” domain user account to join devices to the Active Directory domain.
+> We recommend creating a local admin account when you develop and test your provisioning package. We also recommend using a *least privileged* domain user account to join devices to the Active Directory domain.
 
 ## Start a new project
 
 1. Open Windows Configuration Designer:
-   - From either the Start screen or Start menu search, type 'Windows Configuration Designer' and click on the Windows Configuration Designer shortcut, 
+   - From either the Start screen or Start menu search, type **Windows Configuration Designer**, and then select the **Windows Configuration Designer** shortcut. 
 
      or
 
-   - If you installed Windows Configuration Designer from the ADK, navigate to `C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Imaging and Configuration Designer\x86` (on an x64 computer) or `C:\Program Files\Windows Kits\10\Assessment and Deployment Kit\Imaging and Configuration Designer\x86\ICD.exe` (on an x86 computer), and then double-click **ICD.exe**.
+   - If you installed Windows Configuration Designer from the ADK, navigate to `C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Imaging and Configuration Designer\x86` (on an x64 computer) or `C:\Program Files\Windows Kits\10\Assessment and Deployment Kit\Imaging and Configuration Designer\x86\ICD.exe` (on an x86 computer), and then select **ICD.exe**.
 
 2. Select your desired option on the **Start** page, which offers multiple options for creating a provisioning package, as shown in the following image:
 
     ![Configuration Designer wizards](../images/icd-create-options-1703.png)
 
-    - The wizard options provide a simple interface for configuring common settings for desktop, mobile, and kiosk devices. Wizards are also available for creating provisioning packages for Microsoft Surface Hub and Microsoft HoloLens devices. For a summary of the settings available in the desktop, mobile, and kiosk devices, see [What you can configure using Configuration Designer wizardS](provisioning-packages.md#configuration-designer-wizards). 
+    - The following wizard options provide a simple interface for configuring common settings for desktop, mobile, and kiosk devices: 
 
         - [Instructions for the desktop wizard](provision-pcs-for-initial-deployment.md)
         - [Instructions for the mobile wizard](../mobile-devices/provisioning-configure-mobile.md)
         - [Instructions for the kiosk wizard](../kiosk-single-app.md#wizard)
         - [Instructions for HoloLens wizard](https://technet.microsoft.com/itpro/hololens/hololens-provisioning)
         - [Instructions for Surface Hub wizard](https://technet.microsoft.com/itpro/surface-hub/provisioning-packages-for-certificates-surface-hub)
+        
+      Wizards are also available for creating provisioning packages for Microsoft Surface Hub and Microsoft HoloLens devices. For a summary of the settings available in the desktop, mobile, and kiosk devices, see [What you can configure using Configuration Designer wizards](provisioning-packages.md#configuration-designer-wizards).
 
-    - The **Advanced provisioning** option opens a new project with all **Runtime settings** available. *The rest of this procedure uses advanced provisioning.*
+    - The **Advanced provisioning** option opens a new project with all the runtime settings available. (The rest of this procedure uses advanced provisioning.)
 
         >[!TIP]
         > You can start a project in the simple wizard editor and then switch the project to the advanced editor.
         >
         > ![Switch to advanced editor](../images/icd-switch.png)
 
-3. Enter a name for your project, and then click **Next**.
+3. Enter a name for your project, and then select **Next**.
 
-4. Select the settings you want to configure, based on the type of device, and then click **Next**. The following table describes the options.
+4. Select the settings you want to configure, based on the type of device, and then select **Next**. The following table describes the options.
 
 
    |          Windows edition          |              Settings available for customization               |                                              Provisioning package can apply to                                              |
@@ -71,12 +73,12 @@ You can use Windows Configuration Designer to create a provisioning package (.pp
    | Common to Windows 10 Team edition |    Common settings and settings specific to Windows 10 Team     | [Microsoft Surface Hub](https://technet.microsoft.com/itpro/surface-hub/provisioning-packages-for-certificates-surface-hub) |
 
 
-5. On the **Import a provisioning package (optional)** page, you can click **Finish** to create your project, or browse to and select an existing provisioning package to import to your project, and then click **Finish**.
+5. On the **Import a provisioning package (optional)** page, you can select **Finish** to create your project, or browse to and select an existing provisioning package to import to your project, and then select **Finish**.
 
 >[!TIP]
->**Import a provisioning package** can make it easier to create different provisioning packages that all have certain settings in common. For example, you could create a provisioning package that contains the settings for your organization's network, and then import it into other packages you create so you don't have to reconfigure those common settings repeatedly.
+>**Import a provisioning package** can make it easier to create different provisioning packages that all have certain settings in common. For example, you could create a provisioning package that contains the settings for your organization's network, and then import it into other packages that you create so you don't have to reconfigure those common settings repeatedly.
 
-After you click **Finish**, Windows Configuration Designer will open the **Available customizations** pane and you can then configure settings for the package. 
+6. In the **Available customizations** pane, you can now configure settings for the package. 
 
 
 
@@ -94,7 +96,7 @@ The process for configuring settings is similar for all settings. The following
 <table>
 <tr><td><img src="../images/one.png" alt="step one"/></br>Expand a category.</td><td><img src="../images/icd-step1.png" alt="Expand Certificates category"/></td></tr>
 <tr><td><img src="../images/two.png" alt="step two"/></br>Select a setting.</td><td><img src="../images/icd-step2.png" alt="Select ClientCertificates"/></td></tr>
-<tr><td><img src="../images/three.png" alt="step three"/></br>Enter a value for the setting. Click <strong>Add</strong> if the button is displayed.</td><td><img src="../images/icd-step3.png" alt="Enter a name for the certificate"/></td></tr>
+<tr><td><img src="../images/three.png" alt="step three"/></br>Enter a value for the setting. Select <strong>Add</strong> if the button is displayed.</td><td><img src="../images/icd-step3.png" alt="Enter a name for the certificate"/></td></tr>
 <tr><td><img src="../images/four.png" alt="step four"/></br>Some settings, such as this example, require additional information. In <strong>Available customizations</strong>, select the value you just created, and additional settings are displayed.</td><td><img src="../images/icd-step4.png" alt="Additional settings for client certificate"/></td></tr> 
 <tr><td><img src="../images/five.png" alt="step five"/></br>When the setting is configured, it is displayed in the <strong>Selected customizations</strong> pane.</td><td><img src="../images/icd-step5.png" alt="Selected customizations pane"/></td></tr>
 </table>
@@ -106,39 +108,39 @@ For details on each specific setting, see [Windows Provisioning settings referen
 
  ## Build package
 
-1. After you're done configuring your customizations, click **Export** and select **Provisioning Package**.
+1. After you're done configuring your customizations, select **Export**, and then select **Provisioning Package**.
 
     ![Export on top bar](../images/icd-export-menu.png)
 
-2. In the **Describe the provisioning package** window, enter the following information, and then click **Next**:
+2. In the **Describe the provisioning package** window, enter the following information, and then select **Next**:
     - **Name** - This field is pre-populated with the project name. You can change this value by entering a different name in the **Name** field.
-    - **Version (in Major.Minor format** - - Optional. You can change the default package version by specifying a new value in the **Version** field. 
+    - **Version (in Major.Minor format** - Optional. You can change the default package version by specifying a new value in the **Version** field. 
     - **Owner** - Select **IT Admin**. For more information, see [Precedence for provisioning packages](provisioning-how-it-works.md#precedence-for-provisioning-packages).
     - **Rank (between 0-99)** - Optional. You can select a value between 0 and 99, inclusive. The default package rank is 0.
 
-3. In the **Select security details for the provisioning package** window, you can select to encrypt and/or sign a provisioning package with a selected certificate. Both selections are optional. Click **Next** after you make your selections.
+3. In the **Select security details for the provisioning package** window, you can select to encrypt and/or sign a provisioning package with a selected certificate, and then select **Next**. Both selections are optional:
 
    - **Encrypt package** -  If you select this option, an auto-generated password will be shown on the screen.
-   - **Sign package** - If you select this option, you must select a valid certificate to use for signing the package. You can specify the certificate by clicking **Select** and choosing the certificate you want to use to sign the package.
+   - **Sign package** - If you select this option, you must select a valid certificate to use for signing the package. You can specify the certificate by selecting **Select** and choosing the certificate you want to use to sign the package.
 
      >[!NOTE]
-     >You should only configure provisioning package security when the package is used for device provisioning and the package has contents with sensitive security data such as certificates or credentials that should be prevented from being compromised. When applying an encrypted and/or signed provisioning package, either during OOBE or through the setting UI, the package can be decrypted, and if signed, be trusted without explicit user consent. An IT administrator can set policy on a user device to restrict the removal of required packages from the device, or the provisioning of potentially harmful packages on the device. 
+     >You should only configure provisioning package security when the package is used for device provisioning and when the package has content with sensitive security data, such as certificates or credentials that should be prevented from being compromised. When applying an encrypted and/or signed provisioning package, either during OOBE or through the setting UI, the package can be decrypted, and if signed, be trusted without explicit user consent. An IT administrator can set policy on a user device to restrict the removal of required packages from the device, or the provisioning of potentially harmful packages on the device. 
      >
      >If a provisioning package is signed by a trusted provisioner, it can be installed on a device without a prompt for user consent. In order to enable trusted provider certificates, you must set the **TrustedProvisioners** setting prior to installing the trusted provisioning package. This is the only way to install a package without user consent. To provide additional security, you can also set **RequireProvisioningPackageSignature**, which prevents users from installing provisioning packages that are not signed by a trusted provisioner.
 
-4. In the **Select where to save the provisioning package** window, specify the output location where you want the provisioning package to go once it's built, and then click **Next**. By default, Windows Configuration Designer uses the project folder as the output location.
+4. In the **Select where to save the provisioning package** window, specify the output location where you want the provisioning package to go once it's built, and then select **Next**. By default, Windows Configuration Designer uses the project folder as the output location.
 
-5. In the **Build the provisioning package** window, click **Build**. The provisioning package doesn't take long to build. The project information is displayed in the build page and the progress bar indicates the build status. 
+5. In the **Build the provisioning package** window, select **Build**. The provisioning package doesn't take long to build. The project information is displayed in the build page and the progress bar indicates the build status. 
 
-    If you need to cancel the build, click Cancel. This cancels the current build process, closes the wizard, and takes you back to the Customizations Page.
+    If you need to cancel the build, select **Cancel**. This cancels the current build process, closes the wizard, and takes you back to the **Customizations** page.
 
-6. If your build fails, an error message will show up that includes a link to the project folder. You can scan the logs to determine what caused the error. Once you fix the issue, try building the package again.
+6. If your build fails, an error message will appear that includes a link to the project folder. You can scan the logs to determine what caused the error. Once you fix the issue, try building the package again.
 
     If your build is successful, the name of the provisioning package, output directory, and project directory will be shown. 
 
-    If you choose, you can build the provisioning package again and pick a different path for the output package. To do this, click **Back** to change the output package name and path, and then click **Next** to start another build.
+    If you choose, you can build the provisioning package again and pick a different path for the output package. To do this, select **Back** to change the output package name and path, and then select **Next** to start another build.
 
-7. When you are done, click **Finish** to close the wizard and go back to the Customizations page.
+7. When you are done, select **Finish** to close the wizard and go back to the Customizations page.
 
 **Next step**: [How to apply a provisioning package](provisioning-apply-package.md)
 

From a207eb23d463d023f39e1325c8042a565c7ee559 Mon Sep 17 00:00:00 2001
From: Kelly Baker <v-kbaker@microsoft.com>
Date: Mon, 17 Aug 2020 10:36:39 -0700
Subject: [PATCH 43/69] Update provisioning-create-package.md

---
 .../provisioning-packages/provisioning-create-package.md        | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/configuration/provisioning-packages/provisioning-create-package.md b/windows/configuration/provisioning-packages/provisioning-create-package.md
index f9816492d7..5b464073a9 100644
--- a/windows/configuration/provisioning-packages/provisioning-create-package.md
+++ b/windows/configuration/provisioning-packages/provisioning-create-package.md
@@ -140,7 +140,7 @@ For details on each specific setting, see [Windows Provisioning settings referen
 
     If you choose, you can build the provisioning package again and pick a different path for the output package. To do this, select **Back** to change the output package name and path, and then select **Next** to start another build.
 
-7. When you are done, select **Finish** to close the wizard and go back to the Customizations page.
+7. When you are done, select **Finish** to close the wizard and go back to the **Customizations** page.
 
 **Next step**: [How to apply a provisioning package](provisioning-apply-package.md)
 

From e2962444d15a4d39fb2a4691f38c2fbf46f5b1d8 Mon Sep 17 00:00:00 2001
From: damabe <v-damabe@microsoft.com>
Date: Mon, 17 Aug 2020 19:58:48 -0700
Subject: [PATCH 44/69] Update short descriptions for SEO improvement

---
 windows/client-management/mdm/policy-csp-deviceinstallation.md  | 2 +-
 windows/client-management/mdm/policy-csp-devicelock.md          | 2 +-
 windows/client-management/mdm/policy-csp-display.md             | 2 +-
 windows/client-management/mdm/policy-csp-dmaguard.md            | 2 +-
 windows/client-management/mdm/policy-csp-education.md           | 2 +-
 .../client-management/mdm/policy-csp-enterprisecloudprint.md    | 2 +-
 windows/client-management/mdm/policy-csp-errorreporting.md      | 2 +-
 windows/client-management/mdm/policy-csp-eventlogservice.md     | 2 +-
 windows/client-management/mdm/policy-csp-experience.md          | 2 +-
 windows/client-management/mdm/policy-csp-exploitguard.md        | 2 +-
 windows/client-management/mdm/policy-csp-fileexplorer.md        | 2 +-
 windows/client-management/mdm/policy-csp-games.md               | 2 +-
 windows/client-management/mdm/policy-csp-handwriting.md         | 2 +-
 windows/client-management/mdm/policy-csp-internetexplorer.md    | 2 +-
 windows/client-management/mdm/policy-csp-kerberos.md            | 2 +-
 windows/client-management/mdm/policy-csp-kioskbrowser.md        | 2 +-
 windows/client-management/mdm/policy-csp-lanmanworkstation.md   | 2 +-
 windows/client-management/mdm/policy-csp-licensing.md           | 2 +-
 windows/client-management/mdm/policy-csp-lockdown.md            | 2 +-
 windows/client-management/mdm/policy-csp-maps.md                | 2 +-
 20 files changed, 20 insertions(+), 20 deletions(-)

diff --git a/windows/client-management/mdm/policy-csp-deviceinstallation.md b/windows/client-management/mdm/policy-csp-deviceinstallation.md
index 5d67b14d8d..24c7b04cbf 100644
--- a/windows/client-management/mdm/policy-csp-deviceinstallation.md
+++ b/windows/client-management/mdm/policy-csp-deviceinstallation.md
@@ -2,7 +2,7 @@
 title: Policy CSP - DeviceInstallation
 ms.reviewer: 
 manager: dansimp
-description: Policy CSP - DeviceInstallation
+description: Use the Policy CSP - DeviceInstallation setting to specify a list of Plug and Play hardware IDs and compatible IDs for devices that Windows is allowed to install.
 ms.author: dansimp
 ms.date: 09/27/2019
 ms.topic: article
diff --git a/windows/client-management/mdm/policy-csp-devicelock.md b/windows/client-management/mdm/policy-csp-devicelock.md
index f95a796932..f68a71f820 100644
--- a/windows/client-management/mdm/policy-csp-devicelock.md
+++ b/windows/client-management/mdm/policy-csp-devicelock.md
@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - DeviceLock
-description: Policy CSP - DeviceLock
+description: Learn how to use the Policy CSP - DeviceLock setting to specify whether the user must input a PIN or password when the device resumes from an idle state.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/policy-csp-display.md b/windows/client-management/mdm/policy-csp-display.md
index 9645a371ac..82dbb630ae 100644
--- a/windows/client-management/mdm/policy-csp-display.md
+++ b/windows/client-management/mdm/policy-csp-display.md
@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - Display
-description: Policy CSP - Display
+description: Learn how to use the Policy CSP - Display setting to disable Per-Process System DPI for a semicolon-separated list of applications.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/policy-csp-dmaguard.md b/windows/client-management/mdm/policy-csp-dmaguard.md
index e5511ffaa0..0d8f6b40f8 100644
--- a/windows/client-management/mdm/policy-csp-dmaguard.md
+++ b/windows/client-management/mdm/policy-csp-dmaguard.md
@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - DmaGuard
-description: Policy CSP - DmaGuard
+description: Learn how to use the Policy CSP - DmaGuard setting to provide additional security against external DMA capable devices.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/policy-csp-education.md b/windows/client-management/mdm/policy-csp-education.md
index 9e12bc04e4..18cce493eb 100644
--- a/windows/client-management/mdm/policy-csp-education.md
+++ b/windows/client-management/mdm/policy-csp-education.md
@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - Education
-description: Control graphing functionality in the Windows Calculator app. 
+description: Learn how to use the Policy CSP - Education setting to control graphing functionality in the Windows Calculator app. 
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/policy-csp-enterprisecloudprint.md b/windows/client-management/mdm/policy-csp-enterprisecloudprint.md
index c450267337..e9d1cb8436 100644
--- a/windows/client-management/mdm/policy-csp-enterprisecloudprint.md
+++ b/windows/client-management/mdm/policy-csp-enterprisecloudprint.md
@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - EnterpriseCloudPrint
-description: Policy CSP - EnterpriseCloudPrint
+description: Use the Policy CSP - EnterpriseCloudPrint setting to define the maximum number of printers that should be queried from a discovery end point.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/policy-csp-errorreporting.md b/windows/client-management/mdm/policy-csp-errorreporting.md
index 79bbb1b92f..b4f27cc7c0 100644
--- a/windows/client-management/mdm/policy-csp-errorreporting.md
+++ b/windows/client-management/mdm/policy-csp-errorreporting.md
@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - ErrorReporting
-description: Policy CSP - ErrorReporting
+description: Learn how to use the Policy CSP - ErrorReporting setting to determine the consent behavior of Windows Error Reporting for specific event types.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/policy-csp-eventlogservice.md b/windows/client-management/mdm/policy-csp-eventlogservice.md
index 17080a877e..d86bd44edc 100644
--- a/windows/client-management/mdm/policy-csp-eventlogservice.md
+++ b/windows/client-management/mdm/policy-csp-eventlogservice.md
@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - EventLogService
-description: Policy CSP - EventLogService
+description: Learn how to use the Policy CSP - EventLogService settting to control Event Log behavior when the log file reaches its maximum size.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/policy-csp-experience.md b/windows/client-management/mdm/policy-csp-experience.md
index ff50088666..d9e072c7c3 100644
--- a/windows/client-management/mdm/policy-csp-experience.md
+++ b/windows/client-management/mdm/policy-csp-experience.md
@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - Experience
-description: Learn the various Experience policy CSP for Cortana, Sync, Spotlight and more.
+description: Learn how to use the Policy CSP - Experience setting to allow history of clipboard items to be stored in memory.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/policy-csp-exploitguard.md b/windows/client-management/mdm/policy-csp-exploitguard.md
index 1e1b072f7d..92829f957e 100644
--- a/windows/client-management/mdm/policy-csp-exploitguard.md
+++ b/windows/client-management/mdm/policy-csp-exploitguard.md
@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - ExploitGuard
-description: Policy CSP - ExploitGuard
+description: Use the Policy CSP - ExploitGuard setting to push out the desired system configuration and application mitigation options to all the devices in the organization.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/policy-csp-fileexplorer.md b/windows/client-management/mdm/policy-csp-fileexplorer.md
index 993073f411..58b2bf5175 100644
--- a/windows/client-management/mdm/policy-csp-fileexplorer.md
+++ b/windows/client-management/mdm/policy-csp-fileexplorer.md
@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - FileExplorer
-description: Policy CSP - FileExplorer
+description: Use the Policy CSP - FileExplorer setting so you can allow certain legacy plug-in applications to function without terminating Explorer.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/policy-csp-games.md b/windows/client-management/mdm/policy-csp-games.md
index 63eb04a5c3..f62143e2a6 100644
--- a/windows/client-management/mdm/policy-csp-games.md
+++ b/windows/client-management/mdm/policy-csp-games.md
@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - Games
-description: Policy CSP - Games
+description: Learn to use the Policy CSP - Games setting so that you can specify whether advanced gaming services can be used.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/policy-csp-handwriting.md b/windows/client-management/mdm/policy-csp-handwriting.md
index 8893695276..dea9168e36 100644
--- a/windows/client-management/mdm/policy-csp-handwriting.md
+++ b/windows/client-management/mdm/policy-csp-handwriting.md
@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - Handwriting
-description: Policy CSP - Handwriting
+description: Use the Policy CSP - Handwriting setting to allow an enterprise to configure the default mode for the handwriting panel.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/policy-csp-internetexplorer.md b/windows/client-management/mdm/policy-csp-internetexplorer.md
index a1b9bb2b78..c63c654abe 100644
--- a/windows/client-management/mdm/policy-csp-internetexplorer.md
+++ b/windows/client-management/mdm/policy-csp-internetexplorer.md
@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - InternetExplorer
-description: Policy CSP - InternetExplorer
+description: Use the Policy CSP - InternetExplorer setting to add a specific list of search providers to the user's default list of search providers.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/policy-csp-kerberos.md b/windows/client-management/mdm/policy-csp-kerberos.md
index 06023ba3f8..b5331fa661 100644
--- a/windows/client-management/mdm/policy-csp-kerberos.md
+++ b/windows/client-management/mdm/policy-csp-kerberos.md
@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - Kerberos
-description: Policy CSP - Kerberos
+description: Define the list of trusting forests that the Kerberos client searches when attempting to resolve two-part service principal names (SPNs).
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/policy-csp-kioskbrowser.md b/windows/client-management/mdm/policy-csp-kioskbrowser.md
index 5bbe648950..be0176ca9b 100644
--- a/windows/client-management/mdm/policy-csp-kioskbrowser.md
+++ b/windows/client-management/mdm/policy-csp-kioskbrowser.md
@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - KioskBrowser
-description: Policy CSP - KioskBrowser
+description: Use the Policy CSP - KioskBrowser setting to configure URLs kiosk browsers are allowed to navigate to, which are a subset of the blocked URLs.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/policy-csp-lanmanworkstation.md b/windows/client-management/mdm/policy-csp-lanmanworkstation.md
index 011b60a5d7..bb03f10884 100644
--- a/windows/client-management/mdm/policy-csp-lanmanworkstation.md
+++ b/windows/client-management/mdm/policy-csp-lanmanworkstation.md
@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - LanmanWorkstation
-description: Policy CSP - LanmanWorkstation
+description: Use the Policy CSP - LanmanWorkstation setting to determine if the SMB client will allow insecure guest logons to an SMB server.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/policy-csp-licensing.md b/windows/client-management/mdm/policy-csp-licensing.md
index c4e988fd6d..bfef6090cc 100644
--- a/windows/client-management/mdm/policy-csp-licensing.md
+++ b/windows/client-management/mdm/policy-csp-licensing.md
@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - Licensing
-description: Policy CSP - Licensing
+description: Use the Policy CSP - Licensing setting to enable or disable Windows license reactivation on managed devices.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/policy-csp-lockdown.md b/windows/client-management/mdm/policy-csp-lockdown.md
index 81f3ae2ca6..bc065532ed 100644
--- a/windows/client-management/mdm/policy-csp-lockdown.md
+++ b/windows/client-management/mdm/policy-csp-lockdown.md
@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - LockDown
-description: Policy CSP - LockDown
+description: Use the Policy CSP - LockDown setting to allow the user to invoke any system user interface by swiping in from any screen edge using touch.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/policy-csp-maps.md b/windows/client-management/mdm/policy-csp-maps.md
index 87ede82676..34c246f134 100644
--- a/windows/client-management/mdm/policy-csp-maps.md
+++ b/windows/client-management/mdm/policy-csp-maps.md
@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - Maps
-description: Policy CSP - Maps
+description: Use the Policy CSP - Maps setting to allow the download and update of map data over metered connections.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10

From 68f899f39a6501cfa5924fd152c75d55aca3a0b7 Mon Sep 17 00:00:00 2001
From: damabe <v-damabe@microsoft.com>
Date: Mon, 17 Aug 2020 21:20:57 -0700
Subject: [PATCH 45/69] Update short descriptions for SEO improvement

---
 windows/client-management/mdm/policy-csp-mssecurityguide.md     | 2 +-
 windows/client-management/mdm/policy-csp-msslegacy.md           | 2 +-
 windows/client-management/mdm/policy-csp-networkisolation.md    | 2 +-
 windows/client-management/mdm/policy-csp-power.md               | 2 +-
 windows/client-management/mdm/policy-csp-privacy.md             | 2 +-
 windows/client-management/mdm/policy-csp-remoteassistance.md    | 2 +-
 .../client-management/mdm/policy-csp-remotedesktopservices.md   | 2 +-
 windows/client-management/mdm/policy-csp-remotemanagement.md    | 2 +-
 windows/client-management/mdm/policy-csp-remoteprocedurecall.md | 2 +-
 windows/client-management/mdm/policy-csp-remoteshell.md         | 2 +-
 windows/client-management/mdm/policy-csp-restrictedgroups.md    | 2 +-
 windows/client-management/mdm/policy-csp-search.md              | 2 +-
 windows/client-management/mdm/policy-csp-security.md            | 2 +-
 .../client-management/mdm/policy-csp-servicecontrolmanager.md   | 2 +-
 windows/client-management/mdm/policy-csp-settings.md            | 2 +-
 windows/client-management/mdm/policy-csp-smartscreen.md         | 2 +-
 windows/client-management/mdm/policy-csp-speech.md              | 2 +-
 windows/client-management/mdm/policy-csp-start.md               | 2 +-
 windows/client-management/mdm/policy-csp-storage.md             | 2 +-
 windows/client-management/mdm/policy-csp-systemservices.md      | 2 +-
 20 files changed, 20 insertions(+), 20 deletions(-)

diff --git a/windows/client-management/mdm/policy-csp-mssecurityguide.md b/windows/client-management/mdm/policy-csp-mssecurityguide.md
index 7835ef3d3c..d464f4c063 100644
--- a/windows/client-management/mdm/policy-csp-mssecurityguide.md
+++ b/windows/client-management/mdm/policy-csp-mssecurityguide.md
@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - MSSecurityGuide
-description: See how this ADMX-backed policy requires a special SyncML format to enable or disable.
+description: Learn how Policy CSP - MSSecurityGuide, an ADMX-backed policy, requires a special SyncML format to enable or disable.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/policy-csp-msslegacy.md b/windows/client-management/mdm/policy-csp-msslegacy.md
index ad6734ce70..d4a5030052 100644
--- a/windows/client-management/mdm/policy-csp-msslegacy.md
+++ b/windows/client-management/mdm/policy-csp-msslegacy.md
@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - MSSLegacy
-description: Policy CSP - MSSLegacy
+description: Learn how Policy CSP - MSSLegacy, an ADMX-backed policy, requires a special SyncML format to enable or disable. 
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/policy-csp-networkisolation.md b/windows/client-management/mdm/policy-csp-networkisolation.md
index 3f42c5653f..95d9af4a93 100644
--- a/windows/client-management/mdm/policy-csp-networkisolation.md
+++ b/windows/client-management/mdm/policy-csp-networkisolation.md
@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - NetworkIsolation
-description: Policy CSP - NetworkIsolation
+description: Learn how Policy CSP - NetworkIsolation contains a list of Enterprise resource domains hosted in the cloud that need to be protected.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/policy-csp-power.md b/windows/client-management/mdm/policy-csp-power.md
index 5da2930e76..d17cdbe1bc 100644
--- a/windows/client-management/mdm/policy-csp-power.md
+++ b/windows/client-management/mdm/policy-csp-power.md
@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - Power
-description: Learn the ins and outs of various Policy CSP - Power settings, including SyncML, for Windows 10.
+description: Learn how the Policy CSP - Power setting manages whether or not Windows is allowed to use standby states when putting the computer in a sleep state.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/policy-csp-privacy.md b/windows/client-management/mdm/policy-csp-privacy.md
index 9b20cf82c2..ca873b0393 100644
--- a/windows/client-management/mdm/policy-csp-privacy.md
+++ b/windows/client-management/mdm/policy-csp-privacy.md
@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - Privacy
-description: Policy CSP - Privacy
+description: Learn how the Policy CSP - Privacy setting allows or disallows the automatic acceptance of the pairing and privacy user consent dialog when launching apps.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/policy-csp-remoteassistance.md b/windows/client-management/mdm/policy-csp-remoteassistance.md
index 39e59b9ba2..340bef38c2 100644
--- a/windows/client-management/mdm/policy-csp-remoteassistance.md
+++ b/windows/client-management/mdm/policy-csp-remoteassistance.md
@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - RemoteAssistance
-description: Policy CSP - RemoteAssistance
+description: Learn how the Policy CSP - RemoteAssistance setting allows you to specify a custom message to display.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/policy-csp-remotedesktopservices.md b/windows/client-management/mdm/policy-csp-remotedesktopservices.md
index e4fefcbc62..a33ad83d33 100644
--- a/windows/client-management/mdm/policy-csp-remotedesktopservices.md
+++ b/windows/client-management/mdm/policy-csp-remotedesktopservices.md
@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - RemoteDesktopServices
-description: Policy CSP - RemoteDesktopServices
+description: Learn how the Policy CSP - RemoteDesktopServices setting allows you to configure remote access to computers by using Remote Desktop Services.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/policy-csp-remotemanagement.md b/windows/client-management/mdm/policy-csp-remotemanagement.md
index 6c88c68b12..fae950baec 100644
--- a/windows/client-management/mdm/policy-csp-remotemanagement.md
+++ b/windows/client-management/mdm/policy-csp-remotemanagement.md
@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - RemoteManagement
-description: Policy CSP - RemoteManagement
+description: Learn how the Policy CSP - RemoteManagement setting allows you to manage whether the Windows Remote Management (WinRM) client uses Basic authentication.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/policy-csp-remoteprocedurecall.md b/windows/client-management/mdm/policy-csp-remoteprocedurecall.md
index d6b5c1ab71..493027a454 100644
--- a/windows/client-management/mdm/policy-csp-remoteprocedurecall.md
+++ b/windows/client-management/mdm/policy-csp-remoteprocedurecall.md
@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - RemoteProcedureCall
-description: Policy CSP - RemoteProcedureCall
+description: The Policy CSP - RemoteProcedureCall setting controls whether RPC clients authenticate when the call they are making contains authentication information.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/policy-csp-remoteshell.md b/windows/client-management/mdm/policy-csp-remoteshell.md
index 534584eca6..ac6201611a 100644
--- a/windows/client-management/mdm/policy-csp-remoteshell.md
+++ b/windows/client-management/mdm/policy-csp-remoteshell.md
@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - RemoteShell
-description: Policy CSP - RemoteShell
+description: Learn details about the Policy CSP - RemoteShell setting so that you can configure access to remote shells.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/policy-csp-restrictedgroups.md b/windows/client-management/mdm/policy-csp-restrictedgroups.md
index 86a64acdd0..204cf968b0 100644
--- a/windows/client-management/mdm/policy-csp-restrictedgroups.md
+++ b/windows/client-management/mdm/policy-csp-restrictedgroups.md
@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - RestrictedGroups
-description: Policy CSP - RestrictedGroups
+description: Learn how the Policy CSP - RestrictedGroups setting allows an administrator to define the members that are part of a security-sensitive (restricted) group.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/policy-csp-search.md b/windows/client-management/mdm/policy-csp-search.md
index e23ac51307..5fe588c782 100644
--- a/windows/client-management/mdm/policy-csp-search.md
+++ b/windows/client-management/mdm/policy-csp-search.md
@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - Search
-description: Policy CSP - Search
+description: Learn how the Policy CSP - Search setting allows search and Cortana to search cloud sources like OneDrive and SharePoint.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/policy-csp-security.md b/windows/client-management/mdm/policy-csp-security.md
index 81eb2aa84e..7c7feb1aeb 100644
--- a/windows/client-management/mdm/policy-csp-security.md
+++ b/windows/client-management/mdm/policy-csp-security.md
@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - Security
-description: Policy CSP - Security
+description: Learn how the Policy CSP - Security setting can specify whether to allow the runtime configuration agent to install provisioning packages.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/policy-csp-servicecontrolmanager.md b/windows/client-management/mdm/policy-csp-servicecontrolmanager.md
index f1ac63ed5f..762c801e6c 100644
--- a/windows/client-management/mdm/policy-csp-servicecontrolmanager.md
+++ b/windows/client-management/mdm/policy-csp-servicecontrolmanager.md
@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - ServiceControlManager
-description: Policy CSP - ServiceControlManager
+description: Learn how the Policy CSP - ServiceControlManager setting enables process mitigation options on svchost.exe processes.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/policy-csp-settings.md b/windows/client-management/mdm/policy-csp-settings.md
index 6052b904e8..1e16989ede 100644
--- a/windows/client-management/mdm/policy-csp-settings.md
+++ b/windows/client-management/mdm/policy-csp-settings.md
@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - Settings
-description: Policy CSP - Settings
+description: Learn how to use the Policy CSP - Settings setting so that you can allow the user to change Auto Play settings.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/policy-csp-smartscreen.md b/windows/client-management/mdm/policy-csp-smartscreen.md
index 2c2fceffc1..2cdf136faf 100644
--- a/windows/client-management/mdm/policy-csp-smartscreen.md
+++ b/windows/client-management/mdm/policy-csp-smartscreen.md
@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - SmartScreen
-description: Policy CSP - SmartScreen
+description: Use the Policy CSP - SmartScreen setting to allow IT Admins to control whether users are allowed to install apps from places other than the Store.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/policy-csp-speech.md b/windows/client-management/mdm/policy-csp-speech.md
index aca2851f58..39cd9db038 100644
--- a/windows/client-management/mdm/policy-csp-speech.md
+++ b/windows/client-management/mdm/policy-csp-speech.md
@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - Speech
-description: Policy CSP - Speech
+description: Learn how the Policy CSP - Speech setting specifies whether the device will receive updates to the speech recognition and speech synthesis models.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/policy-csp-start.md b/windows/client-management/mdm/policy-csp-start.md
index 31872e9f67..0b6888322b 100644
--- a/windows/client-management/mdm/policy-csp-start.md
+++ b/windows/client-management/mdm/policy-csp-start.md
@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - Start
-description: Use this policy CSP to control the visibility of the Documents shortcut on the Start menu.
+description: Use the Policy CSP - Start setting to control the visibility of the Documents shortcut on the Start menu.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/policy-csp-storage.md b/windows/client-management/mdm/policy-csp-storage.md
index 0afd39b6c8..52f43753a2 100644
--- a/windows/client-management/mdm/policy-csp-storage.md
+++ b/windows/client-management/mdm/policy-csp-storage.md
@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - Storage
-description: Policy CSP - Storage
+description: Learn to use the Policy CSP - Storage settings to automatically clean some of the user’s files to free up disk space.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/policy-csp-systemservices.md b/windows/client-management/mdm/policy-csp-systemservices.md
index 19836d1ca5..b2e5cbe24a 100644
--- a/windows/client-management/mdm/policy-csp-systemservices.md
+++ b/windows/client-management/mdm/policy-csp-systemservices.md
@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - SystemServices
-description: Policy CSP - SystemServices
+description: Learn how to use the Policy CSP - SystemServices setting determines whether the service's start type is Automatic(2), Manual(3), Disabled(4).
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10

From dc5c2907b4e00e9bf340a76afec26f533e50b337 Mon Sep 17 00:00:00 2001
From: Dan Mabee <v-damabe@microsoft.com>
Date: Mon, 17 Aug 2020 21:28:58 -0700
Subject: [PATCH 46/69] Update policy-csp-systemservices.md

---
 windows/client-management/mdm/policy-csp-systemservices.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/client-management/mdm/policy-csp-systemservices.md b/windows/client-management/mdm/policy-csp-systemservices.md
index b2e5cbe24a..a7f98a6c0c 100644
--- a/windows/client-management/mdm/policy-csp-systemservices.md
+++ b/windows/client-management/mdm/policy-csp-systemservices.md
@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - SystemServices
-description: Learn how to use the Policy CSP - SystemServices setting determines whether the service's start type is Automatic(2), Manual(3), Disabled(4).
+description: Learn how to use the Policy CSP - SystemServices setting to determine whether the service's start type is Automatic(2), Manual(3), Disabled(4).
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10

From 856f2226cbf920aaa9c745c8402573eac1cf8854 Mon Sep 17 00:00:00 2001
From: damabe <v-damabe@microsoft.com>
Date: Mon, 17 Aug 2020 22:29:17 -0700
Subject: [PATCH 47/69] Update short descriptions for SEO improvement

---
 windows/client-management/mdm/policy-csp-taskmanager.md         | 2 +-
 windows/client-management/mdm/policy-csp-taskscheduler.md       | 2 +-
 windows/client-management/mdm/policy-csp-textinput.md           | 2 +-
 .../client-management/mdm/policy-csp-timelanguagesettings.md    | 2 +-
 windows/client-management/mdm/policy-csp-troubleshooting.md     | 2 +-
 windows/client-management/mdm/policy-csp-update.md              | 2 +-
 windows/client-management/mdm/policy-csp-userrights.md          | 2 +-
 windows/client-management/mdm/policy-csp-wifi.md                | 2 +-
 .../mdm/policy-csp-windowsconnectionmanager.md                  | 2 +-
 .../mdm/policy-csp-windowsdefendersecuritycenter.md             | 2 +-
 windows/client-management/mdm/policy-csp-windowsinkworkspace.md | 2 +-
 windows/client-management/mdm/policy-csp-windowslogon.md        | 2 +-
 windows/client-management/mdm/policy-csp-windowspowershell.md   | 2 +-
 windows/client-management/mdm/policy-csp-wirelessdisplay.md     | 2 +-
 windows/client-management/mdm/policy-ddf-file.md                | 2 +-
 windows/client-management/mdm/policymanager-csp.md              | 2 +-
 windows/client-management/mdm/proxy-csp.md                      | 2 +-
 windows/client-management/mdm/reboot-csp.md                     | 2 +-
 windows/client-management/mdm/registry-csp.md                   | 2 +-
 windows/client-management/mdm/registry-ddf-file.md              | 2 +-
 20 files changed, 20 insertions(+), 20 deletions(-)

diff --git a/windows/client-management/mdm/policy-csp-taskmanager.md b/windows/client-management/mdm/policy-csp-taskmanager.md
index 9787467c21..ce84398393 100644
--- a/windows/client-management/mdm/policy-csp-taskmanager.md
+++ b/windows/client-management/mdm/policy-csp-taskmanager.md
@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - TaskManager
-description: Policy CSP - TaskManager
+description: Learn how to use the Policy CSP - TaskManager setting to determine whether non-administrators can use Task Manager to end tasks.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/policy-csp-taskscheduler.md b/windows/client-management/mdm/policy-csp-taskscheduler.md
index 44a8f08bdd..ab6ec4d46c 100644
--- a/windows/client-management/mdm/policy-csp-taskscheduler.md
+++ b/windows/client-management/mdm/policy-csp-taskscheduler.md
@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - TaskScheduler
-description: Policy CSP - TaskScheduler
+description: Learn how to use the Policy CSP - TaskScheduler setting to determine whether the specific task is enabled (1) or disabled (0).
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/policy-csp-textinput.md b/windows/client-management/mdm/policy-csp-textinput.md
index e1799a0c16..99360d692b 100644
--- a/windows/client-management/mdm/policy-csp-textinput.md
+++ b/windows/client-management/mdm/policy-csp-textinput.md
@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - TextInput
-description: Policy CSP - TextInput
+description: The Policy CSP - TextInput setting allows the user to turn on and off the logging for incorrect conversion and saving auto-tuning result to a file.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/policy-csp-timelanguagesettings.md b/windows/client-management/mdm/policy-csp-timelanguagesettings.md
index d029929145..8ef9349148 100644
--- a/windows/client-management/mdm/policy-csp-timelanguagesettings.md
+++ b/windows/client-management/mdm/policy-csp-timelanguagesettings.md
@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - TimeLanguageSettings
-description: Learn which TimeLanguageSettings policies are supported for your edition of Windows.
+description: Learn to use the Policy CSP - TimeLanguageSettings setting to specify the time zone to be applied to the device.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/policy-csp-troubleshooting.md b/windows/client-management/mdm/policy-csp-troubleshooting.md
index 881b9b3a43..c7862d0866 100644
--- a/windows/client-management/mdm/policy-csp-troubleshooting.md
+++ b/windows/client-management/mdm/policy-csp-troubleshooting.md
@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - Troubleshooting
-description: Policy CSP - Troubleshooting
+description: The Policy CSP - Troubleshooting setting allows IT admins to configure how to apply recommended troubleshooting for known problems on the devices in their domains.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/policy-csp-update.md b/windows/client-management/mdm/policy-csp-update.md
index d9187a1854..38e9dd4066 100644
--- a/windows/client-management/mdm/policy-csp-update.md
+++ b/windows/client-management/mdm/policy-csp-update.md
@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - Update
-description: Manage a range of active hours for when update reboots are not scheduled.
+description: The Policy CSP - Update allows the IT admin, when used with Update/ActiveHoursStart, to manage a range of active hours where update reboots aren't scheduled.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/policy-csp-userrights.md b/windows/client-management/mdm/policy-csp-userrights.md
index 73f3dfd843..df12efd32b 100644
--- a/windows/client-management/mdm/policy-csp-userrights.md
+++ b/windows/client-management/mdm/policy-csp-userrights.md
@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - UserRights
-description: Policy CSP - UserRights
+description: Learn how user rights are assigned for user accounts or groups, and how the name of the policy defines the user right in question.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/policy-csp-wifi.md b/windows/client-management/mdm/policy-csp-wifi.md
index 770316e0bc..db63da7a5a 100644
--- a/windows/client-management/mdm/policy-csp-wifi.md
+++ b/windows/client-management/mdm/policy-csp-wifi.md
@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - Wifi
-description: Policy CSP - Wifi
+description: Learn how the Policy CSP - Wifi setting allows or disallows the device to automatically connect to Wi-Fi hotspots.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/policy-csp-windowsconnectionmanager.md b/windows/client-management/mdm/policy-csp-windowsconnectionmanager.md
index 4cbed0f5f3..4f89b78bcf 100644
--- a/windows/client-management/mdm/policy-csp-windowsconnectionmanager.md
+++ b/windows/client-management/mdm/policy-csp-windowsconnectionmanager.md
@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - WindowsConnectionManager
-description: Policy CSP - WindowsConnectionManager
+description: The Policy CSP - WindowsConnectionManager setting prevents computers from connecting to a domain based network and a non-domain based network simultaneously.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md b/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md
index d2c74ba941..a4cd3536f0 100644
--- a/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md
+++ b/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md
@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - WindowsDefenderSecurityCenter
-description: Policy CSP - WindowsDefenderSecurityCenter
+description: Learn how to use the Policy CSP - WindowsDefenderSecurityCenter setting to display the Account protection area in Windows Defender Security Center. 
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/policy-csp-windowsinkworkspace.md b/windows/client-management/mdm/policy-csp-windowsinkworkspace.md
index bc97e2e774..e60269d795 100644
--- a/windows/client-management/mdm/policy-csp-windowsinkworkspace.md
+++ b/windows/client-management/mdm/policy-csp-windowsinkworkspace.md
@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - WindowsInkWorkspace
-description: Policy CSP - WindowsInkWorkspace
+description: Learn to use the Policy CSP - WindowsInkWorkspace setting to specify whether to allow the user to access the ink workspace.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/policy-csp-windowslogon.md b/windows/client-management/mdm/policy-csp-windowslogon.md
index d3793a4bb7..c7ccb54106 100644
--- a/windows/client-management/mdm/policy-csp-windowslogon.md
+++ b/windows/client-management/mdm/policy-csp-windowslogon.md
@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - WindowsLogon
-description: Policy CSP - WindowsLogon
+description: Use the Policy CSP - WindowsLogon setting to control whether a device automatically signs in and locks the last interactive user after the system restarts.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/policy-csp-windowspowershell.md b/windows/client-management/mdm/policy-csp-windowspowershell.md
index cc4f87b917..b60def1361 100644
--- a/windows/client-management/mdm/policy-csp-windowspowershell.md
+++ b/windows/client-management/mdm/policy-csp-windowspowershell.md
@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - WindowsPowerShell
-description: Policy CSP - WindowsPowerShell
+description: Use the Policy CSP - WindowsPowerShell setting to enable logging of all PowerShell script input to the Microsoft-Windows-PowerShell/Operational event log.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/policy-csp-wirelessdisplay.md b/windows/client-management/mdm/policy-csp-wirelessdisplay.md
index eb74f99772..3aff9aac6c 100644
--- a/windows/client-management/mdm/policy-csp-wirelessdisplay.md
+++ b/windows/client-management/mdm/policy-csp-wirelessdisplay.md
@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - WirelessDisplay
-description: Policy CSP - WirelessDisplay
+description: Use the Policy CSP - WirelessDisplay setting to turn off the Wireless Display multicast DNS service advertisement from a Wireless Display receiver.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/policy-ddf-file.md b/windows/client-management/mdm/policy-ddf-file.md
index 7a522ee312..27c1aceaf0 100644
--- a/windows/client-management/mdm/policy-ddf-file.md
+++ b/windows/client-management/mdm/policy-ddf-file.md
@@ -1,6 +1,6 @@
 ---
 title: Policy DDF file
-description: Policy DDF file
+description: Learn about the OMA DM device description framework (DDF) for the Policy configuration service provider.
 ms.assetid: D90791B5-A772-4AF8-B058-5D566865AF8D
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/client-management/mdm/policymanager-csp.md b/windows/client-management/mdm/policymanager-csp.md
index ad4bb24be7..656e292b4e 100644
--- a/windows/client-management/mdm/policymanager-csp.md
+++ b/windows/client-management/mdm/policymanager-csp.md
@@ -1,6 +1,6 @@
 ---
 title: PolicyManager CSP
-description: PolicyManager CSP
+description: Learn how PolicyManager CSP is deprecated. For Windows 10 devices you should use Policy CSP, which replaces PolicyManager CSP.
 ms.assetid: 048427b1-6024-4660-8660-bd91c583f7f9
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/client-management/mdm/proxy-csp.md b/windows/client-management/mdm/proxy-csp.md
index cced09bc2b..c1d9034fe8 100644
--- a/windows/client-management/mdm/proxy-csp.md
+++ b/windows/client-management/mdm/proxy-csp.md
@@ -1,6 +1,6 @@
 ---
 title: PROXY CSP
-description: PROXY CSP
+description: Learn how the PROXY configuration service provider (CSP) is used to configure proxy connections.
 ms.assetid: 9904d44c-4a1e-4ae7-a6c7-5dba06cb16ce
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/client-management/mdm/reboot-csp.md b/windows/client-management/mdm/reboot-csp.md
index e7cb92b9c4..d906bca3da 100644
--- a/windows/client-management/mdm/reboot-csp.md
+++ b/windows/client-management/mdm/reboot-csp.md
@@ -1,6 +1,6 @@
 ---
 title: Reboot CSP
-description: Reboot CSP
+description: Learn how the Reboot configuration service provider (CSP) is used to configure reboot settings.
 ms.assetid: 4E3F1225-BBAD-40F5-A1AB-FF221B6BAF48
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/client-management/mdm/registry-csp.md b/windows/client-management/mdm/registry-csp.md
index 38bd56ba6d..4978cc70e0 100644
--- a/windows/client-management/mdm/registry-csp.md
+++ b/windows/client-management/mdm/registry-csp.md
@@ -1,6 +1,6 @@
 ---
 title: Registry CSP
-description: Registry CSP
+description: In this article, learn how to use the Registry configuration service provider (CSP) to update registry settings.
 ms.assetid: 2307e3fd-7b61-4f00-94e1-a639571f2c9d
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/client-management/mdm/registry-ddf-file.md b/windows/client-management/mdm/registry-ddf-file.md
index 164f8d4a66..6b6bc9c191 100644
--- a/windows/client-management/mdm/registry-ddf-file.md
+++ b/windows/client-management/mdm/registry-ddf-file.md
@@ -1,6 +1,6 @@
 ---
 title: Registry DDF file
-description: Registry DDF file
+description: Learn about the OMA DM device description framework (DDF) for the Registry configuration service provider (CSP).
 ms.assetid: 29b5cc07-f349-4567-8a77-387d816a9d15
 ms.reviewer: 
 manager: dansimp

From 0c6b5c9700e4185e6eea5d9236a01f004c11ef32 Mon Sep 17 00:00:00 2001
From: damabe <v-damabe@microsoft.com>
Date: Mon, 17 Aug 2020 23:16:39 -0700
Subject: [PATCH 48/69] Update short descriptions for SEO improvement

---
 windows/client-management/mdm/remotelock-ddf-file.md            | 2 +-
 windows/client-management/mdm/remotering-csp.md                 | 2 +-
 windows/client-management/mdm/remotewipe-csp.md                 | 2 +-
 .../mdm/rest-api-reference-windows-store-for-business.md        | 2 +-
 windows/client-management/mdm/rootcacertificates-csp.md         | 2 +-
 windows/client-management/mdm/rootcacertificates-ddf-file.md    | 2 +-
 windows/client-management/mdm/secureassessment-csp.md           | 2 +-
 windows/client-management/mdm/securitypolicy-csp.md             | 2 +-
 .../client-management/mdm/server-requirements-windows-mdm.md    | 2 +-
 windows/client-management/mdm/sharedpc-ddf-file.md              | 2 +-
 windows/client-management/mdm/storage-csp.md                    | 2 +-
 windows/client-management/mdm/storage-ddf-file.md               | 2 +-
 .../mdm/structure-of-oma-dm-provisioning-files.md               | 2 +-
 windows/client-management/mdm/supl-csp.md                       | 2 +-
 windows/client-management/mdm/tenantlockdown-ddf.md             | 2 +-
 windows/client-management/mdm/tpmpolicy-csp.md                  | 2 +-
 windows/client-management/mdm/tpmpolicy-ddf-file.md             | 2 +-
 windows/client-management/mdm/uefi-ddf.md                       | 2 +-
 windows/client-management/mdm/update-csp.md                     | 2 +-
 windows/client-management/mdm/update-ddf-file.md                | 2 +-
 20 files changed, 20 insertions(+), 20 deletions(-)

diff --git a/windows/client-management/mdm/remotelock-ddf-file.md b/windows/client-management/mdm/remotelock-ddf-file.md
index 2408353c86..d740994fc1 100644
--- a/windows/client-management/mdm/remotelock-ddf-file.md
+++ b/windows/client-management/mdm/remotelock-ddf-file.md
@@ -1,6 +1,6 @@
 ---
 title: RemoteLock DDF file
-description: RemoteLock DDF file
+description: Learn about the OMA DM device description framework (DDF) for the RemoteLock configuration service provider (CSP).
 ms.assetid: A301AE26-1BF1-4328-99AB-1ABBA4960797
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/client-management/mdm/remotering-csp.md b/windows/client-management/mdm/remotering-csp.md
index 726df442f0..999d8b629e 100644
--- a/windows/client-management/mdm/remotering-csp.md
+++ b/windows/client-management/mdm/remotering-csp.md
@@ -1,6 +1,6 @@
 ---
 title: RemoteRing CSP
-description: RemoteRing CSP
+description: The RemoteRing CSP can be used to remotely trigger a device to produce an audible ringing sound regardless of the volume that's set on the device.
 ms.assetid: 70015243-c07f-46cb-a0f9-4b4ad13a5609
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/client-management/mdm/remotewipe-csp.md b/windows/client-management/mdm/remotewipe-csp.md
index 3ee8a2cd21..efd8cdac2b 100644
--- a/windows/client-management/mdm/remotewipe-csp.md
+++ b/windows/client-management/mdm/remotewipe-csp.md
@@ -1,6 +1,6 @@
 ---
 title: RemoteWipe CSP
-description: RemoteWipe CSP
+description: Learn how the RemoteWipe configuration service provider (CSP) can be used by mobile operators DM server or enterprise management server to remotely wipe a device.
 ms.assetid: 6e89bd37-7680-4940-8a67-11ed062ffb70
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/client-management/mdm/rest-api-reference-windows-store-for-business.md b/windows/client-management/mdm/rest-api-reference-windows-store-for-business.md
index 1b4f1ec6bc..ad6dd045e3 100644
--- a/windows/client-management/mdm/rest-api-reference-windows-store-for-business.md
+++ b/windows/client-management/mdm/rest-api-reference-windows-store-for-business.md
@@ -1,6 +1,6 @@
 ---
 title: REST API reference for Microsoft Store for Business
-description: REST API reference for Microsoft Store for Business--includes available operations and data structures.
+description: Learn how the REST API reference for Microsoft Store for Business includes available operations and data structures.
 MS-HAID:
 - 'p\_phdevicemgmt.business\_store\_portal\_management\_rest\_api\_reference'
 - 'p\_phDeviceMgmt.rest\_api\_reference\_windows\_store\_for\_Business'
diff --git a/windows/client-management/mdm/rootcacertificates-csp.md b/windows/client-management/mdm/rootcacertificates-csp.md
index 132e196cc0..1c5b7912aa 100644
--- a/windows/client-management/mdm/rootcacertificates-csp.md
+++ b/windows/client-management/mdm/rootcacertificates-csp.md
@@ -1,6 +1,6 @@
 ---
 title: RootCATrustedCertificates CSP
-description: RootCATrustedCertificates CSP
+description: Learn how the RootCATrustedCertificates configuration service provider (CSP) enables the enterprise to set the Root Certificate Authority (CA) certificates.
 ms.assetid: F2F25DEB-9DB3-40FB-BC3C-B816CE470D61
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/client-management/mdm/rootcacertificates-ddf-file.md b/windows/client-management/mdm/rootcacertificates-ddf-file.md
index a80fb75af6..166dfc0d43 100644
--- a/windows/client-management/mdm/rootcacertificates-ddf-file.md
+++ b/windows/client-management/mdm/rootcacertificates-ddf-file.md
@@ -1,6 +1,6 @@
 ---
 title: RootCATrustedCertificates DDF file
-description: RootCATrustedCertificates DDF file
+description: Learn about the OMA DM device description framework (DDF) for the RootCACertificates configuration service provider (CSP).
 ms.assetid: 06D8787B-D3E1-4D4B-8A21-8045A8F85C1C
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/client-management/mdm/secureassessment-csp.md b/windows/client-management/mdm/secureassessment-csp.md
index 7d972a5a96..6585261229 100644
--- a/windows/client-management/mdm/secureassessment-csp.md
+++ b/windows/client-management/mdm/secureassessment-csp.md
@@ -1,6 +1,6 @@
 ---
 title: SecureAssessment CSP
-description: SecureAssessment CSP
+description: Learn how the SecureAssessment configuration service provider (CSP) is used to provide configuration information for the secure assessment browser.
 ms.assetid: 6808BE4B-961E-4638-BF15-FD7841D1C00A
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/client-management/mdm/securitypolicy-csp.md b/windows/client-management/mdm/securitypolicy-csp.md
index 9b8b3ce65d..9e203d4d39 100644
--- a/windows/client-management/mdm/securitypolicy-csp.md
+++ b/windows/client-management/mdm/securitypolicy-csp.md
@@ -1,6 +1,6 @@
 ---
 title: SecurityPolicy CSP
-description: SecurityPolicy CSP
+description: The SecurityPolicy CSP is used to configure security policy settings for WAP push, OMA DM, Service Indication (SI), Service Loading (SL), and MMS.
 ms.assetid: 6014f8fe-f91b-49f3-a357-bdf625545bc9
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/client-management/mdm/server-requirements-windows-mdm.md b/windows/client-management/mdm/server-requirements-windows-mdm.md
index 50b8b73b30..032469c901 100644
--- a/windows/client-management/mdm/server-requirements-windows-mdm.md
+++ b/windows/client-management/mdm/server-requirements-windows-mdm.md
@@ -1,6 +1,6 @@
 ---
 title: Server requirements for using OMA DM to manage Windows devices
-description: Server requirements for using OMA DM to manage Windows devices
+description: Learn about the general server requirements for using OMA DM to manage Windows devices, including the supported versions of OMA DM.
 MS-HAID:
 - 'p\_phDeviceMgmt.server\_requirements\_for\_oma\_dm'
 - 'p\_phDeviceMgmt.server\_requirements\_windows\_mdm'
diff --git a/windows/client-management/mdm/sharedpc-ddf-file.md b/windows/client-management/mdm/sharedpc-ddf-file.md
index b9ea9c1767..61e26ea7a0 100644
--- a/windows/client-management/mdm/sharedpc-ddf-file.md
+++ b/windows/client-management/mdm/sharedpc-ddf-file.md
@@ -1,6 +1,6 @@
 ---
 title: SharedPC DDF file
-description: SharedPC DDF file
+description: Learn how the OMA DM device description framework (DDF) for the SharedPC configuration service provider (CSP).
 ms.assetid: 70234197-07D4-478E-97BB-F6C651C0B970
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/client-management/mdm/storage-csp.md b/windows/client-management/mdm/storage-csp.md
index 6ed19c97e1..3cb5d8920c 100644
--- a/windows/client-management/mdm/storage-csp.md
+++ b/windows/client-management/mdm/storage-csp.md
@@ -1,6 +1,6 @@
 ---
 title: Storage CSP
-description: Storage CSP
+description: Learn how the Storage enterprise configuration service provider (CSP) is used to configure the storage card settings.
 ms.assetid: b19bdb54-53ed-42ce-a5a1-269379013f57
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/client-management/mdm/storage-ddf-file.md b/windows/client-management/mdm/storage-ddf-file.md
index 9d9be94f93..17340fbf2d 100644
--- a/windows/client-management/mdm/storage-ddf-file.md
+++ b/windows/client-management/mdm/storage-ddf-file.md
@@ -1,6 +1,6 @@
 ---
 title: Storage DDF file
-description: See how storage configuration service provider. DDF files are used only with OMA DM provisioning XML.
+description: Learn about the OMA DM device description framework (DDF) for the Storage configuration service provider (CSP).
 ms.assetid: 247062A3-4DFB-4B14-A3D1-68D02C27703C
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/client-management/mdm/structure-of-oma-dm-provisioning-files.md b/windows/client-management/mdm/structure-of-oma-dm-provisioning-files.md
index 0e0293bca8..2b482383bd 100644
--- a/windows/client-management/mdm/structure-of-oma-dm-provisioning-files.md
+++ b/windows/client-management/mdm/structure-of-oma-dm-provisioning-files.md
@@ -1,6 +1,6 @@
 ---
 title: Structure of OMA DM provisioning files
-description: Structure of OMA DM provisioning files
+description: Learn about the structure of OMA DM provisioning files, for example how each message is composed of a header, specified by the SyncHdr element, and a message body.
 ms.assetid: 7bd3ef57-c76c-459b-b63f-c5a333ddc2bc
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/client-management/mdm/supl-csp.md b/windows/client-management/mdm/supl-csp.md
index 28d0b9c42e..45e335fdf9 100644
--- a/windows/client-management/mdm/supl-csp.md
+++ b/windows/client-management/mdm/supl-csp.md
@@ -1,6 +1,6 @@
 ---
 title: SUPL CSP
-description: SUPL CSP
+description: Learn how the SUPL configuration service provider (CSP) is used to configure the location client.
 ms.assetid: afad0120-1126-4fc5-8e7a-64b9f2a5eae1
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/client-management/mdm/tenantlockdown-ddf.md b/windows/client-management/mdm/tenantlockdown-ddf.md
index ad901702a5..b064d57b68 100644
--- a/windows/client-management/mdm/tenantlockdown-ddf.md
+++ b/windows/client-management/mdm/tenantlockdown-ddf.md
@@ -1,6 +1,6 @@
 ---
 title: TenantLockdown DDF file
-description: XML file containing the device description framework for the TenantLockdown configuration service provider.
+description: XML file containing the device description framework for the TenantLockdown configuration service provider (CSP).
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/tpmpolicy-csp.md b/windows/client-management/mdm/tpmpolicy-csp.md
index 36f46f9df1..f97ea96a00 100644
--- a/windows/client-management/mdm/tpmpolicy-csp.md
+++ b/windows/client-management/mdm/tpmpolicy-csp.md
@@ -1,6 +1,6 @@
 ---
 title: TPMPolicy CSP
-description: TPMPolicy CSP
+description: The TPMPolicy configuration service provider (CSP) provides a mechanism to enable zero exhaust configuration on a Windows device for TPM software components.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/tpmpolicy-ddf-file.md b/windows/client-management/mdm/tpmpolicy-ddf-file.md
index fcdb101ad2..fd463047e0 100644
--- a/windows/client-management/mdm/tpmpolicy-ddf-file.md
+++ b/windows/client-management/mdm/tpmpolicy-ddf-file.md
@@ -1,6 +1,6 @@
 ---
 title: TPMPolicy DDF file
-description: TPMPolicy DDF file
+description: Learn about the OMA DM device description framework (DDF) for the TPMPolicy configuration service provider (CSP).
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/uefi-ddf.md b/windows/client-management/mdm/uefi-ddf.md
index 808685d36d..1432ef811a 100644
--- a/windows/client-management/mdm/uefi-ddf.md
+++ b/windows/client-management/mdm/uefi-ddf.md
@@ -1,6 +1,6 @@
 ---
 title: UEFI DDF file
-description: UEFI DDF file
+description: Learn about the OMA DM device description framework (DDF) for the Uefi configuration service provider (CSP).
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/update-csp.md b/windows/client-management/mdm/update-csp.md
index 310b0192c6..183c89df6d 100644
--- a/windows/client-management/mdm/update-csp.md
+++ b/windows/client-management/mdm/update-csp.md
@@ -1,6 +1,6 @@
 ---
 title: Update CSP
-description: Update CSP
+description: Learn how the Update configuration service provider (CSP) enables IT administrators to manage and control the rollout of new updates.
 ms.assetid: F1627B57-0749-47F6-A066-677FDD3D7359
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/client-management/mdm/update-ddf-file.md b/windows/client-management/mdm/update-ddf-file.md
index 731adeeb60..44f580cb4f 100644
--- a/windows/client-management/mdm/update-ddf-file.md
+++ b/windows/client-management/mdm/update-ddf-file.md
@@ -1,6 +1,6 @@
 ---
 title: Update DDF file
-description: Update DDF file
+description: Learn about the OMA DM device description framework (DDF) for the Update configuration service provider (CSP).
 ms.assetid: E236E468-88F3-402A-BA7A-834ED38DD388
 ms.reviewer: 
 manager: dansimp

From 829c61f2494d6bf26119c44e7e02a5452ed75cd3 Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Tue, 18 Aug 2020 20:45:45 +0500
Subject: [PATCH 49/69] Update enable-attack-surface-reduction.md

---
 .../microsoft-defender-atp/enable-attack-surface-reduction.md   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/enable-attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/enable-attack-surface-reduction.md
index a2eb19043d..f1997cb60c 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/enable-attack-surface-reduction.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/enable-attack-surface-reduction.md
@@ -143,7 +143,7 @@ Example:
 ## PowerShell
 
 > [!WARNING]
-> If you manage your computers and devices with Intune, Configuration Manager, or other enterprise-level management platform, the management software will overwrite any conflicting PowerShell settings on startup.
+> If you manage your computers and devices with Intune, Configuration Manager, or other enterprise-level management platform, the management software will overwrite any conflicting PowerShell settings on startup. To allow end users to define the value using PowerShell, use "User Defined" option for the rule in the management platform.
 
 1. Type **powershell** in the Start menu, right-click **Windows PowerShell** and select **Run as administrator**.
 

From 63bdfc2950a4e220a9dbc9a7a3b70107e93d33ee Mon Sep 17 00:00:00 2001
From: damabe <v-damabe@microsoft.com>
Date: Tue, 18 Aug 2020 19:24:06 -0700
Subject: [PATCH 50/69] Update short descriptions for SEO improvement

---
 windows/client-management/mdm/vpn-csp.md                      | 2 +-
 windows/client-management/mdm/vpn-ddf-file.md                 | 2 +-
 windows/client-management/mdm/vpnv2-csp.md                    | 2 +-
 windows/client-management/mdm/w4-application-csp.md           | 2 +-
 windows/client-management/mdm/w7-application-csp.md           | 2 +-
 windows/client-management/mdm/wifi-csp.md                     | 2 +-
 windows/client-management/mdm/wifi-ddf-file.md                | 2 +-
 windows/client-management/mdm/win32appinventory-csp.md        | 2 +-
 windows/client-management/mdm/win32appinventory-ddf-file.md   | 2 +-
 .../client-management/mdm/win32compatibilityappraiser-csp.md  | 4 ++--
 .../mdm/windowsadvancedthreatprotection-csp.md                | 2 +-
 .../mdm/windowsadvancedthreatprotection-ddf.md                | 2 +-
 .../mdm/windowsdefenderapplicationguard-ddf-file.md           | 2 +-
 windows/client-management/mdm/windowslicensing-csp.md         | 2 +-
 windows/client-management/mdm/windowslicensing-ddf-file.md    | 2 +-
 windows/client-management/new-policies-for-windows-10.md      | 2 +-
 windows/client-management/system-failure-recovery-options.md  | 2 +-
 .../troubleshoot-inaccessible-boot-device.md                  | 2 +-
 windows/client-management/troubleshoot-networking.md          | 2 +-
 windows/client-management/troubleshoot-stop-errors.md         | 2 +-
 20 files changed, 21 insertions(+), 21 deletions(-)

diff --git a/windows/client-management/mdm/vpn-csp.md b/windows/client-management/mdm/vpn-csp.md
index 7b8f154145..60702d4f69 100644
--- a/windows/client-management/mdm/vpn-csp.md
+++ b/windows/client-management/mdm/vpn-csp.md
@@ -1,6 +1,6 @@
 ---
 title: VPN CSP
-description: VPN CSP
+description: Learn how the VPN configuration service provider (CSP) allows the mobile device management (MDM) server to configure the VPN profile of the device.
 ms.assetid: 05ca946a-1c0b-4e11-8d7e-854e14740707
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/client-management/mdm/vpn-ddf-file.md b/windows/client-management/mdm/vpn-ddf-file.md
index b3e8aef28c..889a2f8f25 100644
--- a/windows/client-management/mdm/vpn-ddf-file.md
+++ b/windows/client-management/mdm/vpn-ddf-file.md
@@ -1,6 +1,6 @@
 ---
 title: VPN DDF file
-description: VPN DDF file
+description: Learn about the OMA DM device description framework (DDF) for the VPN configuration service provider (CSP).
 ms.assetid: 728FCD9C-0B8E-413B-B54A-CD72C9F2B9EE
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/client-management/mdm/vpnv2-csp.md b/windows/client-management/mdm/vpnv2-csp.md
index c7555d45bf..df6b648e6e 100644
--- a/windows/client-management/mdm/vpnv2-csp.md
+++ b/windows/client-management/mdm/vpnv2-csp.md
@@ -1,6 +1,6 @@
 ---
 title: VPNv2 CSP
-description: VPNv2 CSP
+description: Learn how the VPNv2 configuration service provider (CSP) allows the mobile device management (MDM) server to configure the VPN profile of the device.
 ms.assetid: 51ADA62E-1EE5-4F15-B2AD-52867F5B2AD2
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/client-management/mdm/w4-application-csp.md b/windows/client-management/mdm/w4-application-csp.md
index e4c93ad525..51a1739756 100644
--- a/windows/client-management/mdm/w4-application-csp.md
+++ b/windows/client-management/mdm/w4-application-csp.md
@@ -1,6 +1,6 @@
 ---
 title: w4 APPLICATION CSP
-description: w4 APPLICATION CSP
+description: Use an APPLICATION configuration service provider (CSP) that has an APPID of w4 to configure Multimedia Messaging Service (MMS).
 ms.assetid: ef42b82a-1f04-49e4-8a48-bd4e439fc43a
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/client-management/mdm/w7-application-csp.md b/windows/client-management/mdm/w7-application-csp.md
index eff35b4fd4..20f21f79bc 100644
--- a/windows/client-management/mdm/w7-application-csp.md
+++ b/windows/client-management/mdm/w7-application-csp.md
@@ -1,6 +1,6 @@
 ---
 title: w7 APPLICATION CSP
-description: w7 APPLICATION CSP
+description: Learn that the APPLICATION configuration service provider (CSP) that has an APPID of w7 is used for bootstrapping a device with an OMA DM account.
 ms.assetid: 10f8aa16-5c89-455d-adcd-d7fb45d4e768
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/client-management/mdm/wifi-csp.md b/windows/client-management/mdm/wifi-csp.md
index 70f5a31c7c..174c633ba4 100644
--- a/windows/client-management/mdm/wifi-csp.md
+++ b/windows/client-management/mdm/wifi-csp.md
@@ -1,6 +1,6 @@
 ---
 title: WiFi CSP
-description: The WiFi configuration service provider provides the functionality to add or delete Wi-Fi networks on a Windows device. 
+description: The WiFi configuration service provider (CSP) provides the functionality to add or delete Wi-Fi networks on a Windows device. 
 ms.assetid: f927cb5f-9555-4029-838b-03fb68937f06
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/client-management/mdm/wifi-ddf-file.md b/windows/client-management/mdm/wifi-ddf-file.md
index 2c51e50a62..8dff039754 100644
--- a/windows/client-management/mdm/wifi-ddf-file.md
+++ b/windows/client-management/mdm/wifi-ddf-file.md
@@ -1,6 +1,6 @@
 ---
 title: WiFi DDF file
-description: WiFi DDF file
+description: Learn about the OMA DM device description framework (DDF) for the WiFi configuration service provider (CSP).
 ms.assetid: 00DE1DA7-23DE-4871-B3F0-28EB29A62D61
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/client-management/mdm/win32appinventory-csp.md b/windows/client-management/mdm/win32appinventory-csp.md
index abcbb92914..f6b422ce6d 100644
--- a/windows/client-management/mdm/win32appinventory-csp.md
+++ b/windows/client-management/mdm/win32appinventory-csp.md
@@ -1,6 +1,6 @@
 ---
 title: Win32AppInventory CSP
-description: Win32AppInventory CSP
+description: Learn how the Win32AppInventory configuration service provider (CSP) is used to provide an inventory of installed applications on a device.
 ms.assetid: C0DEDD51-4EAD-4F8E-AEE2-CBE9658BCA22
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/client-management/mdm/win32appinventory-ddf-file.md b/windows/client-management/mdm/win32appinventory-ddf-file.md
index b22b7284fa..1f20685d75 100644
--- a/windows/client-management/mdm/win32appinventory-ddf-file.md
+++ b/windows/client-management/mdm/win32appinventory-ddf-file.md
@@ -1,6 +1,6 @@
 ---
 title: Win32AppInventory DDF file
-description: See the OMA DM device description framework (DDF) for the **Win32AppInventory** configuration service provider. DDF files are used only with OMA DM provisioning XML.
+description: Learn about the OMA DM device description framework (DDF) for the Win32AppInventory configuration service provider (CSP).
 ms.assetid: F6BCC10B-BFE4-40AB-AEEE-34679A4E15B0
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/client-management/mdm/win32compatibilityappraiser-csp.md b/windows/client-management/mdm/win32compatibilityappraiser-csp.md
index 2570e65b3d..be248b783d 100644
--- a/windows/client-management/mdm/win32compatibilityappraiser-csp.md
+++ b/windows/client-management/mdm/win32compatibilityappraiser-csp.md
@@ -1,6 +1,6 @@
 ---
-title: Win32CompatibilityAppraiser  CSP
-description: 
+title: Win32CompatibilityAppraiser CSP
+description: Learn how the Win32CompatibilityAppraiser configuration service provider enables the IT admin to query the current status of the Appraiser and UTC telementry health.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/windowsadvancedthreatprotection-csp.md b/windows/client-management/mdm/windowsadvancedthreatprotection-csp.md
index 2508fa2863..c68424cd04 100644
--- a/windows/client-management/mdm/windowsadvancedthreatprotection-csp.md
+++ b/windows/client-management/mdm/windowsadvancedthreatprotection-csp.md
@@ -1,6 +1,6 @@
 ---
 title: WindowsAdvancedThreatProtection CSP
-description: WindowsAdvancedThreatProtection CSP
+description: The Windows Defender Advanced Threat Protection (WDATP) CSP allows IT Admins to onboard, determine configuration and health status, and offboard endpoints for WDATP.
 ms.assetid: 6C3054CA-9890-4C08-9DB6-FBEEB74699A8
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/client-management/mdm/windowsadvancedthreatprotection-ddf.md b/windows/client-management/mdm/windowsadvancedthreatprotection-ddf.md
index 583ea67e75..5877c32e22 100644
--- a/windows/client-management/mdm/windowsadvancedthreatprotection-ddf.md
+++ b/windows/client-management/mdm/windowsadvancedthreatprotection-ddf.md
@@ -1,6 +1,6 @@
 ---
 title: WindowsAdvancedThreatProtection DDF file
-description: WindowsAdvancedThreatProtection DDF file
+description: Learn how the OMA DM device description framework (DDF) for the WindowsAdvancedThreatProtection configuration service provider (CSP).
 ms.assetid: 0C62A790-4351-48AF-89FD-7D46C42D13E0
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/client-management/mdm/windowsdefenderapplicationguard-ddf-file.md b/windows/client-management/mdm/windowsdefenderapplicationguard-ddf-file.md
index e519d6dcd8..847d9d69c8 100644
--- a/windows/client-management/mdm/windowsdefenderapplicationguard-ddf-file.md
+++ b/windows/client-management/mdm/windowsdefenderapplicationguard-ddf-file.md
@@ -1,6 +1,6 @@
 ---
 title: WindowsDefenderApplicationGuard DDF file
-description: See the OMA DM device description framework (DDF) for the WindowsDefenderApplicationGuard DDF file configuration service provider.
+description: learn about the OMA DM device description framework (DDF) for the WindowsDefenderApplicationGuard DDF file configuration service provider (CSP).
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
diff --git a/windows/client-management/mdm/windowslicensing-csp.md b/windows/client-management/mdm/windowslicensing-csp.md
index 58a5040b72..b46f76e935 100644
--- a/windows/client-management/mdm/windowslicensing-csp.md
+++ b/windows/client-management/mdm/windowslicensing-csp.md
@@ -1,6 +1,6 @@
 ---
 title: WindowsLicensing CSP
-description: WindowsLicensing CSP
+description: Learn how the WindowsLicensing configuration service provider (CSP) is designed for licensing related management scenarios.
 ms.assetid: E6BC6B0D-1F16-48A5-9AC4-76D69A7EDDA6
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/client-management/mdm/windowslicensing-ddf-file.md b/windows/client-management/mdm/windowslicensing-ddf-file.md
index c5037971d9..7b8cb3437e 100644
--- a/windows/client-management/mdm/windowslicensing-ddf-file.md
+++ b/windows/client-management/mdm/windowslicensing-ddf-file.md
@@ -1,6 +1,6 @@
 ---
 title: WindowsLicensing DDF file
-description: WindowsLicensing DDF file
+description: Learn about the OMA DM device description framework (DDF) for the WindowsLicensing configuration service provider (CSP).
 ms.assetid: 2A24C922-A167-4CEE-8F74-08E7453800D2
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/client-management/new-policies-for-windows-10.md b/windows/client-management/new-policies-for-windows-10.md
index 3462504a92..4693bb6596 100644
--- a/windows/client-management/new-policies-for-windows-10.md
+++ b/windows/client-management/new-policies-for-windows-10.md
@@ -1,6 +1,6 @@
 ---
 title: New policies for Windows 10 (Windows 10)
-description: Windows 10 includes the following new policies for management.
+description: Learn how Windows 10 includes new policies for management, like Group Policy settings for the Windows system and components.
 ms.assetid: 1F24ABD8-A57A-45EA-BA54-2DA2238C573D
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/client-management/system-failure-recovery-options.md b/windows/client-management/system-failure-recovery-options.md
index d0806c95e1..4f7a2555e1 100644
--- a/windows/client-management/system-failure-recovery-options.md
+++ b/windows/client-management/system-failure-recovery-options.md
@@ -1,6 +1,6 @@
 ---
 title: Configure system failure and recovery options in Windows
-description: Learn about the system failure and recovery options in Windows.
+description: Learn how to configure the actions that Windows takes when a system error occurs and what the recovery options are.
 ms.prod: w10
 ms.sitesec: library
 ms.topic: troubleshooting
diff --git a/windows/client-management/troubleshoot-inaccessible-boot-device.md b/windows/client-management/troubleshoot-inaccessible-boot-device.md
index 667776a7f8..0bdc744338 100644
--- a/windows/client-management/troubleshoot-inaccessible-boot-device.md
+++ b/windows/client-management/troubleshoot-inaccessible-boot-device.md
@@ -1,6 +1,6 @@
 ---
 title: Advanced advice for Stop error 7B, Inaccessible_Boot_Device
-description: Learn how to troubleshoot Stop error 7B or Inaccessible_Boot_Device
+description: Learn how to troubleshoot Stop error 7B or Inaccessible_Boot_Device. This error may occur after some changes are made to the computer,
 ms.prod: w10
 ms.mktglfcycl:
 ms.sitesec: library
diff --git a/windows/client-management/troubleshoot-networking.md b/windows/client-management/troubleshoot-networking.md
index 57398a2764..7ff85215fe 100644
--- a/windows/client-management/troubleshoot-networking.md
+++ b/windows/client-management/troubleshoot-networking.md
@@ -2,7 +2,7 @@
 title: Advanced troubleshooting for Windows networking
 ms.reviewer: 
 manager: dansimp
-description: Learn how to troubleshoot networking
+description: Learn about the topics that are available to help you troubleshoot common problems related to Windows networking.
 ms.prod: w10
 ms.sitesec: library
 ms.topic: troubleshooting
diff --git a/windows/client-management/troubleshoot-stop-errors.md b/windows/client-management/troubleshoot-stop-errors.md
index 3fe73d34ec..7eabdf0411 100644
--- a/windows/client-management/troubleshoot-stop-errors.md
+++ b/windows/client-management/troubleshoot-stop-errors.md
@@ -2,7 +2,7 @@
 title: Advanced troubleshooting for Stop error or blue screen error issue
 ms.reviewer: 
 manager: dansimp
-description: Learn how to troubleshoot Stop error or blue screen issues.
+description: Learn advanced options for troubleshooting Stop errors, also known as blue screen errors or bug check errors.
 ms.prod: w10
 ms.mktglfcycl:
 ms.sitesec: library

From 278b1d680819c459f1fe0a843d5ae9f0bfcdc1cf Mon Sep 17 00:00:00 2001
From: damabe <v-damabe@microsoft.com>
Date: Tue, 18 Aug 2020 21:33:05 -0700
Subject: [PATCH 51/69] Update short descriptions for SEO improvement

---
 windows/client-management/troubleshoot-tcpip-connectivity.md    | 2 +-
 windows/client-management/troubleshoot-tcpip-port-exhaust.md    | 2 +-
 windows/client-management/troubleshoot-tcpip-rpc-errors.md      | 2 +-
 windows/client-management/troubleshoot-tcpip.md                 | 2 +-
 windows/client-management/troubleshoot-windows-freeze.md        | 2 +-
 windows/client-management/troubleshoot-windows-startup.md       | 2 +-
 windows/client-management/windows-10-support-solutions.md       | 2 +-
 .../configuration/change-history-for-configure-windows-10.md    | 2 +-
 .../configuration/changes-to-start-policies-in-windows-10.md    | 2 +-
 windows/configuration/configure-windows-10-taskbar.md           | 2 +-
 .../configuration/cortana-at-work/cortana-at-work-feedback.md   | 2 +-
 windows/configuration/kiosk-methods.md                          | 2 +-
 windows/configuration/kiosk-prepare.md                          | 2 +-
 windows/configuration/kiosk-troubleshoot.md                     | 2 +-
 windows/configuration/kiosk-validate.md                         | 2 +-
 .../provisioning-packages/provision-pcs-with-apps.md            | 2 +-
 .../provisioning-packages/provisioning-install-icd.md           | 2 +-
 windows/configuration/start-layout-troubleshoot.md              | 2 +-
 .../uev-administering-uev-with-windows-powershell-and-wmi.md    | 2 +-
 windows/configuration/ue-v/uev-administering-uev.md             | 2 +-
 20 files changed, 20 insertions(+), 20 deletions(-)

diff --git a/windows/client-management/troubleshoot-tcpip-connectivity.md b/windows/client-management/troubleshoot-tcpip-connectivity.md
index fe6e32ce59..0d4f00510a 100644
--- a/windows/client-management/troubleshoot-tcpip-connectivity.md
+++ b/windows/client-management/troubleshoot-tcpip-connectivity.md
@@ -1,6 +1,6 @@
 ---
 title: Troubleshoot TCP/IP connectivity
-description: Learn how to troubleshoot TCP/IP connectivity.
+description: Learn how to troubleshoot TCP/IP connectivity and what you should do if you come across TCP reset in a network capture.
 ms.prod: w10
 ms.sitesec: library
 ms.topic: troubleshooting
diff --git a/windows/client-management/troubleshoot-tcpip-port-exhaust.md b/windows/client-management/troubleshoot-tcpip-port-exhaust.md
index a33d808d2f..40c0ff98c2 100644
--- a/windows/client-management/troubleshoot-tcpip-port-exhaust.md
+++ b/windows/client-management/troubleshoot-tcpip-port-exhaust.md
@@ -1,6 +1,6 @@
 ---
 title: Troubleshoot port exhaustion issues
-description: Learn how to troubleshoot port exhaustion issues.
+description: Learn how to troubleshoot port exhaustion issues. Port exhaustion occurs when all the ports on a machine are used.
 ms.prod: w10
 ms.sitesec: library
 ms.topic: troubleshooting
diff --git a/windows/client-management/troubleshoot-tcpip-rpc-errors.md b/windows/client-management/troubleshoot-tcpip-rpc-errors.md
index 7fd5ff086f..37b4dfa002 100644
--- a/windows/client-management/troubleshoot-tcpip-rpc-errors.md
+++ b/windows/client-management/troubleshoot-tcpip-rpc-errors.md
@@ -1,6 +1,6 @@
 ---
 title: Troubleshoot Remote Procedure Call (RPC) errors
-description: Learn how to troubleshoot Remote Procedure Call (RPC) errors
+description: Learn how to troubleshoot Remote Procedure Call (RPC) errors when connecting to Windows Management Instrumentation (WMI), SQL Server, or during a remote connection.
 ms.prod: w10
 ms.sitesec: library
 ms.topic: troubleshooting
diff --git a/windows/client-management/troubleshoot-tcpip.md b/windows/client-management/troubleshoot-tcpip.md
index 378c042899..48a95cd4e0 100644
--- a/windows/client-management/troubleshoot-tcpip.md
+++ b/windows/client-management/troubleshoot-tcpip.md
@@ -1,6 +1,6 @@
 ---
 title: Advanced troubleshooting for TCP/IP issues
-description: Learn how to troubleshoot common problems in a TCP/IP network environment.
+description: Learn how to troubleshoot common problems in a TCP/IP network environment, for example by collecting data using Network monitor.
 ms.prod: w10
 ms.sitesec: library
 ms.topic: troubleshooting
diff --git a/windows/client-management/troubleshoot-windows-freeze.md b/windows/client-management/troubleshoot-windows-freeze.md
index 3a584ddb8f..25b1845ca7 100644
--- a/windows/client-management/troubleshoot-windows-freeze.md
+++ b/windows/client-management/troubleshoot-windows-freeze.md
@@ -2,7 +2,7 @@
 title: Advanced troubleshooting for Windows-based computer freeze issues 
 ms.reviewer: 
 manager: dansimp
-description: Learn how to troubleshoot computer freeze issues on Windows-based computers and servers.
+description: Learn how to troubleshoot computer freeze issues on Windows-based computers and servers. Also learn how to diagnose, identify, and fix these issues.
 ms.prod: w10 
 ms.mktglfcycl: 
 ms.sitesec: library 
diff --git a/windows/client-management/troubleshoot-windows-startup.md b/windows/client-management/troubleshoot-windows-startup.md
index 0e39db4b3f..bd9f09bfd0 100644
--- a/windows/client-management/troubleshoot-windows-startup.md
+++ b/windows/client-management/troubleshoot-windows-startup.md
@@ -1,6 +1,6 @@
 ---
 title: Advanced troubleshooting for Windows start-up issues
-description: Learn how to troubleshoot Windows start-up issues.
+description: Learn advanced options for how to troubleshoot common Windows start-up issues, like system crashes and freezes.
 ms.prod: w10
 ms.sitesec: library
 ms.topic: troubleshooting
diff --git a/windows/client-management/windows-10-support-solutions.md b/windows/client-management/windows-10-support-solutions.md
index 8c30018235..671e14612b 100644
--- a/windows/client-management/windows-10-support-solutions.md
+++ b/windows/client-management/windows-10-support-solutions.md
@@ -1,6 +1,6 @@
 ---
 title: Troubleshooting Windows 10
-description: Get links to troubleshooting articles for Windows 10 issues
+description: Learn where to find information about troubleshooting Windows 10 issues, for example Bitlocker issues and bugcheck errors.
 ms.reviewer: kaushika
 manager: dansimp
 ms.prod: w10
diff --git a/windows/configuration/change-history-for-configure-windows-10.md b/windows/configuration/change-history-for-configure-windows-10.md
index 700b2a16cc..875beb0290 100644
--- a/windows/configuration/change-history-for-configure-windows-10.md
+++ b/windows/configuration/change-history-for-configure-windows-10.md
@@ -2,7 +2,7 @@
 title: Change history for Configure Windows 10 (Windows 10)
 ms.reviewer: 
 manager: dansimp
-description: View changes to documentation for configuring Windows 10.
+description: Learn about new and updated topics in the Configure Windows 10 documentation for Windows 10 and Windows 10 Mobile.
 keywords: 
 ms.prod: w10
 ms.mktglfcycl: manage
diff --git a/windows/configuration/changes-to-start-policies-in-windows-10.md b/windows/configuration/changes-to-start-policies-in-windows-10.md
index 0a333370c9..fe5186f6cf 100644
--- a/windows/configuration/changes-to-start-policies-in-windows-10.md
+++ b/windows/configuration/changes-to-start-policies-in-windows-10.md
@@ -1,6 +1,6 @@
 ---
 title: Changes to Group Policy settings for Windows 10 Start menu (Windows 10)
-description: Windows 10 has a brand new Start experience.
+description: Learn about changes to Group Policy settings for the Windows 10 Start menu. Also, learn about the new Windows 10 Start experience.
 ms.assetid: 612FB68A-3832-451F-AA97-E73791FEAA9F
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/configuration/configure-windows-10-taskbar.md b/windows/configuration/configure-windows-10-taskbar.md
index 037e389943..1e6ec5db4b 100644
--- a/windows/configuration/configure-windows-10-taskbar.md
+++ b/windows/configuration/configure-windows-10-taskbar.md
@@ -1,6 +1,6 @@
 ---
 title: Configure Windows 10 taskbar (Windows 10)
-description: Admins can pin apps to users' taskbars. 
+description: Administrators can pin additional apps to the taskbar and remove default pinned apps from the taskbar by adding a section to a layout modification XML file. 
 keywords: ["taskbar layout","pin apps"]
 ms.prod: w10
 ms.mktglfcycl: manage
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-feedback.md b/windows/configuration/cortana-at-work/cortana-at-work-feedback.md
index 9b2fcfb9c3..d89ff3d90b 100644
--- a/windows/configuration/cortana-at-work/cortana-at-work-feedback.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-feedback.md
@@ -1,6 +1,6 @@
 ---
 title: Send feedback about Cortana at work back to Microsoft
-description: How to send feedback to Microsoft about Cortana at work.
+description: Learn how to send feedback to Microsoft about Cortana at work so you can provide more information to help diagnose reported issues..
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/windows/configuration/kiosk-methods.md b/windows/configuration/kiosk-methods.md
index c319385e70..0ff39ff4c9 100644
--- a/windows/configuration/kiosk-methods.md
+++ b/windows/configuration/kiosk-methods.md
@@ -3,7 +3,7 @@ title: Configure kiosks and digital signs on Windows desktop editions (Windows 1
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
-description: Learn about the methods for configuring kiosks.
+description: In this article, learn about the methods for configuring kiosks and digital signs on Windows desktop editions.
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/windows/configuration/kiosk-prepare.md b/windows/configuration/kiosk-prepare.md
index f4825a951e..f7be8e35d2 100644
--- a/windows/configuration/kiosk-prepare.md
+++ b/windows/configuration/kiosk-prepare.md
@@ -1,6 +1,6 @@
 ---
 title: Prepare a device for kiosk configuration (Windows 10)
-description: Some tips for device settings on kiosks.
+description: Learn how to prepare a device for kiosk configuration. Also, learn about the recommended kiosk configuration changes.
 ms.assetid: 428680AE-A05F-43ED-BD59-088024D1BFCC
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/configuration/kiosk-troubleshoot.md b/windows/configuration/kiosk-troubleshoot.md
index 6a42e81700..479b7ca96e 100644
--- a/windows/configuration/kiosk-troubleshoot.md
+++ b/windows/configuration/kiosk-troubleshoot.md
@@ -1,6 +1,6 @@
 ---
 title: Troubleshoot kiosk mode issues (Windows 10)
-description: Tips for troubleshooting multi-app kiosk configuration.
+description: Learn how to troubleshoot single-app and multi-app kiosk configurations, as well as common problems like sign-in issues.
 ms.assetid: 14DDDC96-88C7-4181-8415-B371F25726C8
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/configuration/kiosk-validate.md b/windows/configuration/kiosk-validate.md
index 34b8124fa2..02e0fbc422 100644
--- a/windows/configuration/kiosk-validate.md
+++ b/windows/configuration/kiosk-validate.md
@@ -1,6 +1,6 @@
 ---
 title: Validate kiosk configuration (Windows 10)
-description: Learn what to expect on a multi-app kiosk in Windows 10 Pro, Enterprise, and Education.
+description: In this article, learn what to expect on a multi-app kiosk in Windows 10 Pro, Enterprise, and Education.
 ms.assetid: 428680AE-A05F-43ED-BD59-088024D1BFCC
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/configuration/provisioning-packages/provision-pcs-with-apps.md b/windows/configuration/provisioning-packages/provision-pcs-with-apps.md
index 3de98a5454..f82225a7fe 100644
--- a/windows/configuration/provisioning-packages/provision-pcs-with-apps.md
+++ b/windows/configuration/provisioning-packages/provision-pcs-with-apps.md
@@ -1,6 +1,6 @@
 ---
 title: Provision PCs with apps  (Windows 10)
-description: Add apps to a Windows 10 provisioning package. 
+description: Learn how to install multiple Universal Windows Platform (UWP) apps and Windows desktop applications (Win32) in a provisioning package.
 keywords: ["runtime provisioning", "provisioning package"]
 ms.prod: w10
 ms.mktglfcycl: deploy
diff --git a/windows/configuration/provisioning-packages/provisioning-install-icd.md b/windows/configuration/provisioning-packages/provisioning-install-icd.md
index f1bf1aa323..6fc7d6234f 100644
--- a/windows/configuration/provisioning-packages/provisioning-install-icd.md
+++ b/windows/configuration/provisioning-packages/provisioning-install-icd.md
@@ -1,6 +1,6 @@
 ---
 title: Install Windows Configuration Designer (Windows 10)
-description: Learn how to install and run Windows Configuration Designer. 
+description: Learn how to install and use Windows Configuration Designer so you can easily configure devices running Windows 10. 
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/windows/configuration/start-layout-troubleshoot.md b/windows/configuration/start-layout-troubleshoot.md
index beff0509a7..332a588cd8 100644
--- a/windows/configuration/start-layout-troubleshoot.md
+++ b/windows/configuration/start-layout-troubleshoot.md
@@ -1,6 +1,6 @@
 ---
 title: Troubleshoot Start menu errors
-description: Troubleshoot common errors related to Start menu in Windows 10.
+description: Learn how to troubleshoot common Start menu errors in Windows 10. For example learn to troubleshoot errors related to deployment, crashes, and performance.
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/windows/configuration/ue-v/uev-administering-uev-with-windows-powershell-and-wmi.md b/windows/configuration/ue-v/uev-administering-uev-with-windows-powershell-and-wmi.md
index e6a50b2114..110c062f57 100644
--- a/windows/configuration/ue-v/uev-administering-uev-with-windows-powershell-and-wmi.md
+++ b/windows/configuration/ue-v/uev-administering-uev-with-windows-powershell-and-wmi.md
@@ -1,6 +1,6 @@
 ---
 title: Administering UE-V with Windows PowerShell and WMI
-description: Administering UE-V with Windows PowerShell and WMI
+description: Learn how User Experience Virtualization (UE-V) provides Windows PowerShell cmdlets to help administrators perform various UE-V tasks.
 author: trudyha
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
diff --git a/windows/configuration/ue-v/uev-administering-uev.md b/windows/configuration/ue-v/uev-administering-uev.md
index 16154765ea..1b5004453a 100644
--- a/windows/configuration/ue-v/uev-administering-uev.md
+++ b/windows/configuration/ue-v/uev-administering-uev.md
@@ -1,6 +1,6 @@
 ---
 title: Administering UE-V
-description: Administering UE-V
+description: Learn how to perform administrative tasks for User Experience Virtualization (UE-V). These tasks include configuring the UE-V service and recovering lost settings.
 author: trudyha
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy

From 990a4e75f7825dda67c50a4f95476a00962d1038 Mon Sep 17 00:00:00 2001
From: Dan Mabee <v-damabe@microsoft.com>
Date: Tue, 18 Aug 2020 21:45:11 -0700
Subject: [PATCH 52/69] Update start-layout-troubleshoot.md

---
 windows/configuration/start-layout-troubleshoot.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/configuration/start-layout-troubleshoot.md b/windows/configuration/start-layout-troubleshoot.md
index 332a588cd8..37c8bc44ec 100644
--- a/windows/configuration/start-layout-troubleshoot.md
+++ b/windows/configuration/start-layout-troubleshoot.md
@@ -1,6 +1,6 @@
 ---
 title: Troubleshoot Start menu errors
-description: Learn how to troubleshoot common Start menu errors in Windows 10. For example learn to troubleshoot errors related to deployment, crashes, and performance.
+description: Learn how to troubleshoot common Start menu errors in Windows 10. For example, learn to troubleshoot errors related to deployment, crashes, and performance.
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library

From f384deb95b7dfc16151c309c7bee2f5a96d073d6 Mon Sep 17 00:00:00 2001
From: Dan Mabee <v-damabe@microsoft.com>
Date: Tue, 18 Aug 2020 21:46:08 -0700
Subject: [PATCH 53/69] Update troubleshoot-windows-freeze.md

---
 windows/client-management/troubleshoot-windows-freeze.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/client-management/troubleshoot-windows-freeze.md b/windows/client-management/troubleshoot-windows-freeze.md
index 25b1845ca7..b50e43abae 100644
--- a/windows/client-management/troubleshoot-windows-freeze.md
+++ b/windows/client-management/troubleshoot-windows-freeze.md
@@ -2,7 +2,7 @@
 title: Advanced troubleshooting for Windows-based computer freeze issues 
 ms.reviewer: 
 manager: dansimp
-description: Learn how to troubleshoot computer freeze issues on Windows-based computers and servers. Also learn how to diagnose, identify, and fix these issues.
+description: Learn how to troubleshoot computer freeze issues on Windows-based computers and servers. Also, you can learn how to diagnose, identify, and fix these issues.
 ms.prod: w10 
 ms.mktglfcycl: 
 ms.sitesec: library 

From 6129c66bd1ed649c8df7162b98ce70d63e4f18fb Mon Sep 17 00:00:00 2001
From: damabe <v-damabe@microsoft.com>
Date: Tue, 18 Aug 2020 23:05:15 -0700
Subject: [PATCH 54/69] Update short descriptions for SEO improvement

---
 .../ue-v/uev-application-template-schema-reference.md           | 2 +-
 .../ue-v/uev-changing-the-frequency-of-scheduled-tasks.md       | 2 +-
 .../ue-v/uev-configuring-uev-with-group-policy-objects.md       | 2 +-
 ...-configuring-uev-with-system-center-configuration-manager.md | 2 +-
 windows/configuration/ue-v/uev-deploy-required-features.md      | 2 +-
 .../ue-v/uev-deploy-uev-for-custom-applications.md              | 2 +-
 windows/configuration/ue-v/uev-getting-started.md               | 2 +-
 .../ue-v/uev-manage-administrative-backup-and-restore.md        | 2 +-
 windows/configuration/ue-v/uev-manage-configurations.md         | 2 +-
 windows/configuration/ue-v/uev-migrating-settings-packages.md   | 2 +-
 windows/configuration/ue-v/uev-prepare-for-deployment.md        | 2 +-
 windows/configuration/ue-v/uev-release-notes-1607.md            | 2 +-
 windows/configuration/ue-v/uev-security-considerations.md       | 2 +-
 windows/configuration/ue-v/uev-sync-methods.md                  | 2 +-
 windows/configuration/ue-v/uev-sync-trigger-events.md           | 2 +-
 .../ue-v/uev-synchronizing-microsoft-office-with-uev.md         | 2 +-
 windows/configuration/ue-v/uev-technical-reference.md           | 2 +-
 windows/configuration/ue-v/uev-troubleshooting.md               | 2 +-
 windows/configuration/ue-v/uev-whats-new-in-uev-for-windows.md  | 2 +-
 windows/deployment/deploy.md                                    | 2 +-
 20 files changed, 20 insertions(+), 20 deletions(-)

diff --git a/windows/configuration/ue-v/uev-application-template-schema-reference.md b/windows/configuration/ue-v/uev-application-template-schema-reference.md
index f9fb4b255a..6ca0f295e0 100644
--- a/windows/configuration/ue-v/uev-application-template-schema-reference.md
+++ b/windows/configuration/ue-v/uev-application-template-schema-reference.md
@@ -1,6 +1,6 @@
 ---
 title: Application Template Schema Reference for UE-V
-description: Application Template Schema Reference for UE-V
+description: Learn details about the XML structure of the UE-V settings location templates and learn how to edit these files.
 author: trudyha
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
diff --git a/windows/configuration/ue-v/uev-changing-the-frequency-of-scheduled-tasks.md b/windows/configuration/ue-v/uev-changing-the-frequency-of-scheduled-tasks.md
index 63eb702d7d..508ec913ff 100644
--- a/windows/configuration/ue-v/uev-changing-the-frequency-of-scheduled-tasks.md
+++ b/windows/configuration/ue-v/uev-changing-the-frequency-of-scheduled-tasks.md
@@ -1,6 +1,6 @@
 ---
 title: Changing the Frequency of UE-V Scheduled Tasks
-description: Changing the Frequency of UE-V Scheduled Tasks
+description: Learn how to create a script that uses the Schtasks.exe command-line options so you can change the frequency of UE-V scheduled tasks.
 author: trudyha
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
diff --git a/windows/configuration/ue-v/uev-configuring-uev-with-group-policy-objects.md b/windows/configuration/ue-v/uev-configuring-uev-with-group-policy-objects.md
index fbaeb69dbf..169e31075f 100644
--- a/windows/configuration/ue-v/uev-configuring-uev-with-group-policy-objects.md
+++ b/windows/configuration/ue-v/uev-configuring-uev-with-group-policy-objects.md
@@ -1,6 +1,6 @@
 ---
 title: Configuring UE-V with Group Policy Objects
-description: Configuring UE-V with Group Policy Objects
+description: In this article, learn how to configure User Experience Virtualization (UE-V) with Group Policy objects.
 author: trudyha
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
diff --git a/windows/configuration/ue-v/uev-configuring-uev-with-system-center-configuration-manager.md b/windows/configuration/ue-v/uev-configuring-uev-with-system-center-configuration-manager.md
index f7f8d70fcd..f4ea6d2a5f 100644
--- a/windows/configuration/ue-v/uev-configuring-uev-with-system-center-configuration-manager.md
+++ b/windows/configuration/ue-v/uev-configuring-uev-with-system-center-configuration-manager.md
@@ -1,6 +1,6 @@
 ---
 title: Configuring UE-V with Microsoft Endpoint Configuration Manager
-description: Configuring UE-V with Microsoft Endpoint Configuration Manager 
+description: Learn how to configure User Experience Virtualization (UE-V) with Microsoft Endpoint Configuration Manager. 
 author: dansimp
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
diff --git a/windows/configuration/ue-v/uev-deploy-required-features.md b/windows/configuration/ue-v/uev-deploy-required-features.md
index b8b4cb2155..04cf9543e9 100644
--- a/windows/configuration/ue-v/uev-deploy-required-features.md
+++ b/windows/configuration/ue-v/uev-deploy-required-features.md
@@ -1,6 +1,6 @@
 ---
 title: Deploy required UE-V features
-description: Deploy required UE-V features
+description: Learn how to install and configure User Experience Virtualization (UE-V) features, for example a network share that stores and retrieves user settings.
 author: dansimp
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
diff --git a/windows/configuration/ue-v/uev-deploy-uev-for-custom-applications.md b/windows/configuration/ue-v/uev-deploy-uev-for-custom-applications.md
index 918e018c48..8e69dc7cf3 100644
--- a/windows/configuration/ue-v/uev-deploy-uev-for-custom-applications.md
+++ b/windows/configuration/ue-v/uev-deploy-uev-for-custom-applications.md
@@ -1,6 +1,6 @@
 ---
 title: Use UE-V with custom applications
-description: Use UE-V with custom applications
+description: Use User Experience Virtualization (UE-V) to create your own custom settings location templates with the UE-V template generator.
 author: dansimp
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
diff --git a/windows/configuration/ue-v/uev-getting-started.md b/windows/configuration/ue-v/uev-getting-started.md
index d67437503a..28a035aedc 100644
--- a/windows/configuration/ue-v/uev-getting-started.md
+++ b/windows/configuration/ue-v/uev-getting-started.md
@@ -1,6 +1,6 @@
 ---
 title: Get Started with UE-V
-description: Get Started with UE-V
+description: Use the steps in this article to deploy User Experience Virtualization (UE-V) for the first time in a test environment.
 author: dansimp
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
diff --git a/windows/configuration/ue-v/uev-manage-administrative-backup-and-restore.md b/windows/configuration/ue-v/uev-manage-administrative-backup-and-restore.md
index 9b68ba56df..375f826703 100644
--- a/windows/configuration/ue-v/uev-manage-administrative-backup-and-restore.md
+++ b/windows/configuration/ue-v/uev-manage-administrative-backup-and-restore.md
@@ -1,6 +1,6 @@
 ---
 title: Manage Administrative Backup and Restore in UE-V
-description: Manage Administrative Backup and Restore in UE-V
+description: Learn how an administrator of User Experience Virtualization (UE-V) can back up and restore application and Windows settings to their original state.
 author: dansimp
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
diff --git a/windows/configuration/ue-v/uev-manage-configurations.md b/windows/configuration/ue-v/uev-manage-configurations.md
index 71d5841793..7189998439 100644
--- a/windows/configuration/ue-v/uev-manage-configurations.md
+++ b/windows/configuration/ue-v/uev-manage-configurations.md
@@ -1,6 +1,6 @@
 ---
 title: Manage Configurations for UE-V
-description: Manage Configurations for UE-V
+description: Learn to manage the configuration of the User Experience Virtualization (UE-V) service and also learn to manage storage locations for UE-V resources.
 author: dansimp
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
diff --git a/windows/configuration/ue-v/uev-migrating-settings-packages.md b/windows/configuration/ue-v/uev-migrating-settings-packages.md
index 4ed5adc8a9..f9658f41a1 100644
--- a/windows/configuration/ue-v/uev-migrating-settings-packages.md
+++ b/windows/configuration/ue-v/uev-migrating-settings-packages.md
@@ -1,6 +1,6 @@
 ---
 title: Migrating UE-V settings packages
-description: Migrating UE-V settings packages
+description: Learn to relocate User Experience Virtualization (UE-V) user settings packages either when you migrate to a new server or when you perform backups.
 author: dansimp
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
diff --git a/windows/configuration/ue-v/uev-prepare-for-deployment.md b/windows/configuration/ue-v/uev-prepare-for-deployment.md
index c56e5b4661..e10d20444a 100644
--- a/windows/configuration/ue-v/uev-prepare-for-deployment.md
+++ b/windows/configuration/ue-v/uev-prepare-for-deployment.md
@@ -1,6 +1,6 @@
 ---
 title: Prepare a UE-V Deployment
-description: Prepare a UE-V Deployment
+description: Learn about the types of User Experience Virtualization (UE-V) deployment you can execute and what preparations you can make beforehand to be successful.
 author: dansimp
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
diff --git a/windows/configuration/ue-v/uev-release-notes-1607.md b/windows/configuration/ue-v/uev-release-notes-1607.md
index d61075e1bd..663afd38eb 100644
--- a/windows/configuration/ue-v/uev-release-notes-1607.md
+++ b/windows/configuration/ue-v/uev-release-notes-1607.md
@@ -1,6 +1,6 @@
 ---
 title: User Experience Virtualization (UE-V) Release Notes
-description: Read the latest information required to successfully install and use UE-V that is not included in the User Experience Virtualization (UE-V) documentation.
+description: Read the latest information required to successfully install and use User Experience Virtualization (UE-V) that is not included in the UE-V documentation.
 author: dansimp
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
diff --git a/windows/configuration/ue-v/uev-security-considerations.md b/windows/configuration/ue-v/uev-security-considerations.md
index a036b1fb3a..c45565ed5f 100644
--- a/windows/configuration/ue-v/uev-security-considerations.md
+++ b/windows/configuration/ue-v/uev-security-considerations.md
@@ -1,6 +1,6 @@
 ---
 title: Security Considerations for UE-V
-description: Security Considerations for UE-V
+description: Learn about accounts and groups, log files, and other security-related considerations for User Experience Virtualization (UE-V).
 author: dansimp
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
diff --git a/windows/configuration/ue-v/uev-sync-methods.md b/windows/configuration/ue-v/uev-sync-methods.md
index ebe670eed2..02d1e1d9af 100644
--- a/windows/configuration/ue-v/uev-sync-methods.md
+++ b/windows/configuration/ue-v/uev-sync-methods.md
@@ -1,6 +1,6 @@
 ---
 title: Sync Methods for UE-V
-description: Sync Methods for UE-V
+description: Learn how User Experience Virtualization (UE-V) service sync methods let you synchronize users’ application and Windows settings with the settings storage location.
 author: dansimp
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
diff --git a/windows/configuration/ue-v/uev-sync-trigger-events.md b/windows/configuration/ue-v/uev-sync-trigger-events.md
index 3dc4b9727d..0db2a582f4 100644
--- a/windows/configuration/ue-v/uev-sync-trigger-events.md
+++ b/windows/configuration/ue-v/uev-sync-trigger-events.md
@@ -1,6 +1,6 @@
 ---
 title: Sync Trigger Events for UE-V
-description: Sync Trigger Events for UE-V
+description: Learn how User Experience Virtualization (UE-V) lets you synchronize your application and Windows settings across all your domain-joined devices.
 author: dansimp
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
diff --git a/windows/configuration/ue-v/uev-synchronizing-microsoft-office-with-uev.md b/windows/configuration/ue-v/uev-synchronizing-microsoft-office-with-uev.md
index 3bf783b488..32ed4968bb 100644
--- a/windows/configuration/ue-v/uev-synchronizing-microsoft-office-with-uev.md
+++ b/windows/configuration/ue-v/uev-synchronizing-microsoft-office-with-uev.md
@@ -1,6 +1,6 @@
 ---
 title: Synchronizing Microsoft Office with UE-V
-description: Synchronizing Office with UE-V
+description: Learn how User Experience Virtualization (UE-V) supports the synchronization of Microsoft Office application settings.
 author: dansimp
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
diff --git a/windows/configuration/ue-v/uev-technical-reference.md b/windows/configuration/ue-v/uev-technical-reference.md
index 5edddf9109..8f0feaabbc 100644
--- a/windows/configuration/ue-v/uev-technical-reference.md
+++ b/windows/configuration/ue-v/uev-technical-reference.md
@@ -1,6 +1,6 @@
 ---
 title: Technical Reference for UE-V
-description: Technical Reference for UE-V
+description: Use this technical reference to learn about the various features of User Experience Virtualization (UE-V).
 author: dansimp
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
diff --git a/windows/configuration/ue-v/uev-troubleshooting.md b/windows/configuration/ue-v/uev-troubleshooting.md
index 9683bd771d..7e51868298 100644
--- a/windows/configuration/ue-v/uev-troubleshooting.md
+++ b/windows/configuration/ue-v/uev-troubleshooting.md
@@ -1,6 +1,6 @@
 ---
 title: Troubleshooting UE-V
-description: Find resources for troubleshooting UE-V for Windows 10.
+description: Use this technical reference to find resources for troubleshooting User Experience Virtualization (UE-V) for Windows 10.
 author: dansimp
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
diff --git a/windows/configuration/ue-v/uev-whats-new-in-uev-for-windows.md b/windows/configuration/ue-v/uev-whats-new-in-uev-for-windows.md
index c17b9cedb8..09d5d2ace3 100644
--- a/windows/configuration/ue-v/uev-whats-new-in-uev-for-windows.md
+++ b/windows/configuration/ue-v/uev-whats-new-in-uev-for-windows.md
@@ -1,6 +1,6 @@
 ---
 title: What's New in UE-V for Windows 10, version 1607
-description: What's New in UE-V for Windows 10, version 1607
+description: Learn about what's new in User Experience Virtualization (UE-V) for Windows 10, including new features and capabilities.
 author: dansimp
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
diff --git a/windows/deployment/deploy.md b/windows/deployment/deploy.md
index f665e396be..5afc9307e1 100644
--- a/windows/deployment/deploy.md
+++ b/windows/deployment/deploy.md
@@ -1,6 +1,6 @@
 ---
 title: Deploy Windows 10 (Windows 10)
-description: Learn Windows 10 upgrade options for planning, testing, and managing your production deployment.
+description: Learn about Windows 10 upgrade options for planning, testing, and managing your production deployment.
 ms.assetid: E9E2DED5-DBA7-4300-B411-BA0FD39BE18C
 ms.reviewer: 
 manager: laurawi

From a365ec24420bf04668eb1ccd413e8b2f9584a3ef Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Wed, 19 Aug 2020 19:13:15 +0500
Subject: [PATCH 55/69] Update
 windows/security/threat-protection/microsoft-defender-atp/enable-attack-surface-reduction.md

Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
 .../microsoft-defender-atp/enable-attack-surface-reduction.md  | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/enable-attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/enable-attack-surface-reduction.md
index f1997cb60c..a9f51e70aa 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/enable-attack-surface-reduction.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/enable-attack-surface-reduction.md
@@ -143,7 +143,7 @@ Example:
 ## PowerShell
 
 > [!WARNING]
-> If you manage your computers and devices with Intune, Configuration Manager, or other enterprise-level management platform, the management software will overwrite any conflicting PowerShell settings on startup. To allow end users to define the value using PowerShell, use "User Defined" option for the rule in the management platform.
+> If you manage your computers and devices with Intune, Configuration Manager, or another enterprise-level management platform, the management software will overwrite any conflicting PowerShell settings on startup. To allow users to define the value using PowerShell, use the "User Defined" option for the rule in the management platform.
 
 1. Type **powershell** in the Start menu, right-click **Windows PowerShell** and select **Run as administrator**.
 
@@ -198,4 +198,3 @@ Example:
 - [Evaluate attack surface reduction](evaluate-attack-surface-reduction.md)
 
 - [Attack surface reduction FAQ](attack-surface-reduction.md)
-

From f43ac10d8f0c30a43a6d76b85ae1828c329ef08f Mon Sep 17 00:00:00 2001
From: Tina Burden <v-tibur@microsoft.com>
Date: Wed, 19 Aug 2020 08:19:12 -0700
Subject: [PATCH 56/69] pencil edit

---
 windows/application-management/manage-windows-mixed-reality.md | 1 -
 1 file changed, 1 deletion(-)

diff --git a/windows/application-management/manage-windows-mixed-reality.md b/windows/application-management/manage-windows-mixed-reality.md
index ec589a2391..5a0366f643 100644
--- a/windows/application-management/manage-windows-mixed-reality.md
+++ b/windows/application-management/manage-windows-mixed-reality.md
@@ -3,7 +3,6 @@ title: Enable or block Windows Mixed Reality apps in the enterprise (Windows 10)
 description: Learn how to enable Windows Mixed Reality apps in WSUS or block the Windows Mixed Reality portal in enterprises.
 ms.reviewer: 
 manager: dansimp
-description: Learn how to enable or block Windows Mixed Reality apps.
 keyboards: ["mr", "mr portal", "mixed reality portal", "mixed reality"]
 ms.prod: w10
 ms.mktglfcycl: manage

From 0820f6e01fb3960b91a48de18f8775cdf11e933c Mon Sep 17 00:00:00 2001
From: amirsc3 <42802974+amirsc3@users.noreply.github.com>
Date: Thu, 20 Aug 2020 17:03:05 +0300
Subject: [PATCH 57/69] Update configure-endpoints-vdi.md

Minor modification to ensure customers don't miss the step.
I've seen cases where customers did not copy the CMD file and only pasted in the PS1 file and this caused onboarding to fial.
---
 .../microsoft-defender-atp/configure-endpoints-vdi.md           | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md
index 32e7e448f6..771c2b866b 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md
@@ -63,7 +63,7 @@ The following steps will guide you through onboarding VDI devices and will highl
 
     1. Click **Download package** and save the .zip file.
 
-2. Copy the extracted files from the .zip into `golden/master` image under the path `C:\WINDOWS\System32\GroupPolicy\Machine\Scripts\Startup`. You should have a folder called `WindowsDefenderATPOnboardingPackage` containing the file `WindowsDefenderATPOnboardingScript.cmd`.
+2. Copy all the extracted files from the .zip into `golden/master` image under the path `C:\WINDOWS\System32\GroupPolicy\Machine\Scripts\Startup`. You should have a folder called `WindowsDefenderATPOnboardingPackage` containing the file `WindowsDefenderATPOnboardingScript.cmd`.
 
     >[!NOTE]
     >If you don't see the `C:\WINDOWS\System32\GroupPolicy\Machine\Scripts\Startup` folder, it might be hidden. You'll need to choose the **Show hidden files and folders** option from file explorer.

From a5cbd9f97a20c25200ea1ea4f4a1077e5313fb3a Mon Sep 17 00:00:00 2001
From: Greg Lindsay <greg.lindsay@microsoft.com>
Date: Thu, 20 Aug 2020 10:37:15 -0700
Subject: [PATCH 58/69] network section added

---
 windows/whats-new/whats-new-windows-10-version-2004.md | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/windows/whats-new/whats-new-windows-10-version-2004.md b/windows/whats-new/whats-new-windows-10-version-2004.md
index 8518f5c4af..c9092135cd 100644
--- a/windows/whats-new/whats-new-windows-10-version-2004.md
+++ b/windows/whats-new/whats-new-windows-10-version-2004.md
@@ -124,6 +124,12 @@ The following [Delivery Optimization](https://docs.microsoft.com/windows/deploym
 - Validation improvements: To ensure devices and end users stay productive and protected, Microsoft uses safeguard holds to block devices from updating when there are known issues that would impact that device. Also, to better enable IT administrators to validate on the latest release, we have created a new policy that enables admins to opt devices out of the built-in safeguard holds.
 - Update less: Last year, we [changed update installation policies](https://blogs.windows.com/windowsexperience/2019/04/04/improving-the-windows-10-update-experience-with-control-quality-and-transparency/#l2jH7KMkOkfcWdBs.97) for Windows 10 to only target devices running a feature update version that is nearing end of service. As a result, many devices are only updating once a year. To enable all devices to make the most of this policy change, and to prevent confusion, we have removed deferrals from the Windows Update settings **Advanced Options** page starting on Windows 10, version 2004. If you wish to continue leveraging deferrals, you can use local Group Policy (**Computer Configuration > Administrative Templates > Windows Components > Windows Update > Windows Update for Business > Select when Preview builds and Feature Updates are received** or **Select when Quality Updates are received**). For more information about this change, see [Simplified Windows Update settings for end users](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/simplified-windows-update-settings-for-end-users/ba-p/1497215).
 
+## Networking
+
+Windows now supports the latest Wi-Fi standards with [Wi-Fi 6 and WPA3](https://support.microsoft.com/help/4562575/windows-10-faster-more-secure-wifi). Wi-Fi 6 gives you better wireless coverage and performance with added security. WPA3 provides improved Wi-Fi security and secures open networks. 
+
+In this release, Tunnel Extensible Authentication Protocol (TEAP) has been added as an authentication method to allow chaining together multiple credentials into a single EAP transaction. TEAP networks can be configured by [enterprise policy](https://docs.microsoft.com/openspecs/windows_protocols/ms-gpwl/94cf6896-c28e-4865-b12a-d83ee38cd3ea).   
+
 ## Virtualization
 
 ### Windows Sandbox

From 1ca3ea1af7d85603d83849beb924db7ce12701fc Mon Sep 17 00:00:00 2001
From: Greg Lindsay <greg.lindsay@microsoft.com>
Date: Thu, 20 Aug 2020 11:28:24 -0700
Subject: [PATCH 59/69] split section

---
 windows/whats-new/whats-new-windows-10-version-2004.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/windows/whats-new/whats-new-windows-10-version-2004.md b/windows/whats-new/whats-new-windows-10-version-2004.md
index c9092135cd..8c86914b6b 100644
--- a/windows/whats-new/whats-new-windows-10-version-2004.md
+++ b/windows/whats-new/whats-new-windows-10-version-2004.md
@@ -126,8 +126,12 @@ The following [Delivery Optimization](https://docs.microsoft.com/windows/deploym
 
 ## Networking
 
+### Wi-Fi 6 and WPA3
+
 Windows now supports the latest Wi-Fi standards with [Wi-Fi 6 and WPA3](https://support.microsoft.com/help/4562575/windows-10-faster-more-secure-wifi). Wi-Fi 6 gives you better wireless coverage and performance with added security. WPA3 provides improved Wi-Fi security and secures open networks. 
 
+### TEAP
+
 In this release, Tunnel Extensible Authentication Protocol (TEAP) has been added as an authentication method to allow chaining together multiple credentials into a single EAP transaction. TEAP networks can be configured by [enterprise policy](https://docs.microsoft.com/openspecs/windows_protocols/ms-gpwl/94cf6896-c28e-4865-b12a-d83ee38cd3ea).   
 
 ## Virtualization

From fc73a7071c352009a923751d0b10859de9434dec Mon Sep 17 00:00:00 2001
From: Tudor Dobrila <tudor.dobrila@microsoft.com>
Date: Thu, 20 Aug 2020 12:17:28 -0700
Subject: [PATCH 60/69] Relese notes for 101.05.17

---
 .../microsoft-defender-atp/mac-whatsnew.md             | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md b/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md
index 4b48c8771f..a76ef78405 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md
@@ -38,6 +38,16 @@ ms.topic: conceptual
 > 2. Refer to this documentation for detailed configuration information and instructions: [New configuration profiles for macOS Catalina and newer versions of macOS](mac-sysext-policies.md).
 > 3. Monitor this page for an announcement of the actual release of MDATP for Mac agent update.
 
+## 101.05.17
+
+> [!IMPORTANT]
+> We are working on a new and enhanced syntax for the `mdatp` command-line tool. The new syntax is currently the default in the Insider Fast and Insider Slow update channels. We encourage you to famliliarize yourself with this new syntax.
+> 
+> We will continue supporting the old syntax in parallel with the new syntax and will provide more communication around the deprecation plan for the old syntax in the upcoming months.
+
+- Addressed a kernel panic that occurred sometimes when accessing SMB file shares
+- Performance improvements & bug fixes
+
 ## 101.05.16
 
 - Improvements to quick scan logic to significantly reduce the number of scanned files

From a31f68d0b47e11fec69b5d6d8c949d8000405867 Mon Sep 17 00:00:00 2001
From: Gary Moore <v-gmoor@microsoft.com>
Date: Thu, 20 Aug 2020 14:07:00 -0700
Subject: [PATCH 61/69] Applied note style and Acrolinx spelling: "estrict"

---
 .../restrict-access-to-only-trusted-devices.md               | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/windows-firewall/restrict-access-to-only-trusted-devices.md b/windows/security/threat-protection/windows-firewall/restrict-access-to-only-trusted-devices.md
index 56b9898e53..3a0dc80f39 100644
--- a/windows/security/threat-protection/windows-firewall/restrict-access-to-only-trusted-devices.md
+++ b/windows/security/threat-protection/windows-firewall/restrict-access-to-only-trusted-devices.md
@@ -1,6 +1,6 @@
 ---
 title: Restrict access to only trusted devices (Windows 10)
-description: estrict access to only trusted devices
+description: Restrict access to only trusted devices
 ms.assetid: bc1f49a4-7d54-4857-8af9-b7c79f47273b
 ms.reviewer: 
 ms.author: dansimp
@@ -27,7 +27,8 @@ Your organizational network likely has a connection to the Internet. You also li
 
 To mitigate this risk, you must be able to isolate the devices you trust, and restrict their ability to receive unsolicited network traffic from untrusted devices. By using connection security and firewall rules available in Windows Defender Firewall with Advanced Security, you can logically isolate the devices that you trust by requiring that all unsolicited inbound network traffic be authenticated. Authentication ensures that each device or user can positively identify itself by using credentials that are trusted by the other device. Connection security rules can be configured to use IPsec with the Kerberos V5 protocol available in Active Directory, or certificates issued by a trusted certification authority as the authentication method.
 
->**Note:**  Because the primary authentication method recommended for devices that are running Windows is to use the Kerberos V5 protocol with membership in an Active Directory domain, this guide refers to this logical separation of computers as *domain isolation*, even when certificates are used to extend the protection to devices that are not part of an Active Directory domain.
+> [!NOTE]
+> Because the primary authentication method recommended for devices that are running Windows is to use the Kerberos V5 protocol with membership in an Active Directory domain, this guide refers to this logical separation of computers as *domain isolation*, even when certificates are used to extend the protection to devices that are not part of an Active Directory domain.
 
 The protection provided by domain isolation can help you comply with regulatory and legislative requirements, such as those found in the Federal Information Security Management Act of 2002 (FISMA), the Sarbanes-Oxley Act of 2002, the Health Insurance Portability and Accountability Act of 1996 (HIPAA), and other government and industry regulations.
 

From cb4df1b00e3a7d0e15de0031a326644ff8d6e18b Mon Sep 17 00:00:00 2001
From: Gary Moore <v-gmoor@microsoft.com>
Date: Thu, 20 Aug 2020 14:20:36 -0700
Subject: [PATCH 62/69] Acrolinx spelling, punctuation, some grammar fixes

---
 .../troubleshooting-uwp-firewall.md                | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/windows/security/threat-protection/windows-firewall/troubleshooting-uwp-firewall.md b/windows/security/threat-protection/windows-firewall/troubleshooting-uwp-firewall.md
index 1ea6cce448..6071427eda 100644
--- a/windows/security/threat-protection/windows-firewall/troubleshooting-uwp-firewall.md
+++ b/windows/security/threat-protection/windows-firewall/troubleshooting-uwp-firewall.md
@@ -27,7 +27,7 @@ UWP app network connectivity issues are typically caused by:
 
 1. The UWP app was not permitted to receive loopback traffic. This must be configured. By default, UWP apps are not allowed to receive loopback traffic.
 2. The UWP app is missing the proper capability tokens.
-3. The private range is configured incorrectly. For example, the private ranges is set incorrectly through GP/MDM policies, etc.
+3. The private range is configured incorrectly. For example, the private range is set incorrectly through GP/MDM policies, etc.
 
 To understand these causes more thoroughly, there are several concepts to review.
 
@@ -51,24 +51,24 @@ traces collected on previous releases of Windows.
 
 ## Debugging UWP App Loopback scenarios
 
-If you need to establis a TCP/IP connection between two processes on the same host where one of them is a UWP app, you must enable loopback.
+If you need to establish a TCP/IP connection between two processes on the same host where one of them is a UWP app, you must enable loopback.
 
 To enable loopback for client outbound connections, run the following at a command prompt:
 
-```dos
+```console
 CheckNetIsolation.exe LoopbackExempt -a -n=<AppContainer or Package Family>
 ```
 
 To enable loopback for server inbound connections,  run the following at a
 command prompt:
-```dos
+```console
 CheckNetIsolation.exe LoopbackExempt -is -n=<AppContainer or Package Family>
 ```
 You can ensure loopback is enabled by checking the appx manifests of both the sender and receiver.
 
 For more information about loopback scenarios, see [Communicating with
 localhost
-(loopback)](https://docs.microsoft.com/windows/iot-core/develop-your-app/loopback)
+(loopback)](https://docs.microsoft.com/windows/iot-core/develop-your-app/loopback).
 
 ## Debugging Live Drops
 
@@ -76,7 +76,7 @@ If the issue happened recently, but you find you are not able to reproduce the i
 
 If you can consistently reproduce the issue, then you can run the following in an admin command prompt to gather a fresh trace:
 
-```DOS
+```console
 Netsh wfp capture start keywords=19
 <Run UWP app>
 Netsh wfp capture stop
@@ -760,7 +760,7 @@ PrivateNetwork Outbound Default Rule filter.
 
 The following PrivateNetwork Outbound Default Rule filters have conditions for matching Intranet IP addresses. Since the expected Intranet target address,
 10.1.1.1, is not included in these filters it becomes clear that the address is not in the private range. Check the policies that configure the private range
-on the device (MDM, Group Policy, etc) and make sure it includes the private targetaddress you wanted to reach.
+on the device (MDM, Group Policy, etc.) and make sure it includes the private target address you wanted to reach.
 
 **PrivateNetwork Outbound Default Rule Filters, Wfpdiag-Case-5.xml**
 ```xml

From 6288eb39f606acbabfe89303dfd0d8f04aa08105 Mon Sep 17 00:00:00 2001
From: Gary Moore <v-gmoor@microsoft.com>
Date: Thu, 20 Aug 2020 14:24:16 -0700
Subject: [PATCH 63/69] Applied note style

---
 ...implementing-a-certificate-based-isolation-policy-design.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/windows-firewall/checklist-implementing-a-certificate-based-isolation-policy-design.md b/windows/security/threat-protection/windows-firewall/checklist-implementing-a-certificate-based-isolation-policy-design.md
index 573b76aa96..ec38163418 100644
--- a/windows/security/threat-protection/windows-firewall/checklist-implementing-a-certificate-based-isolation-policy-design.md
+++ b/windows/security/threat-protection/windows-firewall/checklist-implementing-a-certificate-based-isolation-policy-design.md
@@ -25,7 +25,8 @@ ms.date: 08/17/2017
 
 This parent checklist includes cross-reference links to important concepts about using certificates as an authentication option in either a domain isolation or server isolation design.
 
->**Note:**  Complete the tasks in this checklist in order. When a reference link takes you to a procedure, return to this topic after you complete the steps in that procedure so that you can proceed with the remaining tasks in this checklist
+> [!NOTE]
+> Complete the tasks in this checklist in order. When a reference link takes you to a procedure, return to this topic after you complete the steps in that procedure so that you can proceed with the remaining tasks in this checklist
 
 **Checklist: Implementing certificate-based authentication**
 

From 8032365eb3e8c71afe42efeee8ba64ee24e5ca79 Mon Sep 17 00:00:00 2001
From: Gary Moore <v-gmoor@microsoft.com>
Date: Thu, 20 Aug 2020 14:25:29 -0700
Subject: [PATCH 64/69] Applied note style

---
 .../checklist-implementing-a-domain-isolation-policy-design.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/windows-firewall/checklist-implementing-a-domain-isolation-policy-design.md b/windows/security/threat-protection/windows-firewall/checklist-implementing-a-domain-isolation-policy-design.md
index d946ecab9e..be895718b3 100644
--- a/windows/security/threat-protection/windows-firewall/checklist-implementing-a-domain-isolation-policy-design.md
+++ b/windows/security/threat-protection/windows-firewall/checklist-implementing-a-domain-isolation-policy-design.md
@@ -25,7 +25,8 @@ ms.date: 08/17/2017
 
 This parent checklist includes cross-reference links to important concepts about the domain isolation policy design. It also contains links to subordinate checklists that will help you complete the tasks that are required to implement this design.
 
->**Note:**  Complete the tasks in this checklist in order. When a reference link takes you to a procedure, return to this topic after you complete the steps in that procedure so that you can proceed with the remaining tasks in this checklist.
+> [!NOTE]
+> Complete the tasks in this checklist in order. When a reference link takes you to a procedure, return to this topic after you complete the steps in that procedure so that you can proceed with the remaining tasks in this checklist.
 
 The procedures in this section use the Group Policy MMC snap-ins to configure the GPOs, but you can also use Windows PowerShell to configure GPOs. For more info, see [Windows Defender Firewall with Advanced Security Administration with Windows PowerShell](windows-firewall-with-advanced-security-administration-with-windows-powershell.md).
 

From b30d1223362cfbc94b3205252985ff69239a782e Mon Sep 17 00:00:00 2001
From: Gary Moore <v-gmoor@microsoft.com>
Date: Thu, 20 Aug 2020 14:26:38 -0700
Subject: [PATCH 65/69] Applied note style

---
 ...implementing-a-standalone-server-isolation-policy-design.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/windows-firewall/checklist-implementing-a-standalone-server-isolation-policy-design.md b/windows/security/threat-protection/windows-firewall/checklist-implementing-a-standalone-server-isolation-policy-design.md
index 2ed1fd1e5e..0435b698be 100644
--- a/windows/security/threat-protection/windows-firewall/checklist-implementing-a-standalone-server-isolation-policy-design.md
+++ b/windows/security/threat-protection/windows-firewall/checklist-implementing-a-standalone-server-isolation-policy-design.md
@@ -27,7 +27,8 @@ This checklist contains procedures for creating a server isolation policy design
 
 This parent checklist includes cross-reference links to important concepts about the domain isolation policy design. It also contains links to subordinate checklists that will help you complete the tasks that are required to implement this design.
 
->**Note:**  Complete the tasks in this checklist in order. When a reference link takes you to a procedure, return to this topic after you complete the steps in that procedure so that you can proceed with the remaining tasks in this checklist.
+> [!NOTE]
+> Complete the tasks in this checklist in order. When a reference link takes you to a procedure, return to this topic after you complete the steps in that procedure so that you can proceed with the remaining tasks in this checklist.
 
 **Checklist: Implementing a standalone server isolation policy design**
 

From a17a245dad3c529ef3197fb16ec62052cf8cbbb6 Mon Sep 17 00:00:00 2001
From: Gary Moore <v-gmoor@microsoft.com>
Date: Thu, 20 Aug 2020 14:27:33 -0700
Subject: [PATCH 66/69] Applied "Important" note style

---
 .../windows-firewall/domain-isolation-policy-design.md        | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/windows-firewall/domain-isolation-policy-design.md b/windows/security/threat-protection/windows-firewall/domain-isolation-policy-design.md
index b618fe6d2d..df754926bf 100644
--- a/windows/security/threat-protection/windows-firewall/domain-isolation-policy-design.md
+++ b/windows/security/threat-protection/windows-firewall/domain-isolation-policy-design.md
@@ -50,8 +50,8 @@ Characteristics of this design, as shown in the diagram, include the following:
 -   Untrusted non-domain members (area D) - Devices that are not managed by your organization and have an unknown security configuration must have access only to those devices required for your organization to correctly conduct its business. Domain isolation exists to put a logical barrier between these untrusted Devices and your organization's devices.
 
 After implementing this design, your administrative team will have centralized management of the firewall and connection security rules applied to the devices in your organization.
-
->**Important:**  This design builds on the [Basic Firewall Policy Design](basic-firewall-policy-design.md), and in turn serves as the foundation for the [Server Isolation Policy Design](server-isolation-policy-design.md). If you plan to deploy all three, we recommend that you do the design work for all three together, and then deploy in the sequence presented.
+> [!IMPORTANT]
+> This design builds on the [Basic Firewall Policy Design](basic-firewall-policy-design.md), and in turn serves as the foundation for the [Server Isolation Policy Design](server-isolation-policy-design.md). If you plan to deploy all three, we recommend that you do the design work for all three together, and then deploy in the sequence presented.
 
 This design can be applied to Devices that are part of an Active Directory forest. Active Directory is required to provide the centralized management and deployment of Group Policy objects that contain the connection security rules.
 

From 3f22784ad8528578b7357af0da648fa55f76497b Mon Sep 17 00:00:00 2001
From: Gary Moore <v-gmoor@microsoft.com>
Date: Thu, 20 Aug 2020 14:28:55 -0700
Subject: [PATCH 67/69] Applied "Important" note style

---
 ...als-to-a-windows-firewall-with-advanced-security-design.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/windows-firewall/mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md b/windows/security/threat-protection/windows-firewall/mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md
index 6f6cd2d1a1..314389955f 100644
--- a/windows/security/threat-protection/windows-firewall/mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md
+++ b/windows/security/threat-protection/windows-firewall/mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md
@@ -24,8 +24,8 @@ ms.date: 04/19/2017
 -   Windows Server 2016
 
 After you finish reviewing the existing Windows Firewall with Advanced Security implementation goals and you determine which goals are important to your specific deployment, you can map those goals to a specific Windows Firewall with Advanced Security design.
-
->**Important:**  The first three designs presented in this guide build on each other to progress from simpler to more complex. Therefore during deployment, consider implementing them in the order presented. Each deployed design also provides a stable position from which to evaluate your progress, and to make sure that your goals are being met before you continue to the next design.
+> [!IMPORTANT]
+> The first three designs presented in this guide build on each other to progress from simpler to more complex. Therefore during deployment, consider implementing them in the order presented. Each deployed design also provides a stable position from which to evaluate your progress, and to make sure that your goals are being met before you continue to the next design.
 
 Use the following table to determine which Windows Firewall with Advanced Security design maps to the appropriate combination of Windows Firewall with Advanced Security implementation goals for your organization. This table refers only to the Windows Firewall with Advanced Security designs as described in this guide. However, you can create a hybrid or custom Windows Firewall with Advanced Security design by using any combination of the Windows Firewall with Advanced Security implementation goals to meet the needs of your organization.
 

From 29d2a49f6fe398ec2bf587cabfe3b2a59a90722f Mon Sep 17 00:00:00 2001
From: Gary Moore <v-gmoor@microsoft.com>
Date: Thu, 20 Aug 2020 14:30:11 -0700
Subject: [PATCH 68/69] Applied "Important" note style

---
 .../windows-firewall/server-isolation-policy-design.md         | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/windows-firewall/server-isolation-policy-design.md b/windows/security/threat-protection/windows-firewall/server-isolation-policy-design.md
index 23a6808219..7d2631e576 100644
--- a/windows/security/threat-protection/windows-firewall/server-isolation-policy-design.md
+++ b/windows/security/threat-protection/windows-firewall/server-isolation-policy-design.md
@@ -43,7 +43,8 @@ Characteristics of this design include the following:
 
 To add support for server isolation, you must ensure that the authentication methods are compatible with the requirements of the isolated server. For example, if you want to authorize user accounts that are members of a NAG in addition to authorizing computer accounts, you must enable both user and computer authentication in your connection security rules.
 
->**Important:**  This design builds on the [Domain Isolation Policy Design](domain-isolation-policy-design.md), which in turn builds on the [Basic Firewall Policy Design](basic-firewall-policy-design.md). If you plan to deploy all three designs, do the design work for all three together, and then deploy in the sequence presented.
+> [!IMPORTANT]
+> This design builds on the [Domain Isolation Policy Design](domain-isolation-policy-design.md), which in turn builds on the [Basic Firewall Policy Design](basic-firewall-policy-design.md). If you plan to deploy all three designs, do the design work for all three together, and then deploy in the sequence presented.
 
 This design can be applied to devices that are part of an Active Directory forest. Active Directory is required to provide the centralized management and deployment of Group Policy objects that contain the connection security rules.
 

From c33a891b0ad07fba35fd473ac75ea19a7619f795 Mon Sep 17 00:00:00 2001
From: Gary Moore <v-gmoor@microsoft.com>
Date: Thu, 20 Aug 2020 14:31:34 -0700
Subject: [PATCH 69/69] Applied "Caution" note style

---
 ...indows-firewall-with-advanced-security-deployment-guide.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-deployment-guide.md b/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-deployment-guide.md
index dbfd48ddf6..a600f54944 100644
--- a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-deployment-guide.md
+++ b/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-deployment-guide.md
@@ -46,8 +46,8 @@ After you select your design and gather the required information about the zones
 -   [Certificate-based Isolation Policy Design](certificate-based-isolation-policy-design.md)
 
 Use the checklists in [Implementing Your Windows Defender Firewall with Advanced Security Design Plan](implementing-your-windows-firewall-with-advanced-security-design-plan.md) to determine how best to use the instructions in this guide to deploy your particular design.
-
->**Caution:**  We recommend that you use the techniques documented in this guide only for GPOs that must be deployed to the majority of the devices in your organization, and only when the OU hierarchy in your Active Directory domain does not match the deployment needs of these GPOs. These characteristics are typical of GPOs for server and domain isolation scenarios, but are not typical of most other GPOs. When the OU hierarchy supports it, deploy a GPO by linking it to the lowest level OU that contains all of the accounts to which the GPO applies.
+> [!CAUTION]
+> We recommend that you use the techniques documented in this guide only for GPOs that must be deployed to the majority of the devices in your organization, and only when the OU hierarchy in your Active Directory domain does not match the deployment needs of these GPOs. These characteristics are typical of GPOs for server and domain isolation scenarios, but are not typical of most other GPOs. When the OU hierarchy supports it, deploy a GPO by linking it to the lowest level OU that contains all of the accounts to which the GPO applies.
 
 In a large enterprise environment with hundreds or thousands of GPOs, using this technique with too many GPOs can result in user or device accounts that are members of an excessive number of groups; this can result in network connectivity problems if network protocol limits are exceeded.