Merging changes synced from https://github.com/MicrosoftDocs/windows-docs-pr (branch live)

windows/client-management/mdm/activesync-csp.md

@@ -4,7 +4,7 @@ description: Learn more about the ActiveSync CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 07/06/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -129,6 +129,7 @@ When managing over OMA DM, make sure to always use a unique GUID. Provisioning w
 |:--|:--|
 | Format | `node` |
 | Access Type | Add, Delete, Get, Replace |
+| Atomic Required | True |
 | Dynamic Node Naming | ServerGeneratedUniqueIdentifier |
 | Allowed Values | Regular Expression: `\{[0-9A-Fa-f]{8}\-[0-9A-Fa-f]{4}\-[0-9A-Fa-f]{4}\-[0-9A-Fa-f]{4}\-[0-9A-Fa-f]{12}\}` |
 <!-- User-Accounts-{Account GUID}-DFProperties-End -->

windows/client-management/mdm/activesync-ddf-file.md

@@ -4,7 +4,7 @@ description: View the XML file containing the device description framework (DDF)
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 06/02/2023
+ms.date: 07/06/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -100,6 +100,7 @@ The following XML file contains the device description framework (DDF) for the A
           <MSFT:AllowedValues ValueType="RegEx">
             <MSFT:Value>\{[0-9A-Fa-f]{8}\-[0-9A-Fa-f]{4}\-[0-9A-Fa-f]{4}\-[0-9A-Fa-f]{4}\-[0-9A-Fa-f]{12}\}</MSFT:Value>
           </MSFT:AllowedValues>
+          <MSFT:AtomicRequired />
         </DFProperties>
         <Node>
           <NodeName>EmailAddress</NodeName>

windows/client-management/mdm/defender-csp.md

@@ -4,7 +4,7 @@ description: Learn more about the Defender CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/11/2023
+ms.date: 07/06/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -30,6 +30,7 @@ The following list shows the Defender configuration service provider nodes:
     - [AllowDatagramProcessingOnWinServer](#configurationallowdatagramprocessingonwinserver)
     - [AllowNetworkProtectionDownLevel](#configurationallownetworkprotectiondownlevel)
     - [AllowNetworkProtectionOnWinServer](#configurationallownetworkprotectiononwinserver)
+    - [AllowSwitchToAsyncInspection](#configurationallowswitchtoasyncinspection)
     - [ASROnlyPerRuleExclusions](#configurationasronlyperruleexclusions)
     - [DataDuplicationDirectory](#configurationdataduplicationdirectory)
     - [DataDuplicationLocalRetentionPeriod](#configurationdataduplicationlocalretentionperiod)
@@ -44,6 +45,7 @@ The following list shows the Defender configuration service provider nodes:
           - [RuleData](#configurationdevicecontrolpolicyrulesruleidruledata)
     - [DeviceControlEnabled](#configurationdevicecontrolenabled)
     - [DisableCpuThrottleOnIdleScans](#configurationdisablecputhrottleonidlescans)
+    - [DisableDatagramProcessing](#configurationdisabledatagramprocessing)
     - [DisableDnsOverTcpParsing](#configurationdisablednsovertcpparsing)
     - [DisableDnsParsing](#configurationdisablednsparsing)
     - [DisableFtpParsing](#configurationdisableftpparsing)
@@ -298,6 +300,55 @@ This settings controls whether Network Protection is allowed to be configured in
 
 <!-- Device-Configuration-AllowNetworkProtectionOnWinServer-End -->
 
+<!-- Device-Configuration-AllowSwitchToAsyncInspection-Begin -->
+### Configuration/AllowSwitchToAsyncInspection
+
+<!-- Device-Configuration-AllowSwitchToAsyncInspection-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+<!-- Device-Configuration-AllowSwitchToAsyncInspection-Applicability-End -->
+
+<!-- Device-Configuration-AllowSwitchToAsyncInspection-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Defender/Configuration/AllowSwitchToAsyncInspection
+```
+<!-- Device-Configuration-AllowSwitchToAsyncInspection-OmaUri-End -->
+
+<!-- Device-Configuration-AllowSwitchToAsyncInspection-Description-Begin -->
+<!-- Description-Source-DDF -->
+Control whether network protection can improve performance by switching from real-time inspection to asynchronous inspection.
+<!-- Device-Configuration-AllowSwitchToAsyncInspection-Description-End -->
+
+<!-- Device-Configuration-AllowSwitchToAsyncInspection-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- Device-Configuration-AllowSwitchToAsyncInspection-Editable-End -->
+
+<!-- Device-Configuration-AllowSwitchToAsyncInspection-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value  | 0 |
+<!-- Device-Configuration-AllowSwitchToAsyncInspection-DFProperties-End -->
+
+<!-- Device-Configuration-AllowSwitchToAsyncInspection-AllowedValues-Begin -->
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 1 | Allow switching to asynchronous inspection. |
+| 0 (Default) | Don’t allow asynchronous inspection. |
+<!-- Device-Configuration-AllowSwitchToAsyncInspection-AllowedValues-End -->
+
+<!-- Device-Configuration-AllowSwitchToAsyncInspection-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- Device-Configuration-AllowSwitchToAsyncInspection-Examples-End -->
+
+<!-- Device-Configuration-AllowSwitchToAsyncInspection-End -->
+
 <!-- Device-Configuration-ASROnlyPerRuleExclusions-Begin -->
 ### Configuration/ASROnlyPerRuleExclusions
 
@@ -871,6 +922,55 @@ Indicates whether the CPU will be throttled for scheduled scans while the device
 
 <!-- Device-Configuration-DisableCpuThrottleOnIdleScans-End -->
 
+<!-- Device-Configuration-DisableDatagramProcessing-Begin -->
+### Configuration/DisableDatagramProcessing
+
+<!-- Device-Configuration-DisableDatagramProcessing-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+<!-- Device-Configuration-DisableDatagramProcessing-Applicability-End -->
+
+<!-- Device-Configuration-DisableDatagramProcessing-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Defender/Configuration/DisableDatagramProcessing
+```
+<!-- Device-Configuration-DisableDatagramProcessing-OmaUri-End -->
+
+<!-- Device-Configuration-DisableDatagramProcessing-Description-Begin -->
+<!-- Description-Source-DDF -->
+Control whether network protection inspects User Datagram Protocol (UDP) traffic.
+<!-- Device-Configuration-DisableDatagramProcessing-Description-End -->
+
+<!-- Device-Configuration-DisableDatagramProcessing-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- Device-Configuration-DisableDatagramProcessing-Editable-End -->
+
+<!-- Device-Configuration-DisableDatagramProcessing-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value  | 0 |
+<!-- Device-Configuration-DisableDatagramProcessing-DFProperties-End -->
+
+<!-- Device-Configuration-DisableDatagramProcessing-AllowedValues-Begin -->
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 1 | UDP inspection is off. |
+| 0 (Default) | UDP inspection is on. |
+<!-- Device-Configuration-DisableDatagramProcessing-AllowedValues-End -->
+
+<!-- Device-Configuration-DisableDatagramProcessing-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- Device-Configuration-DisableDatagramProcessing-Examples-End -->
+
+<!-- Device-Configuration-DisableDatagramProcessing-End -->
+
 <!-- Device-Configuration-DisableDnsOverTcpParsing-Begin -->
 ### Configuration/DisableDnsOverTcpParsing
 

windows/client-management/mdm/defender-ddf.md

@@ -4,7 +4,7 @@ description: View the XML file containing the device description framework (DDF)
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 06/02/2023
+ms.date: 07/06/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -1803,6 +1803,45 @@ The following XML file contains the device description framework (DDF) for the D
           </MSFT:AllowedValues>
         </DFProperties>
       </Node>
+      <Node>
+        <NodeName>DisableDatagramProcessing</NodeName>
+        <DFProperties>
+          <AccessType>
+            <Add />
+            <Delete />
+            <Get />
+            <Replace />
+          </AccessType>
+          <DefaultValue>0</DefaultValue>
+          <Description>Control whether network protection inspects User Datagram Protocol (UDP) traffic</Description>
+          <DFFormat>
+            <int />
+          </DFFormat>
+          <Occurrence>
+            <One />
+          </Occurrence>
+          <Scope>
+            <Dynamic />
+          </Scope>
+          <DFType>
+            <MIME />
+          </DFType>
+          <MSFT:Applicability>
+            <MSFT:OsBuildVersion>10.0.14393</MSFT:OsBuildVersion>
+            <MSFT:CspVersion>1.3</MSFT:CspVersion>
+          </MSFT:Applicability>
+          <MSFT:AllowedValues ValueType="ENUM">
+            <MSFT:Enum>
+              <MSFT:Value>1</MSFT:Value>
+              <MSFT:ValueDescription>UDP inspection is off</MSFT:ValueDescription>
+            </MSFT:Enum>
+            <MSFT:Enum>
+              <MSFT:Value>0</MSFT:Value>
+              <MSFT:ValueDescription>UDP inspection is on</MSFT:ValueDescription>
+            </MSFT:Enum>
+          </MSFT:AllowedValues>
+        </DFProperties>
+      </Node>
       <Node>
         <NodeName>DisableNetworkProtectionPerfTelemetry</NodeName>
         <DFProperties>
@@ -2355,6 +2394,45 @@ The following XML file contains the device description framework (DDF) for the D
           </MSFT:AllowedValues>
         </DFProperties>
       </Node>
+      <Node>
+        <NodeName>AllowSwitchToAsyncInspection</NodeName>
+        <DFProperties>
+          <AccessType>
+            <Add />
+            <Delete />
+            <Get />
+            <Replace />
+          </AccessType>
+          <DefaultValue>0</DefaultValue>
+          <Description>Control whether network protection can improve performance by switching from real-time inspection to asynchronous inspection</Description>
+          <DFFormat>
+            <int />
+          </DFFormat>
+          <Occurrence>
+            <One />
+          </Occurrence>
+          <Scope>
+            <Dynamic />
+          </Scope>
+          <DFType>
+            <MIME />
+          </DFType>
+          <MSFT:Applicability>
+            <MSFT:OsBuildVersion>10.0.14393</MSFT:OsBuildVersion>
+            <MSFT:CspVersion>1.3</MSFT:CspVersion>
+          </MSFT:Applicability>
+          <MSFT:AllowedValues ValueType="ENUM">
+            <MSFT:Enum>
+              <MSFT:Value>1</MSFT:Value>
+              <MSFT:ValueDescription>Allow switching to asynchronous inspection</MSFT:ValueDescription>
+            </MSFT:Enum>
+            <MSFT:Enum>
+              <MSFT:Value>0</MSFT:Value>
+              <MSFT:ValueDescription>Don’t allow asynchronous inspection</MSFT:ValueDescription>
+            </MSFT:Enum>
+          </MSFT:AllowedValues>
+        </DFProperties>
+      </Node>
       <Node>
         <NodeName>RandomizeScheduleTaskTimes</NodeName>
         <DFProperties>

windows/client-management/mdm/policy-csp-admx-windowsexplorer.md

@@ -4,7 +4,7 @@ description: Learn more about the ADMX_WindowsExplorer Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 06/02/2023
+ms.date: 07/06/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -105,7 +105,7 @@ This setting allows an administrator to revert specific Windows Shell behavior t
 
 - If you enable this setting, users can't configure their system to open items by single-clicking (such as in Mouse in Control Panel). As a result, the user interface looks and operates like the interface for Windows NT 4.0, and users can't restore the new features.
 
-Enabling this policy will also turn off the preview pane and set the folder options for File Explorer to Use classic folders view and disable the users' ability to change these options.
+Enabling this policy will also turn off the preview pane and set the folder options for File Explorer to Use classic folders view and disable the users ability to change these options.
 
 - If you disable or not configure this policy, the default File Explorer behavior is applied to the user.
 
@@ -3965,7 +3965,9 @@ To remove network computers from lists of network resources, use the "No Entire
 
 <!-- PlacesBar-Description-Begin -->
 <!-- Description-Source-ADMX -->
-Configures the list of items displayed in the Places Bar in the Windows File/Open dialog. If you enable this setting you can specify from 1 to 5 items to be displayed in the Places Bar.
+Configures the list of items displayed in the Places Bar in the Windows File/Open dialog.
+
+- If you enable this setting you can specify from 1 to 5 items to be displayed in the Places Bar.
 
 The valid items you may display in the Places Bar are:
 
@@ -3983,7 +3985,7 @@ The list of Common Shell Folders that may be specified:
 
 Desktop, Recent Places, Documents, Pictures, Music, Recently Changed, Attachments and Saved Searches.
 
-If you disable or don't configure this setting the default list of items will be displayed in the Places Bar.
+- If you disable or don't configure this setting the default list of items will be displayed in the Places Bar.
 
 > [!NOTE]
 > In Windows Vista, this policy setting applies only to applications that are using the Windows XP common dialog box style. This policy setting doesn't apply to the new Windows Vista common dialog box style.

windows/client-management/mdm/policy-csp-experience.md

@@ -4,7 +4,7 @@ description: Learn more about the Experience Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 06/02/2023
+ms.date: 07/06/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -528,8 +528,8 @@ This policy setting allows you to control whether screen recording functionality
 
 | Value | Description |
 |:--|:--|
-| 0 | Disabled |
+| 0 | Disabled. |
-| 1 (Default) | Enabled |
+| 1 (Default) | Enabled. |
 <!-- AllowScreenRecorder-AllowedValues-End -->
 
 <!-- AllowScreenRecorder-GpMapping-Begin -->

windows/client-management/mdm/policy-csp-notifications.md

@@ -4,7 +4,7 @@ description: Learn more about the Notifications Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 06/02/2023
+ms.date: 07/06/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -61,8 +61,8 @@ This policy allows you to prevent Windows from displaying notifications to Micro
 
 | Value | Description |
 |:--|:--|
-| 0 (Default) | Disabled |
+| 0 (Default) | Disabled. |
-| 1 | Enabled |
+| 1 | Enabled. |
 <!-- DisableAccountNotifications-AllowedValues-End -->
 
 <!-- DisableAccountNotifications-GpMapping-Begin -->

windows/client-management/mdm/secureassessment-csp.md

@@ -1,82 +1,171 @@
 ---
 title: SecureAssessment CSP
-description: Learn how the SecureAssessment configuration service provider (CSP) is used to provide configuration information for the secure assessment browser.
+description: Learn more about the SecureAssessment CSP.
-ms.reviewer:
+author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.topic: reference
+ms.date: 07/06/2023
+ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
-author: vinaypamnani-msft
+ms.topic: reference
-ms.date: 06/26/2017
 ---
 
+<!-- Auto-Generated CSP Document -->
+
+<!-- SecureAssessment-Begin -->
 # SecureAssessment CSP
 
-The table below shows the applicability of Windows:
+<!-- SecureAssessment-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- SecureAssessment-Editable-End -->
 
-|Edition|Windows 10|Windows 11|
+<!-- SecureAssessment-Tree-Begin -->
-|--- |--- |--- |
+The following list shows the SecureAssessment configuration service provider nodes:
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
 
-The SecureAssessment configuration service provider is used to provide configuration information for the secure assessment browser.
+- ./Vendor/MSFT/SecureAssessment
+  - [AllowScreenMonitoring](#allowscreenmonitoring)
+  - [AllowTextSuggestions](#allowtextsuggestions)
+  - [Assessments](#assessments)
+  - [LaunchURI](#launchuri)
+  - [RequirePrinting](#requireprinting)
+  - [TesterAccount](#testeraccount)
+<!-- SecureAssessment-Tree-End -->
 
-The following example shows the SecureAssessment configuration service provider management objects in tree format as used by Open Mobile Alliance Device Management (OMA DM), OMA Client Provisioning, and Enterprise DM.
+<!-- Device-AllowScreenMonitoring-Begin -->
+## AllowScreenMonitoring
+
+<!-- Device-AllowScreenMonitoring-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+<!-- Device-AllowScreenMonitoring-Applicability-End -->
+
+<!-- Device-AllowScreenMonitoring-OmaUri-Begin -->
+```Device
+./Vendor/MSFT/SecureAssessment/AllowScreenMonitoring
 ```
-./Vendor/MSFT
+<!-- Device-AllowScreenMonitoring-OmaUri-End -->
-SecureAssessment
+
-----LaunchURI
+<!-- Device-AllowScreenMonitoring-Description-Begin -->
-----TesterAccount
+<!-- Description-Source-DDF -->
-----AllowScreenMonitoring
+Indicates if screen monitoring is allowed by the app.
-----RequirePrinting
+<!-- Device-AllowScreenMonitoring-Description-End -->
-----AllowTextSuggestions
+
-----Assessments
+<!-- Device-AllowScreenMonitoring-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- Device-AllowScreenMonitoring-Editable-End -->
+
+<!-- Device-AllowScreenMonitoring-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Get, Replace |
+| Default Value  | 0 |
+<!-- Device-AllowScreenMonitoring-DFProperties-End -->
+
+<!-- Device-AllowScreenMonitoring-AllowedValues-Begin -->
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 1 | Screen monitoring is allowed. |
+| 0 (Default) | Screen monitoring isn't allowed. |
+<!-- Device-AllowScreenMonitoring-AllowedValues-End -->
+
+<!-- Device-AllowScreenMonitoring-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- Device-AllowScreenMonitoring-Examples-End -->
+
+<!-- Device-AllowScreenMonitoring-End -->
+
+<!-- Device-AllowTextSuggestions-Begin -->
+## AllowTextSuggestions
+
+<!-- Device-AllowTextSuggestions-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+<!-- Device-AllowTextSuggestions-Applicability-End -->
+
+<!-- Device-AllowTextSuggestions-OmaUri-Begin -->
+```Device
+./Vendor/MSFT/SecureAssessment/AllowTextSuggestions
 ```
-<a href="" id="--vendor-msft-secureassessment"></a>**./Vendor/MSFT/SecureAssessment**
+<!-- Device-AllowTextSuggestions-OmaUri-End -->
-The root node for the SecureAssessment configuration service provider.
 
-The supported operation is Get.
+<!-- Device-AllowTextSuggestions-Description-Begin -->
+<!-- Description-Source-DDF -->
+Indicates if keyboard text suggestions are allowed by the app.
+<!-- Device-AllowTextSuggestions-Description-End -->
 
-<a href="" id="launchuri"></a>**LaunchURI**
+<!-- Device-AllowTextSuggestions-Editable-Begin -->
-URI link to an assessment that's automatically loaded when the secure assessment browser is launched.
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- Device-AllowTextSuggestions-Editable-End -->
 
-The supported operations are Add, Delete, Get, and Replace.
+<!-- Device-AllowTextSuggestions-DFProperties-Begin -->
+**Description framework properties**:
 
-<a href="" id="testeraccount"></a>**TesterAccount**
+| Property name | Property value |
-The user name of the test taking account.
+|:--|:--|
+| Format | `int` |
+| Access Type | Get, Replace |
+| Default Value  | 0 |
+<!-- Device-AllowTextSuggestions-DFProperties-End -->
 
-- To specify a domain account, use domain\\user.
+<!-- Device-AllowTextSuggestions-AllowedValues-Begin -->
-- To specify an Azure Active Directory account, use username@tenant.com.
+**Allowed values**:
-- To specify a local account, use the username.
 
-The supported operations are Add, Delete, Get, and Replace.
+| Value | Description |
+|:--|:--|
+| 1 | Keyboard text suggestions are allowed. |
+| 0 (Default) | Keyboard text suggestions aren't allowed. |
+<!-- Device-AllowTextSuggestions-AllowedValues-End -->
 
-<a href="" id="allowscreenmonitoring"></a>**AllowScreenMonitoring**
+<!-- Device-AllowTextSuggestions-Examples-Begin -->
-Added in Windows 10, version 1703. Boolean value that indicates whether screen capture is allowed by the app.
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- Device-AllowTextSuggestions-Examples-End -->
 
-Supported operations are Get and Replace.
+<!-- Device-AllowTextSuggestions-End -->
 
-<a href="" id="requireprinting"></a>**RequirePrinting**
+<!-- Device-Assessments-Begin -->
-Added in Windows 10, version 1703. Boolean value that indicates whether printing is allowed by the app.
+## Assessments
 
-Supported operations are Get and Replace.
+<!-- Device-Assessments-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621.521] and later |
+<!-- Device-Assessments-Applicability-End -->
 
-<a href="" id="AllowTextSuggestions"></a>**AllowTextSuggestions**
+<!-- Device-Assessments-OmaUri-Begin -->
-Added in Windows 10, version 1703. Boolean value that indicates whether keyboard text suggestions are allowed by the app.
+```Device
+./Vendor/MSFT/SecureAssessment/Assessments
+```
+<!-- Device-Assessments-OmaUri-End -->
 
-Supported operations are Get and Replace.
+<!-- Device-Assessments-Description-Begin -->
+<!-- Description-Source-DDF -->
+Enables support for multiple assessments and for assessment grouping. The structure is specified by an XML.
+<!-- Device-Assessments-Description-End -->
 
-<a href="" id="Assessments"></a>**Assessments**
+<!-- Device-Assessments-Editable-Begin -->
-Added in Windows 11, version 22H2. Enables support for multiple assessments. When configured, users can select from a list of assessments. The node accepts an XML string that represents the list of available assessments.
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+When configured, users can select from a list of assessments. The node accepts an XML string that represents the list of available assessments.
+<!-- Device-Assessments-Editable-End -->
 
-Supported operations are Add, Delete, Get and Replace.
+<!-- Device-Assessments-DFProperties-Begin -->
+**Description framework properties**:
 
-XML schema
+| Property name | Property value |
+|:--|:--|
+| Format | `chr` (string) |
+| Access Type | Add, Delete, Get, Replace |
+<!-- Device-Assessments-DFProperties-End -->
+
+<!-- Device-Assessments-AllowedValues-Begin -->
+**Allowed values**:
 
 ```xml
 <xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
@@ -89,8 +178,8 @@ XML schema
               <xs:element name="Assessment" maxOccurs="unbounded" minOccurs="0">
                 <xs:complexType>
                   <xs:sequence>
-                    <xs:element type="xs:string" name="TestName"/>
+                    <xs:element type="xs:string" name="TestName" />
-                    <xs:element type="xs:string" name="TestUri"/>
+                    <xs:element type="xs:string" name="TestUri" />
                   </xs:sequence>
                 </xs:complexType>
               </xs:element>
@@ -102,8 +191,12 @@ XML schema
   </xs:element>
 </xs:schema>
 ```
+<!-- Device-Assessments-AllowedValues-End -->
+
+<!-- Device-Assessments-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+**Example**:
 
-Example:
 ```xml
 <?xml version="1.0" encoding="utf-16"?>
 <AssessmentsRoot xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
@@ -124,12 +217,144 @@ Example:
     </Assessments>
 </AssessmentsRoot>
 ```
+<!-- Device-Assessments-Examples-End -->
 
-## Related topics
+<!-- Device-Assessments-End -->
 
-[Set up Take a Test](/education/windows/take-a-test-multiple-pcs)
+<!-- Device-LaunchURI-Begin -->
+## LaunchURI
 
-[Configuration service provider reference](index.yml)
+<!-- Device-LaunchURI-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+<!-- Device-LaunchURI-Applicability-End -->
 
+<!-- Device-LaunchURI-OmaUri-Begin -->
+```Device
+./Vendor/MSFT/SecureAssessment/LaunchURI
+```
+<!-- Device-LaunchURI-OmaUri-End -->
 
+<!-- Device-LaunchURI-Description-Begin -->
+<!-- Description-Source-DDF -->
+Link to an assessment that's automatically loaded when the Secure Assessment Browser is launched.
+<!-- Device-LaunchURI-Description-End -->
 
+<!-- Device-LaunchURI-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- Device-LaunchURI-Editable-End -->
+
+<!-- Device-LaunchURI-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `chr` (string) |
+| Access Type | Add, Delete, Get, Replace |
+| Allowed Values | Regular Expression: `System.Xml.XmlElement` |
+<!-- Device-LaunchURI-DFProperties-End -->
+
+<!-- Device-LaunchURI-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- Device-LaunchURI-Examples-End -->
+
+<!-- Device-LaunchURI-End -->
+
+<!-- Device-RequirePrinting-Begin -->
+## RequirePrinting
+
+<!-- Device-RequirePrinting-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+<!-- Device-RequirePrinting-Applicability-End -->
+
+<!-- Device-RequirePrinting-OmaUri-Begin -->
+```Device
+./Vendor/MSFT/SecureAssessment/RequirePrinting
+```
+<!-- Device-RequirePrinting-OmaUri-End -->
+
+<!-- Device-RequirePrinting-Description-Begin -->
+<!-- Description-Source-DDF -->
+Indicates if printing is required by the app.
+<!-- Device-RequirePrinting-Description-End -->
+
+<!-- Device-RequirePrinting-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- Device-RequirePrinting-Editable-End -->
+
+<!-- Device-RequirePrinting-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Get, Replace |
+| Default Value  | 1 |
+<!-- Device-RequirePrinting-DFProperties-End -->
+
+<!-- Device-RequirePrinting-AllowedValues-Begin -->
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 1 (Default) | Printing is allowed. |
+| 0 | Printing isn't allowed. |
+<!-- Device-RequirePrinting-AllowedValues-End -->
+
+<!-- Device-RequirePrinting-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- Device-RequirePrinting-Examples-End -->
+
+<!-- Device-RequirePrinting-End -->
+
+<!-- Device-TesterAccount-Begin -->
+## TesterAccount
+
+<!-- Device-TesterAccount-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+<!-- Device-TesterAccount-Applicability-End -->
+
+<!-- Device-TesterAccount-OmaUri-Begin -->
+```Device
+./Vendor/MSFT/SecureAssessment/TesterAccount
+```
+<!-- Device-TesterAccount-OmaUri-End -->
+
+<!-- Device-TesterAccount-Description-Begin -->
+<!-- Description-Source-DDF -->
+The user name of the test taking account. To specify a domain account, use domain\user. To specify an AAD account, use username@tenant.com. To specify a local account, use the username.
+<!-- Device-TesterAccount-Description-End -->
+
+<!-- Device-TesterAccount-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- Device-TesterAccount-Editable-End -->
+
+<!-- Device-TesterAccount-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `chr` (string) |
+| Access Type | Add, Delete, Get, Replace |
+<!-- Device-TesterAccount-DFProperties-End -->
+
+<!-- Device-TesterAccount-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- Device-TesterAccount-Examples-End -->
+
+<!-- Device-TesterAccount-End -->
+
+<!-- SecureAssessment-CspMoreInfo-Begin -->
+<!-- Add any additional information about this CSP here. Anything outside this section will get overwritten. -->
+<!-- SecureAssessment-CspMoreInfo-End -->
+
+<!-- SecureAssessment-End -->
+
+## Related articles
+
+[Configuration service provider reference](configuration-service-provider-reference.md)

windows/client-management/mdm/secureassessment-ddf-file.md

@@ -1,31 +1,29 @@
 ---
 title: SecureAssessment DDF file
-description: View the OMA DM device description framework (DDF) for the SecureAssessment configuration service provider. DDF files are used only with OMA DM provisioning XML
+description: View the XML file containing the device description framework (DDF) for the SecureAssessment configuration service provider.
-ms.reviewer:
+author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.topic: reference
+ms.date: 07/06/2023
+ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
-author: vinaypamnani-msft
+ms.topic: reference
-ms.date: 12/05/2017
 ---
 
+<!-- Auto-Generated CSP Document -->
+
 # SecureAssessment DDF file
 
-This topic shows the OMA DM device description framework (DDF) for the **SecureAssessment** configuration service provider. DDF files are used only with OMA DM provisioning XML.
+The following XML file contains the device description framework (DDF) for the SecureAssessment configuration service provider.
-
-Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-ddf.md).
-
-The XML below is the current version for this CSP.
 
 ```xml
 <?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE MgmtTree PUBLIC " -//OMA//DTD-DM-DDF 1.2//EN"
+<!DOCTYPE MgmtTree PUBLIC " -//OMA//DTD-DM-DDF 1.2//EN" "http://www.openmobilealliance.org/tech/DTD/DM_DDF-V1_2.dtd"[<?oma-dm-ddf-ver supported-versions="1.2"?>]>
-  "http://www.openmobilealliance.org/tech/DTD/DM_DDF-V1_2.dtd"
-  [<?oma-dm-ddf-ver supported-versions="1.2"?>]>
 <MgmtTree xmlns:MSFT="http://schemas.microsoft.com/MobileDevice/DM">
   <VerDTD>1.2</VerDTD>
+  <MSFT:Diagnostics>
+  </MSFT:Diagnostics>
   <Node>
     <NodeName>SecureAssessment</NodeName>
     <Path>./Vendor/MSFT</Path>
@@ -44,8 +42,13 @@ The XML below is the current version for this CSP.
         <Permanent />
       </Scope>
       <DFType>
-            <MIME>com.microsoft/1.1/MDM/SecureAssessment</MIME>
+        <MIME />
       </DFType>
+      <MSFT:Applicability>
+        <MSFT:OsBuildVersion>10.0.15063</MSFT:OsBuildVersion>
+        <MSFT:CspVersion>1.0</MSFT:CspVersion>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;</MSFT:EditionAllowList>
+      </MSFT:Applicability>
     </DFProperties>
     <Node>
       <NodeName>LaunchURI</NodeName>
@@ -66,24 +69,27 @@ The XML below is the current version for this CSP.
         <Scope>
           <Dynamic />
         </Scope>
+        <DFType>
+          <MIME />
+        </DFType>
         <CaseSense>
           <CIS />
         </CaseSense>
-            <DFType>
+        <MSFT:AllowedValues ValueType="RegEx">
-              <MIME>text/plain</MIME>
+          <MSFT:Value><![CDATA[/^https?:\/\/(?:www\.)?[-a-zA-Z0-9@:%._\+~#=]{1,256}\.[a-zA-Z0-9()]{1,6}\b(?:[-a-zA-Z0-9()@:%_\+.~#?&\/=]*)$/]]></MSFT:Value>
-            </DFType>
+        </MSFT:AllowedValues>
       </DFProperties>
     </Node>
     <Node>
       <NodeName>TesterAccount</NodeName>
       <DFProperties>
         <AccessType>
-              <Get />
           <Add />
           <Delete />
+          <Get />
           <Replace />
         </AccessType>
-            <Description>The user name of the test taking account.  To specify a domain account, use domain\user. To specify an Azure Active Directory account, use username@tenant.com. To specify a local account, use the username.</Description>
+        <Description>The user name of the test taking account.  To specify a domain account, use domain\user. To specify an AAD account, use username@tenant.com. To specify a local account, use the username.</Description>
         <DFFormat>
           <chr />
         </DFFormat>
@@ -93,12 +99,14 @@ The XML below is the current version for this CSP.
         <Scope>
           <Dynamic />
         </Scope>
+        <DFType>
+          <MIME />
+        </DFType>
         <CaseSense>
           <CIS />
         </CaseSense>
-            <DFType>
+        <MSFT:AllowedValues ValueType="None">
-              <MIME>text/plain</MIME>
+        </MSFT:AllowedValues>
-            </DFType>
       </DFProperties>
     </Node>
     <Node>
@@ -108,10 +116,10 @@ The XML below is the current version for this CSP.
           <Get />
           <Replace />
         </AccessType>
-            <DefaultValue>false</DefaultValue>
+        <DefaultValue>0</DefaultValue>
         <Description>Indicates if screen monitoring is allowed by the app.</Description>
         <DFFormat>
-              <bool />
+          <int />
         </DFFormat>
         <Occurrence>
           <One />
@@ -119,12 +127,22 @@ The XML below is the current version for this CSP.
         <Scope>
           <Permanent />
         </Scope>
+        <DFType>
+          <MIME />
+        </DFType>
         <CaseSense>
           <CIS />
         </CaseSense>
-            <DFType>
+        <MSFT:AllowedValues ValueType="ENUM">
-              <MIME>text/plain</MIME>
+          <MSFT:Enum>
-            </DFType>
+            <MSFT:Value>1</MSFT:Value>
+            <MSFT:ValueDescription>Screen monitoring is allowed</MSFT:ValueDescription>
+          </MSFT:Enum>
+          <MSFT:Enum>
+            <MSFT:Value>0</MSFT:Value>
+            <MSFT:ValueDescription>Screen monitoring is not allowed</MSFT:ValueDescription>
+          </MSFT:Enum>
+        </MSFT:AllowedValues>
       </DFProperties>
     </Node>
     <Node>
@@ -134,10 +152,10 @@ The XML below is the current version for this CSP.
           <Get />
           <Replace />
         </AccessType>
-            <DefaultValue>false</DefaultValue>
+        <DefaultValue>1</DefaultValue>
         <Description>Indicates if printing is required by the app.</Description>
         <DFFormat>
-              <bool />
+          <int />
         </DFFormat>
         <Occurrence>
           <One />
@@ -145,12 +163,22 @@ The XML below is the current version for this CSP.
         <Scope>
           <Permanent />
         </Scope>
+        <DFType>
+          <MIME />
+        </DFType>
         <CaseSense>
           <CIS />
         </CaseSense>
-            <DFType>
+        <MSFT:AllowedValues ValueType="ENUM">
-              <MIME>text/plain</MIME>
+          <MSFT:Enum>
-            </DFType>
+            <MSFT:Value>1</MSFT:Value>
+            <MSFT:ValueDescription>Printing is allowed</MSFT:ValueDescription>
+          </MSFT:Enum>
+          <MSFT:Enum>
+            <MSFT:Value>0</MSFT:Value>
+            <MSFT:ValueDescription>Printing is not allowed</MSFT:ValueDescription>
+          </MSFT:Enum>
+        </MSFT:AllowedValues>
       </DFProperties>
     </Node>
     <Node>
@@ -160,10 +188,10 @@ The XML below is the current version for this CSP.
           <Get />
           <Replace />
         </AccessType>
-            <DefaultValue>false</DefaultValue>
+        <DefaultValue>0</DefaultValue>
         <Description>Indicates if keyboard text suggestions are allowed by the app.</Description>
         <DFFormat>
-              <bool />
+          <int />
         </DFFormat>
         <Occurrence>
           <One />
@@ -171,18 +199,80 @@ The XML below is the current version for this CSP.
         <Scope>
           <Permanent />
         </Scope>
+        <DFType>
+          <MIME />
+        </DFType>
         <CaseSense>
           <CIS />
         </CaseSense>
+        <MSFT:AllowedValues ValueType="ENUM">
+          <MSFT:Enum>
+            <MSFT:Value>1</MSFT:Value>
+            <MSFT:ValueDescription>Keyboard text suggestions are allowed</MSFT:ValueDescription>
+          </MSFT:Enum>
+          <MSFT:Enum>
+            <MSFT:Value>0</MSFT:Value>
+            <MSFT:ValueDescription>Keyboard text suggestions are not allowed</MSFT:ValueDescription>
+          </MSFT:Enum>
+        </MSFT:AllowedValues>
+      </DFProperties>
+    </Node>
+    <Node>
+      <NodeName>Assessments</NodeName>
+      <DFProperties>
+        <AccessType>
+          <Add />
+          <Delete />
+          <Get />
+          <Replace />
+        </AccessType>
+        <Description>Enables support for multiple assessments and for assessment grouping. The structure is specified by an XML.</Description>
+        <DFFormat>
+          <chr />
+        </DFFormat>
+        <Occurrence>
+          <One />
+        </Occurrence>
+        <Scope>
+          <Dynamic />
+        </Scope>
         <DFType>
-              <MIME>text/plain</MIME>
+          <MIME />
         </DFType>
+        <MSFT:Applicability>
+          <MSFT:OsBuildVersion>10.0.22621.521</MSFT:OsBuildVersion>
+        </MSFT:Applicability>
+        <MSFT:AllowedValues ValueType="XSD">
+          <MSFT:Value><![CDATA[
+<xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
+  <xs:element name="AssessmentsRoot">
+    <xs:complexType>
+      <xs:sequence>
+        <xs:element name="Assessments">
+          <xs:complexType>
+            <xs:sequence>
+              <xs:element name="Assessment" maxOccurs="unbounded" minOccurs="0">
+                <xs:complexType>
+                  <xs:sequence>
+                    <xs:element type="xs:string" name="TestName"/>
+                    <xs:element type="xs:string" name="TestUri"/>
+                  </xs:sequence>
+                </xs:complexType>
+              </xs:element>
+            </xs:sequence>
+          </xs:complexType>
+        </xs:element>
+      </xs:sequence>
+    </xs:complexType>
+  </xs:element>
+</xs:schema>]]></MSFT:Value>
+        </MSFT:AllowedValues>
       </DFProperties>
     </Node>
   </Node>
 </MgmtTree>
 ```
 
-## Related topics
+## Related articles
 
-[SecureAssessment CSP](secureassessment-csp.md)
+[SecureAssessment configuration service provider reference](secureassessment-csp.md)

windows/client-management/mdm/surfacehub-csp.md

@@ -1879,7 +1879,7 @@ The name of the domain admin group to add to the administrators group on the dev
 
 <!-- Device-Management-GroupSid-Description-Begin -->
 <!-- Description-Source-DDF -->
-The side of the domain admin group to add to the administrators group on the device.
+The SID of the domain admin group to add to the administrators group on the device.
 <!-- Device-Management-GroupSid-Description-End -->
 
 <!-- Device-Management-GroupSid-Editable-Begin -->

windows/client-management/mdm/vpnv2-csp.md

@@ -4,7 +4,7 @@ description: Learn more about the VPNv2 CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/11/2023
+ms.date: 07/06/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -1090,7 +1090,7 @@ Nodes under SSO can be used to choose a certificate different from the VPN Authe
 
 <!-- Device-{ProfileName}-DeviceCompliance-Sso-Eku-Description-Begin -->
 <!-- Description-Source-DDF -->
-Comma Separated list of EKUs for the VPN Client to look for the correct certificate for Kerberos Authentication.
+Comma Separated list of EKU's for the VPN Client to look for the correct certificate for Kerberos Authentication.
 <!-- Device-{ProfileName}-DeviceCompliance-Sso-Eku-Description-End -->
 
 <!-- Device-{ProfileName}-DeviceCompliance-Sso-Eku-Editable-Begin -->
@@ -1222,7 +1222,7 @@ First, it automatically becomes an always on profile.
 
 Second, it doesn't require the presence or logging in of any user to the machine in order for it to connect.
 
-Third, no other Device Tunnel profile may be present on the same machine.
+Third, no other Device Tunnel profile maybe be present on the same machine.
 
 A device tunnel profile must be deleted before another device tunnel profile can be added, removed, or connected.
 <!-- Device-{ProfileName}-DeviceTunnel-Description-End -->
@@ -1587,7 +1587,7 @@ Boolean to determine whether this domain name rule will trigger the VPN.
 
 <!-- Device-{ProfileName}-DomainNameInformationList-{dniRowId}-DnsServers-Description-Begin -->
 <!-- Description-Source-DDF -->
-Comma Separated list of IP addresses for the DNS Servers to use for the domain name.
+Comma Seperated list of IP addresses for the DNS Servers to use for the domain name.
 <!-- Device-{ProfileName}-DomainNameInformationList-{dniRowId}-DnsServers-Description-End -->
 
 <!-- Device-{ProfileName}-DomainNameInformationList-{dniRowId}-DnsServers-Editable-Begin -->
@@ -1792,7 +1792,7 @@ Web Proxy Server IP address if you are redirecting traffic through your intranet
 
 <!-- Device-{ProfileName}-EdpModeId-Description-Begin -->
 <!-- Description-Source-DDF -->
-Enterprise ID, which is required for connecting this VPN profile with a WIP policy. When this is set, the networking stack looks for this Enterprise ID in the app token to determine if the traffic is allowed to go over the VPN. If the profile is active, it also automatically triggers the VPN to connect. We recommend having only one such profile per device.
+Enterprise ID, which is required for connecting this VPN profile with an WIP policy. When this is set, the networking stack looks for this Enterprise ID in the app token to determine if the traffic is allowed to go over the VPN. If the profile is active, it also automatically triggers the VPN to connect. We recommend having only one such profile per device.
 <!-- Device-{ProfileName}-EdpModeId-Description-End -->
 
 <!-- Device-{ProfileName}-EdpModeId-Editable-Begin -->
@@ -3119,7 +3119,7 @@ Type of routing policy.
 
 <!-- Device-{ProfileName}-NativeProfile-Servers-Description-Begin -->
 <!-- Description-Source-DDF -->
-Required for native profiles. Public or routable IP address or DNS name for the VPN gateway. It can point to the external IP of a gateway or a virtual IP for a server farm. Examples, 208.147.66.130 or vpn.contoso.com The name can be a server name plus a friendly name separated with a semi-colon. For example, server2.example.com;server2FriendlyName. When you get the value, the return will include both the server name and the friendly name; if no friendly name had been supplied it will default to the server name. You can make a list of server by making a list of server names (with optional friendly names) separated by commas. For example, server1.example.com,server2.example.com.
+Required for native profiles. Public or routable IP address or DNS name for the VPN gateway. It can point to the external IP of a gateway or a virtual IP for a server farm. Examples, 208.147.66.130 or vpn.contoso.com The name can be a server name plus a friendly name separated with a semi-colon. For example, server2.example.com;server2FriendlyName. When you get the value, the return will include both the server name and the friendly name; if no friendly name had been supplied it will default to the server name. You can make a list of server by making a list of server names (with optional friendly names) seperated by commas. For example, server1.example.com,server2.example.com.
 <!-- Device-{ProfileName}-NativeProfile-Servers-Description-End -->
 
 <!-- Device-{ProfileName}-NativeProfile-Servers-Editable-Begin -->
@@ -5387,7 +5387,7 @@ Nodes under SSO can be used to choose a certificate different from the VPN Authe
 
 <!-- User-{ProfileName}-DeviceCompliance-Sso-Eku-Description-Begin -->
 <!-- Description-Source-DDF -->
-Comma Separated list of EKUs for the VPN Client to look for the correct certificate for Kerberos Authentication.
+Comma Separated list of EKU's for the VPN Client to look for the correct certificate for Kerberos Authentication.
 <!-- User-{ProfileName}-DeviceCompliance-Sso-Eku-Description-End -->
 
 <!-- User-{ProfileName}-DeviceCompliance-Sso-Eku-Editable-Begin -->
@@ -5827,7 +5827,7 @@ Boolean to determine whether this domain name rule will trigger the VPN.
 
 <!-- User-{ProfileName}-DomainNameInformationList-{dniRowId}-DnsServers-Description-Begin -->
 <!-- Description-Source-DDF -->
-Comma Separated list of IP addresses for the DNS Servers to use for the domain name.
+Comma Seperated list of IP addresses for the DNS Servers to use for the domain name.
 <!-- User-{ProfileName}-DomainNameInformationList-{dniRowId}-DnsServers-Description-End -->
 
 <!-- User-{ProfileName}-DomainNameInformationList-{dniRowId}-DnsServers-Editable-Begin -->
@@ -6032,7 +6032,7 @@ Web Proxy Server IP address if you are redirecting traffic through your intranet
 
 <!-- User-{ProfileName}-EdpModeId-Description-Begin -->
 <!-- Description-Source-DDF -->
-Enterprise ID, which is required for connecting this VPN profile with a WIP policy. When this is set, the networking stack looks for this Enterprise ID in the app token to determine if the traffic is allowed to go over the VPN. If the profile is active, it also automatically triggers the VPN to connect. We recommend having only one such profile per device.
+Enterprise ID, which is required for connecting this VPN profile with an WIP policy. When this is set, the networking stack looks for this Enterprise ID in the app token to determine if the traffic is allowed to go over the VPN. If the profile is active, it also automatically triggers the VPN to connect. We recommend having only one such profile per device.
 <!-- User-{ProfileName}-EdpModeId-Description-End -->
 
 <!-- User-{ProfileName}-EdpModeId-Editable-Begin -->
@@ -7359,7 +7359,7 @@ Type of routing policy.
 
 <!-- User-{ProfileName}-NativeProfile-Servers-Description-Begin -->
 <!-- Description-Source-DDF -->
-Required for native profiles. Public or routable IP address or DNS name for the VPN gateway. It can point to the external IP of a gateway or a virtual IP for a server farm. Examples, 208.147.66.130 or vpn.contoso.com The name can be a server name plus a friendly name separated with a semi-colon. For example, server2.example.com;server2FriendlyName. When you get the value, the return will include both the server name and the friendly name; if no friendly name had been supplied it will default to the server name. You can make a list of server by making a list of server names (with optional friendly names) separated by commas. For example, server1.example.com,server2.example.com.
+Required for native profiles. Public or routable IP address or DNS name for the VPN gateway. It can point to the external IP of a gateway or a virtual IP for a server farm. Examples, 208.147.66.130 or vpn.contoso.com The name can be a server name plus a friendly name separated with a semi-colon. For example, server2.example.com;server2FriendlyName. When you get the value, the return will include both the server name and the friendly name; if no friendly name had been supplied it will default to the server name. You can make a list of server by making a list of server names (with optional friendly names) seperated by commas. For example, server1.example.com,server2.example.com.
 <!-- User-{ProfileName}-NativeProfile-Servers-Description-End -->
 
 <!-- User-{ProfileName}-NativeProfile-Servers-Editable-Begin -->

windows/client-management/mdm/wifi-csp.md

@@ -4,7 +4,7 @@ description: Learn more about the WiFi CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/11/2023
+ms.date: 07/06/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -126,7 +126,6 @@ SSID is the name of network you're connecting to, while Profile name is the name
 |:--|:--|
 | Format | `node` |
 | Access Type | Add, Delete, Get, Replace |
-| Atomic Required | True |
 | Dynamic Node Naming | ServerGeneratedUniqueIdentifier |
 <!-- Device-Profile-{SSID}-DFProperties-End -->
 
@@ -485,7 +484,6 @@ SSID is the name of network you're connecting to, while Profile name is the name
 |:--|:--|
 | Format | `node` |
 | Access Type | Add, Delete, Get, Replace |
-| Atomic Required | True |
 | Dynamic Node Naming | ServerGeneratedUniqueIdentifier |
 <!-- User-Profile-{SSID}-DFProperties-End -->
 

windows/client-management/mdm/wifi-ddf-file.md

@@ -4,7 +4,7 @@ description: View the XML file containing the device description framework (DDF)
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 06/02/2023
+ms.date: 07/06/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -96,7 +96,6 @@ The following XML file contains the device description framework (DDF) for the W
           <MSFT:DynamicNodeNaming>
             <MSFT:ServerGeneratedUniqueIdentifier />
           </MSFT:DynamicNodeNaming>
-          <MSFT:AtomicRequired />
         </DFProperties>
         <Node>
           <NodeName>WlanXml</NodeName>
@@ -380,7 +379,6 @@ The following XML file contains the device description framework (DDF) for the W
           <MSFT:DynamicNodeNaming>
             <MSFT:ServerGeneratedUniqueIdentifier />
           </MSFT:DynamicNodeNaming>
-          <MSFT:AtomicRequired />
         </DFProperties>
         <Node>
           <NodeName>WlanXml</NodeName>

windows/security/identity-protection/hello-for-business/hello-identity-verification.md

@@ -1,10 +1,9 @@
 ---
-ms.date: 12/13/2022
+ms.date: 07/05/2023
 title: Windows Hello for Business Deployment Prerequisite Overview
 description: Overview of all the different infrastructure requirements for Windows Hello for Business deployment models
 ms.topic: article
 ms.collection:
-- highpri
 - tier1
 appliesto: 
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
@@ -29,16 +28,16 @@ This article lists the infrastructure requirements for the different deployment
 
 The table shows the minimum requirements for each deployment. For key trust in a multi-domain/multi-forest deployment, the following requirements are applicable for each domain/forest that hosts Windows Hello for business components or is involved in the Kerberos referral process.
 
-| Requirement | cloud Kerberos trust<br/>Group Policy or Modern managed | Key trust<br/>Group Policy or Modern managed | Certificate Trust<br/>Mixed managed | Certificate Trust<br/>Modern managed | 
+| Requirement | Cloud Kerberos trust<br/>Group Policy or Modern managed | Key trust<br/>Group Policy or Modern managed | Certificate Trust<br/>Mixed managed | Certificate Trust<br/>Modern managed | 
 | --- | --- | --- | --- | --- |
 | **Windows Version** | Any supported Windows client versions| Any supported Windows client versions | Any supported Windows client versions |
 | **Schema Version** | No specific Schema requirement | Windows Server 2016 or later schema | Windows Server 2016 or later schema | Windows Server 2016 or later schema |
 | **Domain and Forest Functional Level** | Windows Server 2008 R2 Domain/Forest functional level | Windows Server 2008 R2 Domain/Forest functional level | Windows Server 2008 R2 Domain/Forest functional level |Windows Server 2008 R2 Domain/Forest functional level |
 | **Domain Controller Version** | Any supported Windows Server versions | Any supported Windows Server versions | Any supported Windows Server versions | Any supported Windows Server versions  |
-| **Certificate Authority**| N/A |Any supported Windows Server versions | Any supported Windows Server versions | Any supported Windows Server versions |
+| **Certificate Authority**| Not required |Any supported Windows Server versions | Any supported Windows Server versions | Any supported Windows Server versions |
-| **AD FS Version** | N/A | N/A | Any supported Windows Server versions | Any supported Windows Server versions |
+| **AD FS Version** | Not required | Not required | Any supported Windows Server versions | Any supported Windows Server versions |
 | **MFA Requirement** | Azure MFA, or<br/>AD FS w/Azure MFA adapter, or<br/>AD FS w/Azure MFA Server adapter, or<br/>AD FS w/3rd Party MFA Adapter | Azure MFA tenant, or<br/>AD FS w/Azure MFA adapter, or<br/>AD FS w/Azure MFA Server adapter, or<br/>AD FS w/3rd Party MFA Adapter | Azure MFA tenant, or<br/>AD FS w/Azure MFA adapter, or<br/>AD FS w/Azure MFA Server adapter, or<br/>AD FS w/3rd Party MFA Adapter | Azure MFA tenant, or<br/>AD FS w/Azure MFA adapter, or<br/>AD FS w/Azure MFA Server adapter, or<br/>AD FS w/3rd Party MFA Adapter |
-| **Azure AD Connect** | N/A | Required | Required | Required |
+| **Azure AD Connect** | Not required | Required | Required | Required |
 | **Azure AD License** | Azure AD Premium, optional | Azure AD Premium, optional | Azure AD Premium, needed for device write-back | Azure AD Premium, optional. Intune license required |
 
 ## On-premises Deployments

windows/security/introduction/index.md

@@ -4,7 +4,8 @@ description: System security book.
 ms.date: 04/24/2023
 ms.topic: tutorial
 ms.author: paoloma
-ms.custom: ai-gen-docs
+content_well_notification: 
+  - AI-contribution
 author: paolomatarazzo
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
@@ -53,5 +54,3 @@ Microsoft offers comprehensive cloud services for identity, storage, and access
 ## Next steps
 
 To learn more about the security features included in Windows 11, download the [Windows 11 Security Book: Powerful security from chip to cloud](https://aka.ms/Windows11SecurityBook).
-
-[!INCLUDE [ai-disclaimer-generic](../../../includes/ai-disclaimer-generic.md)]

windows/security/threat-protection/security-policy-settings/accounts-block-microsoft-accounts.md

@@ -20,11 +20,13 @@ ms.technology: itpro-security
 # Accounts: Block Microsoft accounts
 
 **Applies to**
--   Windows 11
+-   Windows 10, version 1607 and earlier
--   Windows 10
 
 Describes the best practices, location, values, management, and security considerations for the **Accounts: Block Microsoft accounts** security policy setting.
 
+> [!IMPORTANT]
+> In Windows 10, version 1703 and later, this policy is no longer effective because the process for adding Microsoft Accounts changed. For Windows 10, version 1703 and later, instead of using this policy use the "Block all consumer Microsoft user account authentication" policy located under Computer Configuration\Administrative Templates\Windows Components\Microsoft account.
+
 ## Reference
 
 This setting prevents using the **Settings** app to add a Microsoft account for single sign-on (SSO) authentication for Microsoft services and some background services, or using a Microsoft account for single sign-on to other applications or services. For more information, see [Microsoft Accounts](/windows-server/identity/ad-ds/manage/understand-microsoft-accounts).