Merge branch 'release-win11-22h2' of https://github.com/MicrosoftDocs/windows-docs-pr into wn-win1122h2

2025-05-15 14:57:23 +00:00 · 2022-09-20 08:25:11 -07:00 · 2022-09-20 08:25:11 -07:00 · f6834e5d5c
commit f6834e5d5c
parent c012ff41d5 4d5e26f51a
50 changed files with 1055 additions and 306 deletions
--- a/.openpublishing.redirection.json
+++ b/.openpublishing.redirection.json
@ -19644,6 +19644,11 @@
     "source_path": "windows/security/identity-protection/access-control/dynamic-access-control.md",
     "redirect_url": "/windows-server/identity/solution-guides/dynamic-access-control-overview",
     "redirect_document_id": false
     },
     {
     "source_path": "windows/configuration/windows-10-accessibility-for-ITPros.md",
     "redirect_url": "/windows/configuration/windows-accessibility-for-ITPros",
     "redirect_document_id": false
     }
  ]
 }
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@ -2,7 +2,7 @@
 Thank you for your interest in the Windows IT professional documentation! We appreciate your feedback, edits, and additions to our docs.
 This page covers the basic steps for editing our technical documentation.
-For a more up-to-date and complete contribution guide, see the main [contributor guide overview](https://docs.microsoft.com/contribute/).
+For a more up-to-date and complete contribution guide, see the main [contributor guide overview](https://learn.microsoft.com/contribute/).
 ## Sign a CLA
@ -19,10 +19,10 @@ We've tried to make editing an existing, public file as simple as possible.
 ### To edit a topic
-1. Browse to the [Microsoft Docs](https://docs.microsoft.com/) article that you want to update.
+1. Browse to the [Microsoft Docs](https://learn.microsoft.com/) article that you want to update.
    > **Note**<br>
-    > If you're a Microsoft employee or vendor, before you edit the article, append `review.` to the beginning of the URL. This action lets you use the private repository, **windows-docs-pr**. For more information, see the [internal contributor guide](https://review.docs.microsoft.com/help/get-started/edit-article-in-github?branch=main).
+    > If you're a Microsoft employee or vendor, before you edit the article, append `review.` to the beginning of the URL. This action lets you use the private repository, **windows-docs-pr**. For more information, see the [internal contributor guide](https://review.learn.microsoft.com/help/get-started/edit-article-in-github?branch=main).
 1. Then select the **Pencil** icon.
@ -37,7 +37,7 @@ We've tried to make editing an existing, public file as simple as possible.
    ![GitHub Web, showing the Pencil icon.](images/pencil-icon.png)
-1. Using Markdown language, make your changes to the file. For info about how to edit content using Markdown, see the [Docs Markdown reference](https://docs.microsoft.com/contribute/markdown-reference) and GitHub's [Mastering Markdown](https://guides.github.com/features/mastering-markdown/) documentation.
+1. Using Markdown language, make your changes to the file. For info about how to edit content using Markdown, see the [Docs Markdown reference](https://learn.microsoft.com/contribute/markdown-reference) and GitHub's [Mastering Markdown](https://guides.github.com/features/mastering-markdown/) documentation.
 1. Make your suggested change, and then select **Preview changes** to make sure it looks correct.
@ -57,16 +57,16 @@ We've tried to make editing an existing, public file as simple as possible.
    The pull request is sent to the writer of the topic and your edits are reviewed. If your request is accepted, updates are published to their respective article. This repository contains articles on some of the following topics:
-    - [Windows client documentation for IT Pros](https://docs.microsoft.com/windows/resources/)
+    - [Windows client documentation for IT Pros](https://learn.microsoft.com/windows/resources/)
-    - [Microsoft Store](https://docs.microsoft.com/microsoft-store)
+    - [Microsoft Store](https://learn.microsoft.com/microsoft-store)
-    - [Windows 10 for Education](https://docs.microsoft.com/education/windows)
+    - [Windows 10 for Education](https://learn.microsoft.com/education/windows)
-    - [Windows 10 for SMB](https://docs.microsoft.com/windows/smb)
+    - [Windows 10 for SMB](https://learn.microsoft.com/windows/smb)
-    - [Internet Explorer 11](https://docs.microsoft.com/internet-explorer/)
+    - [Internet Explorer 11](https://learn.microsoft.com/internet-explorer/)
 ## Making more substantial changes
 To make substantial changes to an existing article, add or change images, or contribute a new article, you'll need to create a local clone of the content.
-For info about creating a fork or clone, see [Set up a local Git repository](https://docs.microsoft.com/contribute/get-started-setup-local). The GitHub docs topic, [Fork a Repo](https://docs.github.com/articles/fork-a-repo), is also insightful.
+For info about creating a fork or clone, see [Set up a local Git repository](https://learn.microsoft.com/contribute/get-started-setup-local). The GitHub docs topic, [Fork a Repo](https://docs.github.com/articles/fork-a-repo), is also insightful.
 Fork the official repo into your personal GitHub account, and then clone the fork down to your local device.  Work locally, then push your changes back into your fork.  Finally, open a pull request back to the main branch of the official repo.
@ -82,4 +82,4 @@ In the new issue form, enter a brief title. In the body of the form, describe th
 - You can use your favorite text editor to edit Markdown files.  We recommend [Visual Studio Code](https://code.visualstudio.com/), a free lightweight open source editor from Microsoft.
 - You can learn the basics of Markdown in just a few minutes.  To get started, check out [Mastering Markdown](https://guides.github.com/features/mastering-markdown/).
- Microsoft technical documentation uses several custom Markdown extensions. To learn more, see the [Docs Markdown reference](https://docs.microsoft.com/contribute/markdown-reference).
+- Microsoft technical documentation uses several custom Markdown extensions. To learn more, see the [Docs Markdown reference](https://learn.microsoft.com/contribute/markdown-reference).
--- a/education/includes/education-content-updates.md
+++ b/education/includes/education-content-updates.md
@ -2,6 +2,16 @@
 ## Week of September 12, 2022
 | Published On |Topic title | Change |
 |------|------------|--------|
 | 9/13/2022 | [Chromebook migration guide (Windows 10)](/education/windows/chromebook-migration-guide) | modified |
 | 9/14/2022 | [Windows 11 SE Overview](/education/windows/windows-11-se-overview) | modified |
 | 9/14/2022 | [Windows 11 SE settings list](/education/windows/windows-11-se-settings-list) | modified |
 ## Week of September 05, 2022
@ -40,42 +50,3 @@
 | Published On |Topic title | Change |
 |------|------------|--------|
 | 8/17/2022 | [For IT administrators get Minecraft Education Edition](/education/windows/school-get-minecraft) | modified |
 ## Week of August 08, 2022
 | Published On |Topic title | Change |
 |------|------------|--------|
 | 8/10/2022 | [Reset devices with Autopilot Reset](/education/windows/autopilot-reset) | modified |
 | 8/10/2022 | [Change history for Windows 10 for Education (Windows 10)](/education/windows/change-history-edu) | modified |
 | 8/10/2022 | [Change to Windows 10 Education from Windows 10 Pro](/education/windows/change-to-pro-education) | modified |
 | 8/10/2022 | [Chromebook migration guide (Windows 10)](/education/windows/chromebook-migration-guide) | modified |
 | 8/10/2022 | [Windows 10 configuration recommendations for education customers](/education/windows/configure-windows-for-education) | modified |
 | 8/10/2022 | [Deploy Windows 10 in a school district (Windows 10)](/education/windows/deploy-windows-10-in-a-school-district) | modified |
 | 8/10/2022 | [Deploy Windows 10 in a school (Windows 10)](/education/windows/deploy-windows-10-in-a-school) | modified |
 | 8/10/2022 | [Deployment recommendations for school IT administrators](/education/windows/edu-deployment-recommendations) | modified |
 | 8/10/2022 | [Education scenarios Microsoft Store for Education](/education/windows/education-scenarios-store-for-business) | modified |
 | 8/10/2022 | [Enable S mode on Surface Go devices for Education](/education/windows/enable-s-mode-on-surface-go-devices) | modified |
 | 8/10/2022 | [Get Minecraft Education Edition](/education/windows/get-minecraft-for-education) | modified |
 | 8/10/2022 | [Windows 10 for Education (Windows 10)](/education/windows/index) | modified |
 | 8/10/2022 | [Switch to Windows 10 Pro Education in S mode from Windows 10 Pro in S mode](/education/windows/s-mode-switch-to-edu) | modified |
 | 8/10/2022 | [For IT administrators get Minecraft Education Edition](/education/windows/school-get-minecraft) | modified |
 | 8/10/2022 | [Azure AD Join with Set up School PCs app](/education/windows/set-up-school-pcs-azure-ad-join) | modified |
 | 8/10/2022 | [What's in Set up School PCs provisioning package](/education/windows/set-up-school-pcs-provisioning-package) | modified |
 | 8/10/2022 | [Shared PC mode for school devices](/education/windows/set-up-school-pcs-shared-pc-mode) | modified |
 | 8/10/2022 | [Set up School PCs app technical reference overview](/education/windows/set-up-school-pcs-technical) | modified |
 | 8/10/2022 | [What's new in the Windows Set up School PCs app](/education/windows/set-up-school-pcs-whats-new) | modified |
 | 8/10/2022 | [Set up student PCs to join domain](/education/windows/set-up-students-pcs-to-join-domain) | modified |
 | 8/10/2022 | [Provision student PCs with apps](/education/windows/set-up-students-pcs-with-apps) | modified |
 | 8/10/2022 | [Set up Windows devices for education](/education/windows/set-up-windows-10) | modified |
 | 8/10/2022 | [Take a Test app technical reference](/education/windows/take-a-test-app-technical) | modified |
 | 8/10/2022 | [Set up Take a Test on multiple PCs](/education/windows/take-a-test-multiple-pcs) | modified |
 | 8/10/2022 | [Set up Take a Test on a single PC](/education/windows/take-a-test-single-pc) | modified |
 | 8/10/2022 | [Take tests in Windows 10](/education/windows/take-tests-in-windows-10) | modified |
 | 8/10/2022 | [For teachers get Minecraft Education Edition](/education/windows/teacher-get-minecraft) | modified |
 | 8/10/2022 | [Test Windows 10 in S mode on existing Windows 10 education devices](/education/windows/test-windows10s-for-edu) | modified |
 | 8/10/2022 | [Use Set up School PCs app](/education/windows/use-set-up-school-pcs-app) | modified |
 | 8/10/2022 | [What is Windows 11 SE](/education/windows/windows-11-se-overview) | modified |
 | 8/10/2022 | [Windows 11 SE settings list](/education/windows/windows-11-se-settings-list) | modified |
 | 8/10/2022 | [Windows 10 editions for education customers](/education/windows/windows-editions-for-education-customers) | modified |
--- a/education/index.yml
+++ b/education/index.yml
@ -73,7 +73,7 @@ productDirectory:
          text: IT admin help
        - url: https://support.office.com/education
          text: Education help center
-        - url: /learn/educator-center/
+        - url: /training/educator-center/
          text: Teacher training packs
    # Card    
    - title: Check out our education journey
--- a/education/windows/edu-stickers.md
+++ b/education/windows/edu-stickers.md
@ -12,7 +12,7 @@ ms.reviewer:
 manager: aaroncz
 ms.collection: education
 appliesto:
- ✅ <b>Windows 11 SE 22H2</b>
+- ✅ <b>Windows 11 SE, version 22H2</b>
 ---
 # Configure Stickers for Windows 11 SE
--- a/education/windows/edu-themes.md
+++ b/education/windows/edu-themes.md
@ -12,8 +12,8 @@ ms.reviewer:
 manager: aaroncz
 ms.collection: education
 appliesto:
- ✅ <b>Windows 11 22H2</b>
+- ✅ <b>Windows 11, version 22H2</b>
- ✅ <b>Windows 11 SE 22H2</b>
+- ✅ <b>Windows 11 SE, version 22H2</b>
 ---
 # Configure education themes for Windows 11
--- a/education/windows/windows-11-se-overview.md
+++ b/education/windows/windows-11-se-overview.md
@ -87,7 +87,6 @@ The following applications can also run on Windows 11 SE, and can be deployed us
 | Application                             | Supported version | App Type | Vendor                       |
 |-----------------------------------------|-------------------|----------|------------------------------|
 | AirSecure                               | 8.0.0             | Win32    | AIR                          |
 | Alertus Desktop                         | 5.4.44.0          | Win32    | Alertus technologies         |
 | Brave Browser                           | 1.34.80           | Win32    | Brave                        |
 | Bulb Digital Portfolio                  | 0.0.7.0           | Store    | Bulb                         |
 | Cisco Umbrella                          | 3.0.110.0         | Win32    | Cisco                        |
@ -119,7 +118,7 @@ The following applications can also run on Windows 11 SE, and can be deployed us
 | Mozilla Firefox                         | 99.0.1            | Win32    | Mozilla                      |
 | NAPLAN                                  | 2.5.0             | Win32    | NAP                          |
 | Netref Student                          | 22.2.0            | Win32    | NetRef                       |
-| NetSupport Manager                      | 12.01.0011        | Win32    | NetSupport                   |
+| NetSupport Manager                      | 12.01.0014        | Win32    | NetSupport                   |
 | NetSupport Notify                       | 5.10.1.215        | Win32    | NetSupport                   |
 | NetSupport School                       | 14.00.0011        | Win32    | NetSupport                   |
 | NextUp Talker                           | 1.0.49            | Win32    | NextUp Technologies          |
--- a/store-for-business/whats-new-microsoft-store-business-education.md
+++ b/store-for-business/whats-new-microsoft-store-business-education.md
@ -41,7 +41,7 @@ We've been working on bug fixes and performance improvements to provide you a be
 | ![Private store performance icon.](images/perf-improvement-icon.png) |**Performance improvements in private store**<br /><br /> We've made it significantly faster for you to update the private store. Many changes to the private store are available immediately after you make them. <br /><br />[Get more info](./manage-private-store-settings.md#private-store-performance)<br /><br />**Applies to**:<br /> Microsoft Store for Business <br /> Microsoft Store for Education |
 | <iframe width="288" height="232" src="https://www.youtube-nocookie.com/embed/IpLIZU_j7Z0" frameborder="0" allowfullscreen></iframe>| **Manage Windows device deployment with Windows Autopilot Deployment** <br /><br /> In Microsoft Store for Business, you can manage devices for your organization and apply an Autopilot deployment profile to your devices. When people in your organization run the out-of-box experience on the device, the profile configures Windows, based on the Autopilot deployment profile you applied to the device.<br /><br />[Get more info](add-profile-to-devices.md)<br /><br />**Applies to**:<br /> Microsoft Store for Business <br /> Microsoft Store for Education  |
 | ![Microsoft Store for Business Settings page, Distribute tab showing app requests setting.](images/msfb-wn-1709-app-request.png) |**Request an app**<br /><br />People in your organization can request additional licenses for apps in your private store, and then Admins or Purchasers can make the purchases. <br /><br />[Get more info](./acquire-apps-microsoft-store-for-business.md#request-apps)<br /><br />**Applies to**:<br /> Microsoft Store for Business <br /> Microsoft Store for Education |
-||  ![Image showing Add a Collection.](images/msfb-add-collection.png) |**Private store collections**<br /><br> You can groups of apps in your private store with **Collections**. This can help you organize apps and help people find apps for their job or classroom. <br /><br />[Get more info](https://review.docs.microsoft.com/microsoft-store/manage-private-store-settings?branch=msfb-14856406#add-a-collection)<br /><br />**Applies to**:<br /> Microsoft Store for Business <br /> Microsoft Store for Education |
+||  ![Image showing Add a Collection.](images/msfb-add-collection.png) |**Private store collections**<br /><br> You can groups of apps in your private store with **Collections**. This can help you organize apps and help people find apps for their job or classroom. <br /><br />[Get more info](https://review.learn.microsoft.com/microsoft-store/manage-private-store-settings?branch=msfb-14856406#add-a-collection)<br /><br />**Applies to**:<br /> Microsoft Store for Business <br /> Microsoft Store for Education |
 -->
 ## Previous releases and updates
--- a/template.md
+++ b/template.md
@ -28,7 +28,7 @@ When you create a new markdown file article, **Save as** this template to a new
 ## Metadata
-The full metadata block is above the markdown between the `---` lines. For more information, see [Metadata attributes](https://review.docs.microsoft.com/en-us/help/contribute/metadata-attributes?branch=main) in the contributor guide. Some key notes:
+The full metadata block is above the markdown between the `---` lines. For more information, see [Metadata attributes](https://review.learn.microsoft.com/help/contribute/metadata-attributes?branch=main) in the contributor guide. Some key notes:
 - You _must_ have a space between the colon (`:`) and the value for a metadata element.
@ -65,7 +65,7 @@ The full metadata block is above the markdown between the `---` lines. For more
 All basic and Github-flavored markdown (GFM) is supported. For more information, see the following articles:
- [Docs Markdown reference in the Contributor Guide](https://review.docs.microsoft.com/help/contribute/markdown-reference?branch=main)
+- [Docs Markdown reference in the Contributor Guide](https://review.learn.microsoft.com/help/contribute/markdown-reference?branch=main)
 - [Baseline markdown syntax](https://daringfireball.net/projects/markdown/syntax)
 - [Github-flavored markdown (GFM) documentation](https://docs.github.com/github/writing-on-github/getting-started-with-writing-and-formatting-on-github/basic-writing-and-formatting-syntax)
@ -79,7 +79,7 @@ Second-level headings (`##`, also known as H2) generate the on-page TOC that app
 Limit the length of second-level headings to avoid excessive line wraps.
-Make sure _all_ headings of any level have a unique name for the article. The build creates an anchor for all headings on the page using kebab formatting. For example, from the [Docs Markdown reference](https://review.docs.microsoft.com/help/contribute/markdown-reference?branch=main) article, the heading **Alerts (Note, Tip, Important, Caution, Warning)** becomes the anchor `#alerts-note-tip-important-caution-warning`. If there are duplicate headings, then the anchors don't behave properly. This behavior also applies when using include files, make sure the headings are unique across the main markdown file, and all include markdown files.
+Make sure _all_ headings of any level have a unique name for the article. The build creates an anchor for all headings on the page using kebab formatting. For example, from the [Docs Markdown reference](https://review.learn.microsoft.com/help/contribute/markdown-reference?branch=main) article, the heading **Alerts (Note, Tip, Important, Caution, Warning)** becomes the anchor `#alerts-note-tip-important-caution-warning`. If there are duplicate headings, then the anchors don't behave properly. This behavior also applies when using include files, make sure the headings are unique across the main markdown file, and all include markdown files.
 Don't skip levels. For example, don't have an H3 (`###`) without a parent H2 (`##`).
@ -111,7 +111,7 @@ _Italics_ (a single asterisk (`*`) also works, but the underscore (`_`) helps di
 >
 > It supports headings in the current and other files too! (Just not the custom `bkmk` anchors that are sometimes used in this content.)
-For more information, see [Add links to articles](https://review.docs.microsoft.com/help/contribute/links-how-to?branch=main) in the contributor guide.
+For more information, see [Add links to articles](https://review.learn.microsoft.com/help/contribute/links-how-to?branch=main) in the contributor guide.
 ### Article in the same repo
@ -149,7 +149,7 @@ There's a broken link report that runs once a week in the build system, get the
 Don't use URL shorteners like `go.microsoft.com/fwlink` or `aka.ms`. Include the full URL to the target.
-For more information, see [Add links to articles](https://review.docs.microsoft.com/help/contribute/links-how-to?branch=main) in the contributor guide.
+For more information, see [Add links to articles](https://review.learn.microsoft.com/help/contribute/links-how-to?branch=main) in the contributor guide.
 ## Lists
@ -289,4 +289,4 @@ Always include alt text for accessibility, and always end it with a period.
 ## docs.ms extensions
 > [!div class="nextstepaction"]
-> [Microsoft Endpoint Configuration Manager documentation](https://docs.microsoft.com/mem/configmgr)
+> [Microsoft Endpoint Configuration Manager documentation](https://learn.microsoft.com/mem/configmgr)
--- a/windows/client-management/manage-corporate-devices.md
+++ b/windows/client-management/manage-corporate-devices.md
@ -44,6 +44,3 @@ You can use the same management tools to manage all device types running Windows
 [Microsoft Intune End User Enrollment Guide](/samples/browse/?redirectedfrom=TechNet-Gallery)
 [Windows 10 (and Windows 11) and Azure Active Directory: Embracing the Cloud](https://go.microsoft.com/fwlink/p/?LinkId=615768)
 Microsoft Virtual Academy course: [Configuration Manager & Windows Intune](/learn/)
--- a/windows/client-management/mdm/diagnosticlog-csp.md
+++ b/windows/client-management/mdm/diagnosticlog-csp.md
@ -565,7 +565,7 @@ The data type is string.
 Default string is as follows:
-`https://docs.microsoft.com/windows/'desktop/WES/eventmanifestschema-channeltype-complextype`
+`https://learn.microsoft.com/windows/'desktop/WES/eventmanifestschema-channeltype-complextype`
 Add **SDDL**
--- a/windows/client-management/mdm/diagnosticlog-ddf.md
+++ b/windows/client-management/mdm/diagnosticlog-ddf.md
@ -2028,7 +2028,7 @@ The content below are the latest versions of the DDF files:
                    <Delete />
                    <Replace />
                  </AccessType>
-                  <Description>SDDL String controlling access to the channel. Default: https://docs.microsoft.com/windows/desktop/WES/eventmanifestschema-channeltype-complextype</Description>
+                  <Description>SDDL String controlling access to the channel. Default: https://learn.microsoft.com/windows/desktop/WES/eventmanifestschema-channeltype-complextype</Description>
                  <DFFormat>
                    <chr />
                  </DFFormat>
@ -2178,9 +2178,3 @@ The content below are the latest versions of the DDF files:
--- a/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md
+++ b/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md
@ -219,7 +219,7 @@ Requirements:
 4. Rename the extracted Policy Definitions folder to `PolicyDefinitions`.
-5. Copy the PolicyDefinitions folder to `\\SYSVOL\contoso.com\policies\PolicyDefinitions`.
+5. Copy the PolicyDefinitions folder to `\\contoso.com\SYSVOL\contoso.com\policies\PolicyDefinitions`.
   If this folder doesn't exist, then you'll be switching to a [central policy store](/troubleshoot/windows-client/group-policy/create-and-manage-central-store) for your entire domain.
--- a/windows/client-management/mdm/healthattestation-ddf.md
+++ b/windows/client-management/mdm/healthattestation-ddf.md
@ -92,7 +92,7 @@ The XML below is the current version for this CSP.
            <AccessType>
              <Get />
            </AccessType>
-            <Description>Provides the current status of the device health request.  For the complete list of status see https://docs.microsoft.com/en-us/windows/client-management/mdm/healthattestation-csp#device-healthattestation-csp-status-and-error-codes</Description>
+            <Description>Provides the current status of the device health request.  For the complete list of status see https://learn.microsoft.com/windows/client-management/mdm/healthattestation-csp#device-healthattestation-csp-status-and-error-codes</Description>
            <DFFormat>
              <int />
            </DFFormat>
@ -456,9 +456,3 @@ The XML below is the current version for this CSP.
--- a/windows/client-management/mdm/policy-csp-kerberos.md
+++ b/windows/client-management/mdm/policy-csp-kerberos.md
@ -32,6 +32,18 @@ manager: aaroncz
  <dd>
    <a href="#kerberos-pkinithashalgorithmconfiguration">Kerberos/PKInitHashAlgorithmConfiguration</a>
  </dd>  
  <dd>
    <a href="#kerberos-pkinithashalgorithmsha1">Kerberos/PKInitHashAlgorithmSHA1</a>
  </dd>
  <dd>
    <a href="#kerberos-pkinithashalgorithmsha256">Kerberos/PKInitHashAlgorithmSHA256</a>
  </dd>
  <dd>
    <a href="#kerberos-pkinithashalgorithmsha384">Kerberos/PKInitHashAlgorithmSHA384</a>
  </dd>
  <dd>
    <a href="#kerberos-pkinithashalgorithmsha512">Kerberos/PKInitHashAlgorithmSHA512</a>
  </dd>
  <dd>
    <a href="#kerberos-requirekerberosarmoring">Kerberos/RequireKerberosArmoring</a>
  </dd>
@ -231,22 +243,20 @@ ADMX Info:
 This policy setting controls hash or checksum algorithms used by the Kerberos client when performing certificate authentication.
-If you enable this policy, you'll be able to configure one of four states for each algorithm:
+If you enable this policy, you'll be able to configure one of four states for each hash algorithm (SHA1, SHA256, SHA384, and SHA512) using their respective policies.
 * **Default**: This state sets the algorithm to the recommended state.
 * **Supported**: This state enables usage of the algorithm. Enabling algorithms that have been disabled by default may reduce your security.
 * **Audited**: This state enables usage of the algorithm and reports an event (ID 205) every time it's used. This state is intended to verify that the algorithm isn't being used and can be safely disabled.
 * **Not Supported**: This state disables usage of the algorithm. This state is intended for algorithms that are deemed to be insecure.
 If you disable or don't configure this policy, each algorithm will assume the **Default** state.
 * 0 - **Disabled**
 * 1 - **Enabled**
 More information about the hash and checksum algorithms supported by the Windows Kerberos client and their default states can be found https://go.microsoft.com/fwlink/?linkid=2169037.
 <!--/Description-->
 <!--ADMXBacked-->
 ADMX Info:  
-   GP Friendly name: *Introducing agility to PKINIT in Kerberos protocol*
+-   GP Friendly name: *Configure Hash algorithms for certificate logon*
 -   GP name: *PKInitHashAlgorithmConfiguration*
 -   GP path: *System/Kerberos*
 -   GP ADMX file name: *Kerberos.admx*
@ -256,6 +266,209 @@ ADMX Info:
 <hr/>
 <!--Policy-->
 <a href="" id="kerberos-pkinithashalgorithmsha1"></a>**Kerberos/PKInitHashAlgorithmSHA1**  
 <!--SupportedSKUs-->
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
 |Pro|Yes|Yes|
 |Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
 <!--/SupportedSKUs-->
 <hr/>
 <!--Scope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--/Scope-->
 <!--Description-->
 This policy setting controls the configuration of the SHA1 algorithm used by the Kerberos client when performing certificate authentication. This policy is only enforced if Kerberos/PKInitHashAlgorithmConfiguration is enabled. You can configure one of four states for this algorithm:
 * 0 - **Not Supported**: This state disables usage of the algorithm. This state is intended for algorithms that are deemed to be insecure.
 * 1 - **Default**: This state sets the algorithm to the recommended state.
 * 2 - **Audited**: This state enables usage of the algorithm and reports an event (ID 206) every time it's used. This state is intended to verify that the algorithm isn't being used and can be safely disabled.
 * 3 - **Supported**: This state enables usage of the algorithm. Enabling algorithms that have been disabled by default may reduce your security.
 If you don't configure this policy, the SHA1 algorithm will assume the **Default** state.
 <!--/Description-->
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP Friendly name: *Configure Hash algorithms for certificate logon*
 -   GP name: *PKInitHashAlgorithmConfiguration*
 -   GP path: *System/Kerberos*
 -   GP ADMX file name: *Kerberos.admx*
 <!--/ADMXBacked-->
 <!--/Policy-->
 <hr/>
 <!--Policy-->
 <a href="" id="kerberos-pkinithashalgorithmsha256"></a>**Kerberos/PKInitHashAlgorithmSHA256**  
 <!--SupportedSKUs-->
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
 |Pro|Yes|Yes|
 |Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
 <!--/SupportedSKUs-->
 <hr/>
 <!--Scope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--/Scope-->
 <!--Description-->
 This policy setting controls the configuration of the SHA256 algorithm used by the Kerberos client when performing certificate authentication. This policy is only enforced if Kerberos/PKInitHashAlgorithmConfiguration is enabled. You can configure one of four states for this algorithm:
 * 0 - **Not Supported**: This state disables usage of the algorithm. This state is intended for algorithms that are deemed to be insecure.
 * 1 - **Default**: This state sets the algorithm to the recommended state.
 * 2 - **Audited**: This state enables usage of the algorithm and reports an event (ID 206) every time it's used. This state is intended to verify that the algorithm isn't being used and can be safely disabled.
 * 3 - **Supported**: This state enables usage of the algorithm. Enabling algorithms that have been disabled by default may reduce your security.
 If you don't configure this policy, the SHA256 algorithm will assume the **Default** state.
 <!--/Description-->
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP Friendly name: *Configure Hash algorithms for certificate logon*
 -   GP name: *PKInitHashAlgorithmConfiguration*
 -   GP path: *System/Kerberos*
 -   GP ADMX file name: *Kerberos.admx*
 <!--/ADMXBacked-->
 <!--/Policy-->
 <hr/>
 <!--Policy-->
 <a href="" id="kerberos-pkinithashalgorithmsha384"></a>**Kerberos/PKInitHashAlgorithmSHA384**  
 <!--SupportedSKUs-->
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
 |Pro|Yes|Yes|
 |Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
 <!--/SupportedSKUs-->
 <hr/>
 <!--Scope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--/Scope-->
 <!--Description-->
 This policy setting controls the configuration of the SHA384 algorithm used by the Kerberos client when performing certificate authentication. This policy is only enforced if Kerberos/PKInitHashAlgorithmConfiguration is enabled. You can configure one of four states for this algorithm:
 * 0 - **Not Supported**: This state disables usage of the algorithm. This state is intended for algorithms that are deemed to be insecure.
 * 1 - **Default**: This state sets the algorithm to the recommended state.
 * 2 - **Audited**: This state enables usage of the algorithm and reports an event (ID 206) every time it's used. This state is intended to verify that the algorithm isn't being used and can be safely disabled.
 * 3 - **Supported**: This state enables usage of the algorithm. Enabling algorithms that have been disabled by default may reduce your security.
 If you don't configure this policy, the SHA384 algorithm will assume the **Default** state.
 <!--/Description-->
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP Friendly name: *Configure Hash algorithms for certificate logon*
 -   GP name: *PKInitHashAlgorithmConfiguration*
 -   GP path: *System/Kerberos*
 -   GP ADMX file name: *Kerberos.admx*
 <!--/ADMXBacked-->
 <!--/Policy-->
 <hr/>
 <!--Policy-->
 <a href="" id="kerberos-pkinithashalgorithmsha512"></a>**Kerberos/PKInitHashAlgorithmSHA512**  
 <!--SupportedSKUs-->
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
 |Pro|Yes|Yes|
 |Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
 <!--/SupportedSKUs-->
 <hr/>
 <!--Scope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--/Scope-->
 <!--Description-->
 This policy setting controls the configuration of the SHA512 algorithm used by the Kerberos client when performing certificate authentication. This policy is only enforced if Kerberos/PKInitHashAlgorithmConfiguration is enabled. You can configure one of four states for this algorithm:
 * 0 - **Not Supported**: This state disables usage of the algorithm. This state is intended for algorithms that are deemed to be insecure.
 * 1 - **Default**: This state sets the algorithm to the recommended state.
 * 2 - **Audited**: This state enables usage of the algorithm and reports an event (ID 206) every time it's used. This state is intended to verify that the algorithm isn't being used and can be safely disabled.
 * 3 - **Supported**: This state enables usage of the algorithm. Enabling algorithms that have been disabled by default may reduce your security.
 If you don't configure this policy, the SHA512 algorithm will assume the **Default** state.
 <!--/Description-->
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP Friendly name: *Configure Hash algorithms for certificate logon*
 -   GP name: *PKInitHashAlgorithmConfiguration*
 -   GP path: *System/Kerberos*
 -   GP ADMX file name: *Kerberos.admx*
 <!--/ADMXBacked-->
 <!--/Policy-->
 <hr/>
 <!--Policy-->
 <a href="" id="kerberos-requirekerberosarmoring"></a>**Kerberos/RequireKerberosArmoring**  
--- a/windows/client-management/mdm/policy-csp-lsa.md
+++ b/windows/client-management/mdm/policy-csp-lsa.md
@ -1,15 +1,15 @@
 ---
 title: Policy CSP - LocalSecurityAuthority
-description: Define the list of trusting forests that the Kerberos client searches when attempting to resolve two-part service principal names (SPNs).
+description: Use the LocalSecurityAuthority CSP to configure policies for the Windows Local Security Authority Subsystem Service (LSASS).
-ms.author: dansimp
+ms.author: vinpa
-ms.topic: article
+author: vinaypamnani-msft
-ms.prod: w10
+ms.reviewer: 
-ms.technology: windows
+manager: aaroncz
-author: dansimp
+ms.topic: reference
 ms.prod: windows-client
 ms.technology: itpro-manage
 ms.localizationpriority: medium
 ms.date: 08/26/2022
 ms.reviewer: 
 manager: dansimp
 ---
 # Policy CSP - LocalSecurity Authority
@ -67,7 +67,7 @@ manager: dansimp
 <!--Description-->
 This policy setting defines whether the Local Security Authority Subsystem Service (LSASS) will allow loading of custom security support providers (SSPs) and authentication providers (APs).
-If you enable this policy setting or do not configure it, LSASS will allow loading of custom SSPs and APs.
+If you enable this policy setting or don't configure it, LSASS will allow loading of custom SSPs and APs.
 If you disable this policy setting, LSASS will block custom SSPs and APs from loading.
@ -113,11 +113,11 @@ ADMX Info:
 <!--Description-->
 This policy setting configures the Local Security Authority Subsystem Service (LSASS) to run as a protected process.
-If you disable (0) or do not configure this policy setting, LSASS will not run as a protected process.
+If you disable (0) or don't configure this policy setting, LSASS won't run as a protected process.
 If you enable this policy with UEFI lock (1), LSASS will run as a protected process and this setting will be stored in a UEFI variable.
-If you enable this policy without UEFI lock (2), LSASS will run as a protected process and this setting will not be stored in a UEFI variable.
+If you enable this policy without UEFI lock (2), LSASS will run as a protected process and this setting won't be stored in a UEFI variable.
 <!--/Description-->
--- a/windows/configuration/TOC.yml
+++ b/windows/configuration/TOC.yml
@ -43,7 +43,7 @@
    - name: Accessibility settings
      items:
         - name: Accessibility information for IT Pros
-           href: windows-10-accessibility-for-ITPros.md
+           href: windows-accessibility-for-ITPros.md
         - name: Configure access to Microsoft Store
           href: stop-employees-from-using-microsoft-store.md
         - name: Configure Windows Spotlight on the lock screen
--- a/windows/configuration/customize-taskbar-windows-11.md
+++ b/windows/configuration/customize-taskbar-windows-11.md
@ -157,7 +157,7 @@ Use the following steps to add your XML file to a group policy, and apply the po
 4. When you apply the policy, the taskbar includes your changes. The next time users sign in, they'll see the changes.
-    For more information on using group policies, see [Implement Group Policy Objects](/learn/modules/implement-group-policy-objects/).
+    For more information on using group policies, see [Implement Group Policy Objects](/training/modules/implement-group-policy-objects/).
 ### Create a Microsoft Endpoint Manager policy to deploy your XML file
--- a/windows/configuration/kiosk-xml.md
+++ b/windows/configuration/kiosk-xml.md
@ -59,7 +59,7 @@ ms.topic: article
                              <!-- A link file is required for desktop applications to show on start layout, the link file can be placed under
                                   "%AllUsersProfile%\Microsoft\Windows\Start Menu\Programs" if the link file is shared for all users or
                                   "%AppData%\Microsoft\Windows\Start Menu\Programs" if the link file is for the specific user only 
-                                   see document https://docs.microsoft.com/windows/configuration/start-layout-xml-desktop
+                                   see document https://learn.microsoft.com/windows/configuration/start-layout-xml-desktop
                              -->
                              <!-- for inbox desktop applications, a link file might already exist and can be used directly -->
                              <start:DesktopApplicationTile Size="2x2" Column="2" Row="0" DesktopApplicationLinkPath="%AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Accessories\paint.lnk" />
@ -192,7 +192,7 @@ This sample demonstrates that both UWP and Win32 apps can be configured to autom
                              <!-- A link file is required for desktop applications to show on start layout, the link file can be placed under
                                   "%AllUsersProfile%\Microsoft\Windows\Start Menu\Programs" if the link file is shared for all users or
                                   "%AppData%\Microsoft\Windows\Start Menu\Programs" if the link file is for the specific user only 
-                                   see document https://docs.microsoft.com/windows/configuration/start-layout-xml-desktop
+                                   see document https://learn.microsoft.com/windows/configuration/start-layout-xml-desktop
                              -->
                              <!-- for inbox desktop applications, a link file might already exist and can be used directly -->
                              <start:DesktopApplicationTile Size="2x2" Column="2" Row="0" DesktopApplicationLinkPath="%AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Accessories\paint.lnk" />
@ -313,7 +313,7 @@ This sample demonstrates that only a global profile is used, with no active user
                              <!-- A link file is required for desktop applications to show on start layout, the link file can be placed under
                                   "%AllUsersProfile%\Microsoft\Windows\Start Menu\Programs" if the link file is shared for all users or
                                   "%AppData%\Microsoft\Windows\Start Menu\Programs" if the link file is for the specific user only 
-                                   see document https://docs.microsoft.com/windows/configuration/start-layout-xml-desktop
+                                   see document https://learn.microsoft.com/windows/configuration/start-layout-xml-desktop
                              -->
                              <!-- for inbox desktop applications, a link file might already exist and can be used directly -->
                              <start:DesktopApplicationTile Size="2x2" Column="2" Row="0" DesktopApplicationLinkPath="%AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Accessories\paint.lnk" />
@ -365,7 +365,7 @@ Below sample shows dedicated profile and global profile mixed usage, a user woul
                              <!-- A link file is required for desktop applications to show on start layout, the link file can be placed under
                                   "%AllUsersProfile%\Microsoft\Windows\Start Menu\Programs" if the link file is shared for all users or
                                   "%AppData%\Microsoft\Windows\Start Menu\Programs" if the link file is for the specific user only 
-                                   see document https://docs.microsoft.com/windows/configuration/start-layout-xml-desktop
+                                   see document https://learn.microsoft.com/windows/configuration/start-layout-xml-desktop
                              -->
                              <!-- for inbox desktop applications, a link file might already exist and can be used directly -->
                              <start:DesktopApplicationTile Size="2x2" Column="2" Row="0" DesktopApplicationLinkPath="%AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Accessories\paint.lnk" />
--- a/windows/configuration/lock-down-windows-10-to-specific-apps.md
+++ b/windows/configuration/lock-down-windows-10-to-specific-apps.md
@ -458,7 +458,7 @@ Usage is demonstrated below, by using the new XML namespace and specifying `Glob
                              <!-- A link file is required for desktop applications to show on start layout, the link file can be placed under
                                   "%AllUsersProfile%\Microsoft\Windows\Start Menu\Programs" if the link file is shared for all users or
                                   "%AppData%\Microsoft\Windows\Start Menu\Programs" if the link file is for the specific user only 
-                                   see document https://docs.microsoft.com/windows/configuration/start-layout-xml-desktop
+                                   see document https://learn.microsoft.com/windows/configuration/start-layout-xml-desktop
                              -->
                              <!-- for inbox desktop applications, a link file might already exist and can be used directly -->
                              <start:DesktopApplicationTile Size="2x2" Column="2" Row="0" DesktopApplicationLinkPath="%AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Accessories\paint.lnk" />
--- a/windows/configuration/provisioning-packages/how-it-pros-can-use-configuration-service-providers.md
+++ b/windows/configuration/provisioning-packages/how-it-pros-can-use-configuration-service-providers.md
@ -179,6 +179,6 @@ Here is a list of CSPs supported on Windows 10 Enterprise:
 -   [Update CSP](/windows/client-management/mdm/update-csp)
 -   [VPN CSP](/windows/client-management/mdm/vpn-csp)
 -   [VPNv2 CSP](/windows/client-management/mdm/vpnv2-csp)
-   [Wi-Fi CSP](/documentation/)
+-   [Wi-Fi CSP](/windows/client-management/mdm/wifi-csp)
 -   [WindowsLicensing CSP](/windows/client-management/mdm/windowslicensing-csp)
 -   [WindowsSecurityAuditing CSP](/windows/client-management/mdm/windowssecurityauditing-csp)
--- a/windows/configuration/windows-10-accessibility-for-ITPros.md
+++ b/windows/configuration/windows-10-accessibility-for-ITPros.md
@ -1,91 +0,0 @@
 ---
 title: Windows 10 accessibility information for IT Pros (Windows 10)
 description: Lists the various accessibility features available in Windows 10 with links to detailed guidance on how to set them
 keywords: accessibility, settings, vision, hearing, physical, cognition, assistive
 ms.prod: w10
 ms.author: lizlong
 author: lizgt2000
 ms.localizationpriority: medium
 ms.date: 01/12/2018
 ms.reviewer: 
 manager: aaroncz
 ms.topic: reference
 ---
 # Accessibility information for IT Professionals 
 Microsoft is dedicated to making its products and services accessible and usable for everyone. Windows 10 includes accessibility features that benefit all users. These features make it easier to customize the computer and give users with different abilities options to improve their experience with Windows. 
 This topic helps IT administrators learn about built-in accessibility features, and includes a few recommendations for how to support people in your organization who use these features.
 ## General recommendations
 - **Be aware of Ease of Access settings** – Understand how people in your organization might use these settings. Help people in your organization learn how they can customize Windows 10. 
 - **Do not block settings** – Avoid using Group Policy or MDM settings that override Ease of Access settings. 
 - **Encourage choice** – Allow people in your organization to customize their computers based on their needs. That customization might mean installing an add-on for their browser, or a non-Microsoft assistive technology.
 ## Vision
 | Accessibility feature | Description |
 |---------------------------|------------|
 | [Use Narrator to use devices without a screen](https://support.microsoft.com/help/22798/windows-10-narrator-get-started) | Narrator describes Windows and apps and enables you to control devices by using a keyboard, controller, or with a range of gestures on touch-supported devices.|
 | [Create accessible apps](https://developer.microsoft.com/windows/accessible-apps) | You can develop accessible apps just like Mail, Groove, and Store that work well with Narrator and other leading screen readers.|
 | Use keyboard shortcuts for [Windows](https://support.microsoft.com/help/12445/windows-keyboard-shortcuts), [Narrator](https://support.microsoft.com/help/22806), and [Magnifier](https://support.microsoft.com/help/13810) | Get the most out of Windows with shortcuts for apps and desktops.|
 | Get closer with [Magnifier](https://support.microsoft.com/help/11542/windows-use-magnifier) | Magnifier enlarges all or part of your screen and offers various configuration settings.|
 | [Cursor and pointer adjustments](https://support.microsoft.com/help/27928/windows-10-make-windows-easier-to-see) | Changing the size or color of pointers or adding trails or touch feedback make it easier to follow the mouse.|
 | [Have Cortana assist](https://support.microsoft.com/help/17214/windows-10-what-is) | Cortana can handle various tasks for you, including setting reminders, opening apps, finding facts, and sending emails and texts.|
 | [Dictate text and commands](https://support.microsoft.com/help/17208/windows-10-use-speech-recognition) | Windows includes speech recognition that lets you tell it what to do.|
 | [Customize the size](https://support.microsoft.com/help/27928/windows-10-make-windows-easier-to-see) of screen items | You can adjust the size of text, icons, and other screen items to make them easier to see.|
 | [Improve contrast](https://support.microsoft.com/help/27928/windows-10-make-windows-easier-to-see) | Many high-contrast themes are available to suit your needs.|
 | [Simplify for focus](https://support.microsoft.com/help/27930) | Reducing animations and turning off background images and transparency can minimize distractions.|
 | [Keep notifications around longer](https://support.microsoft.com/help/27933/windows-10-make-windows-easier-to-hear) | If notifications aren't staying visible long enough for you to notice them, you can increase the time a notification will be displayed up to five minutes.|
 | [Read in Braille](https://support.microsoft.com/help/4004263) | Narrator supports braille displays from more than 35 manufacturers using more than 40 languages and multiple braille variants.|
 ## Hearing
 | Accessibility feature | Description |
 |---------------------------|------------|
 | [Transcribe with Translator](https://www.skype.com/en/features/skype-translator) | Translator can transcribe voice to text so you won’t miss what’s being said. |
 | [Use Skype for sign language](https://www.skype.com/en/) | Skype is available on various platforms and devices, so you don’t have to worry about whether your co-workers, friends and family can communicate with you.|
 | [Get visual notifications for sounds](https://support.microsoft.com/help/27933/windows-10-make-windows-easier-to-hear) | You can replace audible alerts with visual alerts.|
 | [Keep notifications around longer](https://support.microsoft.com/help/27933/windows-10-make-windows-easier-to-hear)|If notifications aren't staying visible long enough for you to notice them, you can increase the time a notification will be displayed up to five minutes.|
 | [Read spoken words with closed captioning](https://support.microsoft.com/help/21055/windows-10-closed-caption-settings) | You can customize things like color, size, and background transparency to suit your needs and tastes.|
 | [Switch to mono audio](https://support.microsoft.com/help/27933/) | Sending all sounds to both left and right channels is helpful for those people with partial hearing loss or deafness in one ear.|
 ## Physical
 | Accessibility feature | Description|
 |---------------------------|------------|
 | [Have Cortana assist](https://support.microsoft.com/help/17214/windows-10-what-is) | Cortana can handle various tasks for you, including setting reminders, opening apps, finding facts, and sending emails and texts.|
 | [Dictate text and commands](https://support.microsoft.com/help/17208/windows-10-use-speech-recognition) | Windows includes speech recognition that lets you tell it what to do.|
 | Use the On-Screen Keyboard (OSK) | Instead of relying on a physical keyboard, you can use the [On-Screen Keyboard](https://support.microsoft.com/help/10762/windows-use-on-screen-keyboard) to type and enter data and select keys with a mouse or other pointing device. Additionally, the OSK offers [word prediction and completion](https://support.microsoft.com/help/10762/windows-use-on-screen-keyboard).|
 | [Live Tiles](https://support.microsoft.com/help/17176/windows-10-organize-your-apps)| Because Live Tiles display constantly updated information for many apps, you don't have to bother actually opening them. You can arrange, resize, and move tiles as needed.| 
 | [Keyboard assistance features](https://support.microsoft.com/help/27936)| You can personalize your keyboard to ignore repeated keys and do other helpful things if you have limited control of your hands.|
 | [Mouse Keys](https://support.microsoft.com/help/27936)|If a mouse is difficult to use, you can control the pointer by using your numeric keypad.|
 ## Cognition
 | Accessibility feature | Description|
 |---------------------------|------------|
 | [Simplify for focus](https://support.microsoft.com/help/27930) | Reducing animations and turning off background images and transparency can minimize distractions.|
 | Use the On-Screen Keyboard (OSK) | Instead of relying on a physical keyboard, you can use the [On-Screen Keyboard](https://support.microsoft.com/help/10762/windows-use-on-screen-keyboard) to type and enter data and select keys with a mouse or other pointing device. Additionally, the OSK offers [word prediction and completion](https://support.microsoft.com/help/10762/windows-use-on-screen-keyboard).|
 | [Dictate text and commands](https://support.microsoft.com/help/17208/windows-10-use-speech-recognition) | Windows includes speech recognition that lets you tell it what to do.|
 | [Use fonts that are easier to read](https://www.microsoft.com/download/details.aspx?id=50721) | Fluent Sitka Small and Fluent Calibri are fonts that address "visual crowding" by adding character and enhance word and line spacing. |
 | [Edge Reading View](https://support.microsoft.com/help/17204/windows-10-take-your-reading-with-you) | Clears distracting content from web pages so you can stay focused on what you really want to read. |
 | [Edge includes an e-book reader](https://support.microsoft.com/help/4014945) | The Microsoft Edge e-book reader includes options to increase text spacing and read text aloud to help make it easier for everyone to read and enjoy text, including people with learning differences like dyslexia and English language learners. |
 ## Assistive technology devices built into Windows 10
 | Assistive technology | How it helps |
 |---------------------------|------------|
 | [Hear text read aloud with Narrator](https://support.microsoft.com/help/17173) | Narrator reads text on your PC screen aloud and describes events, such as notifications or calendar appointments, so you can use your PC without a display.|
 | [Use Speech Recognition]( https://support.microsoft.com/help/17208 ) | Narrator reads text on your PC screen aloud and describes events, such as notifications or calendar appointments, so you can use your PC without a display.|
 | [Save time with keyboard shortcuts]( https://support.microsoft.com/help/17189) | Keyboard shortcuts for apps and desktops.|
 ## Other resources
 [Windows accessibility](https://www.microsoft.com/Accessibility/windows)
 [Designing accessible software]( https://msdn.microsoft.com/windows/uwp/accessibility/designing-inclusive-software)
 [Inclusive Design](https://www.microsoft.com/design/inclusive)
 [Accessibility guide for Microsoft 365 Apps](/deployoffice/accessibility-guide)
--- a/windows/configuration/windows-accessibility-for-ITPros.md
+++ b/windows/configuration/windows-accessibility-for-ITPros.md
@ -0,0 +1,117 @@
 ---
 title: Windows accessibility information for IT Pros
 description: Lists the various accessibility features available in Windows client with links to detailed guidance on how to set them.
 ms.prod: windows-client
 ms.technology: itpro-configure
 ms.author: lizlong
 author: lizgt2000
 ms.reviewer: 
 manager: aaroncz
 ms.localizationpriority: medium
 ms.date: 09/20/2022
 ms.topic: reference
 appliesto:
 - ✅ <b>Windows 10</b>
 - ✅ <b>Windows 11</b>
 ---
 # Accessibility information for IT professionals
 Microsoft is dedicated to making its products and services accessible and usable for everyone. Windows includes accessibility features that benefit all users. These features make it easier to customize the computer and give users with different abilities options to improve their experience with Windows.
 This article helps you as the IT administrator learn about built-in accessibility features. It also includes recommendations for how to support people in your organization who use these features.
 Windows 11, version 22H2, includes improvements for people with disabilities: system-wide live captions, Focus sessions, voice access, and more natural voices for Narrator. For more information, see [New accessibility features coming to Windows 11](https://blogs.windows.com/windowsexperience/2022/05/10/new-accessibility-features-coming-to-windows-11/) and [How inclusion drives innovation in Windows 11](https://blogs.windows.com/windowsexperience/?p=177554).<!-- 6294246 -->
 ## General recommendations
 - **Be aware of Ease of Access settings**. Understand how people in your organization might use these settings. Help people in your organization learn how they can customize Windows.
 - **Don't block settings**. Avoid using group policy or MDM settings that override Ease of Access settings.
 - **Encourage choice**. Allow people in your organization to customize their computers based on their needs. That customization might be installing an add-on for their browser, or a non-Microsoft assistive technology.
 ## Vision
 - [Use Narrator to use devices without a screen](https://support.microsoft.com/windows/complete-guide-to-narrator-e4397a0d-ef4f-b386-d8ae-c172f109bdb1). Narrator describes Windows and apps and enables you to control devices by using a keyboard, controller, or with a range of gestures on touch-supported devices. Starting in Windows 11, version 22H2, Narrator includes more natural voices.
 - [Create accessible apps](/windows/apps/develop/accessibility). You can develop accessible apps just like Mail, Groove, and Store that work well with Narrator and other leading screen readers.
 - Use keyboard shortcuts. Get the most out of Windows with shortcuts for apps and desktops.
  - [Keyboard shortcuts in Windows](https://support.microsoft.com/windows/keyboard-shortcuts-in-windows-dcc61a57-8ff0-cffe-9796-cb9706c75eec)
  - [Narrator keyboard commands and touch gestures](https://support.microsoft.com/windows/appendix-b-narrator-keyboard-commands-and-touch-gestures-8bdab3f4-b3e9-4554-7f28-8b15bd37410a)
  - [Windows keyboard shortcuts for accessibility](https://support.microsoft.com/windows/windows-keyboard-shortcuts-for-accessibility-021bcb62-45c8-e4ef-1e4f-41b8c1fc87fd)
 - Get closer with [Magnifier](https://support.microsoft.com/windows/use-magnifier-to-make-things-on-the-screen-easier-to-see-414948ba-8b1c-d3bd-8615-0e5e32204198). Magnifier enlarges all or part of your screen and offers various configuration settings.
 - [Make Windows easier to see](https://support.microsoft.com/windows/make-windows-easier-to-see-c97c2b0d-cadb-93f0-5fd1-59ccfe19345d).
  - Changing the size or color of pointers or adding trails or touch feedback make it easier to follow the mouse.
  - Adjust the size of text, icons, and other screen items to make them easier to see.
  - Many high-contrast themes are available to suit your needs.
 - [Have Cortana assist](https://support.microsoft.com/topic/what-is-cortana-953e648d-5668-e017-1341-7f26f7d0f825). Cortana can handle various tasks for you, including setting reminders, opening apps, finding facts, and sending emails and texts.
 - [Dictate text and commands](https://support.microsoft.com/windows/use-voice-recognition-in-windows-83ff75bd-63eb-0b6c-18d4-6fae94050571). Windows includes speech recognition that lets you tell it what to do.
 - [Simplify for focus](https://support.microsoft.com/windows/make-it-easier-to-focus-on-tasks-0d259fd9-e9d0-702c-c027-007f0e78eaf2). Reducing animations and turning off background images and transparency can minimize distractions.
 - [Keep notifications around longer](https://support.microsoft.com/windows/make-windows-easier-to-hear-9c18cfdc-63be-2d47-0f4f-5b00facfd2e1). If notifications aren't staying visible long enough for you to notice them, you can increase the time a notification will be displayed up to five minutes.
 - [Read in Braille](https://support.microsoft.com/windows/chapter-8-using-narrator-with-braille-3e5f065b-1c9d-6eb2-ec6d-1d07c9e94b20). Narrator supports braille displays from more than 35 manufacturers using more than 40 languages and multiple braille variants.
 ## Hearing
 - [View live transcription in a Teams meeting](https://support.microsoft.com/office/view-live-transcription-in-a-teams-meeting-dc1a8f23-2e20-4684-885e-2152e06a4a8b). During any Teams meeting, view a live transcription so you don't miss what's being said.
 - [Use Teams for sign language](https://www.microsoft.com/microsoft-teams/group-chat-software). Teams is available on various platforms and devices, so you don't have to worry about whether your co-workers, friends, and family can communicate with you.
 - [Make Windows easier to hear](https://support.microsoft.com/windows/make-windows-easier-to-hear-9c18cfdc-63be-2d47-0f4f-5b00facfd2e1).
  - Replace audible alerts with visual alerts.
  - If notifications aren't staying visible long enough for you to notice them, you can increase the time a notification will be displayed up to five minutes.
  - Send all sounds to both left and right channels, which is helpful for those people with partial hearing loss or deafness in one ear.
 - [Read spoken words with captioning](https://support.microsoft.com/windows/change-caption-settings-135c465b-8cfd-3bac-9baf-4af74bc0069a). You can customize things like color, size, and background transparency to suit your needs and tastes.
 - Use the [Azure Cognitive Services Translator](/azure/cognitive-services/translator/) service to add machine translation to your solutions.
 ## Physical
 - [Have Cortana assist you](https://support.microsoft.com/topic/what-is-cortana-953e648d-5668-e017-1341-7f26f7d0f825). Cortana can handle various tasks for you, including setting reminders, opening apps, finding facts, and sending emails and texts.
 - [Dictate text and commands](https://support.microsoft.com/windows/use-voice-recognition-in-windows-83ff75bd-63eb-0b6c-18d4-6fae94050571). Windows includes voice recognition that lets you tell it what to do.
 - [Use the On-Screen Keyboard (OSK)](https://support.microsoft.com/windows/use-the-on-screen-keyboard-osk-to-type-ecbb5e08-5b4e-d8c8-f794-81dbf896267a). Instead of relying on a physical keyboard, use the OSK to enter data and select keys with a mouse or other pointing device. It also offers word prediction and completion.
 - [Make your mouse, keyboard, and other input devices easier to use](https://support.microsoft.com/windows/make-your-mouse-keyboard-and-other-input-devices-easier-to-use-10733da7-fa82-88be-0672-f123d4b3dcfe).
  - If you have limited control of your hands, you can personalize your keyboard to do helpful things like ignore repeated keys.
  - If a mouse is difficult to use, you can control the pointer by using your numeric keypad.
 ## Cognition
 - [Simplify for focus](https://support.microsoft.com/windows/make-it-easier-to-focus-on-tasks-0d259fd9-e9d0-702c-c027-007f0e78eaf2). Reducing animations and turning off background images and transparency can minimize distractions.
 - [Download and use fonts that are easier to read](https://www.microsoft.com/download/details.aspx?id=50721). **Fluent Sitka Small** and **Fluent Calibri** are fonts that address "visual crowding" by adding character and enhance word and line spacing.
 - [Microsoft Edge reading view](https://support.microsoft.com/windows/take-your-reading-with-you-b6699255-4436-708e-7b93-4d2e19a15af8). Clears distracting content from web pages so you can stay focused on what you really want to read.
 ## Assistive technology devices built into Windows
 - [Hear text read aloud with Narrator](https://support.microsoft.com/windows/hear-text-read-aloud-with-narrator-040f16c1-4632-b64e-110a-da4a0ac56917). Narrator reads text on your PC screen aloud and describes events, such as notifications or calendar appointments, so you can use your PC without a display.
 - [Use voice recognition](https://support.microsoft.com/windows/use-voice-recognition-in-windows-83ff75bd-63eb-0b6c-18d4-6fae94050571).
 - [Save time with keyboard shortcuts](https://support.microsoft.com/windows/keyboard-shortcuts-in-windows-dcc61a57-8ff0-cffe-9796-cb9706c75eec).
 ## Other resources
 [Windows accessibility](https://www.microsoft.com/Accessibility/windows)
 [Designing accessible software](/windows/apps/design/accessibility/designing-inclusive-software)
 [Inclusive design](https://www.microsoft.com/design/inclusive)
 [Accessibility guide for Microsoft 365 Apps](/deployoffice/accessibility-guide)
--- a/windows/deployment/index.yml
+++ b/windows/deployment/index.yml
@ -100,8 +100,8 @@ landingContent:
      - linkListType: learn
        links:
          - text: Plan to deploy updates for Windows 10 and Microsoft 365 Apps
-            url: /learn/modules/windows-plan
+            url: /training/modules/windows-plan
          - text: Prepare to deploy updates for Windows 10 and Microsoft 365 Apps
-            url: /learn/modules/windows-prepare/
+            url: /training/modules/windows-prepare/
          - text: Deploy updates for Windows 10 and Microsoft 365 Apps
-            url: /learn/modules/windows-deploy
+            url: /training/modules/windows-deploy
--- a/windows/deployment/update/deploy-updates-configmgr.md
+++ b/windows/deployment/update/deploy-updates-configmgr.md
@ -2,9 +2,9 @@
 title: Deploy Windows client updates with Configuration Manager
 description: Deploy Windows client updates with Configuration Manager
 ms.prod: w10
-author: aczechowski
+author: mestew
 ms.localizationpriority: medium
-ms.author: aaroncz
+ms.author: mstewart
 ms.reviewer: 
 manager: dougeby
 ms.topic: article
--- a/windows/deployment/update/deployment-service-overview.md
+++ b/windows/deployment/update/deployment-service-overview.md
@ -88,8 +88,8 @@ The Microsoft Graph SDK includes a PowerShell extension that you can use to scri
 ### Building your own application
 Microsoft Graph makes deployment service APIs available through. Get started with these learning paths:
- Learning Path: [Microsoft Graph Fundamentals](/learn/paths/m365-msgraph-fundamentals/)
+- Learning path: [Microsoft Graph Fundamentals](/training/paths/m365-msgraph-fundamentals/)
- Learning Path: [Build apps with Microsoft Graph](/learn/paths/m365-msgraph-associate/)
+- Learning path: [Build apps with Microsoft Graph](/training/paths/m365-msgraph-associate/)
 Once you are familiar with Microsoft Graph development, see [Windows updates API overview in Microsoft Graph](/graph/windowsupdates-concept-overview) for more.
--- a/windows/deployment/update/waas-restart.md
+++ b/windows/deployment/update/waas-restart.md
@ -10,6 +10,7 @@ ms.topic: article
 ms.custom:
 - seo-marvel-apr2020
 ms.collection: highpri
 date: 09/22/2022
 ---
 # Manage device restarts after updates
@ -18,11 +19,11 @@ ms.collection: highpri
 **Applies to**
 - Windows 10
-
+- Windows 11
 > **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq)
-You can use Group Policy settings, mobile device management (MDM), or Registry (not recommended) to configure when devices will restart after a Windows 10 update is installed. You can schedule update installation and set policies for restart, configure active hours for when restarts will not occur, or you can do both.
+You can use Group Policy settings, mobile device management (MDM), or Registry (not recommended) to configure when devices will restart after a Windows update is installed. You can schedule update installation and set policies for restart, configure active hours for when restarts will not occur, or you can do both.
 ## Schedule update installation
@ -100,15 +101,27 @@ To configure active hours max range through MDM, use [**Update/ActiveHoursMaxRan
 ## Limit restart delays
-After an update is installed, Windows 10 attempts automatic restart outside of active hours. If the restart does not succeed after seven days (by default), the user will see a notification that restart is required. You can use the **Specify deadline before auto-restart for update installation** policy to change the delay from seven days to any number of days between two and 14.
+After an update is installed, Windows attempts automatic restart outside of active hours. If the restart does not succeed after seven days (by default), the user will see a notification that restart is required. You can use the **Specify deadline before auto-restart for update installation** policy to change the delay from seven days to any number of days between two and 14.
 ## Control restart notifications
-In Windows 10, version 1703, we have added settings to control restart notifications for users.
+### Display options for update notifications
 Starting in Windows 10 version 1809, you can define which Windows Update notifications are displayed to the user. This policy doesn't control how and when updates are downloaded and installed. You can use **Computer Configuration > Administrative Templates > Windows Components > Windows Update > Display options for update notifications** with these values:
 **0** (default) - Use the default Windows Update notifications </br>
 **1** - Turn off all notifications, excluding restart warnings </br>
 **2** - Turn off all notifications, including restart warnings </br>
 To configure this behavior through MDM, use [**Update/UpdateNotificationLevel**](/windows/client-management/mdm/policy-configuration-service-provider#update-updatenotificationlevel).
 Starting in Windows 11, version 22H2, **Apply only during active hours** was added as an additional option for **Display options for update notifications**. When **Apply only during active hours** is selected, the notifications will only be disabled during active hours when options `1` or `2` are used. To ensure that the device stays updated, a notification will still be shown during active hours if **Apply only during active hours** is selected, and once a deadline has been reached when [Specify deadlines for automatic updates and restarts](wufb-compliancedeadlines.md) is configured. <!--6286260-->
 To configure this behavior through MDM, use [**Update/UpdateNotificationLevel**](/windows/client-management/mdm/policy-csp-update#update-NoUpdateNotificationDuringActiveHours).
 ### Auto-restart notifications
-Administrators can override the default behavior for the auto-restart required notification. By default, this notification will dismiss automatically.
+Administrators can override the default behavior for the auto-restart required notification. By default, this notification will dismiss automatically. This setting was added in Windows 10, version 1703.
 To configure this behavior through Group Policy, go to **Computer Configuration\Administrative Templates\Windows Components\Windows Update** and select **Configure auto-restart required notification for updates**. When configured to **2 - User Action**, a user that gets this notification must manually dismiss it.
@ -198,10 +211,10 @@ There are three different registry combinations for controlling restart behavior
 ## Related articles
- [Update Windows 10 in the enterprise](index.md)
+- [Update Windows in the enterprise](index.md)
 - [Overview of Windows as a service](waas-overview.md)
- [Configure Delivery Optimization for Windows 10 updates](../do/waas-delivery-optimization.md)
+- [Configure Delivery Optimization for Windows updates](../do/waas-delivery-optimization.md)
- [Configure BranchCache for Windows 10 updates](waas-branchcache.md)
+- [Configure BranchCache for Windows updates](waas-branchcache.md)
 - [Configure Windows Update for Business](waas-configure-wufb.md)
 - [Integrate Windows Update for Business with management solutions](waas-integrate-wufb.md)
 - [Walkthrough: use Group Policy to configure Windows Update for Business](waas-wufb-group-policy.md)
--- a/windows/deployment/update/waas-wu-settings.md
+++ b/windows/deployment/update/waas-wu-settings.md
@ -3,12 +3,12 @@ title: Manage additional Windows Update settings
 description: In this article, learn about additional settings to control the behavior of Windows Update.
 ms.prod: w10
 ms.localizationpriority: medium
-author: aczechowski
+author: mestew
-ms.author: aaroncz
+ms.author: mstewart
-manager: dougeby
+manager: aaroncz
 ms.topic: article
 ms.custom: seo-marvel-apr2020
 ms.collection: highpri
 date: 09/22/2022
 ---
 # Manage additional Windows Update settings
@ -36,6 +36,7 @@ You can use Group Policy settings or mobile device management (MDM) to configure
 | [Allow signed updates from an intranet Microsoft update service location](#allow-signed-updates-from-an-intranet-microsoft-update-service-location) | [AllowNonMicrosoftSignedUpdate](/windows/client-management/mdm/policy-configuration-service-provider#update-allownonmicrosoftsignedupdate) | All |
 | [Do not include drivers with Windows Updates](#do-not-include-drivers-with-windows-updates) | [ExcludeWUDriversInQualityUpdate](/windows/client-management/mdm/policy-configuration-service-provider#update-excludewudriversinqualityupdate) | 1607 |
 | [Configure Automatic Updates](#configure-automatic-updates) | [AllowAutoUpdate](/windows/client-management/mdm/policy-configuration-service-provider#update-allowautoupdate) | All |
 | |  [Windows Update notifications display organization name](#bkmk_display-name) </br></br> *Organization name is displayed by default. A registry value can disable this behavior. | Windows 11 devices that are Azure Active Directory joined or registered <!--6286260-->| 
 >[!IMPORTANT]
 >Additional information about settings to manage device restarts and restart notifications for updates is available on **[Manage device restarts after updates](waas-restart.md)**.
@ -230,7 +231,7 @@ To do this, follow these steps:
     > [!NOTE]
     > This setting affects client behavior after the clients have updated to the SUS SP1 client version or later versions.
-To use Automatic Updates with a server that is running Software Update Services, see the Deploying Microsoft Windows Server Update Services 2.0 guidance.
+To use Automatic Updates with a server that is running Windows Software Update Services (WSUS), see the [Deploying Microsoft Windows Server Update Services](/windows-server/administration/windows-server-update-services/deploy/deploy-windows-server-update-services) guidance.
 When you configure Automatic Updates directly by using the policy registry keys, the policy overrides the preferences that are set by the local administrative user to configure the client. If an administrator removes the registry keys at a later date, the preferences that were set by the local administrative user are used again.
@ -246,3 +247,32 @@ HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\
 *  WUStatusServer (REG_SZ)
   This value sets the SUS statistics server by HTTP name (for example, http://IntranetSUS).
 ## <a name="bkmk_display-name"> </a> Display organization name in Windows Update notifications
 <!--6286260-->
 When Windows 11 clients are associated with an Azure AD tenant, the organization name appears in the Windows Update notifications. For instance, when you have a compliance deadline configured for Windows Update for Business, the user notification will display a message similar to **Contoso requires important updates to be installed**. The organization name will also display on the **Windows Update** page in the **Settings** for Windows 11.  
 The organization name appears automatically for Windows 11 clients that are associated with Azure AD in any of the following ways:
 - [Azure AD joined](/azure/active-directory/devices/concept-azure-ad-join) 
 - [Azure AD registered](/azure/active-directory/devices/concept-azure-ad-register)
 - [Hybrid Azure AD joined](/azure/active-directory/devices/concept-azure-ad-join-hybrid)
 To disable displaying the organization name in Windows Update notifications, add or modify the following in the registry:
   - **Registry key**: `HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsUpdate\Orchestrator\Configurations`
  -   **DWORD value name**: UsoDisableAADJAttribution
  - **Value data:** 1
 The following PowerShell script is provided as an example to you: 
 ```powershell
 $registryPath = "HKLM:\Software\Microsoft\WindowsUpdate\Orchestrator\Configurations"
 $Name = "UsoDisableAADJAttribution"
 $value = "1" 
 if (!(Test-Path $registryPath)) 
 {
  New-Item -Path $registryPath -Force | Out-Null
 }
 New-ItemProperty -Path $registryPath -Name $name -Value $value -PropertyType DWORD -Force | Out-Null
 ```
--- a/windows/deployment/update/waas-wufb-group-policy.md
+++ b/windows/deployment/update/waas-wufb-group-policy.md
@ -178,12 +178,14 @@ There are additional settings that affect the notifications.
 We recommend that you use the default notifications as they aim to provide the best user experience while adjusting for the compliance policies that you have set. If you do have further needs that are not met by the default notification settings, you can use **Computer Configuration > Administrative Templates > Windows Components > Windows Update > Display options for update notifications** with these values:
-**0** (default) – Use the default Windows Update notifications
+**0** (default) - Use the default Windows Update notifications </br>
-**1** – Turn off all notifications, excluding restart warnings
+**1** - Turn off all notifications, excluding restart warnings </br>
-**2** – Turn off all notifications, including restart warnings
+**2** - Turn off all notifications, including restart warnings </br>
 Option **2** creates a poor experience for personal devices; it's only recommended for kiosk devices where automatic restarts have been disabled.
 > [!NOTE] 
-> Option **2** creates a poor experience for personal devices; it's only recommended for kiosk devices where automatic restarts have been disabled.
+> Starting in Windows 11, version 22H2, **Apply only during active hours** was added as an additional option for **Display options for update notifications**. When **Apply only during active hours** is selected, the notifications will only be disabled during active hours when options `1` or `2` are used. To ensure that the device stays updated, a notification will still be shown during active hours if **Apply only during active hours** is selected, and once a deadline has been reached when [Specify deadlines for automatic updates and restarts](wufb-compliancedeadlines.md) is configured. <!--6286260-->
 Still more options are available in **Computer Configuration > Administrative Templates > Windows Components > Windows Update > Configure auto-restart restart warning notifications schedule for updates**. This setting allows you to specify the period for auto-restart warning reminder notifications (from 2-24 hours; 4 hours is the default) before the update and to specify the period for auto-restart imminent warning notifications (15-60 minutes is the default). We recommend using the default notifications.
--- a/windows/deployment/upgrade/setupdiag.md
+++ b/windows/deployment/upgrade/setupdiag.md
@ -444,14 +444,14 @@ System Information:
 Error: SetupDiag reports Optional Component installation failed to open OC Package. Package Name: Foundation, Error: 0x8007001F
 Recommend you check the "Windows Modules Installer" service (Trusted Installer) is started on the system and set to automatic start, reboot and try the update again.  Optionally, you can check the status of optional components on the system (search for Windows Features), uninstall any unneeded optional components, reboot and try the update again.
 Error: SetupDiag reports down-level failure, Operation: Finalize, Error: 0x8007001F - 0x50015
-Refer to https://docs.microsoft.com/windows/deployment/upgrade/upgrade-error-codes for error information.
+Refer to https://learn.microsoft.com/windows/deployment/upgrade/upgrade-error-codes for error information.
 ```
 ### XML log sample
 ```xml
 <?xml version="1.0" encoding="utf-16"?>
-<SetupDiag xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="https://docs.microsoft.com/windows/deployment/upgrade/setupdiag">
+<SetupDiag xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="https://learn.microsoft.com/windows/deployment/upgrade/setupdiag">
  <Version>1.6.0.0</Version>
  <ProfileName>FindSPFatalError</ProfileName>
  <ProfileGuid>A4028172-1B09-48F8-AD3B-86CDD7D55852</ProfileGuid>
@ -494,7 +494,7 @@ Error: 0x00000057</FailureData>
  <FailureData>LogEntry: 2019-06-06 21:47:11, Error                 SP     Error converting install time 5/2/2019 to structure[gle=0x00000057]</FailureData>
  <FailureData>LogEntry: 2019-06-06 21:47:11, Error                 SP     Error converting install time 5/2/2019 to structure[gle=0x00000057]</FailureData>
  <FailureData>
-Refer to "https://docs.microsoft.com/windows/desktop/Debug/system-error-codes" for error information.</FailureData>
+Refer to "https://learn.microsoft.com/windows/desktop/Debug/system-error-codes" for error information.</FailureData>
  <FailureDetails>Err = 0x00000057, LastOperation = Gather data, scope: EVERYTHING, LastPhase = Downlevel</FailureDetails>
 </SetupDiag>
 ```
@ -548,7 +548,7 @@ Refer to "https://docs.microsoft.com/windows/desktop/Debug/system-error-codes" f
        "LogEntry: 2019-06-06 21:47:11, Error                 SP     Error converting install time 5\/2\/2019 to structure[
            gle=0x00000057
        ]",
-        "\u000aRefer to \"https:\/\/docs.microsoft.com\/en-us\/windows\/desktop\/Debug\/system-error-codes\" for error information."
+        "\u000aRefer to \"https:\/\/learn.microsoft.com\/windows\/desktop\/Debug\/system-error-codes\" for error information."
    ],
    "FailureDetails":"Err = 0x00000057, LastOperation = Gather data, scope: EVERYTHING, LastPhase = Downlevel",
    "DeviceDriverInfo":null,
--- a/windows/hub/index.yml
+++ b/windows/hub/index.yml
@ -105,7 +105,7 @@ conceptualContent:
        - url: /windows/configuration/provisioning-packages/provisioning-packages
          itemType: how-to-guide
          text: Use Provisioning packages to configure new devices
-        - url: /windows/configuration/windows-10-accessibility-for-itpros
+        - url: /windows/configuration/windows-accessibility-for-itpros
          itemType: overview
          text: Accessibility information for IT Pros
        - url: /windows/configuration/customize-start-menu-layout-windows-11
--- a/windows/privacy/index.yml
+++ b/windows/privacy/index.yml
@ -68,50 +68,50 @@ productDirectory:
 #     # Card
 #     - title: cardtitle1
 #       links:
-#         - url: file1.md OR https://docs.microsoft.com/file1
+#         - url: file1.md OR https://learn.microsoft.com/file1
 #           itemType: itemType
 #           text: linktext1
-#         - url: file2.md OR https://docs.microsoft.com/file2
+#         - url: file2.md OR https://learn.microsoft.com/file2
 #           itemType: itemType
 #           text: linktext2
-#         - url: file3.md OR https://docs.microsoft.com/file3
+#         - url: file3.md OR https://learn.microsoft.com/file3
 #           itemType: itemType
 #           text: linktext3
 #       # footerLink (optional)
 #       footerLink:
-#         url: filefooter.md OR https://docs.microsoft.com/filefooter
+#         url: filefooter.md OR https://learn.microsoft.com/filefooter
 #         text: See more
 #     # Card
 #     - title: cardtitle2
 #       links:
-#         - url: file1.md OR https://docs.microsoft.com/file1
+#         - url: file1.md OR https://learn.microsoft.com/file1
 #           itemType: itemType
 #           text: linktext1
-#         - url: file2.md OR https://docs.microsoft.com/file2
+#         - url: file2.md OR https://learn.microsoft.com/file2
 #           itemType: itemType
 #           text: linktext2
-#         - url: file3.md OR https://docs.microsoft.com/file3
+#         - url: file3.md OR https://learn.microsoft.com/file3
 #           itemType: itemType
 #           text: linktext3
 #       # footerLink (optional)
 #       footerLink:
-#         url: filefooter.md OR https://docs.microsoft.com/filefooter
+#         url: filefooter.md OR https://learn.microsoft.com/filefooter
 #         text: See more
 #     # Card
 #     - title: cardtitle3
 #       links:
-#         - url: file1.md OR https://docs.microsoft.com/file1
+#         - url: file1.md OR https://learn.microsoft.com/file1
 #           itemType: itemType
 #           text: linktext1
-#         - url: file2.md OR https://docs.microsoft.com/file2
+#         - url: file2.md OR https://learn.microsoft.com/file2
 #           itemType: itemType
 #           text: linktext2
-#         - url: file3.md OR https://docs.microsoft.com/file3
+#         - url: file3.md OR https://learn.microsoft.com/file3
 #           itemType: itemType
 #           text: linktext3
 #       # footerLink (optional)
 #       footerLink:
-#         url: filefooter.md OR https://docs.microsoft.com/filefooter
+#         url: filefooter.md OR https://learn.microsoft.com/filefooter
 #         text: See more
 # # tools section (optional)
@ -122,15 +122,15 @@ productDirectory:
 #     # Card
 #     - title: cardtitle1
 #       # imageSrc should be square in ratio with no whitespace
-#       imageSrc: ./media/index/image1.svg OR https://docs.microsoft.com/media/logos/image1.svg
+#       imageSrc: ./media/index/image1.svg OR https://learn.microsoft.com/media/logos/image1.svg
 #       url: file1.md
 #     # Card
 #     - title: cardtitle2
-#       imageSrc: ./media/index/image2.svg OR https://docs.microsoft.com/media/logos/image2.svg
+#       imageSrc: ./media/index/image2.svg OR https://learn.microsoft.com/media/logos/image2.svg
 #       url: file2.md
 #     # Card
 #     - title: cardtitle3
-#       imageSrc: ./media/index/image3.svg OR https://docs.microsoft.com/media/logos/image3.svg
+#       imageSrc: ./media/index/image3.svg OR https://learn.microsoft.com/media/logos/image3.svg
 #       url: file3.md
 # additionalContent section (optional)
@ -144,15 +144,15 @@ productDirectory:
 #         # Card
 #         - title: cardtitle1
 #           summary: cardsummary1
-#           url: file1.md OR https://docs.microsoft.com/file1
+#           url: file1.md OR https://learn.microsoft.com/file1
 #         # Card
 #         - title: cardtitle2
 #           summary: cardsummary2
-#           url: file1.md OR https://docs.microsoft.com/file2
+#           url: file1.md OR https://learn.microsoft.com/file2
 #         # Card
 #         - title: cardtitle3
 #           summary: cardsummary3
-#           url: file1.md OR https://docs.microsoft.com/file3
+#           url: file1.md OR https://learn.microsoft.com/file3
 #   # footer (optional)
 #   footer: "footertext [linktext](/footerfile)"
--- a/windows/security/TOC.yml
+++ b/windows/security/TOC.yml
@ -8,10 +8,16 @@
  items:
    - name: Overview
      href: hardware.md
    - name: Microsoft Pluton security processor
      items:
        - name: Microsoft Pluton overview
          href: information-protection/pluton/microsoft-pluton-security-processor.md
        - name: Microsoft Pluton as TPM
          href: information-protection/pluton/pluton-as-tpm.md
    - name: Trusted Platform Module
      href: information-protection/tpm/trusted-platform-module-top-node.md
      items:
-        - name: Trusted Platform Module Overview
+        - name: Trusted Platform Module overview
          href: information-protection/tpm/trusted-platform-module-overview.md
        - name: TPM fundamentals
          href: information-protection/tpm/tpm-fundamentals.md
@ -149,6 +155,14 @@
                  href: information-protection/bitlocker/ts-bitlocker-tpm-issues.md
                - name: Decode Measured Boot logs to track PCR changes
                  href: information-protection/bitlocker/ts-bitlocker-decode-measured-boot-logs.md
     - name: Personal Data Encryption (PDE)
       items:
       - name: Personal Data Encryption (PDE) overview
         href: information-protection/personal-data-encryption/overview-pde.md
       - name: Personal Data Encryption (PDE) (FAQ)
         href: information-protection/personal-data-encryption/faq-pde.yml
       - name: Configure Personal Data Encryption (PDE) in Intune
         href: information-protection/personal-data-encryption/configure-pde-in-intune.md    
     - name: Configure S/MIME for Windows
       href: identity-protection/configure-s-mime.md
   - name: Network security
--- a/windows/security/encryption-data-protection.md
+++ b/windows/security/encryption-data-protection.md
@ -2,17 +2,17 @@
 title: Encryption and data protection in Windows
 description: Get an overview encryption and data protection in Windows 11 and Windows 10
 search.appverid: MET150 
-author: denisebmsft
+author: frankroj
-ms.author: deniseb
+ms.author: frankroj
-manager: dansimp 
+manager: aaroncz
-ms.topic: conceptual
+ms.topic: overview
-ms.date: 09/08/2021
+ms.date: 09/22/2022
-ms.prod: m365-security
+ms.prod: windows-client
-ms.technology: windows-sec
+ms.technology: itpro-security
 ms.localizationpriority: medium
 ms.collection: 
 ms.custom: 
-ms.reviewer: deepakm, rafals  
+ms.reviewer: rafals  
 ---
 # Encryption and data protection in Windows client
@ -32,8 +32,8 @@ Encrypted hard drives provide:
 - Better performance: Encryption hardware, integrated into the drive controller, allows the drive to operate at full data rate with no performance degradation.
 - Strong security based in hardware: Encryption is always "on" and the keys for encryption never leave the hard drive. User authentication is performed by the drive before it will unlock, independently of the operating system.
- Ease of use: Encryption is transparent to the user, and the user does not need to enable it. Encrypted hard drives are easily erased using on-board encryption key; there is no need to re-encrypt data on the drive.
+- Ease of use: Encryption is transparent to the user, and the user doesn't need to enable it. Encrypted hard drives are easily erased using on-board encryption key; there's no need to re-encrypt data on the drive.
- Lower cost of ownership: There is no need for new infrastructure to manage encryption keys, since BitLocker uses your existing infrastructure to store recovery information. Your device operates more efficiently because processor cycles do not need to be used for the encryption process.
+- Lower cost of ownership: There's no need for new infrastructure to manage encryption keys, since BitLocker uses your existing infrastructure to store recovery information. Your device operates more efficiently because processor cycles don't need to be used for the encryption process.
 Encrypted hard drives are a new class of hard drives that are self-encrypted at a hardware level and allow for full disk hardware encryption. 
@ -45,8 +45,14 @@ BitLocker provides encryption for the operating system, fixed data, and removabl
 Windows consistently improves data protection by improving existing options and providing new strategies.
 ## Personal Data Encryption (PDE)
 <!-- Max 5963468 OS 32516487 -->
 (*Applies to: Windows 11, version 22H2 and later*)
 [!INCLUDE [Personal Data Encryption (PDE) description](information-protection/personal-data-encryption/includes/pde-description.md)]
 ## See also
 - [Encrypted Hard Drive](information-protection/encrypted-hard-drive.md)
 - [BitLocker](information-protection/bitlocker/bitlocker-overview.md)
 - [Personal Data Encryption (PDE)](information-protection/personal-data-encryption/overview-pde.md)
--- a/windows/security/identity-protection/credential-guard/dg-readiness-tool.md
+++ b/windows/security/identity-protection/credential-guard/dg-readiness-tool.md
@ -25,6 +25,8 @@ appliesto:
 param([switch]$Capable, [switch]$Ready, [switch]$Enable, [switch]$Disable, $SIPolicyPath, [switch]$AutoReboot, [switch]$DG, [switch]$CG, [switch]$HVCI, [switch]$HLK, [switch]$Clear, [switch]$ResetVerifier)
 Set-StrictMode -Version Latest
 $path = "C:\DGLogs\"
 $LogFile = $path + "DeviceGuardCheckLog.txt"
@ -796,7 +798,13 @@ function CheckOSArchitecture
 function CheckSecureBootState
 {
    try { 
        $_secureBoot = Confirm-SecureBootUEFI
    }
    catch
    {
        $_secureBoot = $false
    }
    Log $_secureBoot
    if($_secureBoot)
    {
--- a/windows/security/information-protection/images/pluton/pluton-firmware-load.png
+++ b/windows/security/information-protection/images/pluton/pluton-firmware-load.png
--- a/windows/security/information-protection/images/pluton/pluton-security-architecture.png
+++ b/windows/security/information-protection/images/pluton/pluton-security-architecture.png
--- a/windows/security/information-protection/personal-data-encryption/configure-pde-in-intune.md
+++ b/windows/security/information-protection/personal-data-encryption/configure-pde-in-intune.md
@ -0,0 +1,124 @@
 ---
 title: Configure Personal Data Encryption (PDE) in Intune
 description: Configuring and enabling Personal Data Encryption (PDE) required and recommended policies in Intune
 author: frankroj
 ms.author: frankroj
 ms.reviewer: rafals
 manager: aaroncz
 ms.topic: how-to
 ms.prod: windows-client
 ms.technology: itpro-security
 ms.localizationpriority: medium
 ms.date: 09/22/2022
 ---
 <!-- Max 5963468 OS 32516487 -->
 # Configure Personal Data Encryption (PDE) policies in Intune
 ## Required prerequisites
 ### Enable Personal Data Encryption (PDE)
 1. Sign into the Intune
 2. Navigate to **Devices** > **Configuration Profiles**
 3. Select **Create profile**
 4. Under **Platform**, select **Windows 10 and later**
 5. Under **Profile type**, select **Templates**
 6. Under **Template name**, select **Custom**, and then select **Create**
 7. On the ****Basics** tab: 
    1. Next to **Name**, enter **Personal Data Encryption**
    2. Next to **Description**, enter a description 
 8. Select **Next**
 9. On the **Configuration settings** tab, select **Add**
 10. In the **Add Row** window:
    1. Next to **Name**, enter **Personal Data Encryption**
    2. Next to **Description**, enter a description
    3. Next to **OMA-URI**, enter in **./User/Vendor/MSFT/PDE/EnablePersonalDataEncryption**
    4. Next to **Data type**, select **Integer**
    5. Next to **Value**, enter in **1**
 11. Select **Save**, and then select **Next**
 12. On the **Assignments** tab:
    1. Under **Included groups**, select **Add groups**
    2. Select the groups that the PDE policy should be deployed to
    3. Select **Select**
    4. Select **Next**
 13. On the **Applicability Rules** tab, configure if necessary and then select **Next**
 14. On the **Review + create** tab, review the configuration to make sure everything is configured correctly, and then select **Create**
 #### Disable Winlogon automatic restart sign-on (ARSO)
 1. Sign into the Intune
 2. Navigate to **Devices** > **Configuration Profiles**
 3. Select **Create profile**
 4. Under **Platform**, select **Windows 10 and later**
 5. Under **Profile type**, select **Templates**
 6. Under **Template name**, select **Administrative templates**, and then select **Create**
 7. On the ****Basics** tab:
    1. Next to **Name**, enter **Disable ARSO**
    2. Next to **Description**, enter a description
 8. Select **Next**
 9. On the **Configuration settings** tab, under **Computer Configuration**, navigate to **Windows Components** > **Windows Logon Options**
 10. Select **Sign-in and lock last interactive user automatically after a restart**
 11. In the **Sign-in and lock last interactive user automatically after a restart** window that opens, select **Disabled**, and then select **OK**
 12. Select **Next**
 13. On the **Scope tags** tab, configure if necessary and then select **Next**
 12. On the **Assignments** tab:
    1. Under **Included groups**, select **Add groups**
    2. Select the groups that the ARSO policy should be deployed to
    3. Select **Select**
    4. Select **Next**
 13. On the **Review + create** tab, review the configuration to make sure everything is configured correctly, and then select **Create**
 ## Recommended prerequisites
 #### Disable crash dumps
 1. Sign into the Intune
 2. Navigate to **Devices** > **Configuration Profiles**
 3. Select **Create profile**
 4. Under **Platform**, select **Windows 10 and later**
 5. Under **Profile type**, select **Settings catalog**, and then select **Create**
 6. On the ****Basics** tab:
    1. Next to **Name**, enter **Disable Hibernation**
    2. Next to **Description**, enter a description
 7. Select **Next**
 8. On the **Configuration settings** tab, select **Add settings**
 9. In the **Settings picker** windows, select **Memory Dump**
 10. When the settings appear in the lower pane, under **Setting name**, select both **Allow Crash Dump** and **Allow Live Dump**, and then select the **X** in the top right corner of the **Settings picker** window to close the window
 11. Change both **Allow Live Dump** and **Allow Crash Dump** to **Block**, and then select **Next**
 12. On the **Scope tags** tab, configure if necessary and then select **Next**
 13. On the **Assignments** tab:
    1. Under **Included groups**, select **Add groups**
    2. Select the groups that the crash dumps policy should be deployed to
    3. Select **Select**
    4. Select **Next**
 14. On the **Review + create** tab, review the configuration to make sure everything is configured correctly, and then select **Create**
 #### Disable hibernation
 1. Sign into the Intune
 2. Navigate to **Devices** > **Configuration Profiles**
 3. Select **Create profile**
 4. Under **Platform**, select **Windows 10 and later**
 5. Under **Profile type**, select **Settings catalog**, and then select **Create**
 6. On the ****Basics** tab:
    1. Next to **Name**, enter **Disable Hibernation**
    2. Next to **Description**, enter a description
 7. Select **Next**
 8. On the **Configuration settings** tab, select **Add settings**
 9. In the **Settings picker** windows, select **Power**
 10. When the settings appear in the lower pane, under **Setting name**, select **Allow Hibernate**, and then select the **X** in the top right corner of the **Settings picker** window to close the window
 11. Change **Allow Hibernate** to **Block**, and then select **Next**
 12. On the **Scope tags** tab, configure if necessary and then select **Next**
 13. On the **Assignments** tab:
    1. Under **Included groups**, select **Add groups**
    2. Select the groups that the hibernation policy should be deployed to
    3. Select **Select**
    4. Select **Next**
 14. On the **Review + create** tab, review the configuration to make sure everything is configured correctly, and then select **Create**
 ## See also
 - [Personal Data Encryption (PDE)](overview-pde.md)
 - [Personal Data Encryption (PDE) FAQ](faq-pde.yml)
--- a/windows/security/information-protection/personal-data-encryption/faq-pde.yml
+++ b/windows/security/information-protection/personal-data-encryption/faq-pde.yml
@ -0,0 +1,74 @@
 ### YamlMime:FAQ
 metadata:
  title: Frequently asked questions for Personal Data Encryption (PDE)
  description: Answers to common questions regarding Personal Data Encryption (PDE).
  author: frankroj
  ms.author: frankroj
  ms.reviewer: rafals
  manager: aaroncz
  ms.topic: faq
  ms.prod: windows-client
  ms.technology: itpro-security
  ms.localizationpriority: medium
  ms.date: 09/22/2022
 title: Frequently asked questions for Personal Data Encryption (PDE)
 summary: |
  Here are some answers to common questions regarding Personal Data Encryption (PDE)
 sections:
  - name: Single section - ignored
    questions:
      - question: Can PDE encrypt entire volumes or drives?
        answer: |
          No. PDE only encrypts specified files.
      - question: Is PDE a replacement for BitLocker?
        answer: |
          No. It's still recommended to encrypt all volumes with BitLocker Drive Encryption for increased security.
      - question: Can an IT admin specify which files should be encrypted?
        answer: |
          Yes, but it can only be done using the PDE APIs.
      - question: Do I need to use OneDrive as my backup provider?
        answer: |
          No. PDE doesn't have a requirement for a backup provider including OneDrive. However, backups are strongly recommended in case the encryption keys used by PDE are lost. OneDrive is a recommended backup provider.
      - question: What is the relation between Windows Hello for Business and PDE?
        answer: |
          Windows Hello for Business unlocks PDE encryption keys during user sign on.
      - question: Can a file be encrypted with both PDE and EFS at the same time?
        answer: |
          No. PDE and EFS are mutually exclusive.
      - question: Can a PDE encrypted files be accessed after signing on via a Remote Desktop connection (RDP)?
        answer: |
          No. Accessing PDE encrypted files over RDP isn't currently supported.
      - question: Can a PDE encrypted files be access via a network share?
        answer: |
          No. PDE encrypted files can only be accessed after signing on locally to Windows with Windows Hello for Business credentials.
      - question: How can it be determined if a file is encrypted with PDE?
        answer: |
          Encrypted files will show a padlock on the file's icon. Additionally, `cipher.exe` can be used to show the encryption state of the file.
      - question: Can users manually encrypt and decrypt files with PDE?
        answer: |
          Currently users can decrypt files manually but they can't encrypt files manually.
      - question: If a user signs into Windows with a password instead of Windows Hello for Business, will they be able to access their PDE encrypted files?
        answer: |
          No. PDE encryption keys are protected Windows Hello for Business credentials and will only be unlocked when signing on with Windows Hello for Business PIN or biometrics.
      - question: What encryption method and strength does PDE use?
        answer: |
          PDE uses AES-256 to encrypt files
 additionalContent: |
  ## See also
    - [Personal Data Encryption (PDE)](overview-pde.md)
    - [Configure Personal Data Encryption (PDE) polices in Intune](configure-pde-in-intune.md)
--- a/windows/security/information-protection/personal-data-encryption/includes/pde-description.md
+++ b/windows/security/information-protection/personal-data-encryption/includes/pde-description.md
@ -0,0 +1,27 @@
 ---
 title: Personal Data Encryption (PDE) description
 description: Personal Data Encryption (PDE) description include file
 author: frankroj
 ms.author: frankroj
 ms.reviewer: rafals
 manager: aaroncz
 ms.topic: how-to
 ms.prod: windows-client
 ms.technology: itpro-security
 ms.localizationpriority: medium
 ms.date: 09/22/2022
 ---
 <!-- Max 5963468 OS 32516487 -->
 Personal data encryption (PDE) is a security feature introduced in Windows 11, version 22H2 that provides additional encryption features to Windows. PDE differs from BitLocker in that it  encrypts individual files instead of whole volumes and disks. PDE occurs in addition to other encryption methods such as BitLocker.
 PDE utilizes Windows Hello for Business to link data encryption keys with user credentials. This feature can minimize the number of credentials the user has to remember to gain access to files. For example, when using BitLocker with PIN, a user would need to authenticate twice - once with the BitLocker PIN and a second time with Windows credentials. This requirement requires users to remember two different credentials. With PDE, users only need to enter one set of credentials via Windows Hello for Business.
 PDE is also accessibility friendly. For example, The BitLocker PIN entry screen doesn't have accessibility options. PDE however uses Windows Hello for Business, which does have accessibility features.
 Unlike BitLocker that releases data encryption keys at boot, PDE doesn't release data encryption keys until a user signs in using Windows Hello for Business. Users will only be able to access their PDE encrypted files once they've signed into Windows using Windows Hello for Business. Additionally, PDE has the ability to also discard the encryption keys when the device is locked.
 > [!NOTE]
 > PDE is currently only available to developers via [PDE APIs](/uwp/api/windows.security.dataprotection.userdataprotectionmanager). There is no user interface in Windows to either enable PDE or encrypt files via PDE. Also, although there is an MDM policy that can enable PDE, there are no MDM policies that can be used to encrypt files via PDE.
--- a/windows/security/information-protection/personal-data-encryption/overview-pde.md
+++ b/windows/security/information-protection/personal-data-encryption/overview-pde.md
@ -0,0 +1,142 @@
 ---
 title: Personal Data Encryption (PDE)
 description: Personal Data Encryption unlocks user encrypted files at user sign in instead of at boot.
 author: frankroj
 ms.author: frankroj
 ms.reviewer: rafals
 manager: aaroncz
 ms.topic: how-to
 ms.prod: windows-client
 ms.technology: itpro-security
 ms.localizationpriority: medium
 ms.date: 09/22/2022
 ---
 <!-- Max 5963468 OS 32516487 -->
 # Personal Data Encryption (PDE)
 (*Applies to: Windows 11, version 22H2 and later Enterprise and Education editions*)
 [!INCLUDE [Personal Data Encryption (PDE) description](includes/pde-description.md)]
 ## Prerequisites
 ### **Required**
  - [Azure AD joined device](/azure/active-directory/devices/concept-azure-ad-join)
  - [Windows Hello for Business](../../identity-protection/hello-for-business/hello-overview.md)
  - Windows 11, version 22H2 and later Enterprise and Education editions
 ### **Not supported with PDE**
  - [FIDO/security key authentication](../../identity-protection/hello-for-business/microsoft-compatible-security-key.md)
  - [Winlogon automatic restart sign-on (ARSO)](/windows-server/identity/ad-ds/manage/component-updates/winlogon-automatic-restart-sign-on--arso-)
    -  For information on disabling ARSO via Intune, see [Disable Winlogon automatic restart sign-on (ARSO)](configure-pde-in-intune.md#disable-winlogon-automatic-restart-sign-on-arso)).
  - [Windows Information Protection (WIP)](../windows-information-protection/protect-enterprise-data-using-wip.md)
  - [Hybrid Azure AD joined devices](/azure/active-directory/devices/concept-azure-ad-join-hybrid)
  - Remote Desktop connections
 ### **Highly recommended**
  - [BitLocker Drive Encryption](../bitlocker/bitlocker-overview.md) enabled
    - Although PDE will work without BitLocker, it's recommended to also enable BitLocker. PDE is meant to supplement BitLocker and not replace it.
  - Backup solution such as [OneDrive](/onedrive/onedrive)
    - In certain scenarios such as TPM resets or destructive PIN resets, the PDE encryption keys can be lost. In such scenarios, any file encrypted with PDE will no longer be accessible. The only way to recover such files would be from backup.
  - [Windows Hello for Business PIN reset service](../../identity-protection/hello-for-business/hello-feature-pin-reset.md)
    - Destructive PIN resets will cause PDE encryption keys to be lost. The destructive PIN reset will make any file encrypted with PDE no longer accessible after a destructive PIN reset. Files encrypted with PDE will need to be recovered from a backup after a destructive PIN reset. For this reason Windows Hello for Business PIN reset service is recommended since it provides non-destructive PIN resets.
  - [Windows Hello Enhanced Sign-in Security](/windows-hardware/design/device-experiences/windows-hello-enhanced-sign-in-security)
    - Provides additional security when authenticating with Windows Hello for Business via biometrics or PIN
  - [Kernel and user mode crash dumps disabled](/windows/client-management/mdm/policy-csp-memorydump)
    - Crash dumps can potentially cause the PDE encryption keys to be exposed. For greatest security, disable kernel and user mode crash dumps. For information on disabling crash dumbs via Intune, see [Disable crash dumps](configure-pde-in-intune.md#disable-crash-dumps).
  - [Hibernation disabled](/windows/client-management/mdm/policy-csp-power#power-allowhibernate)
    - Hibernation files can potentially cause the PDE encryption keys to be exposed. For greatest security, disable hibernation. For information on disabling crash dumbs via Intune, see [Disable hibernation](configure-pde-in-intune.md#disable-hibernation).
 ## PDE protection levels
 PDE uses AES-256 to encrypt files and offers two levels of protection. The level of protection is determined based on the organizational needs. These levels can be set via the PDE APIs.
 | Item | Level 1 | Level 2 |
 |---|---|---|
 | Data is accessible when user is signed in | Yes | Yes |
 | Data is accessible when user has locked their device | Yes | No |
 | Data is accessible after user signs out | No | No |
 | Data is accessible when device is shut down | No | No |
 | Decryption keys discarded | After user signs out | After user locks device or signs out |
 ## PDE encrypted files accessibility
 When a file is encrypted with PDE, its icon will show a padlock. If the user hasn't signed in locally with Windows Hello for Business or an unauthorized user attempts to access a PDE encrypted file, they'll be denied access to the file.
 Scenarios where a user will be denied access to a PDE encrypted file include:
 - User has signed into Windows via a password instead of signing in with Windows Hello for Business biometric or PIN.
 - If specified via level 2 protection, when the device is locked.
 - When trying to access files on the device remotely. For example, UNC network paths.
 - Remote Desktop sessions.
 - Other users on the device who aren't owners of the file, even if they're signed in via Windows Hello for Business and have permissions to navigate to the PDE encrypted files.
 ## How to enable PDE
 To enable PDE on devices, push an MDM policy to the devices with the following parameters:
 - Name: **Personal Data Encryption**
 - OMA-URI: **./User/Vendor/MSFT/PDE/EnablePersonalDataEncryption**
 - Data type: **Integer**
 - Value: **1**
 There's also a [PDE CSP](/windows/client-management/mdm/personaldataencryption-csp) available for MDM solutions that support it.
 > [!NOTE]
 > Enabling the PDE policy on devices only enables the PDE feature. It does not encrypt any files. To encrypt files, use the [PDE APIs](/uwp/api/windows.security.dataprotection.userdataprotectionmanager) to create custom applications and scripts to specify which files to encrypt and at what level to encrypt the files. Additionally, files will not encrypt via the APIs until this policy has been enabled.
 For information on enabling PDE via Intune, see [Enable Personal Data Encryption (PDE)](configure-pde-in-intune.md#enable-personal-data-encryption-pde).
 ## Differences between PDE and BitLocker
 | Item | PDE | BitLocker |
 |--|--|--|
 | Release of encryption keys | At user sign in via Windows Hello for Business | At boot |
 | Encryption keys discarded | At user sign out | At reboot |
 | Files encrypted | Individual specified files | Entire volume/drive |
 | Authentication to access encrypted file | Windows Hello for Business | When BitLocker with PIN is enabled, BitLocker PIN plus Windows sign in |
 | Accessibility | Windows Hello for Business is accessibility friendly | BitLocker with PIN doesn't have accessibility features |
 ## Differences between PDE and EFS
 The main difference between encrypting files with PDE instead of EFS is the method they use to encrypt the file. PDE uses Windows Hello for Business to secure the encryption keys that encrypts the files. EFS uses certificates to secure and encrypt the files.
 To see if a file is encrypted with PDE or EFS:
 1. Open the properties of the file
 2. Under the **General** tab, select **Advanced...**
 3. In the **Advanced Attributes** windows, select **Details**
 For PDE encrypted files, under **Protection status:** there will be an item listed as **Personal Data Encryption is:** and it will have the attribute of **On**.
 For EFS encrypted files, under **Users who can access this file:**, there will be a **Certificate thumbprint** next to the users with access to the file. There will also be a section at the bottom labeled **Recovery certificates for this file as defined by recovery policy:**.
 Encryption information including what encryption method is being used can be obtained with the command line `cipher.exe /c` command.
 ## Disable PDE and decrypt files
 Currently there's no method to disable PDE via MDM policy. However, PDE can be disabled locally and files can be decrypted using `cipher.exe`.
 In certain scenarios a user may be able to manually decrypt a file using the following steps:
 1. Open the properties of the file
 2. Under the **General** tab, select **Advanced...**
 3. Uncheck the option **Encrypt contents to secure data**
 4. Select **OK**, and then **OK** again
 > [!Important]
 > Once a user selects to manually decrypt a file, they will not be able to manually encrypt the file again.
 ## Windows out of box applications that support PDE
 Certain Windows applications support PDE out of the box. If PDE is enabled on a device, these applications will utilize PDE.
 - Mail
  - Supports encrypting both email bodies and attachments
 ## See also
 - [Personal Data Encryption (PDE) FAQ](faq-pde.yml)
 - [Configure Personal Data Encryption (PDE) polices in Intune](configure-pde-in-intune.md)
--- a/windows/security/information-protection/pluton/microsoft-pluton-security-processor.md
+++ b/windows/security/information-protection/pluton/microsoft-pluton-security-processor.md
@ -0,0 +1,52 @@
 ---
 title: Microsoft Pluton security processor
 description: Learn more about Microsoft Pluton security processor
 ms.reviewer:
 ms.prod: m365-security
 author: vinaypamnani-msft
 ms.author: vinpa
 manager: aaroncz
 ms.localizationpriority: medium
 ms.collection:
  - M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/15/2022
 appliesto:
 - ✅ <b>Windows 11, version 22H2</b>
 ---
 # Microsoft Pluton security processor
 Microsoft Pluton security processor is a chip-to-cloud security technology built with [Zero Trust](/security/zero-trust/zero-trust-overview) principles at the core. Microsoft Pluton provides hardware-based root of trust, secure identity, secure attestation, and cryptographic services. Pluton technology is a combination of a secure subsystem which is part of the System on Chip (SoC) and Microsoft authored software that runs on this integrated secure subsystem.
 Microsoft Pluton is currently available on devices with Ryzen 7000 and Qualcomm Snapdragon® 8cx Gen 3 series processors. Microsoft Pluton can be enabled on devices with Pluton capable processors running Windows 11, version 22H2.
 ## What is Microsoft Pluton?
 Designed by Microsoft and built by silicon partners, Microsoft Pluton is a secure crypto-processor built into the CPU for security at the core to ensure code integrity and the latest protection with updates delivered by Microsoft through Windows Update. Pluton protects credentials, identities, personal data and encryption keys. Information is significantly harder to be removed even if an attacker has installed malware or has complete physical possession of the PC.
 Microsoft Pluton is designed to provide the functionality of the Trusted Platform Module as well as deliver other security functionality beyond what is possible with the TPM 2.0 specification, and allows for additional Pluton firmware and OS features to be delivered over time via Windows Update. For more information, see [Microsoft Pluton as TPM](pluton-as-tpm.md).
 Pluton is built on proven technology used in Xbox and Azure Sphere, and provides hardened integrated security capabilities to Windows 11 devices in collaboration with leading silicon partners. For more information, see [Meet the Microsoft Pluton processor – The security chip designed for the future of Windows PCs](https://www.microsoft.com/security/blog/2020/11/17/meet-the-microsoft-pluton-processor-the-security-chip-designed-for-the-future-of-windows-pcs/).
 ## Microsoft Pluton security architecture overview
 ![Diagram showing the Microsoft Pluton security processor architecture](../images/pluton/pluton-security-architecture.png)
 Pluton Security subsystem consists of the following layers:
 | | Description |
 |--|--|
 | **Hardware** | Pluton Security Processor is a secure element tightly integrated into the SoC subsystem. It provides a trusted execution environment while delivering cryptographic services required for protecting sensitive resources and critical items like keys, data, etc. |
 | **Firmware** | Microsoft authorized firmware provides required secure features and functionality, and exposes interfaces that operating system software and applications can use to interact with Pluton. The firmware is stored in the flash storage available on the motherboard. When the system boots, the firmware is loaded as a part of Pluton Hardware initialization. During Windows startup, a copy of this firmware (or the latest firmware obtained from Windows Update, if available) is loaded in the operating system. For additional information, see [Firmware load flow](#firmware-load-flow) |
 | **Software** | Operating system drivers and applications available to an end user to allow seamless usage of the hardware capabilities provided by the Pluton security subsystem. |
 ## Firmware load flow
 When the system boots, Pluton hardware initialization is performed by loading the Pluton firmware from the Serial Peripheral Interface (SPI) flash storage available on the motherboard. During Windows startup however, the latest version of the Pluton firmware is used by the operating system. If newer firmware is not available, Windows uses the firmware that was loaded during the hardware initialization. The diagram below illustrates this process:
 ![Diagram showing the Microsoft Pluton Firmware load flow](../images/pluton/pluton-firmware-load.png)
 ## Related topics
 [Microsoft Pluton as TPM](pluton-as-tpm.md)
--- a/windows/security/information-protection/pluton/pluton-as-tpm.md
+++ b/windows/security/information-protection/pluton/pluton-as-tpm.md
@ -0,0 +1,50 @@
 ---
 title: Microsoft Pluton as Trusted Platform Module (TPM 2.0)
 description: Learn more about Microsoft Pluton security processor as Trusted Platform Module (TPM 2.0)
 ms.reviewer:
 ms.prod: m365-security
 author: vinaypamnani-msft
 ms.author: vinpa
 manager: aaroncz
 ms.localizationpriority: medium
 ms.collection:
  - M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/15/2022
 appliesto:
 - ✅ <b>Windows 11, version 22H2</b>
 ---
 # Microsoft Pluton as Trusted Platform Module
 Microsoft Pluton is designed to provide the functionality of the Trusted Platform Module (TPM) thereby establishing the silicon root of trust. Microsoft Pluton supports the TPM 2.0 industry standard allowing customers to immediately benefit from the enhanced security in Windows features that rely on TPM including BitLocker, Windows Hello, and Windows Defender System Guard.
 As with other TPMs, credentials, encryption keys, and other sensitive information cannot be easily extracted from Pluton even if an attacker has installed malware or has complete physical possession of the device. Storing sensitive data like encryption keys securely within the Pluton processor, which is isolated from the rest of the system, helps ensure that emerging attack techniques such as speculative execution cannot access key material.
 Pluton also solves the major security challenge of keeping its own root-of-trust firmware up to date across the entire PC ecosystem, by delivering firmware updates from Windows Update. Today customers receive updates to their security firmware from a variety of different sources, which may make it difficult for them to apply these updates.
 To learn more about the TPM related scenarios that benefit from Pluton, see [TPM and Windows Features](/windows/security/information-protection/tpm/tpm-recommendations#tpm-and-windows-features).
 ## Microsoft Pluton as a security processor alongside discrete TPM
 Microsoft Pluton can be used as a TPM, or in conjunction with a TPM. Although Pluton builds security directly into the CPU, device manufacturers may choose to use discrete TPM as the default TPM, while having Pluton available to the system as a security processor for use cases beyond the TPM.
 Pluton is integrated within the SoC subsystem, and provides a flexible, updatable platform for running firmware that implements end-to-end security functionality authored, maintained, and updated by Microsoft. We encourage users owning devices that are Pluton capable, to enable Microsoft Pluton as the default TPM.
 ## Enable Microsoft Pluton as TPM
 Devices with Ryzen 7000 and Qualcomm Snapdragon® 8cx Gen 3 series processors are Pluton Capable, however enabling and providing an option to enable Pluton is at the discretion of the device manufacturer. Pluton is supported on these devices and can be enabled from the Unified Extensible Firmware Interface (UEFI) setup options for the device.
 UEFI setup options differ from product to product, visit the product website and check for guidance to enable Pluton as TPM.
 > [!WARNING]
 > If BitLocker is enabled, We recommend disabling BitLocker before changing the TPM configuration to prevent lockouts. After changing TPM configuration, re-enable BitLocker which will then bind the BitLocker keys with the Pluton TPM. Alternatively, save the BitLocker recovery key onto a USB drive.
 >
 > Windows Hello must be re-configured after switching the TPM. Setup alternate login methods before changing the TPM configuration to prevent any login issues.
 > [!TIP]
 > On most Lenovo devices, entering the UEFI options requires pressing Enter key at startup followed by pressing F1. In the UEFI Setup menu, select Security option, then on the Security page, select Security Chip option, to see the TPM configuration options. Under the drop-down list for Security Chip selection, select **MSFT Pluton** and click F10 to Save and Exit.
 ## Related topics
 [Microsoft Pluton security processor](/windows/security/information-protection/pluton/microsoft-pluton-security-processor)
--- a/windows/security/threat-protection/microsoft-defender-smartscreen/phishing-protection-microsoft-defender-smartscreen.md
+++ b/windows/security/threat-protection/microsoft-defender-smartscreen/phishing-protection-microsoft-defender-smartscreen.md
@ -15,7 +15,7 @@ manager: aaroncz
 ms.technology: windows-sec
 adobe-target: true
 appliesto:
- ✅ <b>Windows 11 22H2</b>
+- ✅ <b>Windows 11, version 22H2</b>
 ---
 # Enhanced Phishing Protection in Microsoft Defender SmartScreen  
--- a/windows/whats-new/images/windows-11-whats-new/windows-11-22h2-snap-layouts.png
+++ b/windows/whats-new/images/windows-11-whats-new/windows-11-22h2-snap-layouts.png
--- a/windows/whats-new/ltsc/whats-new-windows-10-2019.md
+++ b/windows/whats-new/ltsc/whats-new-windows-10-2019.md
@ -362,7 +362,7 @@ For more information about Update Compliance, see [Monitor Windows Updates with
 ### Accessibility
-"Out of box" accessibility is enhanced with auto-generated picture descriptions. For more information about accessibility, see [Accessibility information for IT Professionals](/windows/configuration/windows-10-accessibility-for-itpros). Also see the accessibility section in [What's new in the Windows 10 April 2018 Update](https://blogs.windows.com/windowsexperience/2018/04/30/whats-new-in-the-windows-10-april-2018-update/).
+"Out of box" accessibility is enhanced with auto-generated picture descriptions. For more information about accessibility, see [Accessibility information for IT Professionals](/windows/configuration/windows-accessibility-for-itpros). Also see the accessibility section in [What's new in the Windows 10 April 2018 Update](https://blogs.windows.com/windowsexperience/2018/04/30/whats-new-in-the-windows-10-april-2018-update/).
 ### Privacy
--- a/windows/whats-new/whats-new-windows-10-version-1803.md
+++ b/windows/whats-new/whats-new-windows-10-version-1803.md
@ -155,7 +155,7 @@ For more information, see: [Windows Hello and FIDO2 Security Keys enable secure
 ### Accessibility
-"Out of box" accessibility is enhanced with auto-generated picture descriptions. For more information about accessibility, see [Accessibility information for IT Professionals](/windows/configuration/windows-10-accessibility-for-itpros). Also see the accessibility section in the [What’s new in the Windows 10 April 2018 Update](https://blogs.windows.com/windowsexperience/2018/04/30/whats-new-in-the-windows-10-april-2018-update/) blog post.
+"Out of box" accessibility is enhanced with auto-generated picture descriptions. For more information about accessibility, see [Accessibility information for IT Professionals](/windows/configuration/windows-accessibility-for-itpros). Also see the accessibility section in the [What’s new in the Windows 10 April 2018 Update](https://blogs.windows.com/windowsexperience/2018/04/30/whats-new-in-the-windows-10-april-2018-update/) blog post.
 ### Privacy
--- a/windows/whats-new/windows-11-overview.md
+++ b/windows/whats-new/windows-11-overview.md
@ -2,12 +2,14 @@
 title: Windows 11 overview for administrators
 description: Learn more about Windows 11. Read about the features IT professionals and administrators should know about Windows 11, including security, using apps, using Android apps, the new desktop, and deploying and servicing PCs.
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
-author: aczechowski
+author: mestew
-ms.author: aaroncz
+ms.author: mstewart
-ms.prod: w10
+ms.prod: windows-client
 ms.date: 09/20/2022
 ms.technology: itpro-fundamentals
 ms.localizationpriority: medium
-ms.topic: article
+ms.topic: overview
 ms.collection: highpri
 ms.custom: intro-overview
 ---
@ -100,6 +102,12 @@ For more information on the security features you can configure, manage, and enf
  You can also add Snap Layouts to apps your organization creates. For more information, see [Support snap layouts for desktop apps on Windows 11](/windows/apps/desktop/modernize/apply-snap-layout-menu).
  Starting in Windows 11, version 22H2, you can also activate snap layouts by dragging a window to the top of the screen. The feature is available for both mouse and touch.<!-- MAX 6294246, OS 32513582 -->
  :::image type="content" source="images/windows-11-whats-new/windows-11-22h2-snap-layouts.png" alt-text="In Windows 11, version 22H2, activate snap layouts by dragging a window to the top of the screen.":::
  For more information on the end-user experience, see [Snap your windows](https://support.microsoft.com/windows/snap-your-windows-885a9b1e-a983-a3b1-16cd-c531795e6241).
 - **Start menu**: The Start menu includes some apps that are pinned by default. You can customize the Start menu layout by pinning (and unpinning) the apps you want. For example, you can pin commonly used apps in your organization, such as Outlook, Microsoft Teams, apps your organization creates, and more.
  Using policy, you can deploy your customized Start menu layout to devices in your organization. For more information, see [Customize the Start menu layout on Windows 11](/windows/configuration/customize-start-menu-layout-windows-11).
--- a/windows/whats-new/windows-11-plan.md
+++ b/windows/whats-new/windows-11-plan.md
@ -114,4 +114,4 @@ You might already be using App Assure and Test Base in your Windows 10 environme
 ## Also see
-[Plan to deploy updates for Windows 10 and Microsoft 365 Apps](/learn/modules/windows-plan/)
+[Plan to deploy updates for Windows 10 and Microsoft 365 Apps](/training/modules/windows-plan/)
--- a/windows/whats-new/windows-11-prepare.md
+++ b/windows/whats-new/windows-11-prepare.md
@ -125,7 +125,7 @@ Don't overlook the importance of user readiness to deliver an effective, enterpr
 ## Learn more
-See the [Stay current with Windows 10 and Microsoft 365 Apps](/learn/paths/m365-stay-current/) learning path.
+See the [Stay current with Windows 10 and Microsoft 365 Apps](/training/paths/m365-stay-current/) learning path.
 - The learning path was created for Windows 10, but the basic principles and tasks outlined for the plan, prepare, and deploy phases also apply to your deployment of Windows 11.
`@ -114,4 +114,4 @@ You might already be using App Assure and Test Base in your Windows 10 environme`

	`## Also see`	`## Also see`

	`[Plan to deploy updates for Windows 10 and Microsoft 365 Apps](/learn/modules/windows-plan/)`	`[Plan to deploy updates for Windows 10 and Microsoft 365 Apps](/training/modules/windows-plan/)`