From 00fffaf676e00a5eba2f9dbeeb0a5a024d775e0e Mon Sep 17 00:00:00 2001
From: George Shih <40845924+geos-ms@users.noreply.github.com>
Date: Wed, 30 Mar 2022 18:51:27 +0800
Subject: [PATCH 1/5] Update Hello FAQ to clarify lid closed case

---
 .../identity-protection/hello-for-business/hello-faq.yml    | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/windows/security/identity-protection/hello-for-business/hello-faq.yml b/windows/security/identity-protection/hello-for-business/hello-faq.yml
index 7081a2b5d6..bb4c297899 100644
--- a/windows/security/identity-protection/hello-for-business/hello-faq.yml
+++ b/windows/security/identity-protection/hello-for-business/hello-faq.yml
@@ -79,10 +79,14 @@ sections:
         answer: |
           It's currently possible to set a convenience PIN on Azure Active Directory Joined or Hybrid Active Directory Joined devices. Convenience PIN isn't supported for Azure Active Directory user accounts (synchronized identities included). It's only supported for on-premises Domain Joined users and local account users.
 
-      - question: Can I use an external Windows Hello compatible camera when my laptop is closed or docked?
+      - question: Can I use an external Windows Hello compatible camera when my computer has a built in Windows Hello compatible camera?
         answer: |
           Yes. Starting with Windows 10, version 21H1 an external Windows Hello compatible camera can be used if a device already supports an internal Windows Hello camera. When both cameras are present, the external camera is used for face authentication. For more information, see [IT tools to support Windows 10, version 21H1](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/it-tools-to-support-windows-10-version-21h1/ba-p/2365103).
 
+      - question: Can I use an external Windows Hello compatible camera or other Windows Hello compatible accessory when my laptop lid is closed or docked?
+        answer: |
+          Some laptops and tablets with keyboards that close may not use an external Windows Hello compatible camera or other Windows Hello compatible accessory when the computer is docked with the lid closed. The issue has been addressed in the latest Windows Insiders builds and will be available in the future version of Windows 11.
+
       - question: Why does authentication fail immediately after provisioning hybrid key trust?
         answer: |
           In a hybrid deployment, a user's public key must sync from Azure AD to AD before it can be used to authenticate against a domain controller. This sync is handled by Azure AD Connect and will occur during a normal sync cycle.

From ec3db587d6fc0e75b0f40495a3ecd68884e4c8fd Mon Sep 17 00:00:00 2001
From: George Shih <40845924+geos-ms@users.noreply.github.com>
Date: Thu, 31 Mar 2022 12:43:45 +0800
Subject: [PATCH 2/5] Address the case of ESS devices

---
 .../identity-protection/hello-for-business/hello-faq.yml        | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/identity-protection/hello-for-business/hello-faq.yml b/windows/security/identity-protection/hello-for-business/hello-faq.yml
index bb4c297899..5edb16893e 100644
--- a/windows/security/identity-protection/hello-for-business/hello-faq.yml
+++ b/windows/security/identity-protection/hello-for-business/hello-faq.yml
@@ -85,7 +85,7 @@ sections:
 
       - question: Can I use an external Windows Hello compatible camera or other Windows Hello compatible accessory when my laptop lid is closed or docked?
         answer: |
-          Some laptops and tablets with keyboards that close may not use an external Windows Hello compatible camera or other Windows Hello compatible accessory when the computer is docked with the lid closed. The issue has been addressed in the latest Windows Insiders builds and will be available in the future version of Windows 11.
+          Some laptops and tablets with keyboards that close may not use an external Windows Hello compatible camera or other Windows Hello compatible accessory when the computer is docked with the lid closed. The issue has been addressed in the latest Windows Insiders builds and will be available in the future version of Windows 11. However, using external Hello cameras and accessories is restricted if ESS is enabled, please see [Windows Hello Enhanced Sign-in Security](https://docs.microsoft.com/en-us/windows-hardware/design/device-experiences/windows-hello-enhanced-sign-in-security#pluggableperipheral-biometric-sensors).
 
       - question: Why does authentication fail immediately after provisioning hybrid key trust?
         answer: |

From e5fae1e841988c0237b57d92e00895ea1b3b4d14 Mon Sep 17 00:00:00 2001
From: George Shih <40845924+geos-ms@users.noreply.github.com>
Date: Thu, 31 Mar 2022 13:50:00 +0800
Subject: [PATCH 3/5] Address the case of ESS devices again

---
 .../identity-protection/hello-for-business/hello-faq.yml      | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/identity-protection/hello-for-business/hello-faq.yml b/windows/security/identity-protection/hello-for-business/hello-faq.yml
index 5edb16893e..5762e33ff9 100644
--- a/windows/security/identity-protection/hello-for-business/hello-faq.yml
+++ b/windows/security/identity-protection/hello-for-business/hello-faq.yml
@@ -81,11 +81,11 @@ sections:
 
       - question: Can I use an external Windows Hello compatible camera when my computer has a built in Windows Hello compatible camera?
         answer: |
-          Yes. Starting with Windows 10, version 21H1 an external Windows Hello compatible camera can be used if a device already supports an internal Windows Hello camera. When both cameras are present, the external camera is used for face authentication. For more information, see [IT tools to support Windows 10, version 21H1](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/it-tools-to-support-windows-10-version-21h1/ba-p/2365103).
+          Yes. Starting with Windows 10, version 21H1 an external Windows Hello compatible camera can be used if a device already supports an internal Windows Hello camera. When both cameras are present, the external camera is used for face authentication. For more information, see [IT tools to support Windows 10, version 21H1](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/it-tools-to-support-windows-10-version-21h1/ba-p/2365103). However, using external Hello cameras and accessories is restricted if ESS is enabled, please see [Windows Hello Enhanced Sign-in Security](https://docs.microsoft.com/en-us/windows-hardware/design/device-experiences/windows-hello-enhanced-sign-in-security#pluggableperipheral-biometric-sensors).
 
       - question: Can I use an external Windows Hello compatible camera or other Windows Hello compatible accessory when my laptop lid is closed or docked?
         answer: |
-          Some laptops and tablets with keyboards that close may not use an external Windows Hello compatible camera or other Windows Hello compatible accessory when the computer is docked with the lid closed. The issue has been addressed in the latest Windows Insiders builds and will be available in the future version of Windows 11. However, using external Hello cameras and accessories is restricted if ESS is enabled, please see [Windows Hello Enhanced Sign-in Security](https://docs.microsoft.com/en-us/windows-hardware/design/device-experiences/windows-hello-enhanced-sign-in-security#pluggableperipheral-biometric-sensors).
+          Some laptops and tablets with keyboards that close may not use an external Windows Hello compatible camera or other Windows Hello compatible accessory when the computer is docked with the lid closed. The issue has been addressed in the latest Windows Insiders builds and will be available in the future version of Windows 11.
 
       - question: Why does authentication fail immediately after provisioning hybrid key trust?
         answer: |

From 45e0643b0f0c6ff686374139b9457cd002a7f579 Mon Sep 17 00:00:00 2001
From: Scott Brondel <sbrondel@microsoft.com>
Date: Mon, 4 Apr 2022 13:30:02 -0500
Subject: [PATCH 4/5] Fix incorrect EFI mount code

The $EFIDestinationFolder needs a top-level \EFI folder in the path, which was not present in that line.  To avoid potential confusion by having a C:\EFI\EFI\... structure in $MountPoint, I also changed $MountPoint from C:\EFI to C:\EFIMount for clarity.
---
 .../deployment/deploy-wdac-policies-with-script.md            | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md b/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md
index e7c5dca396..43ecea1845 100644
--- a/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md
+++ b/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md
@@ -85,8 +85,8 @@ In addition to the steps outlined above, the binary policy file must also be cop
 1. Mount the EFI volume and make the directory, if it does not exist, in an elevated PowerShell prompt: 
 
     ```powershell
-   $MountPoint = 'C:\EFI'
-   $EFIDestinationFolder = "$MountPoint\Microsoft\Boot\CiPolicies\Active"
+   $MountPoint = 'C:\EFIMount'
+   $EFIDestinationFolder = "$MountPoint\EFI\Microsoft\Boot\CiPolicies\Active"
    $EFIPartition = (Get-Partition | Where-Object IsSystem).AccessPaths[0]
    mountvol $MountPoint $EFIPartition
    mkdir $EFIDestinationFolder

From 9c63c01291e976925aaa3918594d30a974097f23 Mon Sep 17 00:00:00 2001
From: Foad Sojoodi Farimani <f.s.farimani@gmail.com>
Date: Wed, 6 Apr 2022 14:42:18 +0200
Subject: [PATCH 5/5] and --> or

just a simple fix
---
 .../windows-sandbox/windows-sandbox-overview.md                 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview.md b/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview.md
index 65b8c21047..bb68f8ea94 100644
--- a/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview.md
+++ b/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview.md
@@ -59,7 +59,7 @@ The following video provides an overview of Windows Sandbox.
      Set-VMProcessor -VMName \<VMName> -ExposeVirtualizationExtensions $true
      ```
 
-3. Use the search bar on the task bar and type **Turn Windows Features on and off** to access the Windows Optional Features tool. Select **Windows Sandbox** and then **OK**. Restart the computer if you're prompted.
+3. Use the search bar on the task bar and type **Turn Windows Features on or off** to access the Windows Optional Features tool. Select **Windows Sandbox** and then **OK**. Restart the computer if you're prompted.
 
    If the **Windows Sandbox** option is unavailable, your computer doesn't meet the requirements to run Windows Sandbox. If you think this is incorrect, review the prerequisite list as well as steps 1 and 2.