From bd94e19bc546e693c154d96534dd40aa7eb0c591 Mon Sep 17 00:00:00 2001
From: chrisjlin <36452239+chrisjlin@users.noreply.github.com>
Date: Thu, 6 Mar 2025 14:57:40 -0800
Subject: [PATCH 01/21] Added link to check RBAC perms in troubleshooting page

---
 windows/deployment/do/mcc-ent-troubleshooting.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deployment/do/mcc-ent-troubleshooting.md b/windows/deployment/do/mcc-ent-troubleshooting.md
index 60f3a726f3..02add1d90c 100644
--- a/windows/deployment/do/mcc-ent-troubleshooting.md
+++ b/windows/deployment/do/mcc-ent-troubleshooting.md
@@ -38,7 +38,7 @@ As a temporary workaround, the above error doesn't occur by changing the languag
 
 [Connected Cache Azure resource creation](mcc-ent-create-resource-and-cache.md) can be initiated using either the Azure portal user interface or the Azure CLI command set.
 
-If you're encountering an error during resource creation, check that you have the necessary permissions to create Azure resources under your subscription and have filled out all required fields during the resource creation process.
+If you're encountering an error during resource creation, [check that you have the necessary permissions to create Azure resources under your subscription](/azure/role-based-access-control/check-access) and have filled out all required fields during the resource creation process.
 
 ## Troubleshooting cache node configuration
 

From bc02f2415283b28c987c4a1913355e894daa3d56 Mon Sep 17 00:00:00 2001
From: chrisjlin <36452239+chrisjlin@users.noreply.github.com>
Date: Thu, 6 Mar 2025 15:22:23 -0800
Subject: [PATCH 02/21] Moving mcc-ent monitoring images to do/images/

---
 .../{ => do}/images/mcc-ent-cache-node-details.png  | Bin
 .../{ => do}/images/mcc-ent-cache-node-summary.png  | Bin
 .../{ => do}/images/mcc-ent-key-metric-charts.png   | Bin
 windows/deployment/do/mcc-ent-monitoring.md         |   6 +++---
 4 files changed, 3 insertions(+), 3 deletions(-)
 rename windows/deployment/{ => do}/images/mcc-ent-cache-node-details.png (100%)
 rename windows/deployment/{ => do}/images/mcc-ent-cache-node-summary.png (100%)
 rename windows/deployment/{ => do}/images/mcc-ent-key-metric-charts.png (100%)

diff --git a/windows/deployment/images/mcc-ent-cache-node-details.png b/windows/deployment/do/images/mcc-ent-cache-node-details.png
similarity index 100%
rename from windows/deployment/images/mcc-ent-cache-node-details.png
rename to windows/deployment/do/images/mcc-ent-cache-node-details.png
diff --git a/windows/deployment/images/mcc-ent-cache-node-summary.png b/windows/deployment/do/images/mcc-ent-cache-node-summary.png
similarity index 100%
rename from windows/deployment/images/mcc-ent-cache-node-summary.png
rename to windows/deployment/do/images/mcc-ent-cache-node-summary.png
diff --git a/windows/deployment/images/mcc-ent-key-metric-charts.png b/windows/deployment/do/images/mcc-ent-key-metric-charts.png
similarity index 100%
rename from windows/deployment/images/mcc-ent-key-metric-charts.png
rename to windows/deployment/do/images/mcc-ent-key-metric-charts.png
diff --git a/windows/deployment/do/mcc-ent-monitoring.md b/windows/deployment/do/mcc-ent-monitoring.md
index 98c00bdcf4..d7f73f9c80 100644
--- a/windows/deployment/do/mcc-ent-monitoring.md
+++ b/windows/deployment/do/mcc-ent-monitoring.md
@@ -30,7 +30,7 @@ Using the two monitoring sections, you can gather essential insights into the he
 
 Below are the metrics found in the **Cache Node Summary** dashboard, along with their descriptions. This dashboard only reflects data received from cache nodes in the last 24 hours.
 
-![Screenshot of cache node summary in the Azure portal interface.](../images/mcc-ent-cache-node-summary.png)
+![Screenshot of cache node summary in the Azure portal interface.](images/mcc-ent-cache-node-summary.png)
 
 | Metric | Description |
 | --- | --- |
@@ -46,7 +46,7 @@ Below are the metrics found in the **Cache Node Summary** dashboard, along with
 
 The two predefined charts on the Overview page visually represent the egress and types of content served by your Connected Cache node. The filters that are displayed below the cache node summary dashboard only affect the data shown in the key metric charts.
 
-![Screenshot of key metric charts in the Azure portal interface.](../images/mcc-ent-key-metric-charts.png)
+![Screenshot of key metric charts in the Azure portal interface.](images/mcc-ent-key-metric-charts.png)
 
 #### Filters
 
@@ -69,7 +69,7 @@ The content types displayed in the chart each have a distinct color and are sort
 
 The **Cache Nodes** section under the **Cache Node Management** tab displays cache node information such as Status, Host machine OS, Software Version, and Cache Node ID.
 
-![Screenshot of cache node details in the Azure portal interface.](../images/mcc-ent-cache-node-details.png)
+![Screenshot of cache node details in the Azure portal interface.](images/mcc-ent-cache-node-details.png)
 
 | Metric | Description |
 | --- | --- |

From cb95bc2f6ae599279c127c664570b7ee1914c5eb Mon Sep 17 00:00:00 2001
From: chrisjlin <36452239+chrisjlin@users.noreply.github.com>
Date: Thu, 6 Mar 2025 15:57:45 -0800
Subject: [PATCH 03/21] Adding security documentation for mcc-ent

---
 ...cc-ent-secure-content-delivery-diagram.png | Bin 0 -> 48925 bytes
 .../do/mcc-ent-secure-content-delivery.md     |  91 ++++++++++++++++++
 2 files changed, 91 insertions(+)
 create mode 100644 windows/deployment/do/images/mcc-ent-secure-content-delivery-diagram.png
 create mode 100644 windows/deployment/do/mcc-ent-secure-content-delivery.md

diff --git a/windows/deployment/do/images/mcc-ent-secure-content-delivery-diagram.png b/windows/deployment/do/images/mcc-ent-secure-content-delivery-diagram.png
new file mode 100644
index 0000000000000000000000000000000000000000..b71f6bf5262f521a94861186b2cfa80dc858d121
GIT binary patch
literal 48925
zcmeFZXIN89_ddL_A!0)mP?~}QO7Fd>6cG?Ry?5!o2NaYJN0DAd0a1$dPCx=tLQ_O~
zkqDt<s6hhx&kmgP9DkqQ@9){yrI5X6&#YOq*1hhvW<uEQTPnwnoI3(R&@t5;igzLC
zxFrPb|8)2exZ|yrZ3TW%xZYK{1{HQP&43RFtgdQYg`naXYNE+O@R`c#hK?%)2_fNs
z6h4)K>)?eDoBP^s+8XLoW{&oJCgzT&7JOdzPM|de$;f*-nV8vHxScn(u(ENG<y@*o
za-O#_m*vzF)ez8dx^7`@bHm5Q;-1f~`({42W|HQd@^Z(H$aqPC9_%gLOwN1R+c~&O
zdC9VoJC*{!!?*d_<YZjTEv4=%D(|%bpJdsr-Q1j{`1w6OJ^4I^`5axW_yr{;CHVz}
z_=SXcK?`12ZwEIMFJ1>%_Pq`iEnLl9Y@FO|939TX9h#Ury1U7;xx3q#OIey&ikh06
zi}IS92%GZ?3YwennwSd<@|p_^n~RGIN(fmBnzHQ;?`C89zwsSh_tXFs!Vf>;7vvLw
zMTUQu(sZ%008+q1$_dJlpZ{@Bh94H>UxLZ)-T`w3zx|^bSWW+E*TMm))D!5A=Vc-_
z1l6;uDqg+sWjH_Lop=#vFurMYpY^Wi&<l&r7m*znd}bdyf&>#Ecbbn2)>5|%bsfbB
zOH&6uKIn0_(<+_W<8h=h?rfrg#|N3jvyJHd`sw1RD8cwfPvy-Q78le$RydgF>6I)t
z%*vUO{(6@eT{s&(+nFDUUCG1w>u+1SYe{mSIdg_)%qupFE1YZv|NJ*zm(xc3&nNOP
zb{dIPf84qKT;R_pnQSH;f3#3g`l$ZLjll5Wq(5#zXQ+fJ{<w4Hl;yrZZrs1ve&CNA
zZ*Tl3$bTC7!zBK*k^j8rKOFhPCH_O!|6<L5(f2<-@&_pV$I$-ctpAbc|H$(npzt4g
z{{I_!egX3R<%?t^=yvc<PsoJ=56!IkOkO_MhB#|rsRtLCAd$Ge^j?>%Yvt35OipgD
zCh06>U1?ZEA98|KZo6STk7Yigsk1+xoWX0H-_6ql<3ZyR9@k=d$Z616AT%^oL<4g|
zP<b6=TxN%Xdk(Cj+0F44f~u!kp|>~tMGV1H&%KV^K}X|H?Brhg6~<zEdU_`F?3v~K
zs$|a88#-b(;IV4>G<rUj<jWj`ZhtlwI4K$xx-FE*G$aIfZhRM%7*b8%kGr_)dlw#d
zJ>^qBI+N+jK785<t}EDEUgCg^Un*+QcOuSy3$Z^7zw==Tyu)1X{6wN_B{4nSVUh~#
zQg*o?#);(irzEIRA}sk`snMY|i(S>s)0uE6P}-%Q?kt&)l=qA?hU*~K$q3}wrkNDf
zNT5pY>;k=K?DftFdgo>TSSOHTrojmp>jG<lihge+yw5?#`OlhPG3v$l^9M~8^X>-^
zp;pyIs%|Imbd_|RpsXzKN2Uv}U>YM}W0RcTut^6sI+RWf%YQIB)UhW{WP|{1rioZl
z=w;NfK~U5Ai5csjv<E;@fzB>?dFVFf6OJv5?n4z8aPN&0hlMH5o$p%d;q+@sToYtC
zs+bJl{<OB`j}C+a2d7=S&5=h3Ut{+4DFdVzHGj}PHK480^H~P89XG8afMt6P459hQ
z2bqya>zGXcnyNkNRT8Og)0(!gpR|GXP0#kvQc)Y|+5@GRX(jAQ;st6y96VjFf|e0s
zBCxnu^ob`Rk*oA%c@YMC_JHMVKadCsT8i&BDu4&Ke(}SJq291aX5<JMTzar>cW{po
z0a{~vDxraKzI-saf{cIN+p(pDTngw>LDbdQZK3IOF^63n9AR%iz#uHhfipd$0h&%%
zTvTnl2SMe1b8Ds&O!2vl9f-4Tnv9jZN?T02q6s<S#TMVDTvT1%^1s6|)K<b%!V`f&
z@^=C|35<5;0VeRSqJYl^d9)_aeouLxI)b#u!THgjxsDzRnqKqyGPl-t0ybe@(+3<-
z=FGEZ6Yfqcu=ozPn2Mv|KGbjU5D4}-O4>%3IrdI}-IE+?5nvVy(wk{u+Ce;+wtG=#
z$fMTHd(Hhp^QyxSKbcn^J+z-5_FM(EH#V~$ji5}?<hrk^+d{_IWA|oZt}RGAzEAr?
z>`1(Y&P7!=SaNVZQtCfk_IS@&?}7gMDY(t=(m(8mCuUi4g%;{o*3h>BYj^uQYPXqy
zBxv@w@kr9Qs59`=WhMc5zySS4^`RQS{NIKWl-%ZDPw(}2<HZ}9gHZPo4L!KW4{<s6
zy9@HU*p#D@F8?pp9&;T!o8)jfpU-S1jvj|@pI9e1fdV5eTGRti336zNGaO~pzYhyv
zj;#XnS=Jl!16_L8#Lp*C4B33$RZb$02}fhkSCJ^7wVrP6peBV>xP&SC;-aee5h(LP
zvdiY<ZJ}}f<dR+U;jn!tL(we?Tn{-$Z}C-1Ctm5r#R<5C`IZ8iu^%$%4t~J3kU)X!
z3EoqK_eb^2Qn4rP2;>s#NCD6)P`&$c@B#!y#xcIyXK%cV826u_R=V?&lVXrh;~wX|
z={HTr<F~p&BLNE47cX-mNH=dW;e0>;{&#P;_C%NAw%nIiQhYOqE4C1r+KY=cR=}Sc
z`Px?MVD;&`k8b3x^d0&Zu>hC*AtyN?i7>zvV4R${$7dAok*8YQjOT&^eE?X%jiAVI
z0b1+&s0Tu6)=!0XWOvKA45GN7fnpzaRnQ6Cw@f!VCre!-h6h9R+^xk%qE=VkypLo$
z?*aG<0Pupc;+vN77Ly@?ymmx!vo%;v46^jA`=D<@+hiz)jPD00Da>hKqUF<%w;<~g
z76QHkT~C4@OyblTz}m2>o^lr6y-)tXk#09YDfHMWCN)|gJG7tM8lJn-?8cTu-~q@@
zxu`GVhm&@C;nSMMgkxmKnzWe?=D|GL9J5H<HFgEr!@`eS)q1{NNfJ;dk6k6<ehl>A
z`l?g#p1}qtHR2U!)~5m4x$CN#EO5nJqZmwzS@Wwx3NS*|7ggu~B^IQRNG0+hIj6k-
zHE-F2|1+V?6);uo8=FUQ>WP2xV6t{m=YMZYT?a3RbJ23}cdgubftvky8C-#r3Wz$r
zv6ZF%_Bjs*^~W<Dn8x6cb{cqZ`Fdk;*uTqMfrVfl%HwlvR=2j7MQ*eIq2f$6Ad!8x
z%{iU;xZKC*+Dg<F;pzW<xjhk}eS7H+hlpl6?$7tuz<Ud1j1#$^j(dJl^{2NX;_%<^
zfuEUY;GXUBD>$d0OwDa<J<qWLk?en0CLTQJ4HbIjU&2ERTkStr0RUYN2lloDgDPb6
z{QE&!lmKla*By?s42fNv+<jn8Yr-KQn58~_+!>C5e_!2nAJvW76qCAT{}lXKa8hF-
zt;IFZKb4fD7M{h`77Jn7+77U>9SVA^0LBRH1p0oC^Y*TBKNNHopaEAB2>jcKtN%7F
zNylpmdkW+%{Krn<QD`jorBr_c0tFVnwS@$3^64H5d^At5{?H&J0H;1JWI~p=`~JO2
zszB$H7W*u8;>pebo&sde1g7SZrEV<!=NxQ6@BLvyk6p>`{!eoaw)O+9H(yfSzp#hd
zyHAp@B~nFdB<H{rIcKc)XIE69EA2PC>rc^n86$L6{Ga|H=(a6T;!nk-#ulK6KVPf>
zFWvw$-1)!^hpNA?*_&W6^>m!+72}J`GBF6GQTi^b>^4Z005dwpcE$J`cnBz8&)@IC
zKWQ(uA5gybk}C50|Mi=PU@#?Gi+$La7COMt{_OIw35V02uOesEDa;ZqbigY8?=ofs
zFCJ9uxzBTOK3t}&pp*K4&!BI>xU0^4r$-1qHi*M{zp>H%qu>4qAJxa7gbF=Y{Zyj<
zhasxJ6rk-d7SUh_-X_vm_^G5_?BAB3$Y8?pf!!uqmzOrN3Rb|sjl2I0(5Q-Hl7d0#
zA5N+Ype`;fGf?XDip;VMzb2XF?FkzRNcP){8uutp-<E#j{I3}pR{~5}x!EI9!o#h(
z|J##4{Gwk2$X^FWN}Kd%u}O{x{N{gGE3k>w*nTSOCjeRDY5eaIV0oZdfC-Pv)iVX{
zivIN^a0IaKic2p0k}r0-z9;^BUS@!QRa|t~m&}DJ`2?cRzfnX$2uQ+1R){sv5dXhA
zG)@KUqob&y5IgDZ&};PXCwAb;S(Lg0BfwZV`}nu?e8~c|61+eJ3lJWB|7~B9LEuTp
ztcya*Pj83XKc1ut(2~=P0zS&J=!Jhnk-(#m>gTW39Vmm5?Ek>j_>)UYcTP{LX6og~
zQ<WLq^YDaM$6m71#K-4%q&%yfA0blS5s)?<5spsS-ldJM%`F4QRiAo>;~|qaP$mk|
zWZt{B$$IpVgNUkC@0!n3DaTzh<8#vT8oGDwB4s02?+?_>6t(QKj6D0h)Ne}X86Qtg
zWxAT(ssmI+KnjE;<-Fra-~9@-{rrjfHFBhn>NWX=eLUa1cbUUCFm0*ALQYl+WqS#x
z#hZ3j#Tp|_Mq=*LLvw4L;bNXxNkG%AQ}~#IT)zlG_sx*TC9}VY8$igThv29v)Af`b
zP!!mygkLq!`ruRpof*)dd!i!5#VWGh>k`eF#3)lt0SOLVc@JY5mQc?K4SoW1bN{hP
zsr>pM-~$0t!4r55-{%!#7Jo%QK^*Xni>jx#5u{ZmCi*Q$@z1Sk5v4rR+xh@@Y?3`@
zz5liBnJK|Z-FIMXg>)Trul}ySrrvq~xaih)!|i`ze&EBKWVBY;x}<tHecyC&ld)5$
zguj{SjjKNZ69_si4zIk_J8JPwkg*Cf9S1n05Vrl~^X$i!6Oqc~;Qt{-j7}WnadKwI
zp_+Gnb4rS+AI%|}UDa|mwLpfeHpz=#y%K?9mzQ=z1wFL@;x~t!P$}w@-o}76QAlyW
z06G1w%9>xq{jcxfV7eEXGB*Pm<9JMaGytq;ZUg`81JQxZ7Go}|>W3C%#EuWIZEXWU
zMNs@>)QRW&dMFxOK9kc0K)N;V^{IFUgGFs^WggFCHlmD~HDUj{s`d}gG%gMv7BbMJ
zgkG1@*wpaVZ11w6ZbLFv%=7^9Dwq+5Lf$V=BhLEN8y*d5UKT0)K5>&qCAy$Rm&Vz}
zME2o#HcR?GGw1Tqr*Ujk36=8O9+R)~yw;oYygG$*CM3K1X}jcJq8enQN3LtZmd7VU
zYP8-py4N3^ulpl8_csy%_3Bfs1ehpw@$WRQd@6wkP=J}5lTej)l9--OgoKYDZ#0u$
z)N6Df_ET}Wgpa8xT|9=>`*Ap%q1$A-7ru18HKJ&kmcPbSvu-*(uWJ5l-m=O*USnXX
z|5C4hKH#Mkfg_X2)9cR4^iqm1sT61}U>2sBoP#(E>(irUKl=NGe<g2g0C8HMI8l2`
z(Pvw|Zt~ev!ml(n=RULdf=H%2s8Hn>sOM&L_|IGM*ufOK33)$jF~sDEFus;GHSEM_
z!)f%?cZ?AWY@3Y-ReSEgq=IN)SR~oL(o;^PVm84ZQ|JNX0`iX>+i-=^j-h&Ul1<JJ
zeV4fIo;y*w^N3^A6=OQ=<93NIzU|T^0X_SO##5$_E?|A&DIrc?{tVJ}#IA0sqQ%Sf
z;Tt&Pfb<hZG<cWyL9`s5cJwA3Zox)xAnOR3t}bmQ*!ah<b@0<WV-w=B9T~|nV+71S
zd<7#8tEQQ+bf>h^H(fi-bFAbf(tjk+Yb6(lbya!TM$&@&g(?6l8K@nFM2m}WAM4<3
z4?cdf0P23Y54bbvwVj_HPhZJ{a;#grPyDf}|8s+<rFipqk+Ni|wjyHVF0l!1$zJQg
z;UHI{zjG4qFHjh8$z7CJzYUmSI~_nW%BtpLkUb}y4?^z}jrb<6d-Aj_A*?w@eTPh$
zQr-tdR;T%9Xh-!0*zxU*o4Mi#whqEY1*mZV1aFId3L2B%i-Wjlw3gQ}12^_}Um}ZV
zES*swAi1-`Ifb<s??fl0Ye%qUoxx7AWAG}h8ByZ?kN6h7%*%-ZjBr=eZ-E9E_d%iw
z7D;pIjOvM0yyCL52I>0(zth6m0mK;HQGjM#srI@qM_<Wgk86AJeohrk7#%?9wyVR%
zKh?Hfyp{=f)p$5mh$2(6gs1eQ`*i?{Ez2^M&WAF44!|;Z8`#d#ELB@vKrD>pPCVo1
z&8YuoPK}<`rCF+X7yLS>*^;1H7?*Jh?kJO8F$wDC*+w8`l=dG69f6O(UV^Zzaqlq)
zc<zSs*UWDT*hJY8TM8nIOAKFbwS14+0uvo0{j$?1J#Ep}<!#eE0r%ByTKIflpyje~
zoj1TJ(?yT{5a~Roq=(#5x8a6t@i`LStQ0@9^|0-Pd)sT_Ip+lpYWy=lF*>c?jG_BX
zA?u+)%eIpCefG!L+k@jzr9q9~L5<>~Dls2U<>`JmE<`wYpe-l*hjmYnW`(jjNY<Pp
z+4zW&_3TE5EM9Cf7i29au5As9TxBn#1fkRvm@q?wSOU>U-?zt)7$Dx+f^~fu!c#jr
zeUms~g~JLP>GH|L)&Z4;&V^894giflvJ3($d3t~Yx@{0|f$#upq!5&*tsNtNtE<J`
zNIP=vM%#&%vaNLeC~<@zheMswE)%o=c@79bDXwdM+yp2w&5E2^TIWzk7qn&|T=*IY
zziysZV!)k!Z>vh|>uN`%7j>`5$H9XuG>1t*nauf#156*)tuG+8DH@*^`@kz9f@aVC
zKEdy35Zc9Ta9JKDnVM)6<2hDyvbnZ}938vq_8o_;>E(w~t^&(q=b#9T*iC8QA~|v2
zvGtXm=wlm2iZmwkPE09!F&o2DtUVh%2^qTZxS5Ypj8Hcpot^C=ptHy*ekk%;FS&k^
zZkZ5Hzzoru{x;;cFpT81jPU9zSaDvV>0*ap6iEZxf;=(=Xmu53_Cc@XEOf}J9C##f
zf!h|CoV}c!AMWnv1-?czu;SY|`iTb4@4F===$J{lI%J(8)3qJx2*J8ay$<JVVT|X&
z`wGYER$Nz{N9gHZ{}L;y<d>^C<%qQ5`~Dr%B?cZt-3PLcL4luvcSo4(JOo5m`65P$
zoMx$a<Dz-cTO@}IS%=L~*meFQ)R03eulywZ8U!^4S8ZO~25xgHm<<v@kW+`mNOtr?
zY<)oG?R3jvIiEfk^|8|Xe^YK_>W`o{(Epg6=zG2bRu*Wm`lFT(Td1Oip_V<z&V;d5
z^84A@0s=_^adnR#*V_5`)W|4x02{glb6^U{?Ay{tK{^blwdavmm*rg0rrybdRddC?
zgii+Pwy<p0r@kD58qL8w2lM+6Lb1;+lE}olb@~%%)y+&@tb5U_;Foozl^>xqn?R^n
zn{*_XPr$n=@LR!2kboq4N(>nr0VaZr2s_?zwn&3>nD<I`D^pLk_4otGSyZ5u3$x(f
zP`l#Q-XPoWYfnrNMzGG;IYN{<$~i{G>LJ$A!H6qB4VDjFUVz|2kTP&>KobCo1Teji
zr-06Ro1U)n#-XT@bF4_u%ME@m1;m0q3IWOv9aipq(AyZ9E_T%y0Gx?1RDaknK8j?@
zkgj1;qG=6ot&b^c<s>1h|9EW|At8?Zv84#u9>>{$o}VtCrv0^pOo^zT%=(+mcYCYe
zIo+9aEr`szphutt3W_Ws^MD}co~J35e{<fd^I*`^$c^XsXr5xn+<(c}&l(eZw3v7_
z_tV3SahDB8U+U4(iSJ!TV#s_rv%MSzb>E7<(+dp!9M9iO;#(-ZHstjA)?vY$eLsbP
z+KOd5g8h0PY)yz8`Fb-AE=}+;9Nan>`=AdOAiw~K0L*A>3^#6*8QDuvK+a5Kdi@TW
zw+zq+u<814N}!tA>57nt6T%x|LUTW(L$oGxDC66Dz<u~i<7f{)^d4)#P7zoNO5UE*
z;Dx{=4poj9rnK0@1!hGYq(CfuxTkwJuv+KZ+VlX*>%^1G3dYnC+)Be+ghzhUolgnf
z1`jd$uQhkJ@5%^P{*$~;gSw*#U`<dmCq_uV8T2(>2g8@IV@k}}W@8><#x|xUrhYPv
zP>z&f36PLw1Xu<zO_V8P^XuJBJu+ngE~*1i?Cs3V%<^fd8`?&Y0a771zd&VpwefD9
zTt--i*H$b(A^;&Xx|~#9HS;*z%g&NF{P1fEZ0lA6W{eC@V0xXWEU#Usl7cd;$&tdX
z352EAT8AXSG~S!xrCBA;vew&Pi0&$~e@;BB!El1fC^`fLIb_GK%AmB1Kxe01AcYkR
zGE_i;t$KzLgw=%jiDNy&&v(|syoRi-u<I&Xm7j=_IZ<XSO2a$TH#hZmE1^)gDzGjk
z?^ACpMKoHNpzeKp)!K8wW0SzH$?uec&FyE^*=%wiUDxzCHlKQRzY8x|8+4R9iF6|*
zP1+b!?$%aFO~xnT4B{2-tk3p!GTFZ!4~n_()&UI$<$>11Xmm(di{QK8fNJdTT|*s!
zKDZ*lMnvE`IkiDl&QzQjEk4OwWp)9$b~*7R?+UNhQpDKSbMCgD#^ZmaVDh_c*g}I^
zc)@YMz-4z?<vM10;W<Z8B>px=E{H<bZ)Lh(@74M;*B1dJEKHI++o#@zGKeWqrZFk=
zW0Gv3%cbkX@bBSFU?&X_O*9V}YA1h}tLJrKf0=^u4<o$Ba5(H*4<~kiCBO2W)5<EX
z_|0+&7XXPb_LgB9)Qm(TxoDw5P|P7ib-Cxzb&PYzFLPpoW+!S}^T=w=^fbN~*bDhm
z0L8;sCIHjA4Rzu-bpX#$u&>|xUQH;NyM;n88iccboSv2drKR2GpiTiPr0qrnC@?G;
z5WNoZc2tT(V$|eX7EyrN)pYb`-kvbPG#QEyL1lXBxGzf^<Z6!q4ItJN1>&7#+sZoJ
z9Ezo$n@rfVW>^>sDAV$P)u9jXS>)F4zuau->QbRGVYs7+3iF1;7<>f+zf;VlfJOj>
zXKaHT>h1oTg(y8aVOrKI*9%7+N5$%yjr6&Z`sC&yB?N_QP}&C(bgzmOSS%%mWFg@w
zHI)%v69bq_=h9fwQ{h#l&%Mi-L%VNf-UG^kZkxd+QgFxEF1n)#T|}BJ2BD~Y7<;yL
z1~0ti#kR90E=xz6DvE9isCO2Vb00HJ)z{}orjk3!EC#8)EZAf~AOl)&yf7as-o$<t
zk(K571}Fj0(qDTH?7~Rt4v#Sm{0z<NzkHvG#^T(W*7mPHev8vCb=!_s*h<orA`w$5
zONZPR=bZ4*$cSM_7rZ6wPr=phKw`>kOoy{YyoFV8GLD)@JOEVHbJ3uf;95qdAPge%
z)y~TOlu%hu>s4kj5<{-%h!lOZFCC`m_GjWvRPLf)q_`jPK5<w&J#uU(g%+Q;MQ7G=
zEtx!xZ{1TTUCr)?@u^t2mR<gKz?uVI3K0e57(a-;pmL;7YIzE%%v2WFk>;xD;<5^s
z4C2;PLIF~a1*j%Hat>K_as{KbX#pcJh|!POTZa!{@DxVLWVpP&{Pn<Fd0@SY1|9^!
zI>^OMf#U(bZkKn66-nCq+*zRlk<X*`SoEXESkpttHphzz<7w2zb-FK&o{;+!5YuZ(
z)HuJ}4-iZ-9e2DCJQ27{&8<ZI!l~H`a>KS0O*cjejV{Ddm0KwOdR$o5Mp)c(^KJ)s
z8LwK#nzk>zWY>UZ0n0n~Wi{<8WDF{7rEqzw@kTy9O@K?Y`tSxy7l3hVVWc#xUR1!=
zjv0O(nHF^~0@(5;a##8<#SSLv(OB>M2KE~v=o|;8gzR$j{VI#Pp&O%OTItV<eN8=N
zNBx@BiH=M1bSKjEdF9Fbdyw?^_4B3bnN$K`@5nlI&p7UQr+ZE`g2WoamR7Lfzjt*4
z@L-^2tduV~RaCo<uUd>)nM~j!kADAa`ECc2Ft4)C+^a(dwvGA^*~z%MTmsI)L9F<o
zi(>uBi3RS6YV+BQ+pV4I&H4PL!_j@9-yaNqSULhyAQPlOYW%Ofa>DcowH3dSH3RKA
zZd;|gwbmp;tY%s`Ew$}r0uOoU)T@70*YjXx#GzV6*xioB;i`i;!6Pv9CBsl@7K6)`
z&d&t#_-H*#Y>d1tEj(|e9XXhu2aXS_B;uYdjPJvAWoeD;K%N76Fi`|9{0%ww9ef4o
zA;)xC?oi>#n#hd+XF0^iYfdx!dg3e@J~J_7KQl_7Vj^!XM1td7=Kw!~>^QqzDQ^Km
z-p(6TcDBq<_<$8uwny`-BupG*l|Kt&_U0wB{uR)6`8(D$LDaGE7U+c3^*})~?lnt}
z0~k~|vmw`TinZPs5g~fy*lPrKq_U$mV?^d2;w+h$c3)t8Z>~E%Jpne)j8|ds=-vmX
zf3S2`RX=uG2w#hPc~40+zr}g2L<u`@FSt%7>~4lJ8^^VODfQuKv<9pN$~?F%<EbS8
zUhACkH%g5GXleb8u)!+HV&vsjO>`jxRA%<B&Q6FcKkPcda18dyvf$bvpwAC!nqx?Y
z6X_pxbH3CSSEQp@$DFRPNLA}1ban+5BG;w(HH8mNs0T)X5-t=N|KSnn02<nyf1b@%
z=WRPZWEI2HYUGC~B$n)sr=*xvtC>pW<V>C!+rti^5@YTF|1CRMon~NdlEYGB_~MKP
zK|es2KrUAoR1!pg3wV<NIU9%iUp#=BCRgodQ?^9$?U%W)oJZZTpFtoi-zA$0LD@Eg
zRa~Wgb7`I;VG^|CAIWjSB0m`zRHG%ZcqXM_6A=V);mai8SHSEg$b%h=%dsga@|*)z
zKZc`#pSC(lL}qb;lPo;}a((^8;-IGUpfXkvq~Xlb*hyCLA6?Qs`x1@^S;xd<Gw#U*
z$=xpRp~-U4JUkxKe4}SI>tWOUnh&TGzp?RYMb^^Teh2ayTalG<&0X3Uta9T|zvYHa
zSbLv`>NWX5@@c?@Y$qGI^<Pp-NsM16mH+Y<q_KREV%Cwx_2`TZ*vNiI3rALJ9Z>)l
zfuW%QR-&tWL)nhLmc=%E@}q({A7c1D$r8Z_Gs0AoCK+7WKc&8Oc_V29R__t)C|O59
zJxBfb_!-bH*7GOf5xgSrTbX0{&?<|?<b{P4XhHRH`CH++qld~v1uO3*JP;}6=>Zu$
z8K!jG-odG^jMvw9PrhMx>Q(jq2Sy1wxTP4!fG?NuWBxr&1S|dkW#X`>0iFDYK|)Ir
zVrlYu{rW&InzY@l)ta%>@2VL?+AxygFC-<sp9nGZ`9R#=&baLwtN+v)F!Vd8X}8aL
zn3|pGP(>#}cA79s@J=;?;-*67$o90$X(bZ|GiKGhC@p=tGh_IPZG7{XAJ-0UsfMSd
z&ya@H*K=nwgY=Vn;&(>%6^G3=`j#jp@r?6!m*JVd9SjZ)WLTLP+pg4VCE>TVP+iEW
zWx{5kK8rm59cDts&|`X)uu~+@Ft(GWrWxZ{Kl`HU_i{Zx^}27{o`xTR{3A@i>pS_F
zhZx5vo}s!YQx2FFzX|TteczH`JlAa}D{5r@*ZiZ?G|!yxV7qtn2)}U)F-x0+`|;Q!
zKTG255381??d~{yMF5^i_{3i)Ah%)5AH6|pr^d#RHdnBoh+hME>Y{2H#7~Q^P*yLg
zcYdE;*IRlMmUxjeWP6zoRaH!4ygCK!*sw?oQRU2W#(K(owEyiH<Kf^WCl*G*>v6@!
z`d;2FknszTtw1`kcx%p&UP*A52uCioj>@X~jks>K*dp<_i9}nzn6a%_+*kv7?*~Uo
zee|uhh>3&v48&?R-jReqgO4q$;X(XjJke5V=pPoxO%_0+Xr$qpy#PZQ(1KczTOSE&
zp_3B<^<TRS4lASw^Y!-&_7lcHgeqlW%#C7x1*+s3cwB+UUoS3R2Ap92lLKog=xFCE
za%?QlEIPK#8ErC)`^72?7g*bRPIgHNoH6omX&}sUZ=m{Qa4!h6R!dPu)h<SUPvdw^
z^8exV#=R6$wx_sr?(Y`bUy3eBnQaY?l%}A~;qvyOpiX`6$|0oI(oZSW@<!e4SdjBz
z$HEsbLXu9vM|E9$SHEf+Loo~X!MU|tDk-(qr3aw0SZZH@T`tKUF1TwF7w&6<svbWn
zAo^wQ%-f(X_J)O7HSCa)pQ;}^f-lO^Yjmf|+_99eKl!p~tCC`SL55@{C);uLG|5W-
zu&Oc<%2?CgZ53&RTEfEm!8Z?j$=fp)AJu2=!~>S*W^HXxb>ZJiMRjy27WL6O3VFcU
zLRz6iU$SDNs;!+Jleou~<g(&m)qz+={o(-4`Hb*iJ;t6FRY7n@(W==NkK9YYNE4DC
zhf4SVd{2u`5TS}1yh*c?8?Id$c!1Zkj}?MAUfXbb@&(ggTU+h^-0QWFA#*=Hhdn2U
z&Cq%6(wBhGj|mm@hUfTwn|Atz%WLVa3sg|Ux+q;mo_rOaA{Cx9G-`7++)AjtUbctf
zxpJ1(T&C4tvvYd9;o32wrjPtYCmXmXUdU?J%b%eMc@gS=k0wD~X<n0UUF8&IPP$Yy
z!upD-<0<D~GbG-Sj1RQy)Ew^%yO090d_x@(DxO*7Z6YpO%ez{&o6<&oF-7xJuJw#!
zPc(`-UO((JLk;1DOLu~kL>{K&a+f}Izd6SK?ehxX2<?ox(OLfb`4`%Ftg+U-#)~Q|
zOG(7!ceELz+>Lu9cR~Iy)QRoobg#vTTvPjUA{X|9l_Sb*gC74}yr`u;RxiLP^B6co
z7X)%10SXQ2YS#;?C*S36POf?NimG6G%K9JstJY1uKaSd{|Ea*VGq~Tm<#8^iSrAM*
z_Pu6-wqz-tpwVe(ze}bb*`Wh$VcE|Nj#k{;$_l;i%f>fE>ujxwdUY}E`aPO1Kc8E5
zpFQ@hw$Mo8MrH5X$1l4j4)sJ;gN5(K41F!Km%3Kq($367umMM-$*K|<QLHzVeP?g_
z%IUa=&A~Lj_@;V1uBck70V_#q>OK+^H1fgoN|;^@Z|lbKnAY~T?-b+NAuk96;)_xA
zi0h|pxhGZ5hSYDdMUS#LFE|#q7Kc>sG$=3<4uTDeJ;N9ipPgf^$2UocRX$A5Q93@a
zIZ=yTRsfUdi|X_1&Bjk~ugA&%%mVfx({RrD5%0w3Nj4TEK2rp*sYTK9Fa7mPO8V<=
zZ@dT6Loqooyw*oUF&m2Ww%^@dA``(D+q=0H{`NN*I2<~GBOc$rIBYj?w#n!j#5|4)
zzY!bprHmv;Y|odsQqL=hIwQCRZw|Wn?C*aQb^e<H4Gm^aDL?;AvGshLwjsA^-n9d@
z6{m`8?B=Jm^}?KLj|_G;fF)GeU>eR)#IF`Byf(lNP;Q`*J1PliqwR0K_-CyC4nzWX
zhWDL2Q#Wbw(>GD{bZpN!BfQXHuje~DqH0|m6{4v$EJ5$Qbn_Hv?BzR_2f39_X%=$e
zv$HQcq-ajimeMRq)8H#O*+;$WLQiB|nP}Z)TQrE2XwcmmBFEnjj<(d)3VD98`4eve
zj=q57T*)_#vr<K~ABtUT?`S@86AJt?5VhYBwEl+H(ytH?&l1oTX~0+eVznA@I(RD*
zmU@ETa3$aC$D}W2Z2hL?ceX{tNJ2lJt<c|1c67&!rZ3I!N@JblrLgL}JZ;DRwDlBI
z58g0#jH;iBT-eM&C{h9zF`O`-$L5gEKhZRqdrb!xE|6m|D()y{(AD?Y=7`>P30H8I
z0;JyT8a)QyBNQ($DVf-Fad3mPx+Us?RJ6acf_$-qOLbQa{U;yad@tdGU)Q|kjKQ}M
z9?wvkSz6Q+ofH-IeYnE<>Jg6m+iR-%1ut1GnAR5~ynaQ8dcJw@OnhE|<nQJ{0M-*Y
z()*OLdu?yy`_Xvc=!Uj_0M5@l`A~B5%?YD`jY)jZn6tNji6^e<XS*&cA%T4{iF*RS
z#`ZmT7+Kz#6V8@i%0KaLn})wX1+}uFG(WUinRc$kNI=Kkf5(>$^2;J_A6rG)-S6$z
z_AVW(ZA#u=SZCa@brE0){dJ{ZTjaf(Sah+s|A(|17WUETjHETrc5^l{R&B?x%Etzk
z6RWp^lh!V_zp<@x5eEs&+lZXB;p&sO4)^vk%6YSm67py#ZLWB2u4L3W{fy(U`W5K>
zK0<TUXYP^rY+b|BB}y#XXtP~{C`#FO!rrz#)XPnDqM@2Cy1fYfaWwBnPUnt~^|Sq|
z`1^0Fm-23`4EVOOUcL8!_D(JIm_zb~w}uwtb7r(18`;~2llWSbE_DB7O7@8C?`r>D
z`%Cz<6NMP!gQH!0a@p1WU>nexg#b23G7SxX*KOZ94R#oaKPwl*Yz=GW3%wV12wMDO
zwXgB_iux-jy+*h<&~t{>@`%|pTb;lCaOdPn$yP0_JJYV*DoMh&G^}23yrVmxeEi1E
zQ6ukFc^1dm+w7{IvW0EMzaXsIp?qUh^gT;LYw6j)54*zYCiIr-j^#Ee@Af=5O#tUH
zbmG11A#mcud|u47{i5nQt%Uth+4F5dU;~RVmAa$IAk8Gd7G6J@yPRd$V79FpFth`U
zm9{2Xc@9Y!NkA7Nx=KyEytCTYLaY2MLMvsf=$52d@ZIUM#SL9HjbgrTm%=pLm5Bqf
zO2YzrD0~_}ikzHwGi0?>C*;_0V%xo>y47ExY$+KSt<2A+EYBtaZwuKL20}P^&8%#o
zh54hn>K-7rfNJg`&T$Vh89N}5^Kn`Wl5;EZV~Fivr4tDaxbS5o*=AE3d>&^XRufrv
zPMn9M*k$Hvz=BB6&5O=krl<PSLJ2548kGbLE13`pAh3qK_q08oL6!+9S^DD9_g4F`
zZ0+W6@}sGs?xR>4`0p<$)YtuNQ_JG|_*O#M{=N3fP~o8Kcif0f!{)&RR9D0AWerl>
zfZWDU-MWQW<yEDL;q_fi3r8|Ux?B{8>l0BSx0H@rg=_2c2awBd3c~L0<>)(ezgMi+
z)Qy>5WHF#GTh?%p-8hu$*vh}%SX*}kYb-vWadRRb8-d^7a{`VNTCM*dyjYpCVcB9b
z?|CAUv@)3&vAnc19y2j!w3318F%zCGB4IPCFC%`TjkMBPQcl!idGYmQo9~ua58D3j
zW2JHa^}ZonMpTTn#ZS6MoGRMkpPY&Kx>`h{B!%>~pdIV-WMt{awq~_jC`UKrmsgc+
ze)o;7+FSP^cXAxBr|hh$P*=RtApK5hI3_#Rhm7sBqjxa<`<!)Nn5~>MTjAzU{IbZ9
z*W^kpp_w%GVtLiu{*1B1#tx1}C&sACVP}<S8M3a?vPAmjI#E96^p<#AQ887YZzAnP
zeoHzxD$#D~YaW}Szd%@mzAhqIwG;r0f!B`7sddAhy8exPTwE^N^2cNTm$`gx4guTI
zSJU!li~`EW8Eyd~SD2g6W~(v<oy&Ii+t!ee9$PI!&J1<u1Z;nK^7kydHrAGYiq>v2
znA3jS?5Ci2&@XCkGCu!?@s)Ft-Qa0Mt&!d`GZez|d&U{zYA!}@b1{4D0Z0M$dqN*R
zwg&cI8xoj8**^9+F~k*QwTFhLAnSa-<AxddYafv+?o2U*!xI`CJP|^YMJ;O=<pl4c
zcvoKgYmjsKmr=q_j5y?ol1(ysQ^xaFyoI4&<Bh|@)#sn6LxEFzlAGFlqYUEaBNF5s
zjTG-NJZL@G&(}EoaMRU+ObVA(R1{Iek7$~c*1W#2cs3++j+CWe#8+>I4pkVY!g(cR
ze35*Nn;m4>ZTBJrach^!ry#(YwfRtiSY{gYeNb7*892YM`7z#*M~HvVCu?h=Y_=u%
zXwqqAO67ak?^H%?cGs9xJ8_P`sO1u6!OPE`BMsW9=ab9i5>jIeNVRwjz%k3xtRIQ1
zKC;eJJz~EZ0;w;xzd3c41Dtaw@3PeVplnzi*P+NP-tG@`ajWj#vY70u^sXCEvO*`g
z&d~@{rhdnM<jLoBCf)Uh6C-GRBI-S_gdf4lJDlcJ{my=84ky9XrpeR;fUPW4xGWcw
zD|Ec8%kTNa5@bm)xWWZGg+25w)6ox$r^e*Uz+#LrfI_|a_CjuZq0;HF9v}TGw3agQ
zBe^sZ8VaAhrw7^6VM@;?CkY-+cR*ypW~=3)enBgzf%x+vaRk@k56O^qlzhb_%WUTr
zcB_!*LjzZ8c#z1rW!$h##qy`TStDAzOZZdpi3LbmU1q=z?1jLa7d1Vr!i~4Ui8MRU
z=!EE-J#IXnh0rWciE^X0e9Zen-S4*j#bt}=CWn6cI213M9!r_S8krPVP!wFfdizw7
z@Ahcb@3~lQz02}#67wVU_;F^Mr5jpU!g0R3pbBta?f3^!ykKzualo*s&sA&WP}Len
z4IjJYCjm;{ajaQCON*qn(+9tL2u?j*a!mJ~WX+J-Mhv9v3{b=VHXT_l&7u>fdFkHs
zdFQSNeC-WbZal3~WsywBf&Uu;akY2!NBYMcVw{<6pI6PN@9mICcZj_kX)PZ)M_+{g
z?YbV{BZhbzE=0!NOn*3o!TTHeo(G$)E0HOzqdIjp4?=Yi0j0}0X|tE|1e=YqYK9h%
z6CWj+boFASmkhv;BdkLGm(D1Spr%Zj7KW%tz3ou}RsswtCy8MXkTv$0ozC!NLcMFe
zbyzse%O|cqCvFTJ<9f#E3SM+W%Li;)+(F&LXB2P0HLaa?;hv1)4QS}VmZ(+A`FpPJ
zOiKK|<jgEx${AjT&#Bf<HR9hr;^5TuRfJbF3RSgZP~mw&aK7~lqWOnFc$UOAA~`3Q
zy`w-G{6M#k@rF;h<?GOUr~C5mi?j2$Oz8Y@6V%@vI>DT~nTs~t_Tx2?n@LthU#(Lm
z+cbwI?JBQXO12Kq=XX`wr0NdKW!93STdFo9s3&duzoxH+cHPPdH`83SJE#rMJW%!R
zy~Mst4<2?56B0WvSjHi>dX@7*y5DD_)B&F&Z}g@TmVU(ksSF;Kd~SI9Wx#TY73!70
z>gmx6|JuzTt|4}~aK0{1)z0nV41VhE<!v?Rt&UPW3d=niGF~=8cr?5^la!d^Kf5M^
z^jqvBgGA%4NHY^In&F>z^eqmCXI<G_nJS~=M8)NB9!5hB;K*!wT%#lynoHvzaA^2)
z`?e7<(nR3o_iddy&@JIRygKO`lB74_P~Kj^*6E1!S<=aHU6IJ(1SVGNkRC$`b}Gu(
zt^@=XCW6KGB{}fP;b#UCWj9Y0VS~215X}1^lDuyKE2oam7!_%3cJb^~7{yN;g+_{l
zoL7$?un5fbZ#!u6pxv(Dg1LnuF8IciCxh8ktx{(!N|PU0Eo~v1>@Ql1PvMe>x3-=e
zy?7vg;o&hZ8k(zLLNx^rA3h=>&?PJ@>`tPP?bPp)9qBPRk^63R$vdsj_P6f?cP%Z?
z3@P`tIoAd-v(rkP`vTPMmlhLZ-CO75!~U`?9hlcuDAni7y%Z>WK$ud!THgWFdl~Ei
z+eg!Yg+GK@N()dtnsD=r-81_VUjL8lLI%^z3LFk&k*W<-u0tjvM{_+>z7-mDcum(1
zO?2vsqxNq&MlnmV9j{oZo!BXI3~!|uM`^Nr*B~#3b%uvq1rsx~hMJr9osWt4W-Jx%
zNzf*S8&3sVi=4Z2CC=^h?(W{iPh3aDM%{8~S-UIP`t;P5%FO$iOvyML8R}&@)Z{)l
zEIAsff+&++++1!Y^f@|2qgjSnYCWiIjz4*xR%=H5j3@NfinZF4>I4z%J!vx<>-}t1
z<U`jAtl&%n_D8$&>kAS4)o%*8LO;FvUY&p%DU#sB#|$!B#M!S^gqDc(g;DDv$J#m0
zEy|0yQ#Hd|>-_Qvb7YZtamV-df?Dinl~yd}SpT^(!g7w+_|}kV^Rv7lpVgeZrDr=d
zq_Itoj$!4M4v_)XuC6khr3O7a%RI>ePRQMJ%=dI^J?wRpOFi6vya{lB?VF>1T;Oa|
zyWDqckt}^am4b(AAt1oXe}rqGL6eD>*qvK+LRyN|p1qzKLy#=Za+*5gINQgT<~kO*
zmu%;94Dg>$RJ7DrI)>NIGERhy4V=@I6J+TKvORF~>Prt%v#l;Pc5A~SnxC|E%z0~2
z1OMx~w3{-#5dhU>_0F}I@TjQ?u%|7iUrwcZb3l0On_@!yL)KN``$#5f0RKnRwK6Is
z5OWqGN~LEj%xmY0{iQ8$ovD$z4Y>+s-@V-Fz4HlS<Y+2wchy#N%zmUq8d2ilOPuQy
zLo<^IV3(@A1K+*B#)fX7+tomjb$jP~)z*4c@p?oTDveYk$r9kE&p?hz)6%bBzqX;W
z<mp;@+c#%Z&3i8DnR|SroUX5B!nIE;`U&dbuZs;1mfQBghuZd!zl#e&4;do7MA+?o
z?TxlRHyxxuar(Qud~_&ComAGhk~@IK=xq(^E)Moau4zW1uaEgxq)hcSlwD|W?VBR}
zKsrRJu#U3K^~InUM><v=%D!|LjtG{yYuWkOsmT0V;Kg@Hi?t+>@B@X3^1qwb`|C``
z0^zL?NFi4}xcgj`@=x!ET<_DTH9&%ECno*X|G`7b{uE<NRvTc_d<hHF<fsvNR?p?r
zZGGP+8a!*Kgd6GQc&1}l(iJyJo$+Ob^=kj$<u8f`sD>&QqjM2rEb`t?zQk!gJ#2%t
z7`m^|A<{7b)D20}dK0fGD_dwa=R*thp6<uJtFArEj;%H8dzMzb^PCyK?PwqExP!?d
zv?YisW7Qb3jAQ+$Vr0tL({+%-9*gt8_{ou6pqt}k!la92+oa3Oo7r4(H+|*OKXH9~
zR9@jm-M%8j+m!!pZml9j*uCSxI!EFFC&%&N`Ed#;krxeb?gz~gve}&%4t7OE7}aql
z?<ff;gTt())a*GX9jjQXB^l3mxSHAu`vGS808<$jqe^y`-+lJ@ks|xB+J-X0MI!DP
zzM#k<oOQTTl*PwbkGNXQT<qN3*`M7!C3mx9gl5RIWjz;-wVJCyZ*SOz`8L!E?o56^
zhR+TdK510#e{XoBgBMR|#^T$%JX;CJyFjrKK7Qg$DY$Xm*n{2a`{GIFpj_G?>K)$#
zsh%YHE2uevGI@3nEqv<gG&<aD3SCambQYIhW{l*B4yy5A;FQjt|4Xu$WR-RQN=r4_
zuS9zo={~L7*J5XKJzCA=M_Eqzd+PZuG3rgE4~e&EHT+U1V&vs$J&Q&dHvGZbET!m8
zgaGUd38>>`@%HkS!K1wL1AJt}>_^XZjLcXq9J^kdB3NeYDN?x*-e1REAtTAsMKo8D
zS$}QsOp?``NHH2Y?TN6t?zc(Zg&OQ~3>|V9Vemv)xDJ!j3h<>F^Py2)^WkY&rJWh_
zB5w07gy&s8y`4V-W7(@7?voc12ey`F5-N7Lv~?#^Y3Wh!MG``Y&Hl|VcCC$$l-$Rx
zZ_$tHZxXjNaMyB$a|Pr^BRf(&T7Gl3Vsm5WLo<lhzA|286<*`O^lFWUm^S<^T>V}b
z3p$WK_Be0hGNPrCWfv9=YXuuNdo{>nO9N109YKmBR-3K%r=1{q=@AL&p$VM)2unwl
z^y}(P`l0R$13{4n>1Q4qNYToLL0m&ehqM_c7Q5x3DKj*%{AI~8YRTVK&2Ou)!}m$N
zQN8>1;dNwsbSr&&7#uwo0ERo*+C>(PRZBK_cf}K$wudIH<OgWFWXgpr97mXI-A|B#
z?1*I+)k^`6pd7=Z-0XN=7-07u`pekz1a|`F8UWI=mtpW}I6f(N=en&kDy>u@QHrjO
zq-`Ukv0|Ke(iQVvUu@Ve$MFs>*^2oJCV8I(__3hpiJsD^ok#+f(1j>rPxo<?VcGt&
z?zQUMbx4Y}&QUMF)=|%IYfcZlJ|xz%5M^W+6)?&W1<W;y{}ys&r;Bl;dTAj_1HUFM
zzEtbKFwhwfBMD)KT^cBgag4TXxVT<L&+nEgCVFS5p1iyWlPqD&y!+w01rMi1O~{z2
zo0ImVJ&doc(U`V<{wgiyO^*pMspR((0ANniI1i{DkMcw=dl$Pk{X#G^Q`*$7d`X+R
zCu}B61t{{zi_CB)1cC}3hs&XoL%;ID_x^MXawg-ySRXstJ}(Gs2wV!Bbqf|DXjUUP
zHy(LYgb4c~54fLu&v<fwlhoCRcLrVQmsZxuZO4rdn}3AAK*fXk>Y_HCOm*0D{jae7
zfJRx<$HIYpexZP0n#ZB)=d=Va_~{p>?f??HuQFQ`Q<ihY?iSss-^Qlei=y4{67<l1
z3Qo!cke_Ga))CwUaEE<ahQ93pIJd0+6-fS}QZ2wn)o*&@HC8m2H_TG_kV}fdgHJ9c
zjgybxR0eE#BfT7UCn!a``NYs@uD9^kv%lUwd~cI?$!FW~WFlizJIi0V>eI4h*}Fw?
zNMjSf-^*C+0>3<4GR^*S|Fth^_+Ayy9L>)!fqXe8?e+CI;&p5tElx$4?YN#m>TxoQ
zS3nsW2u)ItkN@-@tvLU|iQ{PD-O`!CS|yH`RAoJ35y}&#I2L;D7=4BzPhZLD;LYpV
zRaV;-Rn`ma#m;`7QcN^7)N~0G_O{9sgr1wlwld7w%*s<rGRq^OU6ayg+t^r=zVTl$
z1ZyaOH0b<n$on&zoR|_g9wy1HX>G{R26*)KIQKQ{^}K3Ws}AtAPWAj)C(Fvp<s{kL
z??ysme=y@21GeuI*BCQci%8kmHzHLO{WkDv_zcoUj{hSk0lLl@0#b`LJ$_~%`rwG@
z;V${^b4sHL6p+G|wAVaR=%LcSn1LsT`tR2#`2!>ogl5*9$#jp;ml9AV7GSZ*k`9Yi
zCU5I5O_xiWBK2B06LpNYy~Yomjxe^wQCZT(8gtCQ*DV0s2R3IRC^6emx>}g=*5PC6
zxfS!_wmYO4G-*ki@$0Jwx5X8e2}eF@yDoI>LGGTI+?tO2l`)|N&kSFoWi9>)t@Jvt
zjG@DpLRwFfT7Fbz)*b@i^3i?$X$u@vxRLD|t%UR18W%km^|tqszhu#uh^F?r!dkxX
z`8u)jzJt7#!>8UqEVzmB&ogih&eExWWgt)Tz$feYUAK8`dJ@<ce1*?`QfkHz^mfG{
z>xi4qpCjm1gtLk&1H9dE=}Z1O7cfaT<h3TBG*8SF)O-H;uwhWfHR|~#i?Ei^sR>9L
zxDtcHjtA7AzW9XgJ=xrdQ6G&@wey^R1-MF$&B9>04cJ$PINUeY5?TYcPISeH7U|J(
zXCRG9ie{|#MkCy*l4&ANk^>}8*PXBx?1#;cGJR|0&eu)+gjtALOUZNXHE!zQUH8?!
z*tNoyfU!B72)<oE_%-{%p~Ht_jV+rFTaaM`s{i@xU^712H6}EGxG;&&Et2H8C1Wa)
z>`z!SBb96hUcjtkXVllK5o`T-=Z7U%PFhzMNO+iM#5~>Yf2vTQ4|7H#rR=qBPIQt$
z;sIf5MR14@zNQ~gE8oO-8c7Q^c&t%lrvgYsZTH__8TjJ9w#LfVj^L-ghVh@GSBK;P
zSx@L0D8`OA+!C)R^#9mysC<AdIX_C8ZQ1%p?kh3LrJCpGLHloog-JUOCch3_(goiJ
zz@cQ~0-gs}dyQuOAas--k3f23sqkyIx5DJxqoe8N91$WZUsi?!HWPShVuN|C7#kxm
zFV@=j74|pyZy8q3%JR#3Xp>J-L*wVEEcPiZoowfU;DrEJCTkjE{=%Kw>FFwxEPuG~
z*xJXp25xToGR{}KJigXppW_J$Dy=<^u6JV(^5y>a62fA!vNWBkv%Z((ZWfyk+#ptt
z$?zEZ%{xgQh5J*u#ziZY3qUkmGM4&D6MN!-1&pGnpHs<!r@9N5&@89=5@Mo@>aZ`p
zaw^ywmTNIsvm#kBK54Ma_bc?dgn8B34oiF`zkHop#?qVuMf;4p`&bw$CME`5Xi&TU
z&9|3TzwY8g9!6CRJRl^Kd;f|~=|N`j^;6w_64u!ufm4rgQ-1v=)TKH#o<eF0rNoXO
zaE*zGQ{jtTsI6ym`$&9sceoUxr(d@IykDY0nmIZ&^k9S<zCx7UnP`*UFIpP0B&@=|
z!p5@cfWj>U9*O@Pz$aimyH*nhh=ld?t5r45@fLTA`g(+z%FyDAk?wPzsG2owvBP$B
ze}yZ_8*^zTWa4d0v!KxZaN6T33CBHAYVi&uE2Pi+;(ST+$82wTq|EG)dU#i|);D>5
zA1N)<I~pd(uWzMuJ_^|Cuy@AP4}HBLW&DE}O7dO%VUxt?q~C221is2vaObB#fR8sE
zDKXqa=%FpfpOO)V`net>?tLxEqPAaMG;1g0^-O!;J+P@>D#to%D!%U@#0xue7A3Xh
znpr0N?Gy911FzVf7gZxBjv-yN>*S@SmZ@U~9DSF#W5UOzwnD2W@|)SEEu6I~o<Fy$
zmCvDQ`@ADhdvC;Zf`sNf7t^=nvXt>%5BT83SX%XY-X4mGDc0eoi|~SUpY=|s7rOY;
zVjx|idsMG<VAwH*0ib|yg(0<`P~yAZM<B^_sb&JL)*TtG3r6LGhF(7^*VWzi)=Wws
z!#W9GjVpkd(bc5p^`*&urTx+VxuK}u_G8kBU<oOPOl_u1WV)zhx%;Jqt3CT&*fJ%H
zH7rf-*dpU`n{pR!J=Qp+3QRz^fUX>TLx)W2WdrCHNSAj8hU6}8?w)JzuAS;gp^u>B
z9bCcd?@Iu)E9qLP=~0<*&pnYlna-X%;BA#I!Ou&Mp$7MZZ%-*QxUz+MXa1VhSEuVw
zo&GQoT|_C|n>U6G%LL41koMbw-$BNfA!mL-<Q);<wFA<LlC(Wf`K;c3B2VJ;qYJ46
zcc^hHb-xp2`e1$CK0VTTdVYkt^j=fhH^mT*=?VwpG4)^(_piaDoQVThN8|$cG~*u6
zXCP%U?($Ay;{I{Bu~jV4&8ekMALRatcSbrV1Dx<L%G9ZkB_!i(>3O1G$4l^%eNyR5
zf%;XNeMz@PV9u0hw!Zl0awb*%=d)GEK|W?6{df0kur^kvG+6&iz2cU1h%dKvV?k5e
zl1pxrmHu>&@09r%#=QJnxCQ&iB>NKMH>a0)_``%XQ+GVUwl9FfNQdAeu(%>A8jsZz
z74PhD91wXWPG#wFqgwwK`0~VU?I>k-vMOV>KNw$Cq~4z}<KGi=FQLKQ@YTNLQZkrq
zR5Gz}$49-n-v0Ho%JCM~dgWc94S&<qk<KAye#GbM(#h`NQMSYZiamA)ZQG32c^5nV
z_*hnlzW)j{voE1Xbtzy*ZK@@k|7@6=(cMTVv)=^Ei4%N=Y^jneYV^ljhC1~aHs|77
zsZ>@SwCQ2#f8P<mmZUUu=rB{NZUILsm8^n5X~(impZ#GdFkRTWH#=ycZE_g_4oh#@
zN5=qzm=^b?6t<$hk^0xD=Tb~h@n;#vPCv2C0aamdJK;4-dj7Bg&#6*_8%fnY(PzVY
z`HdJ@iIr-mt7X@}n!p2QVx+1a-We9D)EjDI6k@)}(uQjaltwMfEKNV)1&>qCMYSUI
z3LXwQ0;;|hEcsLn9+Xloo<~(}D-jU$l-pSIje%MZc%m8gCMHAD)(wRI&(cD-)(OX3
zfjyj0mE7N)ZJCNEdgG(D_`)}g>MrtaPF|mwzMi%NyHFt8?EON81a%3C`d=Gaz8t3$
zgk9~w<-zAcrytmOxxVX$tAD3Q>bzG>o1XYL2UF7CR(F){`(>$!n(InrEs{4w_&r+7
zs#*oLm_fk;S<$MA{vSH>6*GseZY`j2$65jiy$A6|e9}ClzCR`;Hhyjj4iB<|*#VHa
zmZnX5X_0iBV^wfO_*G(RmMyKcG~f*>_19B;DMj6T0Tao5OUI|r5W?hgLpNP$Z^lXa
z@jlyUSIp+ectTUgsw4~pTI;;Pjj7Y${P4xi#j{%LCvJ8AEN*}4G*znnOwIYXGdq6D
zm97=dr+1FE!Of;_G4de3uBDW;Np|Zr!Qw;j(t?FdoTk&MS|;oa7y*S{hjqXpLL2*%
z)<BfA#^%T);DNU<Qq%KA{`gVt{vy@ZOE{-$Owm3o)^hUWQ#{U5_f)`6&ZRrmP9}9b
zk>2<@{xtc8^&Ks6pbY7Qe`EBz_mE&}wU;4k1|5aU{(tSgc{r8p7eD+MB8QTQ21C(7
zW!R-;CX$L!Dw%g=Dnlakuu~nPsH0?OY(Nu|d8Q1>Oy((M%GAz0zw3UsI_LZSz3(6I
zb-jPQe|(?oI;U;#=eeJISZm#D_^fq{8*KvK2~u2k@jKSvsNVa*L}qu8e(#hRnwhD;
zos(>zfSkUmBE=r?k(?umv@+66_)r{~;SlsWrhTLQRBbAU1F5jzkTxhGdm=EHC&<KS
zcvpzs8*lR>g?9M6Yj9E{tinwCzBj9-n2{8RW%R+#k3mv*Irj9<&G|@)>`gM>yt?vs
zox{wDNvBez_K|p-#%*qB3$h6IXb3Y{QuHf>0Gg6*#{Y5;%7Im4Lvq=a^I{3zI?0A$
z)>6Z9S@L<G{Nc9?kJeFu;7?S@$La;N$oS~WrMRledC!Hq4!t}@3E{Hwf4U{ytm`M`
zg8NdU>q?zUGSS#F+5inUM!qf2`-Ct%L-<uer)Z)Db3aV}K9u&-pss>&?X}hd0s;=7
zcKMCYyS~Q93sU;^f|FoQ_oXyDy=0r+D_?v6M6yHX?9Qqd1$!48Ln&S@o@`NGSyOd6
zr!S>*MGjhJE}BbjOIEEClphbmd&^_nP5YklP$mbe=YHxK^bK4e>67nXvCduC$69hF
z|7YLab007Mm6hasl!h_c265C;Y|7u+f*HiyCB4wl8#DqDOr3v*wJMLvp`v6KYFww_
zmTdDP-*w4Wb<a}eV%O&A(rn~gNu3bbSoCF`_C>UcsE%%J<uMqX2&iH%?HewUMV;wQ
z7LY7cQL_!;<H^}I?z6HmH*;d7kFiXihm|L9KR%A@L+LG<R&wbz?UCM}_bfY=RnIMH
z9X{s0%1(JA>&;z2Y2+(Y^Z9YMV}3Fr`Aw^aJ-)#~O^W6{=iW4?dwa)ZthZF2U2l=@
zAGsBH+MrFfVLvJb7D+g8;JudAq*71C&HasD@vpTk-!Gmzzb`;B)AdB|%3Bks-JR{#
zJr>aIyzX?jqB-yOxZ8b{slUf4-=4PjS^C-DQ44P2VCBo&!z*QBwnT(EUhazyvX9PG
z$an0m>02yQ<Wbb0(U5bkEOq_%=@ezI$DsF>N=8|!s;ueAE?Kj|s~*ZBthSxoe3m~+
zI7}br3-obZ%*K~syOvE5Pfk14v?gU;v1||;i6T7&Qt<;)0X}V_13ryO6I6aei-^VP
z!>3QjMGP|uqFQ@49F61SyIVdkt7jW0m@{!HO*3;embtI_SU6=Y#5=#nd3Cb6Y&O`(
zy<n`!OmaLULDt<&?q_ZlWsWTz4J&ZkZ`|LKbHZPgxzucN$tc<ElFQLoQZ%3L<vgLx
zN88<<^<0d1C@~5y74n`t+mYpc#a#lrfW-v1W%0fO1^7?W`W}s;KZ+m$8}V<~?ij>G
z@!T&R2QKmPeL9;F`C1{eeEhIpg1@)rJexyfx!Q~V8$X_l%JwGldJ87z&nCN8H1pjn
zWe;x%M=fJsFZ2`i`{=o~6V3-7d;TEwh9p~Mga9LCgVrw6qat2Iw|aVdF1){Vf@Q-g
zuK=<Ca|(8RyE<^o-oAr(Vtz)e?{NMCqy+cvXt;=4kGa{_I9Hx6Xcg?9r|>2LEY&o9
zRNJZI{ZxbVDYS<xg+F{!Wg#JYz)@AIm4#p+B)0udO_Yb>Te)i&ZMw($W7r2+AN58}
zxA#6v3ob6DbPfYTN#ufIKt{s0JAGRFN)jnf51qG?xhS7p1QZ@m+?@{AT5+UdP=^;0
z$V{oV8?M;h-O<$XFtl&sN;g}xiN|$)yFk^7n&awhY{}-GUe?yZuXtTDUIbr%J@INs
z+@fB3Z?eT;(p?kTL0tiU)BaY=(%VT=ig_n0@&@kd9_tH|oqZLn$VhbWzm_$Tbn=P0
z9(WK^S-1;>cw|jIms*($^J)&q4o1}n%br$Oj3VfHz1PoJs+JEf>D016RY5mgZ|+xW
zFXv;O>omM;c$3k<zm098yH1s@*5TmxlR8yQd{*AqUzc@?dMGyWE2fugOfT`VIQ~=;
z-&4=ssWG)kaeiKBr7nCjqp~-1JbT2n>d7JNtoY7r6{5+P8(*hZia;3{FxbYv8(u1y
zxMKOHdBA^}JJ9}n1?7M!zP`~;we&Im+g&=g9e$g&$L@loPVP#TZppKL%VIQX2KEI4
zd3&&0x`CQ#zR7_q^@_zXn<I^v(#TIn^FtafE{o0D`n}OqkQ3eTw!p{JEO)Xix;U@K
z21Qh`FdE07SmpT~TE!;9kqIbl_<h>_V0e{0&mq}_I;$3YCC2p@)n}pxZLjPHslxHG
zi{=z2{Or!UUC@>N5Xo~dT$-OWqx6>SKX734e!mz{OTynuf~{cx+WkR<*W8EHgSC?5
zmrEzQCPOl(EyEjj!AmWQBIGcMx}dv9()3TMD+PzGw?6--F=$n^8C>qSOKw;)Syb1r
zg*0m8!8&+&@=tj0A0vMqI*f*$x^%L$z_~gp?oTXcgWyP%wBDv`@7pv^Id_*|mN@iy
zF})%>!5})6q03dGch&XltGTv?gyBu_;*?98yd=#O3nq6H2>%bd>3$$9Ey4hmqXy6P
z0RokT-c?~95{Yp%jdXjStKjklDY@UiEB8X?)t;zvvcw@hCG;wd>jkgAt4>Z&x7Tk5
zFk@3Bh0LcIf=X$I3BZKDXiJWJ*|1A2CJ&r}V3Q^njDbxW>c#%!?U|HT8$fry)zws>
z(-{1JZ=Oa4)o=W7>lAx+IqmWX+OTBcpRI^SM9Zd|^92$MX1=F(a0Z4(KM3XLH?7EC
ztgq+I=<-(UaGTAub~`4x=q<qiep0u3A)sd1@%qOnJ7(uy<MMx|*&hY&X}DJGs2I|E
z!EJ`@(6g^vtHJ{jc4c$;cj?H=Zm)q5Mo&43L#-3zH@q!L<&P@*^9x!`)(m5UdXCFP
zkWr3v32wE=$tWJulTV1{<I@lod=<~fRW#8td7)!DHSxZVw9O@{6^ni*hc8P#PW~Gm
z|843L^2!GeeT-N-(!Q9r_orES<=L77X}1`YEe`qPN(=L@IXsT6O~PAht~VQTU1@p?
zI>=b4f!&>RZ_dY>x4o^iItqfT!WK+*fr|I3a#!1uqwV6oy{ksKe94S^Y8(?hZ{$Oa
zzzsZUyTh0&Z<lKk1qEdv@XEhie@V=EvUH!&27rP%d@$^AU*w@I95#6rDj@4)?zxh3
zIKDsBs&P^=dCvTOcl?(k@A2{%1vz7$K{3(OZRL@zSC!YdnR$A8YDqc1FFBX+HkMB-
z?5%=cLinu%mID*j^82F-t{UsdedOkHYThZgs&s|J&4fWiJhC~0sF^RDO=;1eUJ4Ik
zbXTn#7>R4BDQh2_)ARS>2qp?9G~IEl@a~%By{jqLobYY%JaXO9u_M>r4Db-W1kF$w
zvx$SZq0d+&l9~<1tsdDy&+t`;QCPcaMj0Kv_BDwatL&hv_Un?Z)%L6`l!e##=!IAG
z#$<J5@IW^$T5FHnwDvx80=8lN2>jZ4KH+@B=2|}x5bdj7JMJCRTDSSB?s^Me`asBa
zCzV6E3?gS;5?JkNB)pe8EfvV2vti?Zbnz7oH=ya;0+h%G<mphqZr8pV1qsoyL15_8
zD_ySrj?sg0nHQ^0g?Ni$#2Lx4y(K;cjye%OWzQ*ttoFzKX2V1dO2cM8aIIT&)8~jR
zp5XBSH<gkVH&DPh$kJ|DoWKwIN>z|ktd^J0GA0OxxosM~1!^rF*j6M>kD1GzIwrA;
zO1huzIvfV0R=eK~#94FQ8WlB~OP(DJ@Xwqa_n4jEiiPEfds*s;v`d0U|D#l%rpiOo
zM$29@q5MN=NMnGeu;V~b%K?si_8y5aEd!rnS{Unth;i4C6E3W|{VTxj53iS2*?1XV
zPX<3M#5@}gV5wEp&Bl?TGjpGt^MM`X^tj*8`rZ%jo*MQl1<@|u{~<W<l#BUQjOd&{
zIhNqiQQG70KR4-jxU_Lro^8;p|3T(_S&hc_`Uv%}*WNE`o*zlgiSF9_&}~zw?Y299
z<9xx9RTgr2*Ike+uJFhKAy%dMREdan9J)|=cci<3D3}^b9AFs^1x2LtEO<xGy!u8f
zjyYAH)g4l(RlY|K8(F3yHMtKB%J%vATzBN2KfC8imB|+&<tKyQ^F8S0#Z`*l785yR
z`}N*kd#`_*$(%PrpqaI-P4;jJYjg)28=IfF(`8UFW42V5(-FvNSDL{QxDBBj3P~@K
zBiLL&FUj}F;AlI`1r4w+Dvu?cpY*0B1tA#&+dJCGL`z_rczkBbTBS(F=!or<zR)_q
z57!9{nmW1QzsC@D5PhH0de<l0Lw$5fQ-ag3Rq?FbWbk3=VAm$p+Y4@s!F@Wc@;uS*
zL&I~W67BWjn%3{%4S*sD#?^tm64{gcSH>)s8jQkCC+Ccr5FlLt1FU99-R+H5k025R
zAv0j{gWG3xYn6S;5-|o~4HFDLkU`BvT88MUkq^2Nd|dgxOPMQeZ)Qb0!Y*+99a(T7
zZ(ac;>UhRb-(+;2G?KtmaZr@1V>ZN=l8}>Le34a+JMFp@PZwBL^Fj8@BGp-APo)Oa
z{d!#r<{P|d!x`DzMj4(~lBF+KT;*P|+LJ$-X6w+cHM2@qfW<{_G9o8TZ!MEvXzZUv
z(j~p7^lI{fGqp0l<c4>o?XUqsoPjg;O!*=+_J_Uc=}&`-9*#1p!7c@Twwzv=5{*p<
z@9EX?CJ0I%F4?8%@7fjmitdTWB1}>*%osb&7&-HMS6Sa{55C~XNk$o#i;*6@?Up(4
z-R#n8O;bX!qCtkj@<UsJhthch85_%dugA{S>q?eA&QJN%JKy{#HqgTyxt#&B2sgu4
z$n8%QtWBK$OU6QZL~2p;9-@jrfiv_FV;WPQ95yD0&fwAk$tZmWEPKd=w_|&Tx0}w=
zR5g!7Wyr_mtCoB6%I}_Xs*7kD_jVtN8Vg}f4AxS}RH#l=yx*13f9pVeI@}ZFc1?<R
z^?T4<JPeJeyL+>2c-52zEbSBq9l<nWjf^C2OFTV9FTuLA#!+?$P--kh5rnhRws}u>
zydyp|vfvt|ZSyO5H^c*;LK_QKNZFS^ckh(LtgQime)C<ksO@(^7pmD)<ouW5?E|y3
zxwao2Ds=?dy04UWX4u{l_cqg6y7Vz|%0kE8edJptu9)+}+n1j<lIc1R++Z5hzjEPC
zWBq0V^O!U<0B{N)qAt8fw2w49{h%73nE{|Fmr<Q79S)Wq?*>Y}E@Mg#HtpLe_x#dJ
zxF))`W^|=XN9A6z6!E$w9MpA?<6~dSL|iMAGP!0uuXssa_+O^O0xFbmMzVcP5PwBa
zbh}y^*tC<o+}(fi=y4z-jKDtj{RvZLWQslGP8!hfQUk9FVhK(oV=gaZ<;6Tp=B=$y
zh8Q_4PAE*4`}-qGZ+MEtG~-embZN<T+4bPcb;qR%0A(0Wizcs()G!<hZY6LtXT)bj
zkwHE^2_3MxuR><dP~*<(Y27)nkTh{O=et3#Pj|BP_SI}@?_6)WJZV@WqiZp44rrB9
z^<|s3Np8Ov>auwI$nG%d+s>nz@cRt7<&@swipy}!KMKD2U{Z%ATY0hX{k%NTiDN+_
zWR#nmw7mJmWa&G=KH3r}d8IS{6RL6(mLDBP2f#qG6?UG`oM<$@x%qQPo~&tk`co<A
z$*bu1{Y%UKe3I#9x=nWXd=|c^9I0gV5%ULmseN|f8x1y;3Sr&N+L$j{r&bgqKtuFB
z8km01K9j{``T?$XY-JiqPgoSi?)c9wS=x6E_Q6KH@*;ZjkbUj}@O{c#Oa^tLH7re-
zwF?mUG}q~HZXd{;ZAzd_b;_EputsmN;Z3<H6_sHt^=t#V2-qxtRhit!R?|MyF*%dc
z6Sn%%KYpTX+iX|%A-f#FSoG`*?``rpTw*kmUiudgk7f}_2f`I<UoWS@+-sC+gvl0F
zp18mP;@0U5n2vZ@gm?@{t?vc16hFWBScJ(b^^hl{f3!E7EC!`=u(3^em$lcQIXIpv
zVVAcYl*)ol-C&H`9-O4`!-hB+2&fDozdiY<ebPS;l-iG;v{%^YlWynb`Lk%+I_rn?
zgmB5z_LC0ZN_(Uh22~u2wN5&GqGQ`pki0LyxrMj;rTskvdyjFq92XtW=^F`@LLJ-V
zY0&N3{dl+ka(1dT#DNMM&%A22k!<LVshBh@(;)7Q$h6w6;4$uy{PWZ8WUq|JH#Nf)
z&jxrj*#`zTDQw<RCR9MX;9C;w+WzE$)Jp1^(f7yV1^zpTjLGbxMvb=((INYV%5bAg
zk0caMDC&lIE&Kb6j*P3Tiz2ZkJ^bNT!D6LQ9|-#BP}%QI?Gs^6bt=v)pO+Jlb?&8V
z)%sIQTGLsU3(Fcai_)E5@$MT9D9cKUdmmSL`J|mLdtYlj(lp^8qPTD~)o^{4qO`my
z&%=U+9tq0u#Hw8H{WCUQS+dU6TK09`0<!#^!7Qpa_N7bp+QmWs^@;vQeKoc@;mHn@
zi7h;ATJk9prQvMB_AO-ZCm%fCUAruz_>5VLu=pRrA*3<OeT?vIcIrz$b;!OeV9@7v
zjeKYB!mV;|#rT{gX*Z$_pwmRR=qvKt9|kTnewfD>{oMQ7|4j&q>}x%}G_Z60ivBWp
zdi&0myYBah1H0YFzH$)LHT4f}UhOuKRWNq`_N+xTtd&hgC3bFLA%XH)T%LQ!#!Zz=
zkvr6S=l9V|$eLd=F8<hkXKvN7K*D>a<(ncGNt1GH`$EGdq1M1>MnYpb$+f0&ar%XX
z&JTWBVV9ql8b+_aiW+ns|K5hX0iw<>L{xqoOr34E8+2q`j%n5$ul%d;f>o0D28*VZ
z`8%KNm-Y0!%618`m5GqK*w}KO)Kqtha&HUz$hiSP^FiOvTJGT=katO(AdBXhj#L}5
zRr&WkeG2MTYaFGe%Y*zm6oR4*{}K0ZkPupBmLQMVX4uI|I{qw-8BR-^Sa!`74U@h=
zFEJc?e&PyLBNjc=bj7jQm=(PD5>E{T3CB4%u$FulV7)U~#kcWvYW3Ct|M)VOk~X3A
z(&{}?Q%@iG>r`(Ky6tyNE~DCCa^D73o6b#?KKqFPp7#3Fr0PkF?F+%GJ0UBxWZhV(
zm}^*V^=*~}WBLP)vxJM1-4zKL-E2siW@D4co+vhx3M&yLymTM?R&68o*X^0_WyApu
zWpZkhd~+_LTF(2(|6yR%L@bGOT-40p5nL4^N3f!o2z=V8$hbeacXQ<ngEqFxx6LCD
zAdot4kSD3uk(5MUK1z_N`%cFX+jT1_a9}X&Gq^v54nn^;B@Q*x2DFMqguOa1N}F}D
z>K^4$l9yTiptC*WqT7v`?`a{jDLuC~rRo-}lem2#M}?5G^*_y>|LTpq?XpJ!uYJbC
z;Ld^5hQ4H{K;l5hbQ`xrLB7RI$kSB9C->oC*f59e!D#>o1z>VHN<)S1U_F@Ug2ShD
z%^mW@ndTGH906hwL%4+y>O-MUD_-wm#F*-?cI*Yi9wnwcWrCylM$r05{A|_qLp~r3
ztlJVC$|4)YmSEEN-KE1SAEEF&*7>lyKr5Xb!bnV~kHd%%mmiNk{|5FMs2#nz`qql`
zavFFEN5)4!9rLNEHrWRHsU^*Nh<Bj?l~M*dB>o((tv%7Ci6olPISPc$bIZc!5%UrR
z^sES`F^s%j(W|3X01WxnVJ?t`Ll3E%Qm5NfBE3Yk*#mGeYG3NV*1E`v&3vjh$r}7V
zj<^HVeeJDyG;B%+_Rq@Vp&={%C+s7)u$Vb`P6z24(37VREBaIE3o-PhWnEeEhhWe%
zECLlVlCqWDJ899eT~J38Q%c$|#9C;R_B=51s^I<iCM456hr+8Y^tlhZMKN2@(!Fx}
z^h`K1{XlQ+pz3H><i>`LDk^N@Q9+&ES)!)Rt}@%%*e2EZjjuOd<xbztzjQ&yOxSe!
zFaIP@OBb6i$sc~ll!~A>=d`=LDBU_2@Hg~<{TJImsQKMx;OGi0;EPy){}wp&H1*5o
zB)7gtb(wwDsoc0RfGgcDUl0c*`AnX(mIf`m6sflQc6T%tSCx`klxH2wUj2u>o$fZ~
zZQT>t@Lt=3rqi*Cxv#R1>xH>YrNa@I4Nz}3_1J@1^TMgh@>ONFfp0mK7MbNGIwyly
zXHTl%ZUUP-VFh^%)9Dq+;s19S8V>C@vl5M$5B-$Ws_;TiyT$oKDJJVJ{(yP184BYn
z{?XEXG<Pn-pHi;ko7(az*Gl24)@W`%cXB`3=^#J<Miaw;q-B%IzAsy1{dtCkZTBno
z=B#d~WGikDX7ql)k7u25#F2288{R~=PvWVLPfIkI;7oz0D?%<7ADMPpCGj&#r08&}
zEoVHQ&|&{9B3M*u`kz~YyyMRT?OW3Gc5>-3Ls)0i_xqYT(~}hEH-o$j^I6}`fyZ>-
z%+B9T=S*%~9Cn_R(FSM2#Z7<`p?lMMcWXCivX?>ejA(k0je&r(O`!j)q`=y{{<gCG
zrUplCGOk~0pBZ%=zqUmw35;C%Lr9BLTD=U!ba{2@=t15V?t6@qYV$fHI1_?>6;o$*
zL4ba=E@=5iVlLsZFE9uu|7jgk(1in*nxa+V-e*g%uGhH|9jSN{!X_LqAaMnVIg>#l
zO!~N}3%D9q>Tpnayg59HUol##&sBJ9!`qS-YxlDcSbV*S+Rl4jXO-E42f@)@97>_)
zwoKA#0(aM8m7Rr*5@|DFqqyrOoR^rV#_QoGuag5b{*t52ZEU;!j!4uNX#@fUjO1PW
zoe2esV^+EIuf}L?K&Uq*wX<&;Qx94~TpLk9A!c2sKy-3CC`!X<9aEDJYlUIUh2QqU
zt@z~xzA@Wj<-reQn6?}p&zhD4(&<E+epQJj+_UiIr@%nj-)^y~EE4HNDS(g&Ag~x<
zPHsA1e+q$MYo@K6#@1VA2prvb(<0_3nG+rQu>6821O=%$K8|?1S?l|5GnoGSqiOll
z4TVGa(0LjX-|0NByMKd3^AP0s<vY$}Z;1C<Mq3Xv?uJnm00_V~{1%AGn4B)Rl?M)`
z@7Gyxi<_=cs|oJ*o@ZO@K?q>0I9;#xIB%63o6AW8W1cB&U6BSzL4`AK8gsjmm{l2!
zOeNSYP4}6W=bn+F*V(@3QSV=Y!S{6Yt~$t|7$cT?I!9RxCJZ1M`V0#Xk8RMlq1%D#
zmksHTWh$dYuuhkvpQ@DG8KS|@Ib}=Arb2mSxTm}Ic;9H6JlO~@fg^yL5`)MTLn)mL
z%nT|yO|)%(N>^A$_1c}sP(iP3a9V={2K32zu?zXa`5v9t6a!1XsEtLux)Il1J7yDg
z`h5EX>vy51VpQ6;RljY#+{Ab!`iidW`^ZJXtq0dSWGQwGCbzaANMDZIhcXe(w>mY$
zb=3KDuTvO}^MHe2@tAHTcXSru<G%FvIDyjx1`*?)7Zs}i+E9$yQkm~c^Y+5Jy1G>Q
z%6cUR2_8?lVL7qRDs?PC4?c2yye+Q383`!#A6LG%lH>h^g?^RiEA171Q7-w%5v(8h
z;yzO2^<Q^?AO|b1xV|;WNUUua2$uU>VHB){_VnfanrF6Jipx$5?-un@lt$FdXjf_w
z5q2)6XyBc$RcM5TH2ScFqNOVqJdwYsO6k(&-BPi!agW2Mh^sBRu0GCAp0l0e0R~;3
ze~-UHFV$9xT(2~(BQ?ovGN+uo)Gr<!qNR}au6=bWdR4-!Mc#h;d*h;4v}#+|kG~EV
zA1;`$nz}ffAO}{;;m+}QQY=qyupr`R0jO?hD6}`EvoA<t_sUc^?+(_2)e?t_EkdRC
zkzTIcX)VKr-q*hLKAlTQVGS0~onA*F_J5fR2@JloMUC(8E}VXa@8h$YX!3z<?=@oZ
z{LHHt<_s;+wGUf&><EMzc6uoeHR`MQrtage^%8I0y^rcQ7b<O+S$MHEe_VnsK8k&R
zzC2GHU`o{{i#*IM$Nu&g-BDlX?=NNJu*Yt7Zb_;y^-Qs=%t?dFz|6rF|B4k?IbKg2
zU70^>C&Al^g1%t=-S?Je^WLc!di~OAnyWvY$L&fVH{0G>oz6SuFv2Pc6+Fqz<A=m$
zFJ3gf*7mpSSm5L0EFsa8e#85Nn6s~Jit>p$6p$-Uhmp=ECEVlt(l@4Ar4AA#$Z6On
zV>WNXi&7WteNa?_xKVcW-P|WNh0VG~*U!m(c`U>BnY(a(tAb3LxZR^8UR9%iiah`=
zsCKYT9@UCca=6Fxh##<8OTz{7lH+cJfu_rhy2YZp5nG#A+8#IzILL@{){)D2HsgPy
zxnE#S^w060csN(9T1G{LDY4=>O;Lz`n9xg<m6rC}+Itx2TNK{CcaO<DT|0h8g>alf
zEUZ<%9HcerJov@Bn1LHNA(tO_(7AZ=ds?}6dL5J1TqUJ#;w6fC%j+mYTzu?ryyt7B
zE>j946-HkJ6pjo1J=fslVYAfGZn9}aF_RzlxR)K^pTObUp)t(~ARX}7#Nfe4h+a?;
zT>9gC)OfC+h5nR`n5-^1`O`Rzr8OUmJ#zxEtn5!KUB^eTghN*?&x;-dq0VqxNYD;Z
zp1k@1YYF1CiJG7wpzt$tlp7`iLJIHrzZc}mt<*G&2X-q?eEOuR$6c{;%ch9H=bWsn
zz~pnwlR<Y^C#Nf(A%48W`qtmC+eg3S=RinrUXt8iG0(cqM{oumGDFHt+9}+h`laE>
z+b#Rf7q_%ri11mNAKv6O9<VRb|77fD6qWN^(2Q3mXPYZ~uo$8`MZ`_Rc+D&go-|k2
zf=xYUKAHTIP2PLPvj%QcR&y!EXnl&eSn}|4iI{Ay2p(F!&DNkt;HEr-R50LZhyIFS
zf5oi1usNSDSJRGZkN9G=vO)?!)E93X1?!940x<~LDRCh^Fg>Q@dEB+RUwxTPZEQp|
z<)^<m`72xp`0~-%Gj|}^BgXT6A5}1`DU<a=r$-gA08PA?N=~Mm8DY^^(k`uNN4PEd
z&dpki++)rCJ~UU^UlZJ(B=aZl+Xzl%+rq!wGfb{u^BnjIrJf8uHO{V9)#2UTS1lv=
zUWc<ROGti4ubk%*d-~0+CIs$^;4m)8Iw6R80xku~0JIn{SHhq7#hoiF=`QGhkvaH;
ztCXGZ0-J%Nr~49dH1*}`%+I+m_S}4EMSXlq>s?!!n6DS%+sh1`Dz`6k1gN-%A?196
z{+354{|u7q^@pKOzJHu2QVN89SEBm3-@?hLLGa4UHd$T7cWlu!mnFliQd??dvL<PT
zv!6cK3g{V8V0ZW~&DPi6aIx*;CGUfLxrd#b#O}1b-^Fv!-~S`v)n|fhf+aNfsosr$
zo?4RY?=c>nIT~EnS5)R4`yBH!FYKbF#W+6ftW>wuYohFvqsyBpugWoP2!hl!2|zxK
zTf8+WFso_l+u>509=VwB=jHS<C8NDPdwNmp8E=}Ea47eCpRGS{eH<vcYTe!TNqdi`
zl+EsqFl~tE%>9Cj|DIQI_;4|sRL}e0BIeaY4fib(ePfo_9ivS7x3*n5QiY_q<5Cgd
z5}1WrA}0BA3O^qN7xzCliP|`QPp(F`%kZgw!c0fEyX<wxZrL5i5`p$#eaU&wUzut(
zeaS{U!}K(K$%WYdI$EsOEzkLyrDVh=S`yje-|;$trn=jD<@Sx42!E(aeB88otSe7;
z@1v8Rqh@^SenSp`U%M0R`AxuKx=}Y?Mc&?2;r;nH*Ujy&74n-kd<Wz_;8YJkM0&uG
zNo0O6`hZ{W3ixl?qR=cPXFaX}GxRB)x{8X*eo0AAd$$UM`d#iFz;h<I4?tAv;P!iP
zj|adgZBIFst!uN4@g;Y*JOF9MaVp8MADo=jYXQ!Hy3M3Xg~|gl%rafpymct>?-Hq*
z7Be$o663|T<~Wt9msb+A1Yr#N<4o*6&^~B;-9rAY350=L#^3*9&eOoTq!3p+s4aIs
z9(23-f$R~!9<?Y$8?Iv;$wG?sUKmCl-lv<W;WxDZjc!s92nJ?Ok>h@CP%mQH+s86z
zjOPQWBe$9MGn*?9vYbUNlPtGfr2T!k1cTA(k7PzO{)bI_0L_V-i;uW=Qs!uI=Fqdi
zXJ=j&GYLi9-<WnPYS63u%g%}ePc?>i;#wNbmkD-UV4*J7?pxRup$GK8y*hXFeFb{1
zK32V9*B|3=Q>p`?SC&z37BXKX*^P*cMu1RMSK5KAvn(;1n!dPrMy)V5vG!DIGIl3s
ze}Db*>|Sd!tt_RO9nG9r?vD>nFKr<c5E-2vF1HRmon+V>mgPLwmI{nYc((@Khel$g
z+~p%$?_q`@hOQ*#Ns8(yA)H-ua`J^d_v<oW&PT39j{bEy4UWNzHIJ!+RzRo~iaRa*
zaUJymU4=K8EO{f`CI?iZjeUuk{5;Qyh|`~3Njy<u+gRRRV)tszcOj!h6={dIZ!n^w
z`{DT*BFsi>c}$B#84s74nVADf#TP0Z#f`cqJRm?sGtR+m7AR;6vu9rcT3XIm0r;fU
zg>0nb;Fl8Rn;S1cV<2VJ&s{m;{D>8CG*;Zp8f{h;#xw7o{KayXepZ0yQrue-*zh#H
zd@^^Uxs=IVd3FQ7#%t|BS9HPPj2es5d($Y>MjSbp<bDn{^0U99VORDy^yk^Vk6eqG
zjnNtx_#H?Q33SgBd&snICz=*QA<Vd%kRq-oLz|?VA%ku;e@RsIUsG!qGV-492ZCv;
z8^5bDj=Bd;NiB}1K!3J9)V4@+uD|UqfH(7X!Hxg7L9}oLDg@g|dK`!Wf@wHoVB|I3
zc>2}Z`U5;pOO!G-nDRjJd?}vG;ohv~5PwD~IopPw-2mk8&p$v-!Sae1!B;}PhBoB2
z$)_~*R04@L8#<oSkHaA=Fz1xG!+Cq45dcZdKCP6iX*f`8PREWc1L9?fxvgEbJKU2!
zES}d5S-rCXupM;66jagSO}3K22+hVGw)y~p++c2jJPdiyePjzOak9lHhuVaETr=&H
zH2s9<G%4(wQoDey4V~&#p@nOW=X8O7fMDRjDU(E>H_and*nrb|;q{1vFw<XYD|kyo
zG*F;3O@HhT$pS67|9GWD4We49k+&)JyYzvp!~$WI>W{@v;q0A15=u7L!_m=0G`QvK
z<n$icn|fJ+_UsXN(;~}oe8@dEP%K**5pXfPmWH3z15j~+y&OL8iGQJD+hG5+Qlw%A
z(!$+uA}t?d``7ev&1|&dJoKV<SgG@S;~T_@fS?WAxL++k+S?s1_h5u${nK=?_;^-%
zE<e7UmMwJumAc>*Cq6*_Y(nb^pT!?Sc6Sl#ssgjU-mW_l0H6I?eR@lsa3Qqt_q=P&
zj><B+si4$AiwDXkYu23I8zd&7*YyV+uZ|{{fo686Id|aDu(rYV1(*0n!E7_wVIk36
z+b4W&SujzFWbB*ba&vh7E>h6E*6Oq%voe~Gp(_J@H~0yBthELpYuV|;hhDUf5iWp=
z1%z?U;N0FvnG4_FG#p4F$jNad;t4O94~G{`Ulw-czxzs7aEg^Wps4VnTdnUgdSU*x
zh7Y5L4?x2nf-=^coL@$rF1&>e=pcY|DZOZt=ldVWt8l-7g><d)=n4sK-&->or8g)^
znLS8xkz^|!o$B6Nt3b^%S$?_0HjyU4ZfGdPbS}H*XoS0F@!X747+~D^su(BkMW(6q
zr`sG?6X5TCR}!1K+&9^Gx8WpPAM*5w_eL!Wh%NR}Tz@1R4GR}4Is7TMvB^)-p^t{k
z$41Y^M4#3wyglDt*YM|G8L|EHD?f}T{8<eLKgT;61CfwJZl)Y^P-erV2>*6k@6UvV
zQ8iWI4TwFvH#Sz;F}Kq|aNvy0{`mUxs{q^Xbm>MCEq^LjJXWQ$@R6?ZHooN{wLX7=
zAlQWB051b+_7%4YGBVkgosrWnC5_0rEfJ^%-c}ND^bMlLe&DFlo_hfN>7>2S#OaGg
z9_&<x54UQqah-r$jkd5-N^B_ci0jIYCgGp?cZ<vvc!l{VDcT~wWP*puQZHAZ*Mx_O
z=ZHb~Nk1tPV0B8=6c_5GroZSk>=I5j4i}ig^U;tLBktu}DZZC%HNQ<lpPp9x?CNkq
z7Y727ps#U27slZW1j!c`%osBymi6s#WD`Q^Vg(-4Ke!C99yz;r%To;ur-qp(b={lK
zQbaJCg$L_)Av)u@haM%vqn{Epdjrs;^OJ+|D!b3Wy}$<ZR4qG^>$IM@bAtv!0`Nm1
zj0$((l4uQIx3h5PyPZhmB-u&uv9i!kQZSCjv}WTSK#bPpJnrjXPJ?XftydR6<%cme
z6#^&+?j@&S^jnW|-a@agwFXK&a!G-g#Qz$|4unsvd6W)3lVI<4MW11-6)qx1Rmv)h
zENIq~sQpcio_EF2yDDI}M!SjmW24ZG8*-DA_w%UI2=2nSMunzCqwvtJ7$*rEt?@;e
zH%!0EQ?76YNJE<gX$v3-wgM)@kD<w+d!Y&K+}lV;m@O>8%7vSWF?tv+L7vJmVf)~9
z4KPL}wg|^+X*8&*1}!Z=hU(bI#@ms0E%W`Q(|VG>FzzKD)rA~-*n?mI7gW@uIX*Uf
z3HE+*<S)&L|Csvm(~^~ftNrL(qs__YD#%mpCn{Dl#uv?J8F4;ftCpH|pc~t42cJVL
zUvSyY;IWfxGz|4v-Z}0IXt6ncu*!PA{1G0?jgdsn3PS9Wu<+{lB4C{ZVqo*X)!*l{
zKn!8>lN5pk9_V_~XX{?#vpTUV-!+>*TcYK&(BNdXGs30I4Y#<(GQavdt#?14RK?~|
zC6a&RJ3fn*Q}y5I7zfjny7~h;FvqFrm61~p<vyMU@HSXVd6>+~NLY>RVNrWGb+kwS
z_;FR{%PcaiU`Cb6Si>f?dy!~<es(nBMZguGxkQ&2Dp+OVKHYq|{JAWxGOpEy1}YJc
zUR2;E+MyMqpKz=3Kqi{#Y??rj6hG`xZ}rpm^3d))O*K)H+!OjmlyWxkc%5M}nI-${
z)ZE$H9R-effyw9dU-ObvoKF;oZWy*YdXzgolOw~&(>uaJe~&4o)QS$Mb~ySJoBPP|
zvMQv5dwJ_|uw6lEshE0-1bn)2f(L>KZdPjVm}$)E{rhn0;OEvP!}*_cA4j^_lH_Ll
zhc{_l*)$M`s~u6HG^AU7zT?|(4f0vt<DaM)G6I_R{<riwm84hT?FICfIX@5%nYmL!
zK0k#hE3*ZPqADgRQ5LED+B_0!YHE1#iV*N4Ti;Qbh9!0`u_Mv7ECzIN-asTwFc|2g
z*;wfbA)G_Ud3G}<s|Xhwf`Y7*f!wlT5x^jeAn4KBIK#&AP8{fV%2!8A{t(*YuNJKv
z*6yCG>RzfsOb#$<pxHfC{Tf6lvoh%jirK&wNmSt7>ICl^Iy4yRVhmlskZh_d^JUU_
z@<}r?mCb_XC3$GSVxWk=GK2lMuoCQz)M8TdPWr6}f#=|=-GF!-q#nuGc{uhl+6kWr
z$?WC%t_Rz%CfbIVry2kT8@FE@7ffHjUf4uCCCjXY9u@{+qEvu5uD}%}<aQ)cvV<b9
zecpq#9WYjTXo(EqiFtJeZT{SH(06Y$YTs2soD9JZM>C}M=w$5RM=~fM_do}EY~-vb
zLtn_U0rxs!VZhrY<F)bT6?)3mjsW4+PQXOvPA35HSssa&bGk;4LTRMd({WXPF$E_y
z(E{<cue`{58uxqacA~CMfl!Bd5g%(|jMVp+&yf`YQsK$QEnOfA+b4MxX#$8~LBgGI
zi0~#_j>xsg=-{zBkh;W82^W$Pfg@fV*1l-uP_hMCG?RlhkVY(Z99|7oSn!-N$4f`n
zYyX<wVCb$Yn%*NWP}>A83R-8Ly%9(eMS9a*UobR4bx&h4=FsKrDq36;GTZ=(-ww|g
ziX*OqcXK-wv%$L~yk=UFbVGVE%#{etl>~02#Ec1o#CEFRSL2mM?LP|#^#3r(7}Bzl
zTmK_?s{Y!p+^_4zk)J2Yz3~nBmIsJC@dyN(Cj6@1i}aLnmjYQ)mqsuG&=ljQHw{5;
zO`8yd`Yu5J+lXIT{=eYu3u}=nAd(l5ZV76d=q%vc5D7ul;LZ^#tw<^$-f;cRtA-4C
zEDXc$!<1ORs^zwCnDAa`h(@$quvAf?;g|jF{F@R+#krzX7P?mu>&mm>>;|_s*u%)g
zV<B9nm&k#nImnKt5&RQGXzg}T2N*G;SU|3JvBNfk4mFqlB!N9(P_}y>vBBKZpknmK
z>t7Bv8?y7we^N8;`EYx96U&R=8o<R($n*MZ3emqrO-;q+DWs@XOAo$K;Yo3y{tg@s
z=vS-f;B@{Az)SzSY(bGho0O(>|3jyjW5_B+?9Z+x2f+21+YFLO)c<phU2QdgjBLnQ
z^~Z54wvGd2OEmtJYMFg-dkNewEhF;;^`}KW)Ev)X#~&tb0|WRCkpGMRbg7<O?1&Lm
zxr`oeq^V_qU_xpk9voPE56O8ubipNW#K<};mQ&=yCg|V!B;!c9SrF%y-~Fj&07eJ~
znzDCq2(Nz{`U*x}b*TA;Io4)Hyh+|gJ#KC7cBOD0pCt;S;NC!SO}~NB?{AWVK#NUf
zQ3~JSL`XpyDZg8W4_2=pgBFPHA5E#z^s^ZISs@;bjBZFDk)g+*LB5AqaPaXz3lJ8o
zoA>=3dT5=v>k%2JTI1>0x+UOvLEa>oB02_{FzW|UYxJKh@)~H=$Ve;+<ce33a4y|u
ziM*q^qvqm}eK2(Y#>W3%G#)4L4Z#y9DkQFTIFzCFP#4SE4b9(#03ZbG@SWoK8&a#F
zIYY;)L)P;ol)wtpiF7%T?;Cf_;Re$0Tb=4Z+-62b5ei$pP|-n(7x<9l%&}}D1Pt+-
z!6@2AjB$%bI|+W(8Vg0anxZZ2#|P$yr^|-d8_^8ZAHa+b{GjTUhu5fr`hZn3A{Zpq
z+y=<QwY*6BBK-h&uwdB$sNhF2&0oF)^bjdM=ilC&5(wa<Cs2q3#v!)3@-9>_giM@N
zmfF>mvHlO{*(SM;R;FCP6khPPb<lIWUuB^Ge7dHcU!}*47A?urE%=}AOaJ3%YSEE}
zjR#G@`9#C48e5v7d}_et$XT(+kfHLzoRlx=G?%=8>aWWWHJ4)jBm0I4V+1+zCyMjl
zqf1jc0_nDzV9l78e>l@IRXtC67ILz#gAC~iu@C$w<iFfiT$-fJmFwg*TqNE2mcS2U
zKg@>#V>m(03AnaPN{r6pHMLO1BlougH~MVDy7-ps_)7c~mwL8t+jgg5b+I5At#%$0
zff*nuqlZ!ugrQ+A+DlrIJjflZ5`4G*Q?Ao3$;;#1!2^E@2|Nj5#QaXOm2vOqm{dF2
zqna&ok}cUQcbk@N3y-Wz>~rj9xq&K1Y8nPW3WhnJ{&t%`sDeb^`!gTnOJ{t^wb8(U
zJm5~F<P<FC3~wT+|9<ss{S_Y~tkBrkDmhH)3K>o`W;pR+FqHc-jl?->Dn1B2qJ_I{
zP|Fny%7$3*3}FoI2!Zjh1&$I3%K~E?7aj0BM%s3*j+$0T+yrovKjB<v*ym7887q9t
z1UYTgYl^F=@>U}3pM^1wMcZKj*F4u@ESt*|@Sh8J;tD2_kFy3@O4O_H3%vxpUZ~zJ
z7#WMm1mySV*X-xS2*<e>sW;qIA~<e_odNBtEVsb309K6>^Lk+j6BK4S<M$A?*IQ^R
zH-pQAsO=_BkJa)j|8@o~s}LOj;4FvxZXO3uT8uomB@K2H4!uCe5nQ#8=_TTc58&+t
zE5jHDEGDl~mJVC4>;MD`T!iB%t1ME;oNni{41-V(8}wq~OqzaUBe=fqt+@+Xuv#wn
zi+1JPF=8B?eu;vAaNf%Old)&?_W}UZ@GBD>+K%uBYBoWyfjn3X`4Q7Xd6?@)5CLxc
z6ag6sHSQOOZx96uI-GelSgpFdD2V#XyV9?FcbsHiQVuoe{1c{|?&BgKq}Co71cc*0
zBQd;-q$2`h(i?>C!zvy5n#YPMSxUjFrPOQ4i@H^hzJY>t&+EWL0(gPv`gl<nX}iVm
zMh@jWx<W(S2LhuPopOJ6JdW>|)=OQwoBBl(DgVWci8(T&H7Al3SJYSf+I!PwCr(z_
zQa(Qt4;EjUj&JxGF}2XQirg=&QzrKCQwpB+rs=*+nO#swZRYctD#HIsnox=NSaO_?
zJcN24@@n8wz$b^Tsb!xomKEoI3<e)o%JftF_*m)TslLOEX-URDOLdHnQh6(L@!=n>
zW9=%Bq@9uF^+~Gfn_cLenD(-Q9u3{Z|1s|N)0~}S9dJnp2LfPeS)ryh3UKM{l(DEL
z?F)lhTTawPBsWFpSdA$u?oXnwJPUtO<u)K=WKN)IDO%)#gX{3AW#&SGdAJxJLH>dC
zQ+QzN%^K;2lN}kbg&THAOGJdexiVsxE&;+#kW~zcCy{VkEbQsE4cw?vxNd3?CU;6D
zqb7DtI6}A|4i4g?r^npSgqn-ZAnpUYK3G(FGX~d>F)ZPm@-|FK9FCD*+pvi-YiW#W
z$DXr+xr+F1YPUTT4VGP#3zVY{CS{FrZRW2fUMzpFu^z?}1;rQvNL9;Nd3sB95Tp-P
z9H4g8cUBU^N{C(Cu%RuDm(wg&sAItr0K3fW78Ot3cf-=)Aa4m8k}?EZs~_RKj>)MJ
z979umq1Wz_w_&s;e-CDDJc}vq0ssy^l2LWI0nWEl0;6+CFMB@?#-WpE?DCcY;|RdP
zX)t9g^b&)Gy(sBIS5Jcx(>8RA3J0nC$C0%fHN<PaWXJpF<PzAIm1-yoz?5^K*^=zQ
z!wF_8e(7wgjCc;GQ=%;f|HAR_K{wzh$67$SnClH}rLHk?yDwSv>+61KC<)MjGH^=S
z)crfeTW(fZ4Eq|$2eUXvNLlw@#L*NN8YJ*_%RQ-zBf%navfro#Zl<C*Fai_g#wKrt
zkqOIm0!j}h<eg49Uv&a<JCa>?Hk6>VN#L^3B&4VcYF@zqQj+a=%NK%FTEY(6wY~$O
zu2mUC-g=l*j!;BM%W#5&m1H=$Z>vtxVGW<(YpfObjZvkSFc7J66nY2T{UKSK4~y|J
z*Go4!-XM1f+jPQG;|2&lxJXS@(Ay=u-y#XCJ=C>8gR#T`(SRz=&ktUfoOlLo>T%x3
zP}n*=6gWS0=w=x@i_lkoI{FS~#{CGwkzq=F1hsRXzGPc8qnFdr{MI`BR?RWG3b%-r
z9(nPr1SmGzeDt{6#Mhr)(=8*kf*z|uQpQ^isqzapnHWX#^Sug1m6F%a0DB12+9QcR
z16k;b^b$92_HeHd%ir5*ZE_UrG!x3MO)|=9nyA5&hc;j&V}1~R%jMkX(Eg;4s`CIz
zl7fEb<Ey%LH}nQ*9s&=aCOtJFl5R)Qfu%@le%@;H#1V)S!*(hYQu20(01(Qq{t)#k
z4)!Yt_1Q}0?#tDzLpctB1*o*i5UJ28g>^8(v4lV!Id_ySAp7XbPKiHJ{xj?VEr17(
z>C`oYR*vhj;B8IiTuy7FC|T^Sahyy>H(_+g2`MVsUi|QJE4N-Kp0Wh3r9q+PFt=JL
zNDRq2=J=fpVMGhYEM>T}mI;+N!Cw+14kwa*3N*9S<Am+zD#DDyfM=klTg;sh#Cl@@
zglBeq<cfcPelNI<?NxmcKnD;?e?b8kI7i13EQwl4DuXB$e18;parQG*1c!?_1Evn7
zkMsbs#PsLZpzpASb4j;(JjN(E-(E$=5LBgF+tn*ihMH$nIob<S!)H3S2f{X{!HS-X
z2?n?7={)0!EOuB`rTtk8GU)5tV9*h3j30_oUjw~YfR#4?0MuP*sMmsvkEu7t8_YF_
zrpxe#3co>JszUzD(7$x|`O6g43Z$lqkL+3Kr|$h<x!?{sw-%4kK*4Pi9Kl8{__c7p
zpwef+jTeR3@aNoNR*$T=guyUYc;J4K7?Wv($K~FO-uUkfkwl9d`0o<tZ20SIYZhV+
z25yN|I91`3G$i0lUI%3oAn67OZl?3uZuB6DNeo03TuOD1@LckGFNmTbpEHb$<hUPv
zIixH{-Z-C3SGKDJ0Er>riU!T}$V%Q?E+@zRELb)76N>phv{+Q+^Ut6->Fk7eSt#=Y
zMY%CU^8^<N(mgl1DXZiG<@bWTqZmcOsJ%nG89C%IEKcGfr|`y*TzF+yt|IydTQEXt
z$X+E|#&JqsxC!OMn9%Sk9j3dPscMnCK>?!{{xidEsGu0O-ctV-<W$^*6<sUp2CF%7
zVFy)Ci373Wkr_f5RWOo{m>S`)$MV2TE<=-7_;sz|+K_k?mH4I@p(5W|;5^__Sc#Zm
zDmn-6BM=9Z#SENRiprA3XsvA#H?6d@Pi*`=i_?8=4ZVa%7_xz<qD3lx31swi47i{@
z3~{c8Ohl~qCJ1OxeBr2VuY*cMjG$~;q`dM#j}xBal8{tXYjqHzhvAY3xgHFKfzg`E
zztm6ogG$kKT0}PVGszedX)R%6!D2E1)dYFuRD~A(hGFY~di@|j(mf9mnF<iVjkTeT
zzUj`fm|2{~$$}sZg?7*4=EC(FsG8urnM$B|8&E?btaT77AXcMa*r>mR83OgFd#RRD
z`@6C;Od7*8uA#&cyjDA@`8Gm;gYNO=SA|^Y{&9jM3F^H7+7M0=M1t?V2xPLu^;P=b
zvFAxSCub&SVPirHD~RR0<G^;cZfl$6H@7INMLcxcmrQqZ7G6Ab7vj@6rWt?c_8ROB
zrd=Bz55pf<U^hBoM1#)t#J+w7vIYc|b=DwL1pZnSuW~{I<_upC(aTWk7D=F6<}`I;
z!%391!XI|x7T(eUs=US>(NNND%AmQ@oB0Xe4vS2Y#>_4>@)U`>KO4?bEd%}MCLit&
z+@q2<WDtjZo|Jpt_!_oka7IH_V@PV+h5ChAyyDBYfFsNf)9B!TdmkZ$>{;7zu~985
zB9S!neOkNkpUL!6B7|5&0fQ<F9dyq8%rkXp7Z!LCfEB1LUzQM5>Ojsw^lexKQBXn<
zb+E>{+(t4y8%`vE%jr18bhD&eAqbk^E`+|pbl5Au#V}dXVg!HO2;hbJrLIv-6~g!2
zf|LU4h)nP_A%1QaAt*#O<bqT%&LwDpAU`O%;5R#3SOnbwz;OKm`M9CQl{Kxe!AwxB
zX+2ihAvgam1iX%b@cW~0%-+WXIg72yoC`l67jXNm4Elie@kgK5>XcUB%jZESD<ohY
zDl{VI-rYyAU`Uog#7-rj7(Zap;Aei0BvZD^Q9jkqRoT)ZK3^c7gk-zUY$<qA!vUp>
zOC=^ts!L7w%jfmuZm+caEZS3=GV%|J(s7jDWL4N&@mO4|LgK(fPGUL`GQQVAocWX=
zFqWl;NG3?{H9}km$o@aLDmkc(uoa?fsc@hyU}GT247Cz4_mgS*TRu^xG0iU!T_!$!
zJ*sX<EL?9<f8K-f;BDB!g<k^^1Bd|_Z0#YW=z!JLoNWnv12wQiMe!;{vsb>rVK6VO
zlfk4`edj{eut;4n8#3E#p=9#O*uTYK<Z#hx5JG|~@VXMnM1xliW#aj@%+$r7BInUP
zNf<Y6#jX6cFQIhriNm0qX>py}1!HNm=D)9()O`IaE+&S|()4Y${14Pj>Y2Q-pCCZk
z+|I29h!4b2*Eu{)vcB^RG*@R;41^l_1vW)ZprXrZdr>mq)Z5m-)=LovcP^-fn(s%>
z8*7?HzJ&)w9!kd*wWFi63&{Xfkzbwl_)uKJ3ss)Oua7j9lnX^eJ;6UfG(TasO=0yK
zQlS*FdK3P0*?>5DPH_)`qKBg8GXi(f>q5@FdKikye6YR*?*Nk&rw9nvadhqgPt+XW
zYM;*wbNwL{NLuPQSuxjV5Wbs5FX2~D%K<nZd_k*V**RP3uy@gS)@^1F?^8u%#jlOu
z01oM{|Ewe*eD|?`lAxZ!39a(?BDk>4*V0Cwzr*WbD}l)rx-0EqD0Ldw9?-+2;iVsb
zig&fVzUu(R&%Y^Hcryns>hMsSg=18vnu02Ovr9gJd;kWT*~W;)%xch!UDtwTU^s>A
zw>&)u4=lel6qEH~sr*!2vg^O5%e?>dBZtYV!)5BmKmT^}mv;SngR%GXzND#@?ZUZ?
ze4d0*ag(S}%cF#l8|V!Ym)KkAG2z6#n~&Ke>u!U=LplQ9WT(J}Pg4R#8pJqIgfV>;
z0{hSwE@M|JD@9!Wz%;xm<;N$1;9}V>O3<92&zzsr`WR5cE^ZXm%#9WL3d*{yHP~=X
zVe1Wof`Z293osB;h54X4+c|6}d!ynH55ZZebY;B-ZQiBwzyG8>W%UvU1mU3(Qgw_$
zhMm#UN5v(Tr8>Ul({kWM8zz8}W}zIuCgZkYq(KeNmr%#QbFeSZUZQmjL{m#N<UNaO
z3N!@6Ysg6Xu)3$l>$Y1H3Sp<RXuBdT90H5}{ik~UF2Q8$hPcetl|{3LxKqQMlzQZs
zetb+B4-;8)QEO}al9e)~?rA7OLl)pg$6^ji+IMl6@wgb;bY!AJETlx)salo3<TBns
zs<Rbj2$e?g{}aVH#f`ZuLPe3XrM(_LgkKkyK=b+gvSLII&49~^Wv>y9{=QN>47qaX
zFr}Qz=?mu&fa=#p3Jo7Ibpdbk<1F4ckoNNHd)O|o#YZ}$nvNvpu#x1~Ft`6)q7d#G
zEP19H2u@VYsS!T(=1x|tS1_vnXWOy>PU_o|<f;l=9VyYhWS=pcWwe*GzJl<7_U<-n
zU9};=>@4d3@2l<EmcTBMnve7y?&7GiU%x0B<o<k=bQk6xeCgOw09u57Ci9<DJ!}7S
zI>Ngb^Sag5VKiG3WF)sx)kkV8F}BEOnB+YTFccWXml7@$Zt%2fR-_<f>-VM9&h7T?
zfv5onx>iaW1S_O|eiCT-`4-6R_dQtcdE}$*p1aqLJW91}$YY$_v%&s&MT+1*js1xD
z<*nns_G#BzBmf)o?_OQ*4p!MHy<4>A$?s{douyBJ7i5c9yw6-&7(snZZJcg4;REff
zUz+XrNEVFWa2djl1X&bz?nV0_n(TDf#rAIA34m#UQwoPrQF|+=c7F%>^bn*L!DHBy
zyvD9TAQPeq&G|EF6o{`M-l(|r!^x_e>gS`<7Py&z3&2Os=ZS*38)-48V|m6X;E=gE
zo`aeQOG&9wkX@<pnHRUs*%Ti1i~b6gteSh7V|-v^L9WVhh&EkFu{b4Skd9O~lC)mB
zjow?ml(>Y!b-x#nbYth$bwK1I2m!JLQQuQb3rVZ)X!A<>ncbWxrZAgTQ?icB5Kwey
zse+C=zD_)IKuHbp+2q0>-2Tl<aBkWh0P{Kc7F)`C<HGGu`oU&Wnwb0Zv+IOM_YQGy
z3IO^-8}|R=imh8=ilO+|A|s;N9%hrRhr3+OJcm^H@F$Nc{J6nd9Ir6_D(Kb$kYm*M
zVz?15N^|rmp1enk#eBr?TU{_&-Pbi0ceteXe(X5dQWGdlQ?T4#FgB+OCj%f~>i;>%
zdH|Hdv%GUxz+qH52&0`FwN%{UvpVY&4XUM*p(mw;QhGRlf7e{;;Zi7?Cez{ki={wQ
zr;6L0wV)v#oyaenkwiO(?-4C!3Y@cD9`-Pyg_z7_r9_|61R#|ld~3vXNfUQV!?=Wn
zi!@>kB96s%1I+ye*t1A;20i0Gq8f+Av5bjU@0H2u_`|@XtfEHQ2aPEKx}&YtimOXg
zf<`!)1zPzf_$qhS9%2vM2|0?j9#Nh@%jeo*8eE5-`t?3g<Gq76Xh8k&2Fv|CZqt^!
z2UQf1CxRSz_`oED3Ur&!|Ln&<GaLW#b?qE6=0cLtzU%sbkDG<oNa6;Zk$@JauxR^9
zX7mAF%VKM8db+iuq+uJ@>c?Y$oGimfYM~7vVAm>qf3;Adnk4WfaVJc`O(>~G4Z)GN
z)vZxWOpH?{eRhfUB?c(4hWo>BC=5>H0Oc^zUyWm=8*x{7S)!019Pfw)4mid?Zne@2
zWwI{95WE%Ab{Wu@Vf%keLE=~3k--8*t+s<B5`-P>`8WR&P@C8wsS`4l*4zO4v0p$X
zx5mvmAp3n_G&98rL>#lIh1yQYUfDKu5rSl>Vkv3~OL>L>5cpMS4AqgV$+c>0#_o9>
zx{3dE9Jd+0Vt!kUqC&rg8i5IF<k|k?4TI>+d8+z`KdLkfIEGaES~g9AkNLk`aU2&w
zaDd4IA`Pqz^`YO5UB#etDXm}R+1(3^yWdd#qX@c=w*~)`fLixg1v#kpC2}Ew9SWDI
z?*GFpr$C27rreE<74JpBVA_bcq@*_d&nxfaw&tswf=;KQiX9HcMNK+I{E}bmV$E<R
z;A0VJ!2HTwr>rD+aJz-XkN9MzduFWV*2SIv&%XAQI>koII9_5rRz%0_RHTt=!yJvY
z-NLwA<U*awPe1q`2zIC=g%VB?IJVY>cY7`h{@{=}&|#Tys7c@K?*8h@rLMv>El)S@
zvM|R0(4Sz%MbT;M|Gu6zPyE&a@$X4jKKy&<glCTb9wYU^P5<2n|HWTxPrX5D_wP-G
z`h`C_XZGLMgWuAQ`t8om|K0@QyQBZ>#M*rQZzg^b&i`iOe>3qvIk83q|C5-%nBjjj
t@xPh)pFZ)62L3k_|C@>bUuxTRJ37e`j~%WHnV<zap{jW_QJLube*tWgSj7MU

literal 0
HcmV?d00001

diff --git a/windows/deployment/do/mcc-ent-secure-content-delivery.md b/windows/deployment/do/mcc-ent-secure-content-delivery.md
new file mode 100644
index 0000000000..cd9b6c1d64
--- /dev/null
+++ b/windows/deployment/do/mcc-ent-secure-content-delivery.md
@@ -0,0 +1,91 @@
+---
+title: Microsoft Connected Cache for Enterprise and Education Secure Content Delivery
+description: Details on how Microsoft Connected Cache for Enterprise and Education securely delivers content to requesting Delivery Optimization clients.
+ms.service: windows-client
+ms.subservice: itpro-updates
+ms.topic: article
+author: chrisjlin
+ms.author: lichris
+manager: naengler
+ms.reviewer: mstewart
+ms.collection:
+  - tier3
+ms.localizationpriority: medium
+appliesto:
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
+- ✅ Supported Linux distributions
+- ✅ <a href=https://learn.microsoft.com/windows/deployment/do/waas-microsoft-connected-cache target=_blank>Microsoft Connected Cache for Enterprise</a>	
+- ✅ <a href=https://learn.microsoft.com/windows/deployment/do/waas-delivery-optimization target=_blank>Delivery Optimization</a>
+ms.date: 03/06/2025
+---
+
+# Microsoft Connected Cache for Enterprise and Education Secure Content Delivery
+
+This article describes how Connected Cache nodes facilitate secure delivery of Microsoft content between Microsoft/CDN endpoints and Delivery Optimization clients.
+
+## How Connected Cache nodes facilitate secure content delivery
+
+Connected Cache nodes act as transparent content caches, meaning any device can request Microsoft content from a Connected Cache node without needing to provide authentication of identity. This allows for efficient discovery and connectivity between devices and Connected Cache nodes on the same network.
+
+Connected Cache nodes only download and store Microsoft content from provisioned Microsoft and CDN endpoints, so there are no concerns about the cache storing personal or sensitive data.
+
+Regardless of download source, the Delivery Optimization client on each Windows device verifies the authenticity and integrity of content using its metadata hash, content hash, and signature before installing. This ensures that the Windows device is protected against man-in-the-middle attacks that may attempt to tamper with content while it's in transit.
+
+![Diagram of content delivery between CDN, cache node, and DO client](images/mcc-ent-secure-content-delivery-diagram.png)
+
+As you can see in this diagram, Connected Cache nodes currently utilize HTTP to communicate with CDN endpoints and Delivery Optimization clients. There is work planned to support HTTPS communication between CDN endpoints and Delivery Optimization clients in the future.
+
+## Security considerations for Connected Cache nodes
+
+The security of each Connected Cache node is dependent on the security of the environment in which it's deployed.
+
+In order to securely function as designed, Connected Cache expects the user to have taken steps to secure the different layers of their organization’s network and devices.
+
+The following section is intended to provide a high-level overview of the security layers to be considered by the user, and additional resources for learning more.
+
+### 1. Azure resources
+
+The first layer of security lies with the Azure resources that your Microsoft Connected Cache nodes communicate with. You should ensure that your organization’s Azure tenant is using role-based access control (RBAC) to apply policies that enforce least-privilege access to the MCC Azure resources you have provisioned. Only trusted individuals should have the ability to perform create, read, update, and delete (CRUD) operations on your organization’s MCC Azure resources and cache nodes.
+
+You can read more about [Azure identity management and access control security best practices](/azure/security/fundamentals/identity-management-best-practices) and the [Microsoft cloud security benchmark (MCSB) documentation for Identity management](/security/benchmark/azure/mcsb-network-security).
+
+### 2. Local network
+
+The second layer of security lies with your organization’s local network. It is recommended that your organization adopts a Zero Trust approach to network security so that your organizational data is protected even if an attacker breaches your network perimeter.
+
+You can read more about [Azure best practices for network security](/azure/security/fundamentals/network-best-practices) and the [Microsoft cloud security benchmark (MCSB) documentation for Network security](/security/benchmark/azure/mcsb-network-security).
+
+### 3. Cache node host machine OS
+
+The third layer of security lies with the Operating System (OS) of your Connected Cache node’s host machine. When using Microsoft Connected Cache for Enterprise, your organization may choose to host Microsoft Connected Cache nodes on a [compatible host OS](mcc-ent-prerequisites.md) of your choice.
+
+Regardless of which host OS you choose to use, you should ensure that it meets the recommendations of the Microsoft cloud security benchmark for [Windows](/azure/governance/policy/samples/guest-configuration-baseline-windows), [Linux](/azure/governance/policy/samples/guest-configuration-baseline-linux), and [Docker](/azure/governance/policy/samples/guest-configuration-baseline-docker) hosts and that you perform regular OS updates to keep it up to date.
+
+If you are hosting on Windows, your host machine will use Windows Subsystem for Linux (WSL) to run the Connected Cache container. You should ensure that your deployment of WSL meets the [recommended Enterprise set up for WSL](/windows/wsl/enterprise).
+
+### 4. Organization-managed Windows devices
+
+The fourth and final layer of security lies with the organization-managed Windows devices that will be requesting Microsoft content from your Connected Cache nodes. The Windows devices that are connecting to the MCC node should be secured according to your organization’s security policy.
+
+## Frequently asked questions
+
+Below are some common questions you may have about the security of Microsoft Connected Cache for Enterprise and Education.
+
+### How often is the Connected Cache container updated?
+
+There are three scheduled MCC container updates per year. These updates included minor security patches, feature updates, and bug fixes.
+
+In the event of a new Common Vulnerability and Exposure (CVE) being identified, Microsoft Connected Cache will publish a critical security patch to the MCC container in line with its SLA.
+
+You can read more information about Connected Cache container updates in the [Connected Cache updating documentation](mcc-ent-update-cache-node.md).
+
+### What security improvements are included in the latest Connected Cache container update?
+
+You can find a list of security improvements and other fixes in the [Connected Cache release notes](mcc-ent-release-notes.md).
+
+## Related content
+
+- [Understand Windows Update security](/windows/deployment/update/windows-update-security)
+- [Understand the Delivery Optimization secure workflow](delivery-optimization-workflow.md)
+- [Understand delivery of Win32 apps via Intune](/troubleshoot/mem/intune/app-management/develop-deliver-working-win32-app-via-intune#the-flow-behind-delivery-of-a-win32-app-to-the-client)
+- [Microsoft Win32 Content Prep Tool](https://github.com/Microsoft/Microsoft-Win32-Content-Prep-Tool)

From f09ed9a8aab8fa3f31f877032eff139e6b4b239f Mon Sep 17 00:00:00 2001
From: chrisjlin <36452239+chrisjlin@users.noreply.github.com>
Date: Thu, 6 Mar 2025 16:03:04 -0800
Subject: [PATCH 04/21] Acrolinx updates to security doc

---
 .../do/mcc-ent-secure-content-delivery.md          | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/windows/deployment/do/mcc-ent-secure-content-delivery.md b/windows/deployment/do/mcc-ent-secure-content-delivery.md
index cd9b6c1d64..2c80cc2c7a 100644
--- a/windows/deployment/do/mcc-ent-secure-content-delivery.md
+++ b/windows/deployment/do/mcc-ent-secure-content-delivery.md
@@ -27,13 +27,13 @@ This article describes how Connected Cache nodes facilitate secure delivery of M
 
 Connected Cache nodes act as transparent content caches, meaning any device can request Microsoft content from a Connected Cache node without needing to provide authentication of identity. This allows for efficient discovery and connectivity between devices and Connected Cache nodes on the same network.
 
-Connected Cache nodes only download and store Microsoft content from provisioned Microsoft and CDN endpoints, so there are no concerns about the cache storing personal or sensitive data.
+Connected Cache nodes only download and store Microsoft content from provisioned Microsoft and Content Delivery Network (CDN) endpoints, so there are no concerns about the cache storing personal or sensitive data.
 
-Regardless of download source, the Delivery Optimization client on each Windows device verifies the authenticity and integrity of content using its metadata hash, content hash, and signature before installing. This ensures that the Windows device is protected against man-in-the-middle attacks that may attempt to tamper with content while it's in transit.
+Regardless of download source, the Delivery Optimization client on each Windows device verifies the authenticity and integrity of content using its metadata hash, content hash, and signature before installing. This ensures that the Windows device is protected against man-in-the-middle attacks that attempt to tamper with content while it's in transit.
 
 ![Diagram of content delivery between CDN, cache node, and DO client](images/mcc-ent-secure-content-delivery-diagram.png)
 
-As you can see in this diagram, Connected Cache nodes currently utilize HTTP to communicate with CDN endpoints and Delivery Optimization clients. There is work planned to support HTTPS communication between CDN endpoints and Delivery Optimization clients in the future.
+As you can see in this diagram, Connected Cache nodes currently utilize HTTP to communicate with CDN endpoints and Delivery Optimization clients. There's work planned to support HTTPS communication between CDN endpoints and Delivery Optimization clients in the future.
 
 ## Security considerations for Connected Cache nodes
 
@@ -45,13 +45,13 @@ The following section is intended to provide a high-level overview of the securi
 
 ### 1. Azure resources
 
-The first layer of security lies with the Azure resources that your Microsoft Connected Cache nodes communicate with. You should ensure that your organization’s Azure tenant is using role-based access control (RBAC) to apply policies that enforce least-privilege access to the MCC Azure resources you have provisioned. Only trusted individuals should have the ability to perform create, read, update, and delete (CRUD) operations on your organization’s MCC Azure resources and cache nodes.
+The first layer of security lies with the Azure resources that your Microsoft Connected Cache nodes communicate with. You should ensure that your organization’s Azure tenant is using role-based access control (RBAC) to apply policies that enforce least-privilege access to the Connected Cache Azure resources you have provisioned. Only trusted individuals should have the ability to perform create, read, update, and delete (CRUD) operations on your organization’s MCC Azure resources and cache nodes.
 
 You can read more about [Azure identity management and access control security best practices](/azure/security/fundamentals/identity-management-best-practices) and the [Microsoft cloud security benchmark (MCSB) documentation for Identity management](/security/benchmark/azure/mcsb-network-security).
 
 ### 2. Local network
 
-The second layer of security lies with your organization’s local network. It is recommended that your organization adopts a Zero Trust approach to network security so that your organizational data is protected even if an attacker breaches your network perimeter.
+The second layer of security lies with your organization’s local network. It's recommended that your organization adopts a Zero Trust approach to network security so that your organizational data is protected even if an attacker breaches your network perimeter.
 
 You can read more about [Azure best practices for network security](/azure/security/fundamentals/network-best-practices) and the [Microsoft cloud security benchmark (MCSB) documentation for Network security](/security/benchmark/azure/mcsb-network-security).
 
@@ -61,7 +61,7 @@ The third layer of security lies with the Operating System (OS) of your Connecte
 
 Regardless of which host OS you choose to use, you should ensure that it meets the recommendations of the Microsoft cloud security benchmark for [Windows](/azure/governance/policy/samples/guest-configuration-baseline-windows), [Linux](/azure/governance/policy/samples/guest-configuration-baseline-linux), and [Docker](/azure/governance/policy/samples/guest-configuration-baseline-docker) hosts and that you perform regular OS updates to keep it up to date.
 
-If you are hosting on Windows, your host machine will use Windows Subsystem for Linux (WSL) to run the Connected Cache container. You should ensure that your deployment of WSL meets the [recommended Enterprise set up for WSL](/windows/wsl/enterprise).
+If you're hosting on Windows, your host machine will use Windows Subsystem for Linux (WSL) to run the Connected Cache container. You should ensure that your deployment of WSL meets the [recommended Enterprise set up for WSL](/windows/wsl/enterprise).
 
 ### 4. Organization-managed Windows devices
 
@@ -75,7 +75,7 @@ Below are some common questions you may have about the security of Microsoft Con
 
 There are three scheduled MCC container updates per year. These updates included minor security patches, feature updates, and bug fixes.
 
-In the event of a new Common Vulnerability and Exposure (CVE) being identified, Microsoft Connected Cache will publish a critical security patch to the MCC container in line with its SLA.
+If a new Common Vulnerability and Exposure (CVE) is identified, Microsoft Connected Cache will publish a critical security patch to the MCC container in line with its SLA.
 
 You can read more information about Connected Cache container updates in the [Connected Cache updating documentation](mcc-ent-update-cache-node.md).
 

From 530030eac4db18e9bbe20c39d5b85f1c539baf02 Mon Sep 17 00:00:00 2001
From: chrisjlin <36452239+chrisjlin@users.noreply.github.com>
Date: Thu, 6 Mar 2025 16:16:12 -0800
Subject: [PATCH 05/21] Added endpoint whitelisting callout to security doc

---
 windows/deployment/do/mcc-ent-secure-content-delivery.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/windows/deployment/do/mcc-ent-secure-content-delivery.md b/windows/deployment/do/mcc-ent-secure-content-delivery.md
index 2c80cc2c7a..0a440ec28c 100644
--- a/windows/deployment/do/mcc-ent-secure-content-delivery.md
+++ b/windows/deployment/do/mcc-ent-secure-content-delivery.md
@@ -53,6 +53,8 @@ You can read more about [Azure identity management and access control security b
 
 The second layer of security lies with your organization’s local network. It's recommended that your organization adopts a Zero Trust approach to network security so that your organizational data is protected even if an attacker breaches your network perimeter.
 
+If your organization's network utilizes a firewall, you should ensure that it's configured to allow communication between your Connected Cache nodes and the [Microsoft and CDN endpoints](delivery-optimization-endpoints.md) used to install Connected Cache and download Microsoft content.
+
 You can read more about [Azure best practices for network security](/azure/security/fundamentals/network-best-practices) and the [Microsoft cloud security benchmark (MCSB) documentation for Network security](/security/benchmark/azure/mcsb-network-security).
 
 ### 3. Cache node host machine OS

From 21893e3e077be8f1e1535343ae686c1a133e719b Mon Sep 17 00:00:00 2001
From: chrisjlin <36452239+chrisjlin@users.noreply.github.com>
Date: Thu, 6 Mar 2025 16:24:27 -0800
Subject: [PATCH 06/21] Fix links in mcc-ent-secure-content-delivery.md

---
 windows/deployment/do/mcc-ent-secure-content-delivery.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/deployment/do/mcc-ent-secure-content-delivery.md b/windows/deployment/do/mcc-ent-secure-content-delivery.md
index 0a440ec28c..9331294431 100644
--- a/windows/deployment/do/mcc-ent-secure-content-delivery.md
+++ b/windows/deployment/do/mcc-ent-secure-content-delivery.md
@@ -47,7 +47,7 @@ The following section is intended to provide a high-level overview of the securi
 
 The first layer of security lies with the Azure resources that your Microsoft Connected Cache nodes communicate with. You should ensure that your organization’s Azure tenant is using role-based access control (RBAC) to apply policies that enforce least-privilege access to the Connected Cache Azure resources you have provisioned. Only trusted individuals should have the ability to perform create, read, update, and delete (CRUD) operations on your organization’s MCC Azure resources and cache nodes.
 
-You can read more about [Azure identity management and access control security best practices](/azure/security/fundamentals/identity-management-best-practices) and the [Microsoft cloud security benchmark (MCSB) documentation for Identity management](/security/benchmark/azure/mcsb-network-security).
+You can read more about [Azure identity management and access control security best practices](/azure/security/fundamentals/identity-management-best-practices) and the [Microsoft cloud security benchmark (MCSB) documentation for Identity management](/security/benchmark/azure/mcsb-identity-management).
 
 ### 2. Local network
 
@@ -59,7 +59,7 @@ You can read more about [Azure best practices for network security](/azure/secur
 
 ### 3. Cache node host machine OS
 
-The third layer of security lies with the Operating System (OS) of your Connected Cache node’s host machine. When using Microsoft Connected Cache for Enterprise, your organization may choose to host Microsoft Connected Cache nodes on a [compatible host OS](mcc-ent-prerequisites.md) of your choice.
+The third layer of security lies with the Operating System (OS) of your Connected Cache node’s host machine. When using Microsoft Connected Cache for Enterprise, your organization may choose to host Microsoft Connected Cache nodes on a [compatible host OS](mcc-ent-prerequisites.md/#cache-node-host-machine-requirements) of your choice.
 
 Regardless of which host OS you choose to use, you should ensure that it meets the recommendations of the Microsoft cloud security benchmark for [Windows](/azure/governance/policy/samples/guest-configuration-baseline-windows), [Linux](/azure/governance/policy/samples/guest-configuration-baseline-linux), and [Docker](/azure/governance/policy/samples/guest-configuration-baseline-docker) hosts and that you perform regular OS updates to keep it up to date.
 
@@ -79,7 +79,7 @@ There are three scheduled MCC container updates per year. These updates included
 
 If a new Common Vulnerability and Exposure (CVE) is identified, Microsoft Connected Cache will publish a critical security patch to the MCC container in line with its SLA.
 
-You can read more information about Connected Cache container updates in the [Connected Cache updating documentation](mcc-ent-update-cache-node.md).
+You can read more information about Connected Cache container updates in the [Connected Cache container update documentation](mcc-ent-update-cache-node.md).
 
 ### What security improvements are included in the latest Connected Cache container update?
 

From 0af0b57bcd55241da67269521aee533cc9f66282 Mon Sep 17 00:00:00 2001
From: chrisjlin <36452239+chrisjlin@users.noreply.github.com>
Date: Thu, 6 Mar 2025 16:30:07 -0800
Subject: [PATCH 07/21] Fix link in security doc

---
 windows/deployment/do/mcc-ent-secure-content-delivery.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deployment/do/mcc-ent-secure-content-delivery.md b/windows/deployment/do/mcc-ent-secure-content-delivery.md
index 9331294431..be612e4bbd 100644
--- a/windows/deployment/do/mcc-ent-secure-content-delivery.md
+++ b/windows/deployment/do/mcc-ent-secure-content-delivery.md
@@ -59,7 +59,7 @@ You can read more about [Azure best practices for network security](/azure/secur
 
 ### 3. Cache node host machine OS
 
-The third layer of security lies with the Operating System (OS) of your Connected Cache node’s host machine. When using Microsoft Connected Cache for Enterprise, your organization may choose to host Microsoft Connected Cache nodes on a [compatible host OS](mcc-ent-prerequisites.md/#cache-node-host-machine-requirements) of your choice.
+The third layer of security lies with the Operating System (OS) of your Connected Cache node’s host machine. When using Microsoft Connected Cache for Enterprise, your organization may choose to host Microsoft Connected Cache nodes on a [compatible host OS](mcc-ent-prerequisites.md#cache-node-host-machine-requirements) of your choice.
 
 Regardless of which host OS you choose to use, you should ensure that it meets the recommendations of the Microsoft cloud security benchmark for [Windows](/azure/governance/policy/samples/guest-configuration-baseline-windows), [Linux](/azure/governance/policy/samples/guest-configuration-baseline-linux), and [Docker](/azure/governance/policy/samples/guest-configuration-baseline-docker) hosts and that you perform regular OS updates to keep it up to date.
 

From 9a941b552e2c8c4a622fb2bfb4f006a05398959d Mon Sep 17 00:00:00 2001
From: chrisjlin <36452239+chrisjlin@users.noreply.github.com>
Date: Fri, 14 Mar 2025 13:41:35 -0700
Subject: [PATCH 08/21] Revisions to MCCE security doc

---
 .../do/mcc-ent-secure-content-delivery.md     | 38 +++++++++----------
 1 file changed, 19 insertions(+), 19 deletions(-)

diff --git a/windows/deployment/do/mcc-ent-secure-content-delivery.md b/windows/deployment/do/mcc-ent-secure-content-delivery.md
index be612e4bbd..d76082334f 100644
--- a/windows/deployment/do/mcc-ent-secure-content-delivery.md
+++ b/windows/deployment/do/mcc-ent-secure-content-delivery.md
@@ -29,7 +29,7 @@ Connected Cache nodes act as transparent content caches, meaning any device can
 
 Connected Cache nodes only download and store Microsoft content from provisioned Microsoft and Content Delivery Network (CDN) endpoints, so there are no concerns about the cache storing personal or sensitive data.
 
-Regardless of download source, the Delivery Optimization client on each Windows device verifies the authenticity and integrity of content using its metadata hash, content hash, and signature before installing. This ensures that the Windows device is protected against man-in-the-middle attacks that attempt to tamper with content while it's in transit.
+Connected Cache works in tandem with the [Delivery Optimization (DO) client](waas-delivery-optimization.md), a component of Windows Update that manages the downloading of Microsoft content. Regardless of download source, the DO client on each Windows device verifies the authenticity and integrity of downloaded content using its metadata hash, content hash, and signature before installing. This process ensures that the Windows device is protected against man-in-the-middle attacks that attempt to tamper with content while it's in transit.
 
 ![Diagram of content delivery between CDN, cache node, and DO client](images/mcc-ent-secure-content-delivery-diagram.png)
 
@@ -37,47 +37,47 @@ As you can see in this diagram, Connected Cache nodes currently utilize HTTP to
 
 ## Security considerations for Connected Cache nodes
 
-The security of each Connected Cache node is dependent on the security of the environment in which it's deployed.
+The security of each Connected Cache node is dependent on the security of its environment.
 
-In order to securely function as designed, Connected Cache expects the user to have taken steps to secure the different layers of their organization’s network and devices.
+In order to securely function as designed, Connected Cache expects the user to take steps to secure the different layers of their organization’s network and devices.
 
-The following section is intended to provide a high-level overview of the security layers to be considered by the user, and additional resources for learning more.
+The following section is intended to provide a high-level overview of some of the security layers the user should consider and resources for learning more.
 
-### 1. Azure resources
+### Azure resources
 
-The first layer of security lies with the Azure resources that your Microsoft Connected Cache nodes communicate with. You should ensure that your organization’s Azure tenant is using role-based access control (RBAC) to apply policies that enforce least-privilege access to the Connected Cache Azure resources you have provisioned. Only trusted individuals should have the ability to perform create, read, update, and delete (CRUD) operations on your organization’s MCC Azure resources and cache nodes.
+One layer of security lies with the Azure resources that your Microsoft Connected Cache nodes communicate with. You should ensure that your organization’s Azure tenant is using role-based access control (RBAC) to apply policies that enforce least-privilege access to the Connected Cache Azure resources you provision. Only trusted individuals should have the ability to perform create, read, update, and delete (CRUD) operations on your organization’s MCC Azure resources and cache nodes.
 
-You can read more about [Azure identity management and access control security best practices](/azure/security/fundamentals/identity-management-best-practices) and the [Microsoft cloud security benchmark (MCSB) documentation for Identity management](/security/benchmark/azure/mcsb-identity-management).
+You can learn more about the principles of Azure resource security by referring to the [Azure identity management and access control security best practices](/azure/security/fundamentals/identity-management-best-practices) and the [Microsoft cloud security benchmark (MCSB) documentation for Identity management](/security/benchmark/azure/mcsb-identity-management).
 
-### 2. Local network
+### Local network
 
-The second layer of security lies with your organization’s local network. It's recommended that your organization adopts a Zero Trust approach to network security so that your organizational data is protected even if an attacker breaches your network perimeter.
+Another layer of security lies with your organization’s local network. It's recommended that your organization adopts a Zero Trust approach to network security so that your organizational data is protected even if an attacker breaches your network perimeter.
 
-If your organization's network utilizes a firewall, you should ensure that it's configured to allow communication between your Connected Cache nodes and the [Microsoft and CDN endpoints](delivery-optimization-endpoints.md) used to install Connected Cache and download Microsoft content.
+One best practice is to utilize a firewall on your organization's network. When using a network firewall, you should configure it to allow communication between your Connected Cache nodes and the [Microsoft and CDN endpoints](delivery-optimization-endpoints.md) used to install Connected Cache and download Microsoft content.
 
-You can read more about [Azure best practices for network security](/azure/security/fundamentals/network-best-practices) and the [Microsoft cloud security benchmark (MCSB) documentation for Network security](/security/benchmark/azure/mcsb-network-security).
+You can learn more about the principles of network security by referring to the [Azure best practices for network security](/azure/security/fundamentals/network-best-practices) and the [Microsoft cloud security benchmark (MCSB) documentation for Network security](/security/benchmark/azure/mcsb-network-security).
 
-### 3. Cache node host machine OS
+### Cache node host machine OS
 
-The third layer of security lies with the Operating System (OS) of your Connected Cache node’s host machine. When using Microsoft Connected Cache for Enterprise, your organization may choose to host Microsoft Connected Cache nodes on a [compatible host OS](mcc-ent-prerequisites.md#cache-node-host-machine-requirements) of your choice.
+Another layer of security lies with the Operating System (OS) of your Connected Cache node’s host machine. Your organization can choose to host Microsoft Connected Cache nodes on a [compatible host OS](mcc-ent-prerequisites.md#cache-node-host-machine-requirements) of your choice.
 
-Regardless of which host OS you choose to use, you should ensure that it meets the recommendations of the Microsoft cloud security benchmark for [Windows](/azure/governance/policy/samples/guest-configuration-baseline-windows), [Linux](/azure/governance/policy/samples/guest-configuration-baseline-linux), and [Docker](/azure/governance/policy/samples/guest-configuration-baseline-docker) hosts and that you perform regular OS updates to keep it up to date.
+Regardless of which host OS you choose to use, you should ensure that you perform regular OS updates to keep it up to date.
 
-If you're hosting on Windows, your host machine will use Windows Subsystem for Linux (WSL) to run the Connected Cache container. You should ensure that your deployment of WSL meets the [recommended Enterprise set up for WSL](/windows/wsl/enterprise).
+If you're hosting on Windows, your host machine uses Windows Subsystem for Linux (WSL) to run the Connected Cache container. You should ensure that your deployment of WSL meets the [recommended Enterprise set up for WSL](/windows/wsl/enterprise).
 
-### 4. Organization-managed Windows devices
+### Organization-managed Windows devices
 
-The fourth and final layer of security lies with the organization-managed Windows devices that will be requesting Microsoft content from your Connected Cache nodes. The Windows devices that are connecting to the MCC node should be secured according to your organization’s security policy.
+Another layer of security lies with the organization-managed Windows devices that request Microsoft content from your Connected Cache nodes. The Windows devices that are connecting to the MCC node should be secured according to your organization’s security policy.
 
 ## Frequently asked questions
 
-Below are some common questions you may have about the security of Microsoft Connected Cache for Enterprise and Education.
+Here are some common questions you might have about the security of Microsoft Connected Cache for Enterprise and Education.
 
 ### How often is the Connected Cache container updated?
 
 There are three scheduled MCC container updates per year. These updates included minor security patches, feature updates, and bug fixes.
 
-If a new Common Vulnerability and Exposure (CVE) is identified, Microsoft Connected Cache will publish a critical security patch to the MCC container in line with its SLA.
+In addition to scheduled MCC container updates, Microsoft publishes critical container security patches when a new Common Vulnerability and Exposure (CVE) being identified.
 
 You can read more information about Connected Cache container updates in the [Connected Cache container update documentation](mcc-ent-update-cache-node.md).
 

From a99fe04f64eec80e1a4e2504f6e1755323892a69 Mon Sep 17 00:00:00 2001
From: chrisjlin <36452239+chrisjlin@users.noreply.github.com>
Date: Fri, 14 Mar 2025 13:43:31 -0700
Subject: [PATCH 09/21] Update DO workflow url

---
 windows/deployment/do/mcc-ent-secure-content-delivery.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deployment/do/mcc-ent-secure-content-delivery.md b/windows/deployment/do/mcc-ent-secure-content-delivery.md
index d76082334f..9f00f5a282 100644
--- a/windows/deployment/do/mcc-ent-secure-content-delivery.md
+++ b/windows/deployment/do/mcc-ent-secure-content-delivery.md
@@ -88,6 +88,6 @@ You can find a list of security improvements and other fixes in the [Connected C
 ## Related content
 
 - [Understand Windows Update security](/windows/deployment/update/windows-update-security)
-- [Understand the Delivery Optimization secure workflow](delivery-optimization-workflow.md)
+- [Understand the Delivery Optimization secure workflow](delivery-optimization-workflow.md#download-request-workflow)
 - [Understand delivery of Win32 apps via Intune](/troubleshoot/mem/intune/app-management/develop-deliver-working-win32-app-via-intune#the-flow-behind-delivery-of-a-win32-app-to-the-client)
 - [Microsoft Win32 Content Prep Tool](https://github.com/Microsoft/Microsoft-Win32-Content-Prep-Tool)

From 60a0e63c300d76bac2d699a7f48c937a1bd057f1 Mon Sep 17 00:00:00 2001
From: chrisjlin <36452239+chrisjlin@users.noreply.github.com>
Date: Mon, 17 Mar 2025 13:57:30 -0700
Subject: [PATCH 10/21] Change 'layer' to 'aspect' in mcc security doc

---
 .../deployment/do/mcc-ent-secure-content-delivery.md | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/windows/deployment/do/mcc-ent-secure-content-delivery.md b/windows/deployment/do/mcc-ent-secure-content-delivery.md
index 9f00f5a282..68af403958 100644
--- a/windows/deployment/do/mcc-ent-secure-content-delivery.md
+++ b/windows/deployment/do/mcc-ent-secure-content-delivery.md
@@ -39,19 +39,19 @@ As you can see in this diagram, Connected Cache nodes currently utilize HTTP to
 
 The security of each Connected Cache node is dependent on the security of its environment.
 
-In order to securely function as designed, Connected Cache expects the user to take steps to secure the different layers of their organization’s network and devices.
+In order to securely function as designed, Connected Cache expects the user to take steps to secure the different components of their organization’s network and devices.
 
-The following section is intended to provide a high-level overview of some of the security layers the user should consider and resources for learning more.
+The following section is intended to provide a high-level overview of some of the security aspects the user should consider and resources for learning more.
 
 ### Azure resources
 
-One layer of security lies with the Azure resources that your Microsoft Connected Cache nodes communicate with. You should ensure that your organization’s Azure tenant is using role-based access control (RBAC) to apply policies that enforce least-privilege access to the Connected Cache Azure resources you provision. Only trusted individuals should have the ability to perform create, read, update, and delete (CRUD) operations on your organization’s MCC Azure resources and cache nodes.
+One aspect of security lies with the Azure resources that your Microsoft Connected Cache nodes communicate with. You should ensure that your organization’s Azure tenant is using role-based access control (RBAC) to apply policies that enforce least-privilege access to the Connected Cache Azure resources you provision. Only trusted individuals should have the ability to perform create, read, update, and delete (CRUD) operations on your organization’s MCC Azure resources and cache nodes.
 
 You can learn more about the principles of Azure resource security by referring to the [Azure identity management and access control security best practices](/azure/security/fundamentals/identity-management-best-practices) and the [Microsoft cloud security benchmark (MCSB) documentation for Identity management](/security/benchmark/azure/mcsb-identity-management).
 
 ### Local network
 
-Another layer of security lies with your organization’s local network. It's recommended that your organization adopts a Zero Trust approach to network security so that your organizational data is protected even if an attacker breaches your network perimeter.
+Another aspect of security lies with your organization’s local network. It's recommended that your organization adopts a Zero Trust approach to network security so that your organizational data is protected even if an attacker breaches your network perimeter.
 
 One best practice is to utilize a firewall on your organization's network. When using a network firewall, you should configure it to allow communication between your Connected Cache nodes and the [Microsoft and CDN endpoints](delivery-optimization-endpoints.md) used to install Connected Cache and download Microsoft content.
 
@@ -59,7 +59,7 @@ You can learn more about the principles of network security by referring to the
 
 ### Cache node host machine OS
 
-Another layer of security lies with the Operating System (OS) of your Connected Cache node’s host machine. Your organization can choose to host Microsoft Connected Cache nodes on a [compatible host OS](mcc-ent-prerequisites.md#cache-node-host-machine-requirements) of your choice.
+Another aspect of security lies with the Operating System (OS) of your Connected Cache node’s host machine. Your organization can choose to host Microsoft Connected Cache nodes on a [compatible host OS](mcc-ent-prerequisites.md#cache-node-host-machine-requirements) of your choice.
 
 Regardless of which host OS you choose to use, you should ensure that you perform regular OS updates to keep it up to date.
 
@@ -67,7 +67,7 @@ If you're hosting on Windows, your host machine uses Windows Subsystem for Linux
 
 ### Organization-managed Windows devices
 
-Another layer of security lies with the organization-managed Windows devices that request Microsoft content from your Connected Cache nodes. The Windows devices that are connecting to the MCC node should be secured according to your organization’s security policy.
+Another aspect of security lies with the organization-managed Windows devices that request Microsoft content from your Connected Cache nodes. The Windows devices that are connecting to the MCC node should be secured according to your organization’s security policy.
 
 ## Frequently asked questions
 

From 91d9a269a56cf3b7ea85b7b11ad09974edc61bfc Mon Sep 17 00:00:00 2001
From: chrisjlin <36452239+chrisjlin@users.noreply.github.com>
Date: Mon, 17 Mar 2025 14:08:16 -0700
Subject: [PATCH 11/21] Edits to container update in MCC sec doc

---
 windows/deployment/do/mcc-ent-secure-content-delivery.md | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/windows/deployment/do/mcc-ent-secure-content-delivery.md b/windows/deployment/do/mcc-ent-secure-content-delivery.md
index 68af403958..c8bfe76bfc 100644
--- a/windows/deployment/do/mcc-ent-secure-content-delivery.md
+++ b/windows/deployment/do/mcc-ent-secure-content-delivery.md
@@ -75,11 +75,9 @@ Here are some common questions you might have about the security of Microsoft Co
 
 ### How often is the Connected Cache container updated?
 
-There are three scheduled MCC container updates per year. These updates included minor security patches, feature updates, and bug fixes.
+There may be several MCC container updates per year. These updates may contain new features, bug fixes, and security patches. When a new Common Vulnerability and Exposure (CVE) is identified, Microsoft may release a new container update to address the vulnerability.
 
-In addition to scheduled MCC container updates, Microsoft publishes critical container security patches when a new Common Vulnerability and Exposure (CVE) being identified.
-
-You can read more information about Connected Cache container updates in the [Connected Cache container update documentation](mcc-ent-update-cache-node.md).
+You can read more information about Connected Cache container updates and how to schedule their application in the [Connected Cache container update documentation](mcc-ent-update-cache-node.md).
 
 ### What security improvements are included in the latest Connected Cache container update?
 

From 7496cc1b2ad967e9024eddad69f3f1687eaad38c Mon Sep 17 00:00:00 2001
From: chrisjlin <36452239+chrisjlin@users.noreply.github.com>
Date: Mon, 17 Mar 2025 14:16:38 -0700
Subject: [PATCH 12/21] Adding compliance note to MCC create azure resource
 page

---
 windows/deployment/do/mcc-ent-create-resource-and-cache.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/windows/deployment/do/mcc-ent-create-resource-and-cache.md b/windows/deployment/do/mcc-ent-create-resource-and-cache.md
index 9340c11d38..bf9743e78e 100644
--- a/windows/deployment/do/mcc-ent-create-resource-and-cache.md
+++ b/windows/deployment/do/mcc-ent-create-resource-and-cache.md
@@ -28,6 +28,9 @@ For more information on sizing and OS requirements, see [the prerequisites for u
 
 ## Create Connected Cache Azure resource
 
+>[!Note]
+   >* You cannot move your Connected Cache Azure resource to a different subscription after creation.
+
 # [Azure portal](#tab/portal)
 
 1. In the [Azure portal](https://portal.azure.com), select **Create a Resource** and search for `Microsoft Connected Cache for Enterprise and Education`.

From 41c6e5fb10251d98c462e2300298256291b3a294 Mon Sep 17 00:00:00 2001
From: chrisjlin <36452239+chrisjlin@users.noreply.github.com>
Date: Mon, 17 Mar 2025 14:26:01 -0700
Subject: [PATCH 13/21] Tweaks to resource move compliance note in mcc docs

---
 windows/deployment/do/mcc-ent-create-resource-and-cache.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deployment/do/mcc-ent-create-resource-and-cache.md b/windows/deployment/do/mcc-ent-create-resource-and-cache.md
index bf9743e78e..2385b1a3fd 100644
--- a/windows/deployment/do/mcc-ent-create-resource-and-cache.md
+++ b/windows/deployment/do/mcc-ent-create-resource-and-cache.md
@@ -29,7 +29,7 @@ For more information on sizing and OS requirements, see [the prerequisites for u
 ## Create Connected Cache Azure resource
 
 >[!Note]
-   >* You cannot move your Connected Cache Azure resource to a different subscription after creation.
+   >* Resource move is not currently supported for Connected Cache Azure resources. If you need to move your Connected Cache Azure resource, you can consider deleting the existing resource and create another one in another location.
 
 # [Azure portal](#tab/portal)
 

From 124870d56e1ca31a5f05dc6389b3732101f1b5b7 Mon Sep 17 00:00:00 2001
From: chrisjlin <36452239+chrisjlin@users.noreply.github.com>
Date: Mon, 17 Mar 2025 14:30:46 -0700
Subject: [PATCH 14/21] Grammar tweaks to mcc security and mcc create resource
 docs

---
 windows/deployment/do/mcc-ent-create-resource-and-cache.md | 2 +-
 windows/deployment/do/mcc-ent-secure-content-delivery.md   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/deployment/do/mcc-ent-create-resource-and-cache.md b/windows/deployment/do/mcc-ent-create-resource-and-cache.md
index 2385b1a3fd..754add9f0c 100644
--- a/windows/deployment/do/mcc-ent-create-resource-and-cache.md
+++ b/windows/deployment/do/mcc-ent-create-resource-and-cache.md
@@ -29,7 +29,7 @@ For more information on sizing and OS requirements, see [the prerequisites for u
 ## Create Connected Cache Azure resource
 
 >[!Note]
-   >* Resource move is not currently supported for Connected Cache Azure resources. If you need to move your Connected Cache Azure resource, you can consider deleting the existing resource and create another one in another location.
+   >* Resource move is not currently supported for Connected Cache Azure resources. If you need to move your Connected Cache Azure resource, you can consider deleting the existing resource and creating another one in another location.
 
 # [Azure portal](#tab/portal)
 
diff --git a/windows/deployment/do/mcc-ent-secure-content-delivery.md b/windows/deployment/do/mcc-ent-secure-content-delivery.md
index c8bfe76bfc..e99430a6ac 100644
--- a/windows/deployment/do/mcc-ent-secure-content-delivery.md
+++ b/windows/deployment/do/mcc-ent-secure-content-delivery.md
@@ -77,7 +77,7 @@ Here are some common questions you might have about the security of Microsoft Co
 
 There may be several MCC container updates per year. These updates may contain new features, bug fixes, and security patches. When a new Common Vulnerability and Exposure (CVE) is identified, Microsoft may release a new container update to address the vulnerability.
 
-You can read more information about Connected Cache container updates and how to schedule their application in the [Connected Cache container update documentation](mcc-ent-update-cache-node.md).
+You can read more information about Connected Cache container updates and how to schedule their installation in the [Connected Cache container update documentation](mcc-ent-update-cache-node.md).
 
 ### What security improvements are included in the latest Connected Cache container update?
 

From 61df97afb72bc4fc42130fd19e1d060d55eb4288 Mon Sep 17 00:00:00 2001
From: chrisjlin <36452239+chrisjlin@users.noreply.github.com>
Date: Tue, 18 Mar 2025 14:41:50 -0700
Subject: [PATCH 15/21] tweaks to DO language in mcc sec doc

---
 windows/deployment/do/mcc-ent-secure-content-delivery.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/deployment/do/mcc-ent-secure-content-delivery.md b/windows/deployment/do/mcc-ent-secure-content-delivery.md
index e99430a6ac..7d2bc7057b 100644
--- a/windows/deployment/do/mcc-ent-secure-content-delivery.md
+++ b/windows/deployment/do/mcc-ent-secure-content-delivery.md
@@ -29,11 +29,11 @@ Connected Cache nodes act as transparent content caches, meaning any device can
 
 Connected Cache nodes only download and store Microsoft content from provisioned Microsoft and Content Delivery Network (CDN) endpoints, so there are no concerns about the cache storing personal or sensitive data.
 
-Connected Cache works in tandem with the [Delivery Optimization (DO) client](waas-delivery-optimization.md), a component of Windows Update that manages the downloading of Microsoft content. Regardless of download source, the DO client on each Windows device verifies the authenticity and integrity of downloaded content using its metadata hash, content hash, and signature before installing. This process ensures that the Windows device is protected against man-in-the-middle attacks that attempt to tamper with content while it's in transit.
+Connected Cache works in tandem with the [Delivery Optimization (DO) client](waas-delivery-optimization.md), a component of Windows that manages the downloading of Microsoft content. Regardless of download source, the DO client on each Windows device verifies the authenticity and integrity of downloaded content using its metadata hash and content hash. In addition, the downloaded content's signature is verified before it is installed. This process ensures that the Windows device is protected against man-in-the-middle attacks that attempt to tamper with content while it's in transit.
 
 ![Diagram of content delivery between CDN, cache node, and DO client](images/mcc-ent-secure-content-delivery-diagram.png)
 
-As you can see in this diagram, Connected Cache nodes currently utilize HTTP to communicate with CDN endpoints and Delivery Optimization clients. There's work planned to support HTTPS communication between CDN endpoints and Delivery Optimization clients in the future.
+As you can see in this diagram, Connected Cache nodes currently utilize HTTP to communicate with CDN endpoints and Delivery Optimization clients. There's work planned to support HTTPS communication between CDN endpoints, Connected Cache nodes, and Delivery Optimization clients in the future for content that utilizes HTTPS.
 
 ## Security considerations for Connected Cache nodes
 

From c7fa01f458a60c9cd0c82e5bc02773f89cde1023 Mon Sep 17 00:00:00 2001
From: chrisjlin <36452239+chrisjlin@users.noreply.github.com>
Date: Tue, 18 Mar 2025 14:43:47 -0700
Subject: [PATCH 16/21] Acrolinx tweak to MCC sec doc

---
 windows/deployment/do/mcc-ent-secure-content-delivery.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deployment/do/mcc-ent-secure-content-delivery.md b/windows/deployment/do/mcc-ent-secure-content-delivery.md
index 7d2bc7057b..1a673b6f1e 100644
--- a/windows/deployment/do/mcc-ent-secure-content-delivery.md
+++ b/windows/deployment/do/mcc-ent-secure-content-delivery.md
@@ -29,7 +29,7 @@ Connected Cache nodes act as transparent content caches, meaning any device can
 
 Connected Cache nodes only download and store Microsoft content from provisioned Microsoft and Content Delivery Network (CDN) endpoints, so there are no concerns about the cache storing personal or sensitive data.
 
-Connected Cache works in tandem with the [Delivery Optimization (DO) client](waas-delivery-optimization.md), a component of Windows that manages the downloading of Microsoft content. Regardless of download source, the DO client on each Windows device verifies the authenticity and integrity of downloaded content using its metadata hash and content hash. In addition, the downloaded content's signature is verified before it is installed. This process ensures that the Windows device is protected against man-in-the-middle attacks that attempt to tamper with content while it's in transit.
+Connected Cache works in tandem with the [Delivery Optimization (DO) client](waas-delivery-optimization.md), a component of Windows that manages the downloading of Microsoft content. Regardless of download source, the DO client on each Windows device verifies the authenticity and integrity of downloaded content using its metadata hash and content hash. In addition, the downloaded content's signature is verified before it's installed. This process ensures that the Windows device is protected against man-in-the-middle attacks that attempt to tamper with content while it's in transit.
 
 ![Diagram of content delivery between CDN, cache node, and DO client](images/mcc-ent-secure-content-delivery-diagram.png)
 

From f28afea3c518d3709867ef325e02508fce860d5d Mon Sep 17 00:00:00 2001
From: chrisjlin <36452239+chrisjlin@users.noreply.github.com>
Date: Tue, 18 Mar 2025 14:49:30 -0700
Subject: [PATCH 17/21] Adding MCC sec doc to toc.yml

---
 windows/deployment/do/TOC.yml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/windows/deployment/do/TOC.yml b/windows/deployment/do/TOC.yml
index b9d7757f89..be99c13e09 100644
--- a/windows/deployment/do/TOC.yml
+++ b/windows/deployment/do/TOC.yml
@@ -61,8 +61,10 @@
           href: mcc-ent-uninstall-cache-node.md     
       - name: Resources
         items:
-        - name: Frequent Asked Questions
+        - name: Frequently Asked Questions
           href: mcc-ent-faq.yml
+        - name: Connected Cache secure content delivery
+          href: mcc-ent-secure-content-delivery.md
         - name: Troubleshooting
           href: mcc-ent-troubleshooting.md
         - name: Microsoft Connected Cache for Enterprise and Education early preview

From c890df33c38fe91205e850ca2d766e7de8d2f232 Mon Sep 17 00:00:00 2001
From: Meghan Stewart <33289333+mestew@users.noreply.github.com>
Date: Wed, 19 Mar 2025 08:49:10 -0700
Subject: [PATCH 18/21] tweaks to mcc-ent-create-resource-and-cache.md

---
 .../do/mcc-ent-create-resource-and-cache.md   | 24 +++++++++----------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/windows/deployment/do/mcc-ent-create-resource-and-cache.md b/windows/deployment/do/mcc-ent-create-resource-and-cache.md
index 754add9f0c..41d12b7c97 100644
--- a/windows/deployment/do/mcc-ent-create-resource-and-cache.md
+++ b/windows/deployment/do/mcc-ent-create-resource-and-cache.md
@@ -11,7 +11,7 @@ appliesto:
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
 - ✅ Supported Linux distributions
 - ✅ <a href=https://learn.microsoft.com/windows/deployment/do/waas-microsoft-connected-cache target=_blank>Microsoft Connected Cache for Enterprise</a>	
-ms.date: 10/30/2024
+ms.date: 03/19/2025
 ---
 
 # Create Microsoft Connected Cache Azure resource and cache nodes
@@ -20,7 +20,7 @@ This article outlines how to create and configure your Microsoft Connected Cache
 
 ## Prerequisites
 
-1. **Azure Pay-As-You-Go subscription**: Microsoft Connected Cache is a free-of-charge service hosted in Azure. You'll need a pay-as-you-go Azure subscription in order to onboard to our service. To create a subscription, go to [pay-as-you-go subscription page](https://azure.microsoft.com/offers/ms-azr-0003p/).
+1. **Azure Pay-As-You-Go subscription**: Microsoft Connected Cache is a free-of-charge service hosted in Azure. You need a pay-as-you-go Azure subscription in order to onboard to our service. To create a subscription, go to [pay-as-you-go subscription page](https://azure.microsoft.com/offers/ms-azr-0003p/).
 2. **Hardware to host Connected Cache**: The recommended configuration serves approximately 35,000 managed devices, downloading a 2-GB payload in 24-hour timeframe at a sustained rate of 6.5 Gbps.
 
 For more information on sizing and OS requirements, see [the prerequisites for using Connected Cache](mcc-ent-prerequisites.md).
@@ -28,8 +28,8 @@ For more information on sizing and OS requirements, see [the prerequisites for u
 
 ## Create Connected Cache Azure resource
 
->[!Note]
-   >* Resource move is not currently supported for Connected Cache Azure resources. If you need to move your Connected Cache Azure resource, you can consider deleting the existing resource and creating another one in another location.
+> [!Note]
+> Resource move isn't currently supported for Connected Cache Azure resources. If you need to move your Connected Cache Azure resource, you can consider deleting the existing resource and creating another one in a different location.
 
 # [Azure portal](#tab/portal)
 
@@ -59,7 +59,7 @@ For more information on sizing and OS requirements, see [the prerequisites for u
 
     * Run [az version](/cli/azure/reference-index#az-version) to find the version and dependent libraries that are installed. To upgrade to the latest version, run [az upgrade](/cli/azure/reference-index#az-upgrade).
 
-    * Install Azure CLI extension **mcc** by following the instructions [here](/cli/azure/azure-cli-extensions-overview#how-to-install-extensions).
+    * Install Azure CLI extension `mcc` by following the instructions [here](/cli/azure/azure-cli-extensions-overview#how-to-install-extensions).
 
     * Resource group under which a Connected Cache resource can be created. Use the [az group create](/cli/azure/group#az-group-create) command to create a new Resource group if you don't already have one.
 
@@ -83,7 +83,7 @@ az mcc ent resource create --mcc-resource-name <mymccresource> --resource-group
   1. Open Azure portal and navigate to the Microsoft Connected Cache for Enterprise resource that you created.<br>
   1. Under Cache Node Management, select **Cache Nodes** then **Create Cache Node**.<br>
   
-  1. Provide a name for your cache node and select the host OS you plan to deploy the cache node on, then select **Create**. Note, cache node names have to be unique under the Microsoft Connected Cache resource.
+  1. Provide a name for your cache node and select the host OS you plan to deploy the cache node on, then select **Create**. Note that cache node names have to be unique under the Microsoft Connected Cache resource.
   <!--
     :::image type="content" source="images/mcc-isp-provision-cache-node-numbered.png" alt-text="Screenshot of the Azure portal depicting the cache node configuration page of a cache node. This screenshot shows all of the fields you can choose to configure the cache node." lightbox="./images/mcc-isp-provision-cache-node-numbered.png":::  
     -->
@@ -114,7 +114,7 @@ az mcc ent node create --cache-node-name <mycachenode> --mcc-resource-name <mymc
 >```azurecli-interactive
 >az mcc ent node show --cache-node-name <mycachenode> --mcc-resource-name <mymccresource> --resource-group <myrg>  
 >```
->In the output look for **cacheNodeState**. If ***cacheNodeState = Not Configured***, you can continue with cache node configuration.
+>In the output, look for **cacheNodeState**. If ***cacheNodeState = Not Configured***, you can continue with cache node configuration.
 >If ***cacheNodeState = Registration in Progress***, then the cache node is still in process of being created. Wait a couple of minutes and run the command again.
 >To know more about different cache node state, see [Cache node states](#cache-node-states).
 
@@ -141,7 +141,7 @@ Replace the following placeholders with your own information:
 * *\<size-in-gb>*: The size of cache drive. Must be at least 50 Gb.
 * *\<proxy>*: If proxy needs to be enabled or not.<br>
   Accepted values: `enabled`, `disabled`<br>
-  Proxy should be set to enabled if the cache node will need to pass through a network proxy to download content. The provided proxy will also be used during deployment of the Connected Cache cache node to your host machine.
+  Proxy should be set to enabled if the cache node needs to pass through a network proxy to download content. The provided proxy will also be used during deployment of the Connected Cache cache node to your host machine.
 * *\<proxy-host>*: The proxy host name or ip address. Required if proxy is set to enabled.
 * *\<proxy-port>*: Proxy port number. Required if proxy is set to enabled.
 * *\<auto-update-ring>*: Update ring the cache node should have.<br>
@@ -174,7 +174,7 @@ Replace the following placeholders with your own information:
 * *\<size-in-gb>*: The size of cache drive. Must be at least 50 Gb.
 * *\<proxy>*: If proxy needs to be enabled or not.<br>
   Accepted values: `enabled`, `disabled`<br>
-  Proxy should be set to enabled if the cache node will need to pass through a network proxy to download content. The provided proxy will also be used during deployment of the Connected Cache cache node to your host machine.
+  Proxy should be set to enabled if the cache node needs to pass through a network proxy to download content. The provided proxy will also be used during deployment of the Connected Cache cache node to your host machine.
 * *\<proxy-host>*: The proxy host name or ip address. Required if proxy is set to enabled.
 * *\<proxy-port>*: Proxy port number. Required if proxy is set to enabled.
 * *\<auto-update-ring>*: Update ring the cache node should have.<br>
@@ -218,7 +218,7 @@ To deploy cache nodes using Azure CLI, see
 
 | Field Name |Expected Value |Description|
 |---|---|---|
-|**Cache node name** | Alphanumeric string that contains no spaces| The name of the cache node. You may choose names based on location such as "Seattle-1". This name must be unique and can't be changed later |
+|**Cache node name** | Alphanumeric string that contains no spaces| The name of the cache node. You can choose names based on location such as "Seattle-1". This name must be unique and can't be changed later. |
 |**Host OS** | Linux or Windows| This is the operating system of the host machine that the cache node will be deployed to.|
 
 ### Storage fields
@@ -243,12 +243,12 @@ To deploy cache nodes using Azure CLI, see
 
 #### Proxy settings
 <br>
-You can choose to enable or disable proxy settings on your cache node. Proxy should be set to enabled if the cache node will need to pass through a network proxy to download content. The provided proxy will also be used during deployment of the Connected Cache node to your host machine.
+You can choose to enable or disable proxy settings on your cache node. Proxy should be set to enabled if the cache node needs to pass through a network proxy to download content. The provided proxy will also be used during deployment of the Connected Cache node to your host machine.
 
 <br>
 
 >[!IMPORTANT]
->Enabling or disabling the proxy settings after your cache node has been deployed will require running the provisioning script on the host machine again. This will ensure that proxy changes are in effect on the cache node. 
+>Enabling or disabling the proxy settings after your cache node has been deployed will require running the provisioning script on the host machine again. This ensures that proxy changes are in effect on the cache node. 
 
 | Field Name	|Expected Value	 |Description|
 |---|---|---|

From f74bbd77a4b134825eaf1280ab05047b06b389fa Mon Sep 17 00:00:00 2001
From: Meghan Stewart <33289333+mestew@users.noreply.github.com>
Date: Wed, 19 Mar 2025 08:53:46 -0700
Subject: [PATCH 19/21] tweaks to mcc-ent-monitoring.md

---
 windows/deployment/do/mcc-ent-monitoring.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/deployment/do/mcc-ent-monitoring.md b/windows/deployment/do/mcc-ent-monitoring.md
index d7f73f9c80..e3c5243788 100644
--- a/windows/deployment/do/mcc-ent-monitoring.md
+++ b/windows/deployment/do/mcc-ent-monitoring.md
@@ -11,7 +11,7 @@ appliesto:
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
 - ✅ Supported Linux distributions
 - ✅ <a href=https://learn.microsoft.com/windows/deployment/do/waas-microsoft-connected-cache target=_blank>Microsoft Connected Cache for Enterprise</a>	
-ms.date: 10/30/2024
+ms.date: 03/19/2025
 ---
 
 # Monitor cache node usage
@@ -67,7 +67,7 @@ The content types displayed in the chart each have a distinct color and are sort
 
 ### Cache node details
 
-The **Cache Nodes** section under the **Cache Node Management** tab displays cache node information such as Status, Host machine OS, Software Version, and Cache Node ID.
+The **Cache Nodes** section under the **Cache Node Management** tab displays cache node information such as status, host machine OS, software version, and cache node ID.
 
 ![Screenshot of cache node details in the Azure portal interface.](images/mcc-ent-cache-node-details.png)
 

From 409917899ed0f5f90dfdd4c4dd1dd2be3f44e789 Mon Sep 17 00:00:00 2001
From: Meghan Stewart <33289333+mestew@users.noreply.github.com>
Date: Wed, 19 Mar 2025 09:47:42 -0700
Subject: [PATCH 20/21] tweaks to mcc-ent-secure-content-delivery.md

---
 .../do/mcc-ent-secure-content-delivery.md      | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/windows/deployment/do/mcc-ent-secure-content-delivery.md b/windows/deployment/do/mcc-ent-secure-content-delivery.md
index 1a673b6f1e..e7ad9bf886 100644
--- a/windows/deployment/do/mcc-ent-secure-content-delivery.md
+++ b/windows/deployment/do/mcc-ent-secure-content-delivery.md
@@ -16,7 +16,7 @@ appliesto:
 - ✅ Supported Linux distributions
 - ✅ <a href=https://learn.microsoft.com/windows/deployment/do/waas-microsoft-connected-cache target=_blank>Microsoft Connected Cache for Enterprise</a>	
 - ✅ <a href=https://learn.microsoft.com/windows/deployment/do/waas-delivery-optimization target=_blank>Delivery Optimization</a>
-ms.date: 03/06/2025
+ms.date: 03/19/2025
 ---
 
 # Microsoft Connected Cache for Enterprise and Education Secure Content Delivery
@@ -33,25 +33,25 @@ Connected Cache works in tandem with the [Delivery Optimization (DO) client](waa
 
 ![Diagram of content delivery between CDN, cache node, and DO client](images/mcc-ent-secure-content-delivery-diagram.png)
 
-As you can see in this diagram, Connected Cache nodes currently utilize HTTP to communicate with CDN endpoints and Delivery Optimization clients. There's work planned to support HTTPS communication between CDN endpoints, Connected Cache nodes, and Delivery Optimization clients in the future for content that utilizes HTTPS.
+As shown in the diagram, Connected Cache nodes currently utilize HTTP to communicate with CDN endpoints and Delivery Optimization clients. There's work planned to support HTTPS communication between CDN endpoints, Connected Cache nodes, and Delivery Optimization clients in the future for content that utilizes HTTPS.
 
 ## Security considerations for Connected Cache nodes
 
 The security of each Connected Cache node is dependent on the security of its environment.
 
-In order to securely function as designed, Connected Cache expects the user to take steps to secure the different components of their organization’s network and devices.
+In order to securely function as designed, Connected Cache expects the user to take steps to secure the different components of their organization's network and devices.
 
 The following section is intended to provide a high-level overview of some of the security aspects the user should consider and resources for learning more.
 
 ### Azure resources
 
-One aspect of security lies with the Azure resources that your Microsoft Connected Cache nodes communicate with. You should ensure that your organization’s Azure tenant is using role-based access control (RBAC) to apply policies that enforce least-privilege access to the Connected Cache Azure resources you provision. Only trusted individuals should have the ability to perform create, read, update, and delete (CRUD) operations on your organization’s MCC Azure resources and cache nodes.
+One aspect of security lies with the Azure resources that your Microsoft Connected Cache nodes communicate with. You should ensure that your organization's Azure tenant is using role-based access control (RBAC) to apply policies that enforce least-privilege access to the Azure resources for Connected Cache that you provision. Only trusted individuals should have the ability to perform create, read, update, and delete (CRUD) operations on your organization's Connected Cache Azure resources and cache nodes.
 
 You can learn more about the principles of Azure resource security by referring to the [Azure identity management and access control security best practices](/azure/security/fundamentals/identity-management-best-practices) and the [Microsoft cloud security benchmark (MCSB) documentation for Identity management](/security/benchmark/azure/mcsb-identity-management).
 
 ### Local network
 
-Another aspect of security lies with your organization’s local network. It's recommended that your organization adopts a Zero Trust approach to network security so that your organizational data is protected even if an attacker breaches your network perimeter.
+Another aspect of security lies with your organization's local network. It's recommended that your organization adopts a Zero Trust approach to network security so that your organizational data is protected even if an attacker breaches your network perimeter.
 
 One best practice is to utilize a firewall on your organization's network. When using a network firewall, you should configure it to allow communication between your Connected Cache nodes and the [Microsoft and CDN endpoints](delivery-optimization-endpoints.md) used to install Connected Cache and download Microsoft content.
 
@@ -59,7 +59,7 @@ You can learn more about the principles of network security by referring to the
 
 ### Cache node host machine OS
 
-Another aspect of security lies with the Operating System (OS) of your Connected Cache node’s host machine. Your organization can choose to host Microsoft Connected Cache nodes on a [compatible host OS](mcc-ent-prerequisites.md#cache-node-host-machine-requirements) of your choice.
+Another aspect of security lies with the operating system (OS) of your Connected Cache node's host machine. Your organization can choose to host Microsoft Connected Cache nodes on a [compatible host OS](mcc-ent-prerequisites.md#cache-node-host-machine-requirements) of your choice.
 
 Regardless of which host OS you choose to use, you should ensure that you perform regular OS updates to keep it up to date.
 
@@ -67,7 +67,7 @@ If you're hosting on Windows, your host machine uses Windows Subsystem for Linux
 
 ### Organization-managed Windows devices
 
-Another aspect of security lies with the organization-managed Windows devices that request Microsoft content from your Connected Cache nodes. The Windows devices that are connecting to the MCC node should be secured according to your organization’s security policy.
+Another aspect of security lies with the organization-managed Windows devices that request Microsoft content from your Connected Cache nodes. The Windows devices that are connecting to the Connected Cache node should be secured according to your organization's security policy.
 
 ## Frequently asked questions
 
@@ -75,9 +75,9 @@ Here are some common questions you might have about the security of Microsoft Co
 
 ### How often is the Connected Cache container updated?
 
-There may be several MCC container updates per year. These updates may contain new features, bug fixes, and security patches. When a new Common Vulnerability and Exposure (CVE) is identified, Microsoft may release a new container update to address the vulnerability.
+There might be several Connected Cache container updates per year. These updates may contain new features, bug fixes, and security patches. When a new Common Vulnerability and Exposure (CVE) is identified, Microsoft may release a new container update to address the vulnerability.
 
-You can read more information about Connected Cache container updates and how to schedule their installation in the [Connected Cache container update documentation](mcc-ent-update-cache-node.md).
+For more information about Connected Cache container updates and how to schedule their installation, see [Update Microsoft Connected Cache for Enterprise and Education](mcc-ent-update-cache-node.md).
 
 ### What security improvements are included in the latest Connected Cache container update?
 

From 22559e116d0776c1431946f87ceb1a609bd6b71c Mon Sep 17 00:00:00 2001
From: Meghan Stewart <33289333+mestew@users.noreply.github.com>
Date: Wed, 19 Mar 2025 14:04:17 -0700
Subject: [PATCH 21/21] Update
 windows/deployment/do/mcc-ent-create-resource-and-cache.md

---
 windows/deployment/do/mcc-ent-create-resource-and-cache.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deployment/do/mcc-ent-create-resource-and-cache.md b/windows/deployment/do/mcc-ent-create-resource-and-cache.md
index 41d12b7c97..32c081431c 100644
--- a/windows/deployment/do/mcc-ent-create-resource-and-cache.md
+++ b/windows/deployment/do/mcc-ent-create-resource-and-cache.md
@@ -59,7 +59,7 @@ For more information on sizing and OS requirements, see [the prerequisites for u
 
     * Run [az version](/cli/azure/reference-index#az-version) to find the version and dependent libraries that are installed. To upgrade to the latest version, run [az upgrade](/cli/azure/reference-index#az-upgrade).
 
-    * Install Azure CLI extension `mcc` by following the instructions [here](/cli/azure/azure-cli-extensions-overview#how-to-install-extensions).
+    * Install Azure CLI extension `mcc` by following the instructions [here](/cli/azure/azure-cli-extensions-overview#how-to-install-extensions). 
 
     * Resource group under which a Connected Cache resource can be created. Use the [az group create](/cli/azure/group#az-group-create) command to create a new Resource group if you don't already have one.