Merge pull request #7975 from vinaypamnani-msft/vp-quickassist

Refresh quick assist article
2025-05-14 14:27:22 +00:00 · 2023-03-13 10:20:00 -05:00 · 2023-03-13 10:20:00 -05:00 · fe3889cde3
commit fe3889cde3
parent 0848e2f89c 947b5a81af
3 changed files with 136 additions and 112 deletions
--- a/windows/client-management/connect-to-remote-aadj-pc.md
+++ b/windows/client-management/connect-to-remote-aadj-pc.md
@ -1,94 +1,124 @@
 ---
-title: Connect to remote Azure Active Directory-joined PC (Windows)
+title: Connect to remote Azure Active Directory joined device (Windows)
-description: You can use Remote Desktop Connection to connect to an Azure AD-joined PC.
+description: Learn how to use Remote Desktop Connection to connect to an Azure AD joined device.
 ms.prod: windows-client
 author: vinaypamnani-msft
 ms.localizationpriority: medium
 ms.author: vinpa
 ms.date: 01/18/2022
 ms.reviewer:
 manager: aaroncz
 ms.topic: article
 appliesto:
  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11 and later</a>
 ms.collection:
  - highpri
  - tier2
 ms.technology: itpro-manage
 ---
-# Connect to remote Azure Active Directory-joined PC
+# Connect to remote Azure Active Directory joined device
 From its release, Windows has supported remote connections to devices joined to Active Directory using Remote Desktop Protocol (RDP). Windows 10, version 1607, added the ability to connect to a device that is joined to Azure Active Directory (Azure AD) using RDP.
-**Applies to**
+- Starting in Windows 10, version 1809, you can [use biometrics to authenticate to a remote desktop session](/windows/whats-new/whats-new-windows-10-version-1809#remote-desktop-with-biometrics).
 - Starting in Windows 10/11, with 2022-09 preview update installed, you can [use Azure AD authentication to connect to the remote Azure AD device](#connect-with-azure-ad-authentication).
- Windows 10
+## Prerequisites
 - Windows 11
 - Both devices (local and remote) must be running a supported version of Windows.
 - Remote device must have the **Connect to and use this PC from another device using the Remote Desktop app** option selected under **Settings** > **System** > **Remote Desktop**.
  - It's recommended to select **Require devices to use Network Level Authentication to connect** option.
 - If the user who joined the device to Azure AD is the only one who is going to connect remotely, no other configuration is needed. To allow more users or groups to connect to the device remotely, you must [add users to the Remote Desktop Users group](#add-users-to-remote-desktop-users-group) on the remote device.
 - Ensure [Remote Credential Guard](/windows/access-protection/remote-credential-guard) is turned off on the device you're using to connect to the remote device.
-From its release, Windows 10 has supported remote connections to PCs joined to Active Directory. Starting in Windows 10, version 1607, you can also connect to a remote PC that is [joined to Azure Active Directory (Azure AD)](/azure/active-directory/devices/concept-azure-ad-join). Starting in Windows 10, version 1809, you can [use biometrics to authenticate to a remote desktop session](/windows/whats-new/whats-new-windows-10-version-1809#remote-desktop-with-biometrics).
+## Connect with Azure AD Authentication
-![Remote Desktop Connection client.](images/rdp.png)
+Azure AD Authentication can be used on the following operating systems:
-## Set up
+- Windows 11 with [2022-09 Cumulative Updates for Windows 11 Preview (KB5017383)](https://support.microsoft.com/kb/KB5017383) or later installed.
 - Windows 10, version 20H2 or later with [2022-09 Cumulative Updates for Windows 10 Preview (KB5017380)](https://support.microsoft.com/kb/KB5017380) or later installed.
 - Windows Server 2022 with [2022-09 Cumulative Update for Microsoft server operating system preview (KB5017381)](https://support.microsoft.com/kb/KB5017381) or later installed.
- Both PCs (local and remote) must be running Windows 10, version 1607 or later. Remote connections to an Azure AD-joined PC running earlier versions of Windows 10 aren't supported.
+There's no requirement for the local device to be joined to a domain or Azure AD. As a result, this method allows you to connect to the remote Azure AD joined device from:
 - Your local PC (where you're connecting from) must be either Azure AD-joined or Hybrid Azure AD-joined if using Windows 10, version 1607 and above, or [Azure AD registered](/azure/active-directory/devices/concept-azure-ad-register) if using Windows 10, version 2004 and above. Remote connections to an Azure AD-joined PC from an unjoined device or a non-Windows 10 device aren't supported.
 - The local PC and remote PC must be in the same Azure AD tenant. Azure AD B2B guests aren't supported for Remote desktop.
-Ensure [Remote Credential Guard](/windows/access-protection/remote-credential-guard), a new feature in Windows 10, version 1607, is turned off on the client PC you're using to connect to the remote PC.
+- [Azure AD joined](/azure/active-directory/devices/concept-azure-ad-join) or [Hybrid Azure AD joined](/azure/active-directory/devices/concept-azure-ad-join-hybrid) device.
 - Active Directory joined device.
 - Workgroup device.
- On the PC you want to connect to:
+To connect to the remote computer:
-  1. Open system properties for the remote PC.
+- Launch **Remote Desktop Connection** from Windows Search, or by running `mstsc.exe`.
 - Specify the name of the remote computer.
 - Select **Use a web account to sign in to the remote computer** option in the **Advanced** tab. This option is equivalent to the `enablerdsaadauth` RDP property. For more information, see [Supported RDP properties with Remote Desktop Services](/windows-server/remote/remote-desktop-services/clients/rdp-files).
 - When prompted for credentials, specify your user name in `user@domain.com` format.
 - You're then prompted to allow the remote desktop connection when connecting to a new PC. Azure AD remembers up to 15 hosts for 30 days before prompting again. If you see this dialogue, select **Yes** to connect.
-  2. Enable **Allow remote connections to this computer** and select **Allow connections only from computers running Remote Desktop with Network Level Authentication**.
+> [!IMPORTANT]
 > If your organization has configured and is using [Azure AD Conditional Access](/azure/active-directory/conditional-access/overview), your device must satisfy the conditional access requirements to allow connection to the remote computer.
-     ![Allow remote connections to this computer.](images/allow-rdp.png)
+### Disconnection when the session is locked
-  3. If the user who joined the PC to Azure AD is the only one who is going to connect remotely, no other configuration is needed. To allow more users or groups to connect to the PC, you must allow remote connections for the specified users or groups. Users can be added either manually or through MDM policies:
+The Windows lock screen in the remote session doesn't support Azure AD authentication tokens or passwordless authentication methods like FIDO keys. The lack of support for these authentication methods means that users can't unlock their screens in a remote session. When you try to lock a remote session, either through user action or system policy, the session is instead disconnected and the service sends a message to the user explaining they've been disconnected.
-      - Adding users manually
+Disconnecting the session also ensures that when the connection is relaunched after a period of inactivity, Azure AD reevaluates the applicable conditional access policies.
-        You can specify individual Azure AD accounts for remote connections by running the following PowerShell cmdlet:
+## Connect without Azure AD Authentication
        ```powershell
        net localgroup "Remote Desktop Users" /add "AzureAD\the-UPN-attribute-of-your-user"
        ```
        where *the-UPN-attribute-of-your-user* is the name of the user profile in C:\Users\, which is created based on the DisplayName attribute in Azure AD.
-        In order to execute this PowerShell command, you must be a member of the local Administrators group. Otherwise, you'll get an error like this example:
+By default, RDP doesn't use Azure AD authentication, even if the remote PC supports it. This method allows you to connect to the remote Azure AD joined device from:
        - for cloud only user: "There is no such global user or group : *name*"
        - for synced user: "There is no such global user or group : *name*" </br>
         > [!NOTE]
         > For devices running Windows 10, version 1703 or earlier, the user must sign in to the remote device first before attempting remote connections.
         >
         > Starting in Windows 10, version 1709, you can add other Azure AD users to the **Administrators** group on a device in **Settings** and restrict remote credentials to **Administrators**. If there's a problem connecting remotely, make sure that both devices are joined to Azure AD and that TPM is functioning properly on both devices.
      - Adding users using policy
         Starting in Windows 10, version 2004, you can add users to the Remote Desktop Users using MDM policies as described in [How to manage the local administrators group on Azure AD-joined devices](/azure/active-directory/devices/assign-local-admin#manage-administrator-privileges-using-azure-ad-groups-preview).
         > [!TIP]
         > When you connect to the remote PC, enter your account name in this format: AzureAD\yourloginid@domain.com.
         > [!NOTE]
         > If you cannot connect using Remote Desktop Connection 6.0, you must turn off the new features of RDP 6.0 and revert back to RDP 5.0 by making a few changes in the RDP file. See the details in this [support article](/troubleshoot/windows-server/remote/remote-desktop-connection-6-prompts-credentials).
 ## Supported configurations
 The table below lists the supported configurations for remotely connecting to an Azure AD-joined PC:
 | Criteria | RDP from Azure AD registered device| RDP from Azure AD joined device| RDP from hybrid Azure AD joined device |
 | - | - | - | - |
 | **Client operating systems**| Windows 10, version 2004 and above| Windows 10, version 1607 and above | Windows 10, version 1607 and above |
 | **Supported credentials**| Password, smartcard| Password, smartcard, Windows Hello for Business certificate trust | Password, smartcard, Windows Hello for Business certificate trust |
 - [Azure AD joined](/azure/active-directory/devices/concept-azure-ad-join) or [Hybrid Azure AD joined](/azure/active-directory/devices/concept-azure-ad-join-hybrid) device using Windows 10, version 1607 or later.
 - [Azure AD registered](/azure/active-directory/devices/concept-azure-ad-register) device using Windows 10, version 2004 or later.
 > [!NOTE]
-> If the RDP client is running Windows Server 2016 or Windows Server 2019, to be able to connect to Azure Active Directory-joined PCs, it must [allow Public Key Cryptography Based User-to-User (PKU2U) authentication requests to use online identities](/windows/security/threat-protection/security-policy-settings/network-security-allow-pku2u-authentication-requests-to-this-computer-to-use-online-identities).
+> Both the local and remote device must be in the same Azure AD tenant. Azure AD B2B guests aren't supported for Remote desktop.
 To connect to the remote computer:
 - Launch **Remote Desktop Connection** from Windows Search, or by running `mstsc.exe`.
 - Specify the name of the remote computer.
 - When prompted for credentials, specify your user name in either `user@domain.com` or `AzureAD\user@domain.com` format.
 > [!TIP]
 > If you specify your user name in `domain\user` format, you may receive an error indicating the logon attempt failed with the message **Remote machine is AAD joined. If you are signing in to your work account, try using your work email address**.
 > [!NOTE]
-> When an Azure Active Directory group is added to the Remote Desktop Users group on a Windows device, it isn't honoured when the user that belongs to the Azure AD group logs in through Remote Desktop Protocol (they can't sign in using Remote Desktop Connection). In this scenario, Network Level Authentication should be disabled to run the connection.
+> For devices running Windows 10, version 1703 or earlier, the user must sign in to the remote device first before attempting remote connections.
-## Related topics
+### Supported configurations
 This table lists the supported configurations for remotely connecting to an Azure AD joined device:
 | **Criteria**                               | **Client operating system**       | **Supported credentials**                                          |
 |--------------------------------------------|-----------------------------------|--------------------------------------------------------------------|
 | RDP from **Azure AD registered device**    | Windows 10, version 2004 or later | Password, smart card                                               |
 | RDP from **Azure AD joined device**        | Windows 10, version 1607 or later | Password, smart card, Windows Hello for Business certificate trust |
 | RDP from **hybrid Azure AD joined device** | Windows 10, version 1607 or later | Password, smart card, Windows Hello for Business certificate trust |
 > [!NOTE]
 > If the RDP client is running Windows Server 2016 or Windows Server 2019, to be able to connect to Azure AD joined devices, it must [allow Public Key Cryptography Based User-to-User (PKU2U) authentication requests to use online identities](/windows/security/threat-protection/security-policy-settings/network-security-allow-pku2u-authentication-requests-to-this-computer-to-use-online-identities).
 > [!NOTE]
 > When an Azure AD group is added to the **Remote Desktop Users** group on a Windows device, it isn't honoured when the user that belongs to the Azure AD group logs in through RDP resulting in failure to establish the remote connection. In this scenario, Network Level Authentication should be disabled to allow the connection.
 ## Add users to Remote Desktop Users group
 Remote Desktop Users group is used to grant users and groups permissions to remotely connect to the device. Users can be added either manually or through MDM policies:
 - **Adding users manually**:
  You can specify individual Azure AD accounts for remote connections by running the following command, where `<userUPN>` is the UPN of the user, for example `user@domain.com`:
  ```cmd
  net localgroup "Remote Desktop Users" /add "AzureAD\<userUPN>"
  ```
  In order to execute this command, you must be a member of the local Administrators group. Otherwise, you may see an error similar to `There is no such global user or group: <name>`.
 - **Adding users using policy**:
  Starting in Windows 10, version 2004, you can add users to the Remote Desktop Users using MDM policies as described in [How to manage the local administrators group on Azure AD-joined devices](/azure/active-directory/devices/assign-local-admin#manage-administrator-privileges-using-azure-ad-groups-preview).
 ## Related articles
 [How to use Remote Desktop](https://support.microsoft.com/windows/how-to-use-remote-desktop-5fe128d5-8fb1-7a23-3b8a-41e636865e8c)
--- a/windows/client-management/quick-assist.md
+++ b/windows/client-management/quick-assist.md
@ -1,6 +1,6 @@
 ---
 title: Use Quick Assist to help users
-description: How IT Pros can use Quick Assist to help users.
+description: Learn how IT Pros can use Quick Assist to help users.
 ms.prod: windows-client
 ms.topic: article
 ms.technology: itpro-manage
@ -9,10 +9,13 @@ author: vinaypamnani-msft
 ms.author: vinpa
 manager: aaroncz
 ms.reviewer: pmadrigal
 appliesto:
  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11 and later</a>
 ms.collection:
  - highpri
  - tier1
-ms.date: 08/26/2022
+ms.date: 03/06/2023
 ---
 # Use Quick Assist to help users
@ -23,8 +26,8 @@ Quick Assist is a Microsoft Store application that enables a person to share the
 All that's required to use Quick Assist is suitable network and internet connectivity. No roles, permissions, or policies are involved. Neither party needs to be in a domain. The helper must have a Microsoft account. The sharer doesn't have to authenticate.
-> [!NOTE]
+> [!IMPORTANT]
-> In case the helper and sharer use different keyboard layouts or mouse settings, the ones from the sharer are used during the session.
+> Quick Assist is not available in the Azure Government cloud.
 ### Authentication
@ -45,7 +48,7 @@ Quick Assist communicates over port 443 (https) and connects to the Remote Assis
 | `*.registrar.skype.com` | Required for Azure Communication Service. |
 | `*.support.services.microsoft.com` | Primary endpoint used for Quick Assist application |
 | `*.trouter.skype.com` | Used for Azure Communication Service for chat and connection between parties. |
-| `aadcdn.msauth.net` | Required for logging in to the application (AAD). |
+| `aadcdn.msauth.net` | Required for logging in to the application (Azure AD). |
 | `edge.skype.com` | Used for Azure Communication Service for chat and connection between parties. |
 | `login.microsoftonline.com` | Required for Microsoft login service. |
 | `remoteassistanceprodacs.communication.azure.com` | Used for Azure Communication Service for chat and connection between parties. |
@ -54,21 +57,33 @@ Quick Assist communicates over port 443 (https) and connects to the Remote Assis
 > [!IMPORTANT]
 > Quick Assist uses Edge WebView2 browser control. For a list of domain URLs that you need to add to the allow list to ensure that the Edge WebView2 browser control can be installed and updated, see [Allow list for Microsoft Edge endpoints](/deployedge/microsoft-edge-security-endpoints).
 ## Working with Quick Assist
 Either the support staff or a user can start a Quick Assist session.
 1. Support staff ("helper") and the user ("sharer") can start Quick Assist in any of a few ways:
    - Type *Quick Assist* in the Windows search and press ENTER.
    - Press **CTRL** + **Windows** + **Q**.
    - For **Windows 10** users, from the Start menu, select **Windows Accessories**, and then select **Quick Assist**.
    - For **Windows 11** users, from the Start menu, select **All Apps**, and then select **Quick Assist**.
 1. In the **Help someone** section, the helper selects the **Help someone** button. The helper might be asked to choose their account or sign in. Quick Assist generates a time-limited security code.
 1. Helper shares the security code with the user over the phone or with a messaging system.
 1. The sharer enters the provided code in the **Security code from assistant** box under the **Get help** section, and then selects **Submit**.
 1. The sharer receives a dialog asking for permission to allow screen sharing. The sharer gives permission by selecting the **Allow** button and the screen sharing session is established.
 1. After the screen sharing session is established, the helper can optionally request control of the sharer's screen by selecting **Request control**. The sharer then receives a dialog asking them if they want to **Allow** or **Deny** the request for control.
 > [!NOTE]
 > In case the helper and sharer use different keyboard layouts or mouse settings, the ones from the sharer are used during the session.
 ## How it works
 1. Both the helper and the sharer start Quick Assist.
-
+1. The helper selects **Assist another person**. Quick Assist on the helper's side contacts the Remote Assistance Service to obtain a session code. An RCC chat session is established, and the helper's Quick Assist instance joins it. The helper then provides the code to the sharer.
-2. The helper selects **Assist another person**. Quick Assist on the helper's side contacts the Remote Assistance Service to obtain a session code. An RCC chat session is established, and the helper's Quick Assist instance joins it. The helper then provides the code to the sharer.
+1. After the sharer enters the code in their Quick Assist app, Quick Assist uses that code to contact the Remote Assistance Service and join that specific session. The sharer's Quick Assist instance joins the RCC chat session.
-
+1. The helper is prompted to select **View Only** or **Full Control**.
-3. After the sharer enters the code in their Quick Assist app, Quick Assist uses that code to contact the Remote Assistance Service and join that specific session. The sharer's Quick Assist instance joins the RCC chat session.
+1. The sharer is prompted to confirm allowing the helper to share their desktop with the helper.
-
+1. Quick Assist starts RDP control and connects to the RDP Relay service.
-4. The helper is prompted to select **View Only** or **Full Control**.
+1. RDP shares the video to the helper over https (port 443) through the RDP relay service to the helper's RDP control. Input is shared from the helper to the sharer through the RDP relay service.
 5. The sharer is prompted to confirm allowing the helper to share their desktop with the helper.
 6. Quick Assist starts RDP control and connects to the RDP Relay service.
 7. RDP shares the video to the helper over https (port 443) through the RDP relay service to the helper's RDP control. Input is shared from the helper to the sharer through the RDP relay service.
 :::image type="content" source="images/quick-assist-flow.png" lightbox="images/quick-assist-flow.png" alt-text="Schematic flow of connections when a Quick Assist session is established.":::
@ -77,61 +92,39 @@ Quick Assist communicates over port 443 (https) and connects to the Remote Assis
 Microsoft logs a small amount of session data to monitor the health of the Quick Assist system. This data includes the following information:
 - Start and end time of the session
 - Errors arising from Quick Assist itself, such as unexpected disconnections
 - Features used inside the app such as view only, annotation, and session pause
-No logs are created on either the helper's or sharer's device. Microsoft can't access a session or view any actions or keystrokes that occur in the session.
+> [!NOTE]
-
+> No logs are created on either the helper's or sharer's device. Microsoft can't access a session or view any actions or keystrokes that occur in the session.
-The sharer sees only an abbreviated version of the helper's name (first name, last initial) and no other information about them. Microsoft doesn't store any data about either the sharer or the helper for longer than three days.
+>
 > The sharer sees only an abbreviated version of the helper's name (first name, last initial) and no other information about them. Microsoft doesn't store any data about either the sharer or the helper for longer than three days.
 In some scenarios, the helper does require the sharer to respond to application permission prompts (User Account Control), but otherwise the helper has the same permissions as the sharer on the device.
 ## Working with Quick Assist
 Either the support staff or a user can start a Quick Assist session.
 1. Support staff ("helper") starts Quick Assist in any of a few ways:
    - Type *Quick Assist* in the search box and press ENTER.
    - Press **CTRL** + **Windows** + **Q**
    - For **Windows 10** users, from the Start menu, select **Windows Accessories**, and then choose **Quick Assist**.
    - For **Windows 11** users, from the Start menu, select **All Apps**, **Windows Tools**, and then choose **Quick Assist**.
 2. In the **Give assistance** section, the helper selects **Assist another person**. The helper might be asked to choose their account or sign in. Quick Assist generates a time-limited security code.
 3. Helper shares the security code with the user over the phone or with a messaging system.
 4. Quick Assist opens on the sharer's device. The user enters the provided code in the **Code from assistant** box, and then selects **Share screen**.
 5. The helper receives a dialog offering the opportunity to take full control of the device or just view its screen. After they choose an option, the helper selects **Continue**.
 6. The sharer receives a dialog asking for permission to show their screen or allow access. The sharer gives permission by selecting the **Allow** button.
 ## Install Quick Assist
 ### Install Quick Assist from the Microsoft Store
 1. Download the new version of Quick Assist by visiting the [Microsoft Store](https://apps.microsoft.com/store/detail/quick-assist/9P7BP5VNWKX5).
-1. In the Microsoft Store, select **Get in Store app**. Then, give permission to install Quick Assist. When the installation is complete, you'll see **Get** change to **Open**.</br> :::image type="content" source="images/quick-assist-get.png" lightbox="images/quick-assist-get.png" alt-text="Microsoft Store window showing the Quick Assist app with a button labeled get in the bottom right corner.":::
+1. In the Microsoft Store, select **Get in Store app**. Then, give permission to install Quick Assist. When the installation is complete, **Get** changes to **Open**.</br> :::image type="content" source="images/quick-assist-get.png" lightbox="images/quick-assist-get.png" alt-text="Microsoft Store window showing the Quick Assist app with a button labeled get in the bottom right corner.":::
 For more information, visit [Install Quick Assist](https://support.microsoft.com/windows/install-quick-assist-c17479b7-a49d-4d12-938c-dbfb97c88bca).
 ### Install Quick Assist with Intune
-Before installing Quick Assist, you'll need to set up synchronization between Intune and Microsoft Store for Business. If you've already set up sync, log into [Microsoft Store for Business](https://businessstore.microsoft.com) and skip to step 5.
+Before installing Quick Assist, you need to set up synchronization between Intune and Microsoft Store for Business. If you've already set up sync, log into [Microsoft Store for Business](https://businessstore.microsoft.com) and skip to step 5.
 1. In the [Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431), go to **Tenant administration** / **Connectors and tokens** / **Microsoft Store for Business** and verify that **Microsoft Store for Business sync** is set to **Enable**.
 1. Using your Global Admin account, log into [Microsoft Store for Business](https://businessstore.microsoft.com).
-1. Select **Manage** / **Settings** and turn on **Show offline apps**.
+1. Select **Manage** / **Settings** and enable **Show offline apps**.
 1. Choose the **Distribute** tab and verify that **Microsoft Intune** is **Active**. You may need to use the **+Add management tool** link if it's not.
 1. Search for **Quick Assist** and select it from the Search results.
 1. Choose the **Offline** license and select **Get the app**
 1. In the Intune admin center, choose **Sync**.
 1. Navigate to **Apps** / **Windows** and you should see **Quick Assist (Offline)** in the list.
-1. Select it to view its properties. By default, the app won't be assigned to anyone or any devices, select the **Edit** link.
+1. Select it to view its properties.
-1. Assign the app to the required group of devices and choose **Review + save** to complete the application install.
+1. By default, the app isn't assigned to any user or device, select the **Edit** link. Assign the app to the required group of devices and choose **Review + save** to complete the application install.
 > [!NOTE]
 > Assigning the app to a device or group of devices instead of a user is important because it's the only way to install a store app in device context.
@ -140,18 +133,19 @@ Visit [Add Microsoft Store apps to Microsoft Intune](/mem/intune/apps/store-apps
 ### Install Quick Assist Offline
-To install Quick Assist offline, you'll need to download your APPXBUNDLE and unencoded XML file from [Microsoft Store for Business](https://businessstore.microsoft.com). Visit [Download an offline-licensed app](/microsoft-store/distribute-offline-apps#download-an-offline-licensed-app) for more information.
+To install Quick Assist offline, you need to download your APPXBUNDLE and unencoded XML file from [Microsoft Store for Business](https://businessstore.microsoft.com). Visit [Download an offline-licensed app](/microsoft-store/distribute-offline-apps#download-an-offline-licensed-app) for more information.
 1. Start **Windows PowerShell** with Administrative privileges.
-1. In PowerShell, change the directory to the location you've saved the file to in step 1. (CD &#x3C;*location of package file*&#x3E;)
+1. In PowerShell, change the directory to the location you've saved the file to in step 1: `cd <location of package file>`
-1. Run the following command to install Quick Assist: </br>*Add-appxprovisionedpackage -online -PackagePath "MicrosoftCorporationII.QuickAssist_2022.509.2259.0_neutral___8wekyb3d8bbwe.AppxBundle" -LicensePath "MicrosoftCorporationII.QuickAssist_8wekyb3d8bbwe_4bc27046-84c5-8679-dcc7-d44c77a47dd0.xml"*
+1. Run the following command to install Quick Assist: `Add-AppxProvisionedPackage -Online -PackagePath "MicrosoftCorporationII.QuickAssist_8wekyb3d8bbwe.AppxBundle" -LicensePath "MicrosoftCorporationII.QuickAssist_8wekyb3d8bbwe_4bc27046-84c5-8679-dcc7-d44c77a47dd0.xml"`
-1. After Quick Assist has installed, run this command: </br>_Get-appxpackage \*QuickAssist* -alluser_
+1. After Quick Assist has installed, run this command to confirm that Quick Assist is installed for the user: `Get-AppxPackage *QuickAssist* -AllUsers`
 After running the command, you'll see Quick Assist 2.X is installed for the user.
 ## Microsoft Edge WebView2
-The Microsoft Edge WebView2 is a development control that uses Microsoft Edge as the rendering engine to display web content in native apps. The new Quick Assist app is written using this control and is required. For Windows 11 users, this runtime control is built in. For Windows 10 users, the Quick Assist Store app will detect if WebView2 is present on launch and if necessary, it will be installed automatically. If an error message or prompt is shown indicating WebView2 isn't present, it will need to be installed separately.
+The Microsoft Edge WebView2 is a development control that uses Microsoft Edge as the rendering engine to display web content in native apps. The new Quick Assist application has been developed using this control, making it a necessary component for the app to function.
 - For Windows 11 users, this runtime control is built in.
 - For Windows 10 users, the Quick Assist Store app detects if WebView2 is present on launch and if necessary, installs it automatically. If an error message or prompt is shown indicating WebView2 isn't present, it needs to be installed separately.
 For more information on distributing and installing Microsoft Edge WebView2, visit [Distribute your app and the WebView2 Runtime](/microsoft-edge/webview2/concepts/distribution)
--- a/windows/client-management/toc.yml
+++ b/windows/client-management/toc.yml
@ -98,10 +98,10 @@ items:
            href: administrative-tools-in-windows-10.md
          - name: Use Quick Assist to help users
            href: quick-assist.md
          - name: Create mandatory user profiles
            href: mandatory-user-profile.md
          - name: Connect to remote Azure Active Directory-joined PC
            href: connect-to-remote-aadj-pc.md
          - name: Create mandatory user profiles
            href: mandatory-user-profile.md
          - name: New policies for Windows 10
            href: new-policies-for-windows-10.md
          - name: Windows 10 default media removal policy