From 9f950b1a8e7569558c3e2d5e40ef04c480b9c791 Mon Sep 17 00:00:00 2001
From: Benzy Dharmanayagam <v-benzyd@microsoft.com>
Date: Fri, 11 Jun 2021 15:29:58 +0530
Subject: [PATCH 01/61] Updated-5138946, 5138946, 5155963, 5155998

The following articles have been updated:

Changes to Windows diagnostic data collection.

Configure Windows diagnostic data in your organization.

Windows 10 & Privacy Compliance
---
 ...s-to-windows-diagnostic-data-collection.md | 25 +++--
 ...ws-diagnostic-data-in-your-organization.md | 93 +++++++++++++++----
 .../windows-10-and-privacy-compliance.md      | 90 ++++++++++++++----
 3 files changed, 166 insertions(+), 42 deletions(-)

diff --git a/windows/privacy/changes-to-windows-diagnostic-data-collection.md b/windows/privacy/changes-to-windows-diagnostic-data-collection.md
index 9514d43951..b277bb3b25 100644
--- a/windows/privacy/changes-to-windows-diagnostic-data-collection.md
+++ b/windows/privacy/changes-to-windows-diagnostic-data-collection.md
@@ -24,7 +24,7 @@ ms.date: 07/21/2020
 
 Microsoft is committed to providing you with effective controls over your data and ongoing transparency into our data handling practices. As part of this effort, we are moving our major products and services to a model where data sent back to Microsoft from customer devices will be classified as either **Required** or **Optional**. We believe this will provide our customers with a simpler experience – information should be easier to find, easier to understand, and easier to act upon through the tools we provide.
 
-This topic is meant for IT administrators and explains the changes Windows is making to align to the new data collection taxonomy. These changes are focused in two areas:
+This article is meant for IT administrators and explains the changes Windows is making to align to the new data collection taxonomy. These changes are focused in two areas:
 
 - [Taxonomy changes](#taxonomy-changes)
 - [Behavioral changes](#behaviorial-changes)
@@ -36,7 +36,7 @@ This topic is meant for IT administrators and explains the changes Windows is ma
 
 In Windows 10, version 1903 and newer, you will see taxonomy updates in both the **Out-of-box-experience** (OOBE) and the **Diagnostics & feedback** privacy settings page. These changes are explained in the section named **Taxonomy** changes.
 
-Additionally, in an upcoming release of Windows 10, we’re simplifying your diagnostic data controls by moving from four diagnostic data controls to three: **Diagnostic data off**, **Required**, and **Optional**. We’re also clarifying the Security diagnostic data level to more accurately reflect its behavior by changing it to **Diagnostic data off**. All of these changes are explained in the section named **Behavioral changes**.
+Additionally, in an upcoming release of Windows 10, we’re simplifying your diagnostic data controls by moving from four diagnostic data controls to three: **Diagnostic data off**, **Required**, and **Optional**. We’re also clarifying the Security diagnostic data level to reflect its behavior more accurately by changing it to **Diagnostic data off**. All these changes are explained in the section named **Behavioral changes**.
 
 ## Taxonomy changes
 
@@ -48,9 +48,9 @@ Starting in Windows 10, version 1903 and newer, both the **Out-of-Box-Experience
 > [!IMPORTANT]
 > No action is required for the taxonomy changes, and your existing settings will be maintained as part of this update.
 
-## Behaviorial changes
+## Behavioral changes
 
-In an upcoming release of Windows 10, we’re simplifying your diagnostic data controls by moving from four diagnostic data controls to three: **Diagnostic data off**, **Required**, and **Optional**. If your devices are set to **Enhanced** when they are upgraded, the device settings will be evaluated to be at the more privacy-preserving setting of **Required diagnostic data**, which means that analytic services that leverage enhanced data collection may not work properly. For a list of services, see the section named, **Services that rely on Enhanced diagnostic data**, later in this topic. Administrators should read through the details and determine whether to apply these new policies to restore the same collection settings as they had before this change. For a list of steps, see the section named **Configure a Windows 10 device to limit crash dumps and logs**. For more information on services that rely on Enhanced diagnostic data, see **Services that rely on Enhanced diagnostic data**.
+In an upcoming release of Windows 10, we’re simplifying your diagnostic data controls by moving from four diagnostic data controls to three: **Diagnostic data off**, **Required**, and **Optional**. If your devices are set to **Enhanced** when they are upgraded, the device settings will be evaluated to be at the more privacy-preserving setting of **Required diagnostic data**, which means that analytic services that leverage enhanced data collection may not work properly. For a list of services, see [Services that rely on Enhanced diagnostic data](#services-that-rely-on-enhanced-diagnostic-data). Administrators should read through the details and determine whether to apply these new policies to restore the same collection settings as they had before this change. For a list of steps, see [Configure a Windows 10 device to limit crash dumps and logs](#configure-a-windows-10-device-to-limit-crash-dumps-and-logs). For more information on services that rely on Enhanced diagnostic data, see [Services that rely on Enhanced diagnostic data](#services-that-rely-on-enhanced-diagnostic-data).
 
 Additionally, you will see the following policy changes in an upcoming release of Windows 10:
 
@@ -70,7 +70,7 @@ A final set of changes includes two new policies that can help you fine-tune dia
   - MDM policy: System/LimitDiagnosticLogCollection
 
 >[!Important]
->All of the changes mentioned in this section will not be released on versions of Windows, version 1809 and earlier as well as Windows Server 2019 and earlier.
+>All the changes mentioned in this section will not be released on versions of Windows, version 1809 and earlier as well as Windows Server 2019 and earlier.
 
 ## Configure a Windows 10 device to limit crash dumps and logs
 
@@ -88,4 +88,17 @@ Customers who use services that depend on Windows diagnostic data, such as Micro
 
 The following provides information on the current configurations:
 - [Microsoft Managed Desktop](/microsoft-365/managed-desktop/service-description/device-policies#windows-diagnostic-data)
-- [Desktop Analytics](/mem/configmgr/desktop-analytics/overview)
\ No newline at end of file
+- [Desktop Analytics](/mem/configmgr/desktop-analytics/overview)
+
+## New Windows diagnostic data processor configuration
+
+**Applies to**
+- Windows 10 Edu, Pro, Enterprise editions, version 1809 with July 2021 update and newer
+
+Enterprise customers will now have a new option for controlling their Windows diagnostic data for their Azure Active Directory joined devices.
+
+Previously, enterprise customers had two options in managing their Windows diagnostic data: 1) allow Microsoft to be the [controller](/compliance/regulatory/gdpr#terminology) of that data and responsible for determining the purposes and means of the processing of Windows diagnostic data in order to improve the Windows 10 operating system and deliver analytical services, or 2) turn off diagnostic data flows altogether.
+
+Now, customers will have a third option that allows them to be the controller for their Windows diagnostic data, while still benefiting from the purposes that this data serves, such as quality of updates and device drivers. Under this approach, Microsoft will act as a data [processor](/compliance/regulatory/gdpr#terminology), processing Windows diagnostic data on behalf of the controller.
+
+This new option will enable customers to use familiar tools to manage, export, or delete data to help them meet their compliance obligations. For example, using the Microsoft Azure portal, customers will have the means to respond to their own users’ requests, such as delete and export diagnostic data. Admins can easily enable the Windows diagnostic data processor configuration for Windows devices using group policy or mobile device management ([MDM](/windows/client-management/mdm/policy-csp-system)). For more information, see [Enable Windows diagnostic data processor configuration](configure-windows-diagnostic-data-in-your-organization.md#enable-windows-diagnostic-data-processor-configuration).
diff --git a/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md b/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md
index c5f2f8b2ce..b3cf4f88b5 100644
--- a/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md
+++ b/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md
@@ -22,22 +22,23 @@ ms.date: 10/13/2020
 
 - Windows 10 Enterprise
 - Windows 10 Education
+- Windows 10 Professional
 - Windows Server 2016 and newer
 
-This article applies to Windows 10, Windows Server, Surface Hub, and HoloLens diagnostic data only. It describes the types of diagnostic data that’s sent back to Microsoft and the ways you can manage it within your organization. Microsoft uses the data to quickly identify and address issues affecting its customers.
+This article applies to Windows 10, Windows Server, Surface Hub, and HoloLens diagnostic data only. It describes the types of diagnostic data sent back to Microsoft and the ways you can manage it within your organization. Microsoft uses the data to quickly identify and address issues affecting its customers.
 
 >[!IMPORTANT]
 >Microsoft is [increasing transparency](https://blogs.microsoft.com/on-the-issues/2019/04/30/increasing-transparency-and-customer-control-over-data/) by categorizing the data we collect as required or optional. Windows 10 is in the process of updating devices to reflect this new categorization, and during this transition Basic diagnostic data will be recategorized as Required diagnostic data and Full diagnostic data will be recategorized as Optional diagnostic data. For more information, see [Changes to Windows diagnostic data](changes-to-windows-diagnostic-data-collection.md).
 
-## Overview 
+## Overview
 
-Microsoft collects Windows diagnostic data to solve problems and to keep Windows up to date, secure, and operating properly. It also helps us improve Windows and related Microsoft products and services and, for customers who have turned on the **Tailored experiences** setting, to provide more relevant tips and recommendations to enhance Microsoft and third-party products and services for the customer’s needs.
+Microsoft collects Windows diagnostic data to solve problems and to keep Windows up to date, secure, and operating properly. It also helps us improve Windows and related Microsoft products and services and, for customers who have turned on the **Tailored experiences** setting, to provide more relevant tips and recommendations to enhance Microsoft and third-party products and services for each customer’s needs.
 
 For more information about how Windows diagnostic data is used, see [Diagnostics, feedback, and privacy in Windows 10](https://support.microsoft.com/help/4468236/diagnostics-feedback-and-privacy-in-windows-10-microsoft-privacy).
 
 ### Diagnostic data gives users a voice
 
-Diagnostic data gives every user a voice in the operating system’s development and ongoing improvement. It helps us understand how Windows 10 and Windows Server behaves in the real world, focus on user priorities, and make informed decisions that benefit both consumer and enterprise customers. The following sections offer real examples of these benefits.
+Diagnostic data gives every user a voice in the operating system’s development and ongoing improvement. It helps us understand how Windows 10 and Windows Server behave in the real world, focus on user priorities, and make informed decisions that benefit both consumer and enterprise customers. The following sections offer real examples of these benefits.
 
 ### _Improve app and driver quality_
 
@@ -73,7 +74,7 @@ Later in this document we provide further details about how to control what’s
 
 ### Data transmission
 
-All diagnostic data is encrypted using TLS and uses certificate pinning during transfer from the device to the Microsoft data management services.
+All diagnostic data is encrypted using Transport Layer Security (TLS) and uses certificate pinning during transfer from the device to the Microsoft data management services.
 
 ### Endpoints
 
@@ -110,7 +111,7 @@ Here’s a summary of the types of data that is included with each setting:
 | --- | --- | --- | --- | --- |
 | **Diagnostic data events** | No Windows diagnostic data sent. | Minimum data required to keep the device secure, up to date, and performing as expected. | Additional data about the websites you browse, how Windows and apps are used and how they perform, and device activity. The additional data helps Microsoft to fix and improve products and services for all users. | Additional data about the websites you browse, how Windows and apps are used and how they perform. This data also includes data about device activity, and enhanced error reporting that helps Microsoft to fix and improve products and services for all users.|
 | **Crash Metadata** | N/A | Yes | Yes | Yes |
-| **Crash Dumps** | N/A | No | Triage dumps only <br></br>For more information about crash dumps, see [Windows Error Reporting](/windows/win32/wer/windows-error-reporting). | Full memory dumps <br></br>For more information about crash dumps, see [Windows Error Reporting](/windows/win32/wer/windows-error-reporting).  |
+| **Crash Dumps** | N/A | No | Triage dumps only <br></br>For more information about crash dumps, see [Windows Error Reporting](/windows/win32/wer/windows-error-reporting). | Full memory dumps <br></br>For more information about crash dumps, see [Windows Error Reporting](/windows/win32/wer/windows-error-reporting). |
 | **Diagnostic logs** | N/A | No | No | Yes |
 | **Data collection** | N/A | 100% | Sampling applies | Sampling applies |
 
@@ -156,31 +157,31 @@ Required diagnostic data includes:
 
 ### Enhanced diagnostic data
 
->[!NOTE] 
+>[!NOTE]
 >We’re simplifying your diagnostic data controls by moving from four diagnostic data controls to three: **Diagnostic data off**, **Required**, and **Optional**. making changes to the enhanced diagnostic data level. For more info about this change, see [Changes to Windows diagnostic data](changes-to-windows-diagnostic-data-collection.md).
 
 Enhanced diagnostic data includes data about the websites you browse, how Windows and apps are used and how they perform, and device activity. The additional data helps Microsoft to fix and improve products and services for all users. When you choose to send enhanced diagnostic data, required diagnostic data will always be included, and we collect the following additional information:
 
  - Operating system events that help to gain insights into different areas of the operating system, including networking, Hyper-V, Cortana, storage, file system, and other components.
- 
+
  - Operating system app events resulting from Microsoft apps and management tools that were downloaded from the Microsoft Store or pre-installed with Windows or Windows Server, including Server Manager, Photos, Mail, and Microsoft Edge.
- 
+
  - Device-specific events that are specific to certain devices, such as Surface Hub and Microsoft HoloLens. For example, Microsoft HoloLens sends Holographic Processing Unit (HPU)-related events.
- 
+
  - All crash dump types, except for heap dumps and full dumps. For more information about crash dumps, see [Windows Error Reporting](/windows/win32/wer/windows-error-reporting).
 
- ### Optional diagnostic data
+### Optional diagnostic data
 
 Optional diagnostic data, previously labeled as **Full**, includes more detailed information about your device and its settings, capabilities, and device health. Optional diagnostic data also includes data about the websites you browse, device activity, and enhanced error reporting that helps Microsoft to fix and improve products and services for all users. When you choose to send optional diagnostic data, required diagnostic data will always be included, and we collect the following additional information:
 
  - Additional data about the device, connectivity, and configuration, beyond that collected under required diagnostic data.
- 
+
  - Status and logging information about the health of operating system and other system components beyond what is collected under required diagnostic data.
- 
+
  - App activity, such as which programs are launched on a device, how long they run, and how quickly they respond to input.
- 
+
  - Browser activity, including browsing history and search terms, in Microsoft browsers (Microsoft Edge or Internet Explorer).
- 
+
  - Enhanced error reporting, including the memory state of the device when a system or app crash occurs (which may unintentionally contain user content, such as parts of a file you were using when the problem occurred). Crash data is never used for Tailored experiences.
 
 >[!Note]
@@ -190,7 +191,7 @@ Optional diagnostic data, previously labeled as **Full**, includes more detailed
 
 Use the steps in this section to configure the diagnostic data settings for Windows and Windows Server in your organization.
 
->[!IMPORTANT] 
+>[!IMPORTANT]
 >These diagnostic data settings only apply to components, features, and apps that are considered a part of the Windows operating system. Third-party apps and other Microsoft apps, such as Microsoft Office, that customers install may also collect and send diagnostic data using their own controls. You should work with your app vendors to understand their diagnostic data policy, and how you can opt in or opt out. For more information on how Microsoft Office uses diagnostic data, see [Overview of privacy controls for Microsoft 365 Apps for enterprise](/deployoffice/privacy/overview-privacy-controls). If you would like to control Windows data collection that is not Windows diagnostic data, see [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md).
 
 You can configure your device's diagnostic data settings using the management tools you’re already using, such as Group Policy or MDM.
@@ -224,6 +225,66 @@ You can use Group Policy to set your organization’s diagnostic data setting:
 
 Use [Policy Configuration Service Provider (CSP)](/windows/client-management/mdm/policy-configuration-service-provider) to apply the System/AllowTelemetry MDM policy.
 
+## Enable Windows diagnostic data processor configuration
+
+The Windows diagnostic data processor configuration enables you to be the controller, as defined by the European Union General Data Protection Regulation (GDPR), for the Windows diagnostic data collected from your Windows devices that meet the configuration requirements.
+
+### Prerequisites
+
+The device must have Windows 10 Pro, Education or Enterprise edition, version 1809 with July 2021 update or newer. The device must also be joined to Azure Active Directory. 
+
+The diagnostic data setting on the device should be set to Required diagnostic data or higher, and the following endpoints need to be reachable:
+
+- v10c.events.data.microsoft.com
+- umwatsonc.events.data.microsoft.com
+- kmwatsonc.events.data.microsoft.com
+- settings-win.data.microsoft.com
+- *.blob.core.windows.net
+
+### Enabling Windows diagnostic data processor configuration
+
+Use the instructions below to enable Windows diagnostic data processor configuration using a single setting, through Group Policy, or an MDM solution.
+
+In Group Policy, to enable Windows diagnostic data processor configuration, go to **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Data Collection and Preview Builds** and switch the **Allow commercial data pipeline** setting to **enabled**.
+
+If you wish to disable, at any time, switch the same setting to **disabled**. The default state of the above setting is **disabled**. To use an MDM solution, such as [Microsoft Intune](/mem/intune/configuration/custom-settings-windows-10), to deploy the Windows diagnostic data processor configuration to your supported devices, use the following custom OMA-URI setting configuration:
+
+ - **Name:** System/AllowCommercialDataPipeline
+ - **OMA-URI:** ./Vendor/MSFT/Policy/Config/System/AllowCommercialDataPipeline
+ - **Data type:** Integer
+
+Under **Value**, use **1** to enable the service.
+
+If you wish to disable, at any time, switch the same setting to **0** to disable. The default is **0**.
+
+>[!Note]
+> - If you have any additional policies that also enable you to be a controller of Windows diagnostic data, such as the services listed below, you will need to turn off all the applicable policies in order to stop being a controller for Windows diagnostic data.
+> - Windows diagnostic data collected from a device before it was enabled with Windows diagnostic data processor configuration will be deleted when this configuration is enabled.
+> - When you enable devices with the Windows diagnostic data processor configuration, users may continue to submit feedback through various channels such as Windows feedback hub or Edge feedback. However, the feedback data is not subject to the terms of the Windows diagnostic data processor configuration. If this is not desired, we recommend that you disable feedback using the available policies or application management solutions.
+
+You can also enable the Windows diagnostic data processor configuration by enrolling in services that use Windows diagnostic data. These services currently include Desktop Analytics, Update Compliance, Microsoft Managed Desktop, and Windows Update for Business.
+
+For information on these services and how to configure the group policies, refer to the following documentation:
+
+Desktop Analytics:
+
+- [Enable data sharing - Configuration Manager | Microsoft Docs](/mem/configmgr/desktop-analytics/enable-data-sharing)
+- [Desktop Analytics data privacy - Configuration Manager | Microsoft Docs](/mem/configmgr/desktop-analytics/privacy)
+- [Group policy settings - Configuration Manager | Microsoft Docs](/mem/configmgr/desktop-analytics/group-policy-settings)
+
+Update Compliance:
+
+- [Privacy in Update Compliance - Windows Deployment | Microsoft Docs](/windows/deployment/update/update-compliance-privacy)
+- [Manually configuring devices for Update Compliance - Windows Deployment | Microsoft Docs](/windows/deployment/update/update-compliance-configuration-manual#required-policies)
+
+Microsoft Managed Desktop:
+
+- [Privacy and personal data - Microsoft Managed Desktop | Microsoft Docs](/microsoft-365/managed-desktop/service-description/privacy-personal-data)
+
+Windows Update for Business:
+
+- [Windows Update for Business deployment service - Windows Deployment | Microsoft Docs](/windows/deployment/update/deployment-service-overview#how-to-enable-deployment-protections)
+
 ## Limit optional diagnostic data for Desktop Analytics
 
 For more information about how to limit the diagnostic data to the minimum required by Desktop Analytics, see [Enable data sharing for Desktop Analytics](/mem/configmgr/desktop-analytics/enable-data-sharing).
diff --git a/windows/privacy/windows-10-and-privacy-compliance.md b/windows/privacy/windows-10-and-privacy-compliance.md
index a33a9a416e..f0f78ca7f3 100644
--- a/windows/privacy/windows-10-and-privacy-compliance.md
+++ b/windows/privacy/windows-10-and-privacy-compliance.md
@@ -19,18 +19,17 @@ ms.date: 07/21/2020
 # Windows 10 & Privacy Compliance:<br />A Guide for IT and Compliance Professionals
 
 Applies to:
+
 - Windows 10 Enterprise
 - Windows 10 Education
+- Windows 10 Professional
 - Windows Server 2016 and newer
 
 ## Overview
 
->[!IMPORTANT] 
->Microsoft is [increasing transparency](https://blogs.microsoft.com/on-the-issues/2019/04/30/increasing-transparency-and-customer-control-over-data/) by categorizing the data we collect as required or optional. Windows 10 is in the process of updating devices to reflect this new categorization, and during this transition Basic diagnostic data will be recategorized as Required diagnostic data and Full diagnostic data will be recategorized as Optional diagnostic data. For more information, see [Changes to Windows diagnostic data](changes-to-windows-diagnostic-data-collection.md).
-
 At Microsoft, we are committed to data privacy across all our products and services. With this guide, we provide administrators and compliance professionals with data privacy considerations for Windows 10.
 
-Microsoft collects data through multiple interactions with users of Windows 10 devices. This information can contain personal data that may be used to provide, secure, and improve Windows 10 services. To help users and organizations control the collection of personal data, Windows 10 provides comprehensive transparency features, settings choices, controls, and support for data subject requests, all of which are detailed in this article.
+Microsoft collects data through multiple interactions with users of Windows 10 devices. This information can contain personal data that may be used to provide, secure, and improve Windows 10 and our connected experiences. To help users and organizations control the collection of personal data, Windows 10 provides comprehensive transparency features, settings choices, controls, and support for data subject requests, all of which are detailed in this article.
 
 This information allows administrators and compliance professionals to work together to better manage personal data privacy considerations and related regulations, such as the General Data Protection Regulation (GDPR)
 
@@ -45,11 +44,11 @@ When setting up a device, a user can configure their privacy settings. Those pri
 The following table provides an overview of the Windows 10 privacy settings presented during the device setup experience that involve processing personal data and where to find additional information.
 
 > [!NOTE]
-> This table is limited to the privacy settings that are available as part of setting up a Windows 10 device (Windows 10, version 1809 and newer). For the full list of settings that involve data collection, [see Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md).
+> This table is limited to the privacy settings that are available as part of setting up a Windows 10 device (Windows 10, version 1809 and newer). For the full list of settings that involve data collection, see [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md).
 
 | Feature/Setting | Description | Supporting Content | Privacy Statement |
 | --- | --- | --- | --- |
-| Diagnostic Data | <p>Microsoft uses diagnostic data to keep Windows secure, up to date, troubleshoot problems, and make product improvements. Regardless of what choices you make for diagnostic data collection, the device will be just as secure and will operate normally. This data is collected by Microsoft and stored with one or more unique identifiers that can help us recognize an individual user on an individual device and understand the device's service issues and use patterns.</p><p>Diagnostic data is categorized into the following:<ul><li>**Required diagnostic data**<br />Previously known as basic diagnostic data, required diagnostic data includes information about your device, its settings, capabilities, and whether it is performing properly, whether a device is ready for an update, and whether there are factors that may impede the ability to receive updates, such as low battery, limited disk space, or connectivity through a paid network. You can find out what is collected with required diagnostic data [here](./required-windows-diagnostic-data-events-and-fields-2004.md).</li><li>**Optional diagnostic data**<br />Previously known as full diagnostic data, optional diagnostic data includes more detailed information about your device and its settings, capabilities, and device health. When you choose to send optional diagnostic data, required diagnostic data will always be included. You can find out the types of optional diagnostic data collected [here](./windows-diagnostic-data.md).</li></ul></p> | [Learn more](https://support.microsoft.com/help/4468236/diagnostics-feedback-and-privacy-in-windows-10-microsoft-privacy)<br /><br />[Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md) | [Privacy Statement](https://privacy.microsoft.com/privacystatement#maindiagnosticsmodule) |
+| Diagnostic Data | <p>Microsoft uses diagnostic data to keep Windows secure, up to date, troubleshoot problems, and make product improvements. Regardless of what choices you make for diagnostic data collection, the device will be just as secure and will operate normally. This data is collected by Microsoft and stored with one or more unique identifiers that can help us recognize an individual user on an individual device and understand the device's service issues and use patterns.</p><p>Diagnostic data is categorized into the following:<ul><li>**Required diagnostic data**<br />Required diagnostic data includes information about your device, its settings, capabilities, and whether it is performing properly, whether a device is ready for an update, and whether there are factors that may impede the ability to receive updates, such as low battery, limited disk space, or connectivity through a paid network. You can find out what is collected with required diagnostic data [here](./required-windows-diagnostic-data-events-and-fields-2004.md).</li><li>**Optional diagnostic data**<br />Optional diagnostic data includes more detailed information about your device and its settings, capabilities, and device health. When you choose to send optional diagnostic data, required diagnostic data will always be included. You can find out the types of optional diagnostic data collected [here](./windows-diagnostic-data.md).</li></ul></p> | [Learn more](https://support.microsoft.com/help/4468236/diagnostics-feedback-and-privacy-in-windows-10-microsoft-privacy)<br /><br />[Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md) | [Privacy Statement](https://privacy.microsoft.com/privacystatement#maindiagnosticsmodule) |
 | Inking and typing diagnostics | Microsoft collects optional inking and typing diagnostic data to improve the language recognition and suggestion capabilities of apps and services running on Windows. | [Learn more](https://support.microsoft.com/help/4468236/diagnostics-feedback-and-privacy-in-windows-10-microsoft-privacy) | [Privacy Statement](https://privacy.microsoft.com/privacystatement#maindiagnosticsmodule) |
 | Speech | Use your voice for dictation and to talk to Cortana and other apps that use Windows cloud-based speech recognition. Microsoft collects voice data to help improve speech services. | [Learn more](https://support.microsoft.com/help/4468250/windows-10-speech-voice-activation-inking-typing-privacy) | [Privacy Statement](https://privacy.microsoft.com/privacystatement#mainspeechinkingtypingmodule) |
 | Location | Get location-based experiences like directions and weather. Let Windows and apps request your location and allow Microsoft to use your location data to improve location services. | [Learn more](https://support.microsoft.com/help/4468240/windows-10-location-service-and-privacy) |[Privacy Statement](https://privacy.microsoft.com/privacystatement#mainlocationservicesmotionsensingmodule) |
@@ -57,7 +56,7 @@ The following table provides an overview of the Windows 10 privacy settings pres
 | Tailored Experiences | Let Microsoft offer you tailored experiences based on the diagnostic data you choose to send. Tailored experiences include personalized tips, ads, and recommendations to enhance Microsoft products and services for your needs. | [Learn more](https://support.microsoft.com/help/4468236/diagnostics-feedback-and-privacy-in-windows-10-microsoft-privacy) | [Privacy Statement](https://privacy.microsoft.com/privacystatement#maindiagnosticsmodule) |
 | Advertising Id | Apps can use advertising ID to provide more personalized advertising in accordance with the privacy policy of the app provider. | [Learn more](https://support.microsoft.com/help/4459081/windows-10-general-privacy-settings) | [Privacy statement](https://support.microsoft.com/help/4459081/windows-10-general-privacy-settings) |
 | Activity History/Timeline – Cloud Sync | If you want Windows Timeline and other Windows features to help you continue what you were doing, even when you switch devices, send Microsoft your activity history, which includes info about websites you browse and how you use apps and services. | [Learn more](https://support.microsoft.com/help/4468227/windows-10-activity-history-and-your-privacy-microsoft-privacy) | [Privacy statement](https://privacy.microsoft.com/privacystatement#mainactivityhistorymodule) |
-| Cortana | <p>Cortana is Microsoft’s personal digital assistant, which helps busy people get things done, even while they’re at work. Cortana on Windows is available in [certain regions and languages](https://support.microsoft.com/help/4026948/cortanas-regions-and-languages). Cortana learns from certain data about the user, such as location, searches, calendar, contacts, voice input, speech patterns, email, content and communication history from text messages. In Microsoft Edge, Cortana uses browsing history. The user is in control of how much data is shared.<br /><br />Cortana has powerful configuration options, specifically optimized for a business. By signing in with an Azure Active Directory (Azure AD) account, enterprise users can give Cortana access to their enterprise/work identity, while getting all the functionality Cortana provides to them outside of work.</p> | [Learn more](https://support.microsoft.com/help/4468233/cortana-and-privacy-microsoft-privacy)<br /><br />[Cortana integration in your business or enterprise](/windows/configuration/cortana-at-work/cortana-at-work-overview) | [Privacy statement](https://privacy.microsoft.com/privacystatement#maincortanamodule) |
+| Cortana | <p>Cortana is Microsoft’s personal digital assistant, which helps busy people get things done, even while they’re at work. Cortana on Windows is available in [certain regions and languages](https://support.microsoft.com/help/4026948/cortanas-regions-and-languages). Cortana learns from certain data about the user, such as location, searches, calendar, contacts, voice input, speech patterns, email, content, and communication history from text messages. In Microsoft Edge, Cortana uses browsing history. The user is in control of how much data is shared.<br /><br />Cortana has powerful configuration options, specifically optimized for a business. By signing in with an Azure Active Directory (Azure AD) account, enterprise users can give Cortana access to their enterprise/work identity, while getting all the functionality Cortana provides to them outside of work.</p> | [Learn more](https://support.microsoft.com/help/4468233/cortana-and-privacy-microsoft-privacy)<br /><br />[Cortana integration in your business or enterprise](/windows/configuration/cortana-at-work/cortana-at-work-overview) | [Privacy statement](https://privacy.microsoft.com/privacystatement#maincortanamodule) |
 
 ### 1.2 Data collection monitoring
 
@@ -65,6 +64,8 @@ The following table provides an overview of the Windows 10 privacy settings pres
 
 An administrator can also use the Diagnostic Data Viewer for PowerShell module to view the diagnostic data collected from the device instead of using the Diagnostic Data Viewer UI. The [Diagnostic Data Viewer for PowerShell Overview](microsoft-diagnosticdataviewer.md) provides further information.
 
+> [!Note]
+> If the Windows diagnostic data processor configuration is enabled, IT administrators should use the admin portal to fulfill data subject request to access or export Windows diagnostic data associated with a particular user’s use of a device. See [The process for exercising data subject rights](#3-the-process-for-exercising-data-subject-rights).
 
 ## 2. Windows 10 data collection management
 
@@ -81,14 +82,14 @@ Administrators can configure and control privacy settings across their organizat
 The following table provides an overview of the privacy settings discussed earlier in this document with details on how to configure these policies. The table also provides information on what the default value would be for each of these privacy settings if you do not manage the setting by using policy and suppress the Out-of-box Experience (OOBE) during device setup. If you’re interested in minimizing data collection, we also provide the recommended value to set.
 
 > [!NOTE]
-> This is not a complete list of settings that involve connecting to Microsoft services. To see a more detailed list, see [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md).
+> This is not a complete list of settings that involve connecting to Microsoft connected experiences. For more detailed list, see [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md).
 
 | Feature/Setting | GP/MDM Documentation | Default State if the Setup experience is suppressed | State to stop/minimize data collection |
 |---|---|---|---|
 | [Speech](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-speech) | Group Policy:<br />**Computer Configuration** > **Control Panel** > **Regional and Language Options** > **Allow users to enable online speech recognition services**<br /><br />MDM: [Privacy/AllowInputPersonalization](/windows/client-management/mdm/policy-csp-privacy#privacy-allowinputpersonalization) | Off | Off |
 | [Location](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-location) | Group Policy:<br />**Computer Configuration** > **Windows Components** > **App Privacy** > **Let Windows apps access location**<br /><br />MDM: [Privacy/LetAppsAccessLocation](/windows/client-management/mdm/policy-csp-privacy#privacy-allowinputpersonalization) | Off (Windows 10, version 1903 and later) | Off |
 | [Find my device](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#find-my-device) | Group Policy:<br />**Computer Configuration** > **Windows Components** > **Find My Device** > **Turn On/Off Find My Device**<br /><br />MDM: [Experience/AllFindMyDevice](/windows/client-management/mdm/policy-csp-experience#experience-allowfindmydevice) | Off | Off |
-| [Diagnostic Data](configure-windows-diagnostic-data-in-your-organization.md#manage-enterprise-diagnostic-data) | Group Policy:<br />**Computer Configuration** > **Windows Components** > **Data Collection and Preview Builds** > **Allow Telemetry**<br /><br />MDM: [System/AllowTelemetry](/windows/client-management/mdm/policy-csp-system#system-allowtelemetry) | Desktop editions:<br />Required diagnostic data (Windows 10, version 1903 and later)<br /><br />Server editions:<br />Required diagnostic data | Security and block endpoints | 
+| [Diagnostic Data](configure-windows-diagnostic-data-in-your-organization.md#manage-enterprise-diagnostic-data) | Group Policy:<br />**Computer Configuration** > **Windows Components** > **Data Collection and Preview Builds** > **Allow Telemetry**<br /><br />MDM: [System/AllowTelemetry](/windows/client-management/mdm/policy-csp-system#system-allowtelemetry)<br /><br />Note: If you are planning to configure devices, using the Windows diagnostic data processor configuration option, the recommended state to minimize data collection is not applicable. For more information, see [Enabling the Windows diagnostic data processor configuration](#_238-diagnostic-data-enabling-the-windows-diagnostic-data-processor-configuration_). | Required diagnostic data (Windows 10, version 1903 and later)<br /><br />Server editions:<br />Enhanced diagnostic data | Security (Off) and block endpoints |
 | [Inking and typing diagnostics](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-ink) | Group Policy:<br />**Computer Configuration** > **Windows Components** > **Text Input** > **Improve inking and typing recognition**<br /><br />MDM: [TextInput/AllowLinguisticDataCollection](/windows/client-management/mdm/policy-csp-textinput#textinput-allowlinguisticdatacollection) | Off (Windows 10, version 1809 and later) | Off | 
 | Tailored Experiences | Group Policy:<br />**User Configuration** > **Windows Components** > **Cloud Content** > **Do not use diagnostic data for tailored experiences**<br /><br />MDM: [Experience/AllowTailoredExperiencesWithDiagnosticData](/windows/client-management/mdm/policy-csp-experience#experience-allowtailoredexperienceswithdiagnosticdata) | Off | Off | 
 | Advertising ID | Group Policy:<br />**Computer Configuration** > **System** > **User Profile** > **Turn off the advertising Id**<br /><br />MDM: [Privacy/DisableAdvertisingId](/windows/client-management/mdm/policy-csp-privacy#privacy-disableadvertisingid) | Off | Off | 
@@ -111,24 +112,29 @@ You can use the following articles to learn more about Autopilot and how to use
 - https://docs.microsoft.com/windows/deployment/windows-Autopilot/windows-Autopilot 
 - https://docs.microsoft.com/windows/deployment/windows-Autopilot/deployment-process
 
-#### _2.3.2 Managing connections from Windows components to Microsoft services_
+#### _2.3.2 Windows 10 connected experiences and essential services_
 
-Administrators can manage the data sent from their organization to Microsoft by configuring settings associated with the functionality provided by Windows components.
+Windows includes built-in apps, services, and features, that connect to the internet to provide enhanced experiences and additional capabilities. These are called “connected experiences”. For example, Microsoft Defender Antivirus is a connected experience that delivers updated protection to keep the devices in your organization secure.
 
-For more details, see [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md). This topic includes the different methods available on how to configure each setting, the impact to functionality, and which versions of Windows that are applicable.
+Connected experiences that are critical to the proper functioning of Windows are called “essential services”. For example, the Windows licensing service confirms that you are properly licensed to use Windows.
 
-#### _2.3.3 Managing Windows 10 connections_
+Windows connected experiences and essential services transfer data to Microsoft network endpoints, and while an administrator may want to block these endpoints for their organization to meet specific compliance objectives, we recommend that you carefully assess the impact of turning off essential services.
 
-Some Windows components, apps, and related services transfer data to Microsoft network endpoints. An administrator may want to block these endpoints for their organization to meet their specific compliance objectives.
+The article [Manage connection endpoints for Windows 10, version 20H2](/windows/privacy/manage-windows-20h2-endpoints) provides a list of endpoints for the latest Windows 10 release, along with descriptions of any functionality that would be impacted by restricting data collection. Details for additional Windows versions can be found under the **Manage Windows 10 connection endpoints** section of the left-hand navigation menu.
 
-[Manage connection endpoints for Windows 10, version 1903](manage-windows-1903-endpoints.md) provides a list of endpoints for the latest Windows 10 release, along with descriptions of any functionality that would be impacted by restricting data collection. Details for additional Windows versions can be found on the [Windows Privacy site](./index.yml) under the **Manage Windows 10 connection endpoints** section of the left-hand navigation menu.
+#### _2.3.3 Managing connections from Windows connected experiences to Microsoft services_
+
+Administrators can manage the data sent from their organization to Microsoft by configuring settings associated with the functionality provided by Windows connected experiences and essential services.
+
+For more information, see [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md). This topic includes the different methods available on how to configure each setting, the impact to functionality, and which versions of Windows that are applicable.
 
 #### _2.3.4 Limited functionality baseline_
 
 An organization may want to further minimize the amount of data sent back to Microsoft or shared with Microsoft apps by managing the connections and configuring additional settings on their devices. Similar to [Windows security baselines](/windows/security/threat-protection/windows-security-baselines), Microsoft has released a limited functionality baseline focused on configuring settings to minimize the data sent back to Microsoft. However, the functionality of the device could be impacted by applying these settings. The [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md) article provides details on how to apply the baseline, along with the full list of settings covered in the baseline and the functionality that would be impacted. Administrators that don’t want to apply the baseline can still find details on how to configure each setting individually to find the right balance between data sharing and impact to functionality for their organization.
 
 >[!IMPORTANT]
->We recommend that you fully test any modifications to these settings before deploying them in your organization.
+> - We recommend that you fully test any modifications to these settings before deploying them in your organization.
+> - We also recommend that if you plan to enable the Windows diagnostic data processor configuration, adjust the limited configuration baseline before deploying to ensure the Windows diagnostic setting is not turned off.
 
 #### _2.3.5 Diagnostic data: Managing notifications for change of level at logon_
 
@@ -144,23 +150,58 @@ Windows 10, version 1809 and newer allows a user to delete diagnostic data colle
 
 An administrator can disable a user’s ability to delete their device’s diagnostic data by setting the Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Data Collection and Preview Builds** > **Disable deleting diagnostic data** or the MDM policy `DisableDeviceDelete`.
 
+>[!Note]
+>If the Windows diagnostic data processor configuration is enabled, the Delete diagnostic data button will be disabled and the powershell cmdlet will not delete data collected under this configuration. IT administrators can instead delete diagnostic data collected by invoking a delete request from the admin portal.
+
+#### _2.3.8 Diagnostic data: Enabling the Windows diagnostic data processor configuration_
+
+**Applies to:**
+
+- Windows 10 Enterprise, Pro, Education editions, version 1809 with July 2021 update and newer
+
+The Windows diagnostic data processor configuration enables IT administrators to be the controller, under the definition of the European Union General Data Protection Regulation (GDPR), for the Windows diagnostic data collected from Windows 10 devices that are Azure Active Directory (AAD) joined and meet the configuration requirements. For more information, see [Enable Windows diagnostic data processor configuration](configure-windows-diagnostic-data-in-your-organization.md#enable-windows-diagnostic-data-processor-configuration). Diagnostic data does not include data processed by Microsoft with the use of essential services and connected experiences in Windows.
+
+The Windows diagnostic data collected from devices enabled with the Windows diagnostic data processor configuration may be associated with a specific AAD User ID or device ID. The Windows diagnostic data processor configuration provides you with controls that help respond to data subject requests (DSRs) to delete diagnostic data, at user account closure, for a specific AAD User ID. Additionally, you’re able to execute an export DSR for diagnostic data related to a specific AAD User ID. For more information, see [The process for exercising data subject rights](#3-the-process-for-exercising-data-subject-rights). Microsoft also will accommodate a tenant account closure, either because you decide to close your Azure or Azure AD tenant account, or because you decide you no longer wish to be the data controller for Windows diagnostic data, but still wish to remain an Azure customer.
+
+We recommend that IT administrators who have enabled the Windows diagnostic data processor configuration consider the following:
+
+- Restrict user’s ability to sign-in with a Microsoft Account (MSA) using [Block Microsoft account group policy](/windows/security/threat-protection/security-policy-settings/accounts-block-microsoft-accounts).
+- Restrict user’s ability to submit feedback, as any feedback or additional logs submitted by the user are not managed by the Windows diagnostic data processor configuration option. The Feedback hub app can be removed using [PowerShell](/powershell/module/appx/remove-appxpackage) and block ability to submit feedback in Microsoft Edge using [Feedback group policy](/deployedge/microsoft-edge-policies#userfeedbackallowed).
+
+>[!Note]
+>Tenant account closure will lead to the deletion of all data associated with that tenant.
+
+Specific services that depend on Windows diagnostic data will also result in the enterprise becoming controllers of their Windows diagnostic data. These services include Update Compliance, Desktop Analytics, and Microsoft Managed Devices. For more information, see [Related Windows product considerations](#5-related-windows-product-considerations).
+
+For more information on how Microsoft can help you honor rights and fulfill obligations under the GDPR when using Windows diagnostic data processor configurations, see [General Data Protection Regulation - Microsoft GDPR | Microsoft Docs](/compliance/regulatory/gdpr).
 
 ## 3. The process for exercising data subject rights
 
 This section discusses the different methods Microsoft provides for users and administrators to exercise data subject rights for data collected from a Windows 10 device.
 
+For IT administrators who have devices using the Windows diagnostic data processor configuration, refer to the [Data Subject Requests for the GDPR and CCPA](/compliance/regulatory/gdpr-dsr-windows). Otherwise proceed to the sections below.
+
 ### 3.1 Delete
 
 Users can delete their device-based data by going to **Settings** > **Privacy** > **Diagnostic & feedback** and clicking the **Delete** button under the **Delete diagnostic data** heading. Administrators can also use the [Clear-WindowsDiagnosticData](/powershell/module/windowsdiagnosticdata/Clear-WindowsDiagnosticData?view=win10-ps) PowerShell cmdlet.
 
+>[!Note]
+>If the Windows diagnostic data processor configuration is being used, the Delete diagnostic data functionality will be disabled. IT administrators can delete diagnostic data associated with a user from the admin portal.
+
 ### 3.2 View
 
 The [Diagnostic Data Viewer (DDV)](diagnostic-data-viewer-overview.md) provides a view into the diagnostic data being collected from a Windows 10 device. Administrators can also use the [Get-DiagnosticData](microsoft-diagnosticdataviewer.md#install-and-use-the-diagnostic-data-viewer-for-powershell) PowerShell cmdlet.
 
+>[!Note]
+>If the Windows diagnostic data processor configuration is enabled, IT administrators can view the diagnostic data that is associated with a user from the admin portal.
+
 ### 3.3 Export
 
 The [Diagnostic Data Viewer (DDV)](diagnostic-data-viewer-overview.md) provides the ability to export the diagnostic data captured while the app is running, by clicking the **Export** data button in the top menu. Administrators can also use the [Get-DiagnosticData](microsoft-diagnosticdataviewer.md#install-and-use-the-diagnostic-data-viewer-for-powershell) PowerShell cmdlet script.
 
+>[!Note]
+>If the Windows diagnostic data processor configuration is enabled, IT administrators can also export the diagnostic data that is associated with a user from the admin portal.
+
 ### 3.4 Devices connected to a Microsoft account
 
 If a user signs in to a Windows experience or app on their device with their Microsoft account, they can view, delete, and export data associated with their Microsoft account on the [Privacy dashboard](https://account.microsoft.com/privacy).
@@ -168,11 +209,10 @@ If a user signs in to a Windows experience or app on their device with their Mic
 
 ## 4. Cross-border data transfers
 
-Microsoft complies with applicable law regarding the collection, use, and retention of personal information, including its transfer across borders
+Microsoft complies with applicable law regarding the collection, use, and retention of personal information, including its transfer across borders.
 
 Microsoft’s [Privacy Statement](https://privacy.microsoft.com/privacystatement#mainwherewestoreandprocessdatamodule) provides details on how we store and process personal data.
 
-
 ## 5. Related Windows product considerations
 
 The following sections provide details about how privacy data is collected and managed across related Windows products.
@@ -181,23 +221,33 @@ The following sections provide details about how privacy data is collected and m
 
 Windows Server follows the same mechanisms as Windows 10 for handling of personal data.
 
+>[!Note]
+>The Windows diagnostic data processor configuration is not available for Windows Server.
+
 ### 5.2 Surface Hub
 
-[Surface Hub](/surface-hub/) is a shared device used within an organization. The device identifier collected as part of diagnostic data is not connected to a user. To delete the Windows diagnostic data sent to Microsoft for Surface Hub, you can use the Surface Hub Delete Diagnostic Data tool available in the Microsoft Store
+[Surface Hub](/surface-hub/) is a shared device used within an organization. The device identifier collected as part of diagnostic data is not connected to a user. To delete the Windows diagnostic data sent to Microsoft for Surface Hub, you can use the Surface Hub Delete Diagnostic Data tool available in the Microsoft Store.
 
 >[!IMPORTANT]
 >Apps and services that run on Windows but are not considered part of Windows will manage data collection using their own controls. Please contact the publisher for further guidance on how to control the data collection and transmission of these apps and services.
 
 An administrator can configure privacy-related settings, such as choosing to only send required diagnostic data. Surface Hub does not support Group Policy for centralized management. However, administrators can use MDM to apply these settings to Surface Hub. For more information about Surface Hub and MDM, see [Manage settings with an MDM provider (Surface Hub)](/surface-hub/manage-settings-with-mdm-for-surface-hub).
 
+>[!Note]
+>The Windows diagnostic data processor configuration is not available for Surface Hub.
+
 ### 5.3 Desktop Analytics
 
-[Desktop Analytics](/mem/configmgr/desktop-analytics/overview) is a set of solutions for Azure Portal that provide you with extensive data about the state of devices in your deployment. Desktop Analytics is a separate offering from Windows 10 and is dependent on enabling a minimum set of data collection on the device to function.
+[Desktop Analytics](/mem/configmgr/desktop-analytics/overview) is a set of solutions for Azure portal that provide you with extensive data about the state of devices in your deployment. Desktop Analytics is a separate offering from Windows 10 and is dependent on enabling a minimum set of data collection on the device to function.
 
 ### 5.4 Microsoft Managed Desktop
 
 [Microsoft Managed Desktop (MMD)](/microsoft-365/managed-desktop/service-description/?view=o365-worldwide) is a service that provides your users with a secure modern experience and always keeps devices up to date with the latest versions of Windows 10 Enterprise edition, Office 365 ProPlus, and Microsoft security services.
 
+### 5.5 Update Compliance
+
+[Update Compliance](/windows/deployment/update/update-compliance-monitor) is a service that enables organizations to monitor security, quality and feature updates for Windows 10 Professional, Education, and Enterprise editions, and view a report of device and update issues related to compliance that need attention. Update Compliance uses Windows 10 diagnostic data for all its reporting.
+
 ## Additional Resources
 
 * [Microsoft Trust Center: GDPR Overview](https://www.microsoft.com/trust-center/privacy/gdpr-overview)

From 1c91a7f11956210fe68a2d2ebc18b6a41b7006e3 Mon Sep 17 00:00:00 2001
From: Benzy Dharmanayagam <v-benzyd@microsoft.com>
Date: Fri, 11 Jun 2021 15:47:07 +0530
Subject: [PATCH 02/61] Fixed warnings

---
 .../changes-to-windows-diagnostic-data-collection.md |  2 +-
 windows/privacy/windows-10-and-privacy-compliance.md | 12 ++++++------
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/windows/privacy/changes-to-windows-diagnostic-data-collection.md b/windows/privacy/changes-to-windows-diagnostic-data-collection.md
index b277bb3b25..113c415e29 100644
--- a/windows/privacy/changes-to-windows-diagnostic-data-collection.md
+++ b/windows/privacy/changes-to-windows-diagnostic-data-collection.md
@@ -27,7 +27,7 @@ Microsoft is committed to providing you with effective controls over your data a
 This article is meant for IT administrators and explains the changes Windows is making to align to the new data collection taxonomy. These changes are focused in two areas:
 
 - [Taxonomy changes](#taxonomy-changes)
-- [Behavioral changes](#behaviorial-changes)
+- [Behavioral changes](#behavioral-changes)
 
 > [!NOTE]
 > You can test the behavioral changes now in Windows 10 Insider Preview build 19577 and later.
diff --git a/windows/privacy/windows-10-and-privacy-compliance.md b/windows/privacy/windows-10-and-privacy-compliance.md
index f0f78ca7f3..e5ce1e7e04 100644
--- a/windows/privacy/windows-10-and-privacy-compliance.md
+++ b/windows/privacy/windows-10-and-privacy-compliance.md
@@ -89,7 +89,7 @@ The following table provides an overview of the privacy settings discussed earli
 | [Speech](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-speech) | Group Policy:<br />**Computer Configuration** > **Control Panel** > **Regional and Language Options** > **Allow users to enable online speech recognition services**<br /><br />MDM: [Privacy/AllowInputPersonalization](/windows/client-management/mdm/policy-csp-privacy#privacy-allowinputpersonalization) | Off | Off |
 | [Location](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-location) | Group Policy:<br />**Computer Configuration** > **Windows Components** > **App Privacy** > **Let Windows apps access location**<br /><br />MDM: [Privacy/LetAppsAccessLocation](/windows/client-management/mdm/policy-csp-privacy#privacy-allowinputpersonalization) | Off (Windows 10, version 1903 and later) | Off |
 | [Find my device](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#find-my-device) | Group Policy:<br />**Computer Configuration** > **Windows Components** > **Find My Device** > **Turn On/Off Find My Device**<br /><br />MDM: [Experience/AllFindMyDevice](/windows/client-management/mdm/policy-csp-experience#experience-allowfindmydevice) | Off | Off |
-| [Diagnostic Data](configure-windows-diagnostic-data-in-your-organization.md#manage-enterprise-diagnostic-data) | Group Policy:<br />**Computer Configuration** > **Windows Components** > **Data Collection and Preview Builds** > **Allow Telemetry**<br /><br />MDM: [System/AllowTelemetry](/windows/client-management/mdm/policy-csp-system#system-allowtelemetry)<br /><br />Note: If you are planning to configure devices, using the Windows diagnostic data processor configuration option, the recommended state to minimize data collection is not applicable. For more information, see [Enabling the Windows diagnostic data processor configuration](#_238-diagnostic-data-enabling-the-windows-diagnostic-data-processor-configuration_). | Required diagnostic data (Windows 10, version 1903 and later)<br /><br />Server editions:<br />Enhanced diagnostic data | Security (Off) and block endpoints |
+| [Diagnostic Data](configure-windows-diagnostic-data-in-your-organization.md#manage-enterprise-diagnostic-data) | Group Policy:<br />**Computer Configuration** > **Windows Components** > **Data Collection and Preview Builds** > **Allow Telemetry**<br /><br />MDM: [System/AllowTelemetry](/windows/client-management/mdm/policy-csp-system#system-allowtelemetry)<br /><br />Note: If you are planning to configure devices, using the Windows diagnostic data processor configuration option, the recommended state to minimize data collection is not applicable. For more information, see [Enabling the Windows diagnostic data processor configuration](#238-diagnostic-data-enabling-the-windows-diagnostic-data-processor-configuration). | Required diagnostic data (Windows 10, version 1903 and later)<br /><br />Server editions:<br />Enhanced diagnostic data | Security (Off) and block endpoints |
 | [Inking and typing diagnostics](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-ink) | Group Policy:<br />**Computer Configuration** > **Windows Components** > **Text Input** > **Improve inking and typing recognition**<br /><br />MDM: [TextInput/AllowLinguisticDataCollection](/windows/client-management/mdm/policy-csp-textinput#textinput-allowlinguisticdatacollection) | Off (Windows 10, version 1809 and later) | Off | 
 | Tailored Experiences | Group Policy:<br />**User Configuration** > **Windows Components** > **Cloud Content** > **Do not use diagnostic data for tailored experiences**<br /><br />MDM: [Experience/AllowTailoredExperiencesWithDiagnosticData](/windows/client-management/mdm/policy-csp-experience#experience-allowtailoredexperienceswithdiagnosticdata) | Off | Off | 
 | Advertising ID | Group Policy:<br />**Computer Configuration** > **System** > **User Profile** > **Turn off the advertising Id**<br /><br />MDM: [Privacy/DisableAdvertisingId](/windows/client-management/mdm/policy-csp-privacy#privacy-disableadvertisingid) | Off | Off | 
@@ -109,8 +109,8 @@ If you want the ability to fully control and apply restrictions on data being se
 Alternatively, your administrators can also choose to use Windows Autopilot. Autopilot lessens the overall burden of deployment while allowing administrators to fully customize the out-of-box experience. However, since Windows Autopilot is a cloud-based solution, administrators should be aware that a minimal set of device identifiers are sent back to Microsoft during initial device boot up. This device-specific information is used to identify the device so that it can receive the administrator-configured Autopilot profile and policies.
 
 You can use the following articles to learn more about Autopilot and how to use Autopilot to deploy Windows 10: 
-- https://docs.microsoft.com/windows/deployment/windows-Autopilot/windows-Autopilot 
-- https://docs.microsoft.com/windows/deployment/windows-Autopilot/deployment-process
+- [Overview of Windows Autopilot](/windows/deployment/windows-Autopilot/windows-Autopilot)
+- [Windows Autopilot deployment process](/windows/deployment/windows-Autopilot/deployment-process)
 
 #### _2.3.2 Windows 10 connected experiences and essential services_
 
@@ -146,7 +146,7 @@ Windows 10, version 1803 and newer allows users to change their diagnostic data
 
 #### _2.3.7 Diagnostic data: Managing device-based data delete_
 
-Windows 10, version 1809 and newer allows a user to delete diagnostic data collected from their device by using **Settings** > **Privacy** > **Diagnostic & feedback** and clicking the **Delete** button under the **Delete diagnostic data** heading. An administrator can also delete diagnostic data for a device using the [Clear-WindowsDiagnosticData](/powershell/module/windowsdiagnosticdata/Clear-WindowsDiagnosticData?view=win10-ps) PowerShell cmdlet.
+Windows 10, version 1809 and newer allows a user to delete diagnostic data collected from their device by using **Settings** > **Privacy** > **Diagnostic & feedback** and clicking the **Delete** button under the **Delete diagnostic data** heading. An administrator can also delete diagnostic data for a device using the [Clear-WindowsDiagnosticData](/powershell/module/windowsdiagnosticdata/Clear-WindowsDiagnosticData) PowerShell cmdlet.
 
 An administrator can disable a user’s ability to delete their device’s diagnostic data by setting the Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Data Collection and Preview Builds** > **Disable deleting diagnostic data** or the MDM policy `DisableDeviceDelete`.
 
@@ -183,7 +183,7 @@ For IT administrators who have devices using the Windows diagnostic data process
 
 ### 3.1 Delete
 
-Users can delete their device-based data by going to **Settings** > **Privacy** > **Diagnostic & feedback** and clicking the **Delete** button under the **Delete diagnostic data** heading. Administrators can also use the [Clear-WindowsDiagnosticData](/powershell/module/windowsdiagnosticdata/Clear-WindowsDiagnosticData?view=win10-ps) PowerShell cmdlet.
+Users can delete their device-based data by going to **Settings** > **Privacy** > **Diagnostic & feedback** and clicking the **Delete** button under the **Delete diagnostic data** heading. Administrators can also use the [Clear-WindowsDiagnosticData](/powershell/module/windowsdiagnosticdata/Clear-WindowsDiagnosticData) PowerShell cmdlet.
 
 >[!Note]
 >If the Windows diagnostic data processor configuration is being used, the Delete diagnostic data functionality will be disabled. IT administrators can delete diagnostic data associated with a user from the admin portal.
@@ -242,7 +242,7 @@ An administrator can configure privacy-related settings, such as choosing to onl
 
 ### 5.4 Microsoft Managed Desktop
 
-[Microsoft Managed Desktop (MMD)](/microsoft-365/managed-desktop/service-description/?view=o365-worldwide) is a service that provides your users with a secure modern experience and always keeps devices up to date with the latest versions of Windows 10 Enterprise edition, Office 365 ProPlus, and Microsoft security services.
+[Microsoft Managed Desktop (MMD)](/microsoft-365/managed-desktop/service-description/) is a service that provides your users with a secure modern experience and always keeps devices up to date with the latest versions of Windows 10 Enterprise edition, Office 365 ProPlus, and Microsoft security services.
 
 ### 5.5 Update Compliance
 

From 4a407713ce5fa607cf7b10c333d37eb992800966 Mon Sep 17 00:00:00 2001
From: Sinead O'Sullivan <siosulli@microsoft.com>
Date: Mon, 14 Jun 2021 13:59:58 +0100
Subject: [PATCH 03/61] Remove deploy data processor

---
 .openpublishing.redirection.json              |  5 +
 .../deploy-data-processor-service-windows.md  | 96 -------------------
 2 files changed, 5 insertions(+), 96 deletions(-)
 delete mode 100644 windows/privacy/deploy-data-processor-service-windows.md

diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json
index 4afc122348..cf0c97aa74 100644
--- a/.openpublishing.redirection.json
+++ b/.openpublishing.redirection.json
@@ -18919,6 +18919,11 @@
       "source_path": "windows/security/threat-protection/device-control/device-control-report.md",
       "redirect_url": "/microsoft-365/security/defender-endpoint/device-control-report",
       "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/privacy/deploy-data-processor-service-windows.md",
+      "redirect_url": "windows/privacy/windows-10-and-privacy-compliance",
+      "redirect_document_id": false
     }    
 	    ]
 }
diff --git a/windows/privacy/deploy-data-processor-service-windows.md b/windows/privacy/deploy-data-processor-service-windows.md
deleted file mode 100644
index 01a6bbec79..0000000000
--- a/windows/privacy/deploy-data-processor-service-windows.md
+++ /dev/null
@@ -1,96 +0,0 @@
----
-title: Technical Deployment of the data processor service for Windows Enterprise 
-description: Use this article to understand how to deploy and manage the data processor service for Windows Enterprise.
-keywords: privacy, GDPR
-ms.localizationpriority: high
-ROBOTS: NOINDEX, NOFOLLOW
-ms.prod: w10
-ms.topic: article
-f1.keywords:
-- NOCSH
-ms.author: siosulli
-author: dansimp
-manager: dansimp
-audience: itpro
-ms.collection: 
-- GDPR
-- M365-security-compliance
----
-
-# Data processor service for Windows Enterprise Overview 
-
->[!NOTE]
->This topic is intended for participants in the data processor service for Windows Enterprise preview program and requires acceptance of specific terms of use. To learn
-more about the program and agree to the terms of use, see [https://aka.ms/WindowsEnterprisePublicPreview](https://aka.ms/WindowsEnterprisePublicPreview).
-
-The privacy landscape keeps evolving, and with it, we make changes to our services to meet our customers’ needs. 
-The data processor service for Windows Enterprise empowers you to be in control of diagnostic data from Windows devices, and act as data controllers for that data, under the definition of the European Union General Data Protection Regulation (GDPR). 
-
-The data processor service for Windows Enterprise will serve as a foundation for other Microsoft services that use Windows diagnostic data. 
-
-The data processor service for Windows Enterprise offering enables you to store and manage your Windows diagnostic data in the cloud, on top of an end-to-end data platform designed and built with compliance in mind, to help you meet your compliance obligations. 
-Your data is routed and stored inside an enterprise compliance boundary, operating under a prescriptive and focused set of compliance requirements, in accordance with industry standards. 
-
-The data processor service for Windows Enterprise provides you with controls that help respond to delete data subject requests (DSRs) on diagnostic data, at user account closure, for a specific Azure AD User ID. Additionally, you’re able to execute an export DSR for a specific Azure AD User ID. 
-Should you desire so, Microsoft will accommodate a data processor service for Windows Enterprise tenant account closure, either because you decide to close your Azure or Azure AD tenant account, or because you decide you no longer wish to be the data controller for diagnostic data, but still wish to remain an Azure customer. 
-
->[!Note]
->Tenant account closure will lead to the deletion of all data associated with that tenant. 
-
-## Deployment of data processor service for Windows Enterprise
-Use the instructions below to easily manage the data processor service for Windows Enterprise using a single setting, through Group Policy, or an MDM solution, in Windows 10, version 1809 or Windows Server 2019 and newer. 
-
-### Prerequisites 
-#### Versions supported 
-The data processor service for Windows Enterprise is currently supported on Windows 10, version 1809, and newer versions.
-
-#### Network requirements 
-The following endpoints need to be reachable from devices enrolled into the data processor service for Windows Enterprise:
- 
- login.live.com
-
- cy2.vortex.data.microsoft.com.akadns.net 
-
- v10.events.data.microsoft.com 
-
- v10.vortex-win.data.microsoft.com/collect/v1 
-
-For additional information, see the “device authentication” and “diagnostic data” sections in the endpoint articles for each respective Windows version: 
-
-[Windows 10, version 1809 endpoints](./manage-windows-1809-endpoints.md)
-
-[Windows 10, version 1903 endpoints](./manage-windows-1903-endpoints.md)
-
-### Deploying data processor service for Windows Enterprise
-You can use either Group Policy or an MDM solution to deploy the data processor service for Windows Enterprise to your supported devices.
-
-In Group Policy, to enable data collection through the data processor service for Windows Enterprise, go to **Computer Configuration > Administrative Templates > Windows Components > Data Collection and Preview Builds** and switch the **Allow commercial data pipeline** setting to **enabled**. 
-
-If you wish to disable, at any time, switch the same setting to **disabled**. The default state of the above setting is **disabled**.
-
-To use an MDM solution, such as [Microsoft Intune](/intune/custom-settings-Windows-10), to deploy the data processor service for Windows Enterprise to your supported devices, use the following custom OMA-URI setting configuration:
-
-- **Name:** System/AllowCommercialDataPipeline 
-- **OMA-URI:** ./Vendor/MSFT/Policy/Config/System/AllowCommercialDataPipeline 
-- **Data type:** Integer 
-
-Under **Value**, use **1** to enable the service. 
-
-If you wish to disable, at any time, switch the same setting to **0** to disable. The default is **0**. 
-
->[!Note]
->Data collected from a device, before it was enrolled into the data processor service for Windows Enterprise, will not be moved into the enterprise compliance boundary. 
-
-## Managing data processor service for Windows Enterprise 
-### Executing user-based data subject requests (DSRs) 
-To perform user-based DSRs, the data processor service for Windows Enterprise requires your organization to be reflected in Azure AD. 
-
-If your environment is cloud-only and managed in Azure, or all your devices are Azure AD joined - you don’t need to take any further action. 
-
-If your environment uses on-premises Active Directory to manage identities - Azure AD Connect synchronization is required, and your environment needs to be configured for hybrid Azure AD join. 
-To learn more, visit [How To: Plan your hybrid Azure Active Directory join implementation](/azure/active-directory/devices/hybrid-azuread-join-plan) and [Azure AD Connect sync: Understand and customize synchronization](/azure/active-directory/hybrid/how-to-connect-sync-whatis).
-
-Once you have Azure AD join or hybrid Azure AD join in place, you can learn more about executing user-based DSRs, by visiting this [page](https://review.docs.microsoft.com/microsoft-365/compliance/gdpr-dsr-windows?branch=siosulli-wps&view=o365-worldwide).
-
-## Geo-location 
-Windows Diagnostic Data collected through the data processor service for Windows Enterprise is hosted in our datacenter in the United States.
\ No newline at end of file

From 755b677cd9205fe7f0384eb0bbcae259be6349f3 Mon Sep 17 00:00:00 2001
From: Sinead O'Sullivan <siosulli@microsoft.com>
Date: Mon, 14 Jun 2021 14:30:59 +0100
Subject: [PATCH 04/61] Create deploy-data-processor-service-windows.md

---
 .../deploy-data-processor-service-windows.md  | 96 +++++++++++++++++++
 1 file changed, 96 insertions(+)
 create mode 100644 windows/privacy/deploy-data-processor-service-windows.md

diff --git a/windows/privacy/deploy-data-processor-service-windows.md b/windows/privacy/deploy-data-processor-service-windows.md
new file mode 100644
index 0000000000..01a6bbec79
--- /dev/null
+++ b/windows/privacy/deploy-data-processor-service-windows.md
@@ -0,0 +1,96 @@
+---
+title: Technical Deployment of the data processor service for Windows Enterprise 
+description: Use this article to understand how to deploy and manage the data processor service for Windows Enterprise.
+keywords: privacy, GDPR
+ms.localizationpriority: high
+ROBOTS: NOINDEX, NOFOLLOW
+ms.prod: w10
+ms.topic: article
+f1.keywords:
+- NOCSH
+ms.author: siosulli
+author: dansimp
+manager: dansimp
+audience: itpro
+ms.collection: 
+- GDPR
+- M365-security-compliance
+---
+
+# Data processor service for Windows Enterprise Overview 
+
+>[!NOTE]
+>This topic is intended for participants in the data processor service for Windows Enterprise preview program and requires acceptance of specific terms of use. To learn
+more about the program and agree to the terms of use, see [https://aka.ms/WindowsEnterprisePublicPreview](https://aka.ms/WindowsEnterprisePublicPreview).
+
+The privacy landscape keeps evolving, and with it, we make changes to our services to meet our customers’ needs. 
+The data processor service for Windows Enterprise empowers you to be in control of diagnostic data from Windows devices, and act as data controllers for that data, under the definition of the European Union General Data Protection Regulation (GDPR). 
+
+The data processor service for Windows Enterprise will serve as a foundation for other Microsoft services that use Windows diagnostic data. 
+
+The data processor service for Windows Enterprise offering enables you to store and manage your Windows diagnostic data in the cloud, on top of an end-to-end data platform designed and built with compliance in mind, to help you meet your compliance obligations. 
+Your data is routed and stored inside an enterprise compliance boundary, operating under a prescriptive and focused set of compliance requirements, in accordance with industry standards. 
+
+The data processor service for Windows Enterprise provides you with controls that help respond to delete data subject requests (DSRs) on diagnostic data, at user account closure, for a specific Azure AD User ID. Additionally, you’re able to execute an export DSR for a specific Azure AD User ID. 
+Should you desire so, Microsoft will accommodate a data processor service for Windows Enterprise tenant account closure, either because you decide to close your Azure or Azure AD tenant account, or because you decide you no longer wish to be the data controller for diagnostic data, but still wish to remain an Azure customer. 
+
+>[!Note]
+>Tenant account closure will lead to the deletion of all data associated with that tenant. 
+
+## Deployment of data processor service for Windows Enterprise
+Use the instructions below to easily manage the data processor service for Windows Enterprise using a single setting, through Group Policy, or an MDM solution, in Windows 10, version 1809 or Windows Server 2019 and newer. 
+
+### Prerequisites 
+#### Versions supported 
+The data processor service for Windows Enterprise is currently supported on Windows 10, version 1809, and newer versions.
+
+#### Network requirements 
+The following endpoints need to be reachable from devices enrolled into the data processor service for Windows Enterprise:
+ 
+ login.live.com
+
+ cy2.vortex.data.microsoft.com.akadns.net 
+
+ v10.events.data.microsoft.com 
+
+ v10.vortex-win.data.microsoft.com/collect/v1 
+
+For additional information, see the “device authentication” and “diagnostic data” sections in the endpoint articles for each respective Windows version: 
+
+[Windows 10, version 1809 endpoints](./manage-windows-1809-endpoints.md)
+
+[Windows 10, version 1903 endpoints](./manage-windows-1903-endpoints.md)
+
+### Deploying data processor service for Windows Enterprise
+You can use either Group Policy or an MDM solution to deploy the data processor service for Windows Enterprise to your supported devices.
+
+In Group Policy, to enable data collection through the data processor service for Windows Enterprise, go to **Computer Configuration > Administrative Templates > Windows Components > Data Collection and Preview Builds** and switch the **Allow commercial data pipeline** setting to **enabled**. 
+
+If you wish to disable, at any time, switch the same setting to **disabled**. The default state of the above setting is **disabled**.
+
+To use an MDM solution, such as [Microsoft Intune](/intune/custom-settings-Windows-10), to deploy the data processor service for Windows Enterprise to your supported devices, use the following custom OMA-URI setting configuration:
+
+- **Name:** System/AllowCommercialDataPipeline 
+- **OMA-URI:** ./Vendor/MSFT/Policy/Config/System/AllowCommercialDataPipeline 
+- **Data type:** Integer 
+
+Under **Value**, use **1** to enable the service. 
+
+If you wish to disable, at any time, switch the same setting to **0** to disable. The default is **0**. 
+
+>[!Note]
+>Data collected from a device, before it was enrolled into the data processor service for Windows Enterprise, will not be moved into the enterprise compliance boundary. 
+
+## Managing data processor service for Windows Enterprise 
+### Executing user-based data subject requests (DSRs) 
+To perform user-based DSRs, the data processor service for Windows Enterprise requires your organization to be reflected in Azure AD. 
+
+If your environment is cloud-only and managed in Azure, or all your devices are Azure AD joined - you don’t need to take any further action. 
+
+If your environment uses on-premises Active Directory to manage identities - Azure AD Connect synchronization is required, and your environment needs to be configured for hybrid Azure AD join. 
+To learn more, visit [How To: Plan your hybrid Azure Active Directory join implementation](/azure/active-directory/devices/hybrid-azuread-join-plan) and [Azure AD Connect sync: Understand and customize synchronization](/azure/active-directory/hybrid/how-to-connect-sync-whatis).
+
+Once you have Azure AD join or hybrid Azure AD join in place, you can learn more about executing user-based DSRs, by visiting this [page](https://review.docs.microsoft.com/microsoft-365/compliance/gdpr-dsr-windows?branch=siosulli-wps&view=o365-worldwide).
+
+## Geo-location 
+Windows Diagnostic Data collected through the data processor service for Windows Enterprise is hosted in our datacenter in the United States.
\ No newline at end of file

From b60c53c79e1162fe17eb49cb21b2c7bf7adb6a47 Mon Sep 17 00:00:00 2001
From: Sinead O'Sullivan <siosulli@microsoft.com>
Date: Mon, 14 Jun 2021 14:38:51 +0100
Subject: [PATCH 05/61] remove file v2

---
 .openpublishing.redirection.json              |  2 +-
 .../deploy-data-processor-service-windows.md  | 96 -------------------
 2 files changed, 1 insertion(+), 97 deletions(-)
 delete mode 100644 windows/privacy/deploy-data-processor-service-windows.md

diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json
index cf0c97aa74..25a371ea28 100644
--- a/.openpublishing.redirection.json
+++ b/.openpublishing.redirection.json
@@ -18922,7 +18922,7 @@
     },
     {
       "source_path": "windows/privacy/deploy-data-processor-service-windows.md",
-      "redirect_url": "windows/privacy/windows-10-and-privacy-compliance",
+      "redirect_url": "/windows/privacy/windows-10-and-privacy-compliance",
       "redirect_document_id": false
     }    
 	    ]
diff --git a/windows/privacy/deploy-data-processor-service-windows.md b/windows/privacy/deploy-data-processor-service-windows.md
deleted file mode 100644
index 01a6bbec79..0000000000
--- a/windows/privacy/deploy-data-processor-service-windows.md
+++ /dev/null
@@ -1,96 +0,0 @@
----
-title: Technical Deployment of the data processor service for Windows Enterprise 
-description: Use this article to understand how to deploy and manage the data processor service for Windows Enterprise.
-keywords: privacy, GDPR
-ms.localizationpriority: high
-ROBOTS: NOINDEX, NOFOLLOW
-ms.prod: w10
-ms.topic: article
-f1.keywords:
-- NOCSH
-ms.author: siosulli
-author: dansimp
-manager: dansimp
-audience: itpro
-ms.collection: 
-- GDPR
-- M365-security-compliance
----
-
-# Data processor service for Windows Enterprise Overview 
-
->[!NOTE]
->This topic is intended for participants in the data processor service for Windows Enterprise preview program and requires acceptance of specific terms of use. To learn
-more about the program and agree to the terms of use, see [https://aka.ms/WindowsEnterprisePublicPreview](https://aka.ms/WindowsEnterprisePublicPreview).
-
-The privacy landscape keeps evolving, and with it, we make changes to our services to meet our customers’ needs. 
-The data processor service for Windows Enterprise empowers you to be in control of diagnostic data from Windows devices, and act as data controllers for that data, under the definition of the European Union General Data Protection Regulation (GDPR). 
-
-The data processor service for Windows Enterprise will serve as a foundation for other Microsoft services that use Windows diagnostic data. 
-
-The data processor service for Windows Enterprise offering enables you to store and manage your Windows diagnostic data in the cloud, on top of an end-to-end data platform designed and built with compliance in mind, to help you meet your compliance obligations. 
-Your data is routed and stored inside an enterprise compliance boundary, operating under a prescriptive and focused set of compliance requirements, in accordance with industry standards. 
-
-The data processor service for Windows Enterprise provides you with controls that help respond to delete data subject requests (DSRs) on diagnostic data, at user account closure, for a specific Azure AD User ID. Additionally, you’re able to execute an export DSR for a specific Azure AD User ID. 
-Should you desire so, Microsoft will accommodate a data processor service for Windows Enterprise tenant account closure, either because you decide to close your Azure or Azure AD tenant account, or because you decide you no longer wish to be the data controller for diagnostic data, but still wish to remain an Azure customer. 
-
->[!Note]
->Tenant account closure will lead to the deletion of all data associated with that tenant. 
-
-## Deployment of data processor service for Windows Enterprise
-Use the instructions below to easily manage the data processor service for Windows Enterprise using a single setting, through Group Policy, or an MDM solution, in Windows 10, version 1809 or Windows Server 2019 and newer. 
-
-### Prerequisites 
-#### Versions supported 
-The data processor service for Windows Enterprise is currently supported on Windows 10, version 1809, and newer versions.
-
-#### Network requirements 
-The following endpoints need to be reachable from devices enrolled into the data processor service for Windows Enterprise:
- 
- login.live.com
-
- cy2.vortex.data.microsoft.com.akadns.net 
-
- v10.events.data.microsoft.com 
-
- v10.vortex-win.data.microsoft.com/collect/v1 
-
-For additional information, see the “device authentication” and “diagnostic data” sections in the endpoint articles for each respective Windows version: 
-
-[Windows 10, version 1809 endpoints](./manage-windows-1809-endpoints.md)
-
-[Windows 10, version 1903 endpoints](./manage-windows-1903-endpoints.md)
-
-### Deploying data processor service for Windows Enterprise
-You can use either Group Policy or an MDM solution to deploy the data processor service for Windows Enterprise to your supported devices.
-
-In Group Policy, to enable data collection through the data processor service for Windows Enterprise, go to **Computer Configuration > Administrative Templates > Windows Components > Data Collection and Preview Builds** and switch the **Allow commercial data pipeline** setting to **enabled**. 
-
-If you wish to disable, at any time, switch the same setting to **disabled**. The default state of the above setting is **disabled**.
-
-To use an MDM solution, such as [Microsoft Intune](/intune/custom-settings-Windows-10), to deploy the data processor service for Windows Enterprise to your supported devices, use the following custom OMA-URI setting configuration:
-
-- **Name:** System/AllowCommercialDataPipeline 
-- **OMA-URI:** ./Vendor/MSFT/Policy/Config/System/AllowCommercialDataPipeline 
-- **Data type:** Integer 
-
-Under **Value**, use **1** to enable the service. 
-
-If you wish to disable, at any time, switch the same setting to **0** to disable. The default is **0**. 
-
->[!Note]
->Data collected from a device, before it was enrolled into the data processor service for Windows Enterprise, will not be moved into the enterprise compliance boundary. 
-
-## Managing data processor service for Windows Enterprise 
-### Executing user-based data subject requests (DSRs) 
-To perform user-based DSRs, the data processor service for Windows Enterprise requires your organization to be reflected in Azure AD. 
-
-If your environment is cloud-only and managed in Azure, or all your devices are Azure AD joined - you don’t need to take any further action. 
-
-If your environment uses on-premises Active Directory to manage identities - Azure AD Connect synchronization is required, and your environment needs to be configured for hybrid Azure AD join. 
-To learn more, visit [How To: Plan your hybrid Azure Active Directory join implementation](/azure/active-directory/devices/hybrid-azuread-join-plan) and [Azure AD Connect sync: Understand and customize synchronization](/azure/active-directory/hybrid/how-to-connect-sync-whatis).
-
-Once you have Azure AD join or hybrid Azure AD join in place, you can learn more about executing user-based DSRs, by visiting this [page](https://review.docs.microsoft.com/microsoft-365/compliance/gdpr-dsr-windows?branch=siosulli-wps&view=o365-worldwide).
-
-## Geo-location 
-Windows Diagnostic Data collected through the data processor service for Windows Enterprise is hosted in our datacenter in the United States.
\ No newline at end of file

From 15a0beb8e5756f0faa8b3f0dffec0daeb27305ad Mon Sep 17 00:00:00 2001
From: Sinead O'Sullivan <siosulli@microsoft.com>
Date: Mon, 14 Jun 2021 14:43:27 +0100
Subject: [PATCH 06/61] remove public preview terms

---
 .openpublishing.redirection.json              |   7 +-
 ...windows-enterprise-public-preview-terms.md | 324 ------------------
 2 files changed, 6 insertions(+), 325 deletions(-)
 delete mode 100644 windows/privacy/data-processor-service-for-windows-enterprise-public-preview-terms.md

diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json
index 25a371ea28..1434fdccf8 100644
--- a/.openpublishing.redirection.json
+++ b/.openpublishing.redirection.json
@@ -18924,6 +18924,11 @@
       "source_path": "windows/privacy/deploy-data-processor-service-windows.md",
       "redirect_url": "/windows/privacy/windows-10-and-privacy-compliance",
       "redirect_document_id": false
-    }    
+    },
+    {
+      "source_path": "data-processor-service-for-windows-enterprise-public-preview-terms.md",
+      "redirect_url": "/windows/privacy/windows-10-and-privacy-compliance",
+      "redirect_document_id": false
+    } 
 	    ]
 }
diff --git a/windows/privacy/data-processor-service-for-windows-enterprise-public-preview-terms.md b/windows/privacy/data-processor-service-for-windows-enterprise-public-preview-terms.md
deleted file mode 100644
index 170bd2f449..0000000000
--- a/windows/privacy/data-processor-service-for-windows-enterprise-public-preview-terms.md
+++ /dev/null
@@ -1,324 +0,0 @@
----
-title: Data processor service for Windows Enterprise public preview terms 
-description: Use this article to understand Windows public preview terms of service.
-keywords: privacy, GDPR
-ms.localizationpriority: high
-ROBOTS: NOINDEX, NOFOLLOW
-ms.prod: w10
-ms.topic: article
-f1.keywords:
-- NOCSH
-ms.author: siosulli
-author: dansimp
-manager: dansimp
-audience: itpro
-ms.collection: 
-- GDPR
-- M365-security-compliance
----
-
-# Data processor service for Windows Enterprise public preview terms
-
-**These terms (“Terms”) must be read and accepted by a tenant admin with appropriate access rights and authority. By participating in this public preview, you: (a) agree to the following Terms, and (b) represent and warrant that you have such rights and authority.**
-
-These Terms govern your use of the preview described below (“**Preview**”). In order to access the Preview, you must be a current Microsoft Windows customer with an Azure Active Directory (“**AAD**”) subscription. The Preview consists of features and services that are in preview, beta, or other pre-release form for use with Windows and AAD.
-
- 1. **Definitions**. The following terms have the following meanings:
-
-    1. "**Customer Data**" means all data, including all text, sound, video, or image files that are provided to Microsoft by, or on behalf of, you through your use of Windows or AAD.
-
-    2. "**Feedback**" means, collectively, suggestions, comments, feedback, ideas, or know-how, in any form, that you or your users provide to Microsoft about Microsoft’s business, products, or services.
-
-    3. "**Personal Data**" means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
-
-    4. "**Preview Data**" means all data, including all text, sound, video, or image files that are provided to Microsoft by, or on behalf of, you through use of the Services.
-
-    5. "**Subprocessor**" means other processors used by Microsoft to process Personal Data.
-
-2. **Scope of Services**. The Preview is for a service that enables organizations to become controllers of Windows diagnostic data on supported versions of Windows, with Microsoft operating as processor of the data (collectively, the “**_Services_**”). You will collaborate with Microsoft in order to provide Microsoft the ability to enable the Services for you. To access the Services, you will need to configure participating Windows devices; Microsoft will assist you in such configuration via documentation or other communications.
-
-3. **Intellectual Property**.
-
-    1. **License Grant**. During the term of this Preview (“**Term**”), Microsoft grants you and authorized users in your tenant for Windows a non-exclusive, non-transferable, non-sublicensable right and license to access and use the Services in accordance with these Terms.
-
-    2. **Use Terms**. These Terms supersede any Microsoft terms and conditions or other agreement. You acknowledge that (i) the Services may not work correctly or in the manner that a commercial service may function; Microsoft may change the Services for the final, commercial version or choose not to release a commercial version; (ii) Microsoft may not provide support for the Services; (iii) the Online Services Terms (OST), including any obligations Microsoft may have regarding Customer Data, do not apply to the Services or Preview Data; (iv) Microsoft has no obligation to hold, export, or return Preview Data, except as described in these Terms; (v) Microsoft has no liability for the deletion of Preview Data, except as described in these Terms; and (vi) you may lose access to the Services and Preview Data after the Term.
-
-    3. **Acceptable Use**.  Neither you, nor those that access the Services through you, may: (a) use the Services: (i) in a way prohibited by law, regulation, governmental order or decree; (ii) to violate the rights of others; (iii) to try to gain unauthorized access to or disrupt any service, device, data, account or network; (iv) to spam or distribute malware; or (v) in a way that could harm the Services or impair anyone else’s use of it; or (b) reverse engineer, decompile, disassemble, or work around any technical limitations in the Services, or use the Services to create a competing product. You are responsible for responding to any third-party request regarding your use of the Services or Preview Data, such as a request to take down Preview Data under the U.S. Digital Millennium Copyright Act or other applicable laws.
-
-    4. **Data Collection, Use and Location**. The Microsoft Privacy Statement https://privacy.microsoft.com/privacystatement applies to the collection, use and location of Preview Data. In the event of a conflict between Privacy Statement and the terms of these Terms, the terms of these Terms will control.
-
-4. **Confidentiality**. The following confidentiality terms apply to the Preview:
-
-    1. During the Term plus 5 years, the parties will hold in strictest confidence and not use or disclose to any third party any Confidential Information of the other party. “Confidential Information” means all non-public information a party designates in writing or orally as being confidential, or which under the circumstances of disclosure ought to be treated as confidential. Confidential Information includes information relating to: </br></br>
-        1. a party’s released or unreleased software or hardware products;</br></br>
-        2. a party’s source code;</br></br>
-        3. a party’s product marketing or promotion;</br></br>
-        4. a party’s business policies or practices;</br></br>
-        5. a party’s customers or suppliers;</br></br>
-        6. information received from others that a party must treat as confidential; and</br></br>
-        7. information provided, obtained, or created by a party under these Terms, including:
-            * information in reports; 
-            * the parties’ electronic or written correspondence, customer lists and customer information, regardless of source; 
-            * Personal Data; and 
-            * Transactional, sales, and marketing information. 
-
-    2. A party will consult with the other if it questions what comprises Confidential Information. Confidential Information excludes information (i) known to a party before the disclosing party’s disclosure to the receiving party, (ii) information publicly available through no fault of the receiving party, (iii) received from a third party without breach of an obligation owed to the disclosing party, or (iv) independently developed by a party without reference to or use of the disclosing party’s Confidential Information. 
-
-    3. Each party will employ security procedures to prevent disclosure of the other party’s Confidential Information to unauthorized third parties. The receiving party’s security procedures must include risk assessment and controls for:</br></br>
-        1. system access;</br></br>
-        2. system and application development and maintenance;</br></br>
-        3. change management;</br></br>
-        4. asset classification and control;</br></br>
-        5. incident response, physical and environmental security;</br></br>
-        6. disaster recovery/business continuity; and</br></br>
-        7. employee training.
-
-5. **Data Protection.**
-
-    **Generally**. To the extent Microsoft is a processor of Personal Data, the General Data Protection Regulation (GDPR) Terms in Attachment 1 govern that processing and the parties also agree to the following terms:
-
-    1. Processing Details:  The parties agree that: 
-        * The subject-matter of the processing is limited to Personal Data within the scope of the GDPR; 
-        * The duration of the processing shall be for the duration of your right to use the Services and until all Personal Data is deleted or returned in accordance with your instructions or these Terms; 
-        * The nature and purpose of the processing shall be to provide the Services pursuant to these Terms; 
-        * The types of Personal Data processed by the Services include those expressly identified in Article 4 of the GDPR to the extent included by Preview Data; and 
-        * The categories of data subjects are your representatives and end users, such as employees, contractors, collaborators, and customers. 
-
-    2. Data Transfers:  
-        * Preview Data and Personal Data that Microsoft processes on your behalf may be transferred to, and stored and processed in, the United States or any other country in which Microsoft or its Subprocessors operate. You appoint Microsoft to perform any such transfer of Preview Data and Personal Data to any such country and to store and process Preview Data and Personal Data to provide the Services.
-        * All transfers of Preview Data and Personal Data out of the European Union, European Economic Area, United Kingdom, and Switzerland to provide the Online Services shall be governed by the Standard Contractual Clauses in Attachment 2.
-        * Microsoft will abide by the requirements of European Economic Area and Swiss data protection law regarding the collection, use, transfer, retention, and other processing of Personal Data from the European Economic Area and Switzerland. All transfers of Personal Data to a third country or an international organization will be subject to appropriate safeguards as described in Article 46 of the GDPR and such transfers and safeguards will be documented according to Article 30(2) of the GDPR. 
-        * In addition, Microsoft is certified to the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks and the commitments they entail. Microsoft agrees to notify you in the event that it makes a determination that it can no longer meet its obligation to provide the same level of protection as is required by the Privacy Shield principles.  
-
-6. **No Support or Incident Response.** Microsoft will have no obligation under these Terms to correct any bugs, defects or errors in the Services or AAD, provide any updates, upgrades or new releases, or otherwise provide any technical support or maintenance for any Services or AAD. You will make reasonable efforts to promptly report to Microsoft any defects you find in the Services, as an aid to creating improved revisions of the Services. Microsoft will have no obligation under these Terms to provide you with incident response as part of the Services.
-
-7. **Term and Termination.** The term of the Preview begins when you accept these Terms and continues until: (a) either party terminates this Preview by providing the other party: (i) 2 days’ notice for any reason (or no reason), or (ii) notice of such party’s breach of these Terms and such party fails to cure within 15 days, or (b) upon the general availability of the Services. When the Term ends, you will no longer have access to the Services, and Microsoft will no longer have the rights to access Customer Data granted herein. Each party will, on request, return or destroy the other’s Confidential Information provided under the Preview.
-
-8. **Feedback.** Providing Feedback is voluntary. Microsoft is under no obligation to post or use any Feedback. By providing Feedback to Microsoft, you (and anyone providing Feedback through your use of the Preview) irrevocably and perpetually grant to Microsoft and its affiliates, under all of its (and their) owned or controlled intellectual property rights, a worldwide, non-exclusive, fully paid-up, royalty-free, transferable, sub-licensable right and license to make, use, reproduce, prepare derivative works based upon, distribute, publicly perform, publicly display, transmit, and otherwise commercialize the Feedback (including by combining or interfacing products, services or technologies that depend on or incorporate Feedback with other products, services or technologies of Microsoft or others), without attribution in any way and for any purpose. You warrant that (a) you will not provide Feedback that is subject to a license requiring Microsoft to license anything to third parties because Microsoft exercises any of the above rights in your Feedback; and (b) you own or otherwise control all of the rights to such Feedback and that no such Feedback is subject to any third-party rights (including any personality or publicity rights).
-
-9. **Representations and Warranties; Limitation of Liability.** 
-
-    1. **By the Parties.**  Each party represents and warrants to the other party that (a) it has all necessary rights, title, and authority to enter into and perform under these Terms; (b) its performance under these Terms will not breach any agreement with a third party; and (c) it will comply with any and all laws, rules, and regulations that are applicable to its performance under these Terms.
-
-    2. **Disclaimer.**  EXCEPT AS OTHERWISE PROVIDED IN THESE TERMS AND TO THE EXTENT APPLICABLE LAW PERMITS, MICROSOFT (a) PROVIDES THE SERVICES AS-IS; (b) PROVIDES NO WARRANTIES, WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE, INCLUDING WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE; AND (c) DOES NOT GUARANTEE THAT THE SERVICES WILL BE AVAILABLE, UNINTERRUPTED, OR ERROR-FREE, OR THAT LOSS OF PREVIEW DATA WILL NOT OCCUR.
-
-    3. **Limitation of Liability.**  Except as otherwise described in this Section 9, the only remedy either party has for claims relating to these Terms or participation in the Preview is to terminate these Terms or your participation in the Preview. NEITHER PARTY WILL BE LIABLE TO THE OTHER PARTY FOR ANY DAMAGES, INCLUDING DIRECT, INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL, PUNITIVE, OR EXEMPLARY DAMAGES, OR DAMAGES FOR LOST REVENUE, LOST PROFIT, LOST BUSINESS INFORMATION, OR BUSINESS INTERRUPTION, EVEN IF THE PARTY KNEW OR SHOULD HAVE KNOWN OF THE POSSIBILITY OF SUCH DAMAGES. The limitations in this Section 9 do not apply to claims arising from any breach of confidentiality obligations under Section 4.
-
-10. **General.** 
-
-    1. **Non-Exclusivity.** These Terms are nonexclusive. These Terms do not restrict either party from entering into the same or similar arrangement with any third party.
-
-    2. **Jurisdiction and Governing Law.** The laws of the State of Washington, excluding conflicts of law provisions, govern these Terms. If federal jurisdiction exists, then each party consents to exclusive jurisdiction and venue in the federal courts in King County, Washington. If no federal jurisdiction exists, then each party consents to exclusive jurisdiction and venue in the Superior Court of King County, Washington.
-
-    3. **Force Majeure.** A party will not be liable for failure to perform an obligation under these Terms to the extent that failure is due to a cause beyond that party’s reasonable control, including natural disaster, war, civil disturbance, or governmental action.
-
-    4. **Attorneys’ fees.** If a party employs attorneys to enforce any rights arising out of or relating to these Terms, the prevailing party will be entitled to recover its reasonable attorneys’ fees, costs, and other expenses.
-
-    5. **Assignment**. You may not assign these Terms or delegate any of your rights or obligations under these Terms to a third party without Microsoft’s prior written consent.
-
-    6. **Entire Agreement.** These Terms are the entire agreement between the parties regarding its subject matter and replaces all prior agreements, communications, and representations between the parties regarding its subject matter.
-
-    7. **Survival.** Sections 3.b, 4, 7 (with respect to post-termination obligations), and 8-10 will survive these Terms’ expiration or termination.</br></br>
-
-<p align="center">
-  <b>Attachment 1: GDPR Terms</b><br>
-
-For purposes of these GDPR Terms, you and Microsoft agree that you are the controller of Personal Data and Microsoft is the processor of such data, except when you act as a processor of Personal Data, in which case Microsoft is a subprocessor. These GDPR Terms apply to the processing of Personal Data, within the scope of the GDPR, by Microsoft on your behalf. These GDPR Terms do not limit or reduce any data protection commitments Microsoft makes to you in other agreement between Microsoft and you. These GDPR Terms do not apply where Microsoft is a controller of Personal Data. 
-
-**Relevant GDPR Obligations: Articles 28, 32, and 33**
-
-1. Microsoft shall not engage another processor without prior specific or your general written authorization. In the case of general written authorization, Microsoft shall inform you of any intended changes concerning the addition or replacement of other processors, thereby giving you the opportunity to object to such changes. (Article 28(2)) 
-2. Processing by Microsoft shall be governed by these GDPR Terms under European Union (hereafter “Union”) or Member State law and are binding on Microsoft with regard to you. The subject-matter and duration of the processing, the nature and purpose of the processing, the type of Personal Data, the categories of data subjects and your obligations and rights are set forth in the Terms above, including these GDPR Terms. In particular, Microsoft shall:
-
-    1. process the Personal Data only on your documented instructions, including with  regard to transfers of Personal Data to a third country or an international organization, unless required to do so by Union or Member State law to which Microsoft is subject; in such a case, Microsoft shall inform you of that legal requirement before processing, unless that law prohibits such information on important grounds of public interest;
-
-    2. ensure that persons authorized to process the Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality;
-
-    3. take all measures required pursuant to Article 32 of the GDPR;
-
-    4. respect the conditions referred to in paragraphs 1 and 3 for engaging another processor;
-
-    5. taking into account the nature of the processing, assist you by appropriate technical and organizational measures, insofar as this is possible, for the fulfilment of your obligation to respond to requests for exercising the data subject's rights laid down in Chapter III of the GDPR;
-
-    6. assist you in ensuring compliance with the obligations pursuant to Articles 32 to 36 of the GDPR, taking into account the nature of processing and the information available to Microsoft;
-
-    7. at your choice, delete or return all the Personal Data to you after the end of the provision of services relating to processing, and delete existing copies unless Union or Member State law requires storage of the Personal Data;
-
-    8. make available to you all information necessary to demonstrate compliance with the obligations laid down in Article 28 of the GDPR and allow for and contribute to audits, including inspections, conducted by you or another auditor mandated by you.
-
-    9. immediately inform you if, in its opinion, an instruction infringes the GDPR or other Union or Member State data protection provisions.  (Article 28(3)) 
-
-3. Where Microsoft engages another processor for carrying out specific processing activities on your behalf, the same data protection obligations as set out in these GDPR Terms shall be imposed on that other processor by way of a contract or other legal act under Union or Member State law, in particular providing sufficient guarantees to implement appropriate technical and organizational measures in such a manner that the processing will meet the requirements of the GDPR. Where that other processor fails to fulfil its data protection obligations, Microsoft shall remain fully liable to you for the performance of that other processor's obligations. (Article 28(4)) 
-
-4. Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, you and Microsoft shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate:
-
-    1. the pseudonymisation and encryption of Personal Data;
-
-    2. the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
-
-    3. the ability to restore the availability and access to Personal Data in a timely manner in the event of a physical or technical incident; and
-
-    4. a process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing. (Article 32(1))
-
-5. In assessing the appropriate level of security, account shall be taken of the risks that are presented by processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data transmitted, stored or otherwise processed. (Article 32(2)) 
-
-6. You and Microsoft shall take steps to ensure that any natural person acting under your authority or Microsoft’s who has access to Personal Data does not process them except on instructions from you, unless he or she is required to do so by Union or Member State law. (Article 32(4)) 
-
-7. Microsoft shall notify you without undue delay after becoming aware of a personal data breach. (Article 33(2)). Such notification will include that information a processor must provide to a controller under Article 33(3) to the extent such information is reasonably available to Microsoft. 
-
-<p align="center">
-  <b>Attachment 2 – The Standard Contractual Clauses (Processors)</b><br>
-
-In countries where regulatory approval is required for use of the Standard Contractual Clauses, the Standard Contractual Clauses cannot be relied upon under European Commission 2010/87/EU (of February 2010) to legitimize export of data from the country, unless Customer has the required regulatory approval.
-Beginning May 25, 2018 and thereafter, references to various Articles from the Directive 95/46/EC in the Standard Contractual Clauses below will be treated as references to the relevant and appropriate Articles in the GDPR.
-For the purposes of Article 26(2) of Directive 95/46/EC for the transfer of personal data to processors established in third countries which do not ensure an adequate level of data protection, Customer (as data exporter) and Microsoft Corporation (as data importer, whose signature appears below), each a “party,” together “the parties,” have agreed on the following Contractual Clauses (the “Clauses” or “Standard Contractual Clauses”) in order to adduce adequate safeguards with respect to the protection of privacy and fundamental rights and freedoms of individuals for the transfer by the data exporter to the data importer of the personal data specified in Appendix 1.
-
-**Clause 1: Definitions**
-
-1. 'personal data', 'special categories of data', 'process/processing', 'controller', 'processor', 'data subject' and 'supervisory authority' shall have the same meaning as in Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data; 
-1. 'the data exporter' means the controller who transfers the personal data; 
-1. 'the data importer' means the processor who agrees to receive from the data exporter personal data intended for processing on his behalf after the transfer in accordance with his instructions and the terms of the Clauses and who is not subject to a third country's system ensuring adequate protection within the meaning of Article 25(1) of Directive 95/46/EC; 
-1. 'the subprocessor' means any processor engaged by the data importer or by any other subprocessor of the data importer who agrees to receive from the data importer or from any other subprocessor of the data importer personal data exclusively intended for processing activities to be carried out on behalf of the data exporter after the transfer in accordance with his instructions, the terms of the Clauses and the terms of the written subcontract; 
-1. 'the applicable data protection law' means the legislation protecting the fundamental rights and freedoms of individuals and, in particular, their right to privacy with respect to the processing of personal data applicable to a data controller in the Member State in which the data exporter is established; 
-1. 'technical and organizational security measures' means those measures aimed at protecting personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing. 
-
-**Clause 2: Details of the transfer**
-
-The details of the transfer and in particular the special categories of personal data where applicable are specified in Appendix 1 below which forms an integral part of the Clauses.
-
-**Clause 3: Third-party beneficiary clause**
-
-1. The data subject can enforce against the data exporter this Clause, Clause 4(2) to (9), Clause 5(1) to (5), and (7) to (10), Clause 6(1) and (2), Clause 7, Clause 8(2), and Clauses 9 to 12 as third-party beneficiary. 
-2.1.exist in law unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law, as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity. 
-1. The data subject can enforce against the subprocessor this Clause, Clause 5(1) to (5) and (7), Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in cases where both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity. Such third-party liability of the subprocessor shall be limited to its own processing operations under the Clauses. 
-1. The parties do not object to a data subject being represented by an association or other body if the data subject so expressly wishes and if permitted by national law. 
-
-**Clause 4: Obligations of the data exporter**
-
-The data exporter agrees and warrants:
-
-1. that the processing, including the transfer itself, of the personal data has been and will continue to be carried out in accordance with the relevant provisions of the applicable data protection law (and, where applicable, has been notified to the relevant authorities of the Member State where the data exporter is established) and does not violate the relevant provisions of that State; 
-1. that it has instructed and throughout the duration of the personal data processing services will instruct the data importer to process the personal data transferred only on the data exporter's behalf and in accordance with the applicable data protection law and the Clauses; 
-1. that the data importer will provide sufficient guarantees in respect of the technical and organisational security measures specified in Appendix 2 below; 
-1. that after assessment of the requirements of the applicable data protection law, the security measures are appropriate to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing, and that these measures ensure a level of security appropriate to the risks presented by the processing and the nature of the data to be protected having regard to the state of the art and the cost of their implementation; 
-1. that it will ensure compliance with the security measures; 
-1. that, if the transfer involves special categories of data, the data subject has been informed or will be informed before, or as soon as possible after, the transfer that its data could be transmitted to a third country not providing adequate protection within the meaning of Directive 95/46/EC; 
-1. to forward any notification received from the data importer or any subprocessor pursuant to Clause 5(2) and Clause 8(3) to the data protection supervisory authority if the data exporter decides to continue the transfer or to lift the suspension; 
-1. to make available to the data subjects upon request a copy of the Clauses, with the exception of Appendix 2, and a summary description of the security measures, as well as a copy of any contract for subprocessing services which has to be made in accordance with the Clauses, unless the Clauses or the contract contain commercial information, in which case it may remove such commercial information; 
-1. that, in the event of subprocessing, the processing activity is carried out in accordance with Clause 11 by a subprocessor providing at least the same level of protection for the personal data and the rights of data subject as the data importer under the Clauses; and 
-1. that it will ensure compliance with Clause 4(1) to (9).
-
-**Clause 5: Obligations of the data importer**
-
-The data importer agrees and warrants: 
-
-1. to process the personal data only on behalf of the data exporter and in compliance with its instructions and the Clauses; if it cannot provide such compliance for whatever reasons, it agrees to inform promptly the data exporter of its inability to comply, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract; 
-1. that it has no reason to believe that the legislation applicable to it prevents it from fulfilling the instructions received from the data exporter and its obligations under the contract and that in the event of a change in this legislation which is likely to have a substantial adverse effect on the warranties and obligations provided by the Clauses, it will promptly notify the change to the data exporter as soon as it is aware, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract; 
-1. that it has implemented the technical and organisational security measures specified in Appendix 2 before processing the personal data transferred; 
-1. that it will promptly notify the data exporter about: 
-    1. any legally binding request for disclosure of the personal data by a law enforcement authority unless otherwise prohibited, such as a prohibition under criminal law to preserve the confidentiality of a law enforcement investigation, 
-    1. any accidental or unauthorised access, and 
-    1. any request received directly from the data subjects without responding to that request, unless it has been otherwise authorised to do so; 
-1. to deal promptly and properly with all inquiries from the data exporter relating to its processing of the personal data subject to the transfer and to abide by the advice of the supervisory authority with regard to the processing of the data transferred; 
-1. at the request of the data exporter to submit its data processing facilities for audit of the processing activities covered by the Clauses which shall be carried out by the data exporter or an inspection body composed of independent members and in possession of the required professional qualifications bound by a duty of confidentiality, selected by the data exporter, where applicable, in agreement with the supervisory authority; 
-1. to make available to the data subject upon request a copy of the Clauses, or any existing contract for subprocessing, unless the Clauses or contract contain commercial information, in which case it may remove such commercial information, with the exception of Appendix 2 which shall be replaced by a summary description of the security measures in those cases where the data subject is unable to obtain a copy from the data exporter; 
-1. that, in the event of subprocessing, it has previously informed the data exporter and obtained its prior written consent; 
-1. that the processing services by the subprocessor will be carried out in accordance with Clause 11; and
-1. to send promptly a copy of any subprocessor agreement it concludes under the Clauses to the data exporter.
-
-**Clause 6: Liability**
-
-1. The parties agree that any data subject who has suffered damage as a result of any breach of the obligations referred to in Clause 3 or in Clause 11 by any party or subprocessor is entitled to receive compensation from the data exporter for the damage suffered. 
-1. If a data subject is not able to bring a claim for compensation in accordance with paragraph 1 against the data exporter, arising out of a breach by the data importer or his subprocessor of any of their obligations referred to in Clause 3 or in Clause 11, because the data exporter has factually disappeared or ceased to exist in law or has become insolvent, the data importer agrees that the data subject may issue a claim against the data importer as if it were the data exporter, unless any successor entity has assumed the entire legal obligations of the data exporter by contract of by operation of law, in which case the data subject can enforce its rights against such entity. 
-The data importer may not rely on a breach by a subprocessor of its obligations in order to avoid its own liabilities. 
-1. If a data subject is not able to bring a claim against the data exporter or the data importer referred to in paragraphs 1 and 2, arising out of a breach by the subprocessor of any of their obligations referred to in Clause 3 or in Clause 11 because both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, the subprocessor agrees that the data subject may issue a claim against the data subprocessor with regard to its own processing operations under the Clauses as if it were the data exporter or the data importer, unless any successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law, in which case the data subject can enforce its rights against such entity. The liability of the subprocessor shall be limited to its own processing operations under the Clauses. 
-
-**Clause 7: Mediation and jurisdiction**
-
-1. The data importer agrees that if the data subject invokes against it third-party beneficiary rights and/or claims compensation for damages under the Clauses, the data importer will accept the decision of the data subject: 
-    1. to refer the dispute to mediation, by an independent person or, where applicable, by the supervisory authority; 
-    1. to refer the dispute to the courts in the Member State in which the data exporter is established. 
-1. The parties agree that the choice made by the data subject will not prejudice its substantive or procedural rights to seek remedies in accordance with other provisions of national or international law. 
-
-**Clause 8: Cooperation with supervisory authorities**
-
-1. The data exporter agrees to deposit a copy of this contract with the supervisory authority if it so requests or if such deposit is required under the applicable data protection law. 
-1. The parties agree that the supervisory authority has the right to conduct an audit of the data importer, and of any subprocessor, which has the same scope and is subject to the same conditions as would apply to an audit of the data exporter under the applicable data protection law. 
-1. The data importer shall promptly inform the data exporter about the existence of legislation applicable to it or any subprocessor preventing the conduct of an audit of the data importer, or any subprocessor, pursuant to paragraph 2. In such a case the data exporter shall be entitled to take the measures foreseen in Clause 5 (2). 
-
-**Clause 9: Governing Law**
-
-The Clauses shall be governed by the law of the Member State in which the data exporter is established. 
-
-**Clause 10: Variation of the contract**
-
-The parties undertake not to vary or modify the Clauses. This does not preclude the parties from adding clauses on business related issues where required as long as they do not contradict the Clause. 
-
-**Clause 11: Subprocessing**
-
-1. The data importer shall not subcontract any of its processing operations performed on behalf of the data exporter under the Clauses without the prior written consent of the data exporter. Where the data importer subcontracts its obligations under the Clauses, with the consent of the data exporter, it shall do so only by way of a written agreement with the subprocessor which imposes the same obligations on the subprocessor as are imposed on the data importer under the Clauses. Where the subprocessor fails to fulfil its data protection obligations under such written agreement the data importer shall remain fully liable to the data exporter for the performance of the subprocessor's obligations under such agreement. 
-1. The prior written contract between the data importer and the subprocessor shall also provide for a third-party beneficiary clause as laid down in Clause 3 for cases where the data subject is not able to bring the claim for compensation referred to in paragraph 1 of Clause 6 against the data exporter or the data importer because they have factually disappeared or have ceased to exist in law or have become insolvent and no successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law. Such third-party liability of the subprocessor shall be limited to its own processing operations under the Clauses. 
-1. The provisions relating to data protection aspects for subprocessing of the contract referred to in paragraph 1 shall be governed by the law of the Member State in which the data exporter is established. 
-1. The data exporter shall keep a list of subprocessing agreements concluded under the Clauses and notified by the data importer pursuant to Clause 5 (j), which shall be updated at least once a year. The list shall be available to the data exporter's data protection supervisory authority. 
-
-**Clause 12: Obligation after the termination of personal data processing services**
-
-1. The parties agree that on the termination of the provision of data processing services, the data importer and the subprocessor shall, at the choice of the data exporter, return all the personal data transferred and the copies thereof to the data exporter or shall destroy all the personal data and certify to the data exporter that it has done so, unless legislation imposed upon the data importer prevents it from returning or destroying all or part of the personal data transferred. In that case, the data importer warrants that it will guarantee the confidentiality of the personal data transferred and will not actively process the personal data transferred anymore. 
-1. The data importer and the subprocessor warrant that upon request of the data exporter and/or of the supervisory authority, it will submit its data processing facilities for an audit of the measures referred to in paragraph 1.
-
-**Appendix 1 to the Standard Contractual Clauses**
-
-**Data exporter**: Customer is the data exporter. The data exporter is a user of the Services.
-
-**Data importer**: The data importer is MICROSOFT CORPORATION, a global producer of software and services.
-
-**Data subjects**: Data subjects include the data exporter’s representatives and end-users including employees, contractors, collaborators, and customers of the data exporter. Data subjects may also include individuals attempting to communicate or transfer personal information to users of the services provided by data importer. Microsoft acknowledges that, depending on Customer’s use of the Services, Customer may elect to include personal data from any of the following types of data subjects in the personal data:
-
-* Employees, contractors and temporary workers (current, former, prospective) of data exporter;
-* Dependents of the above;
-* Data exporter's collaborators/contact persons (natural persons) or employees, contractors or temporary workers of legal entity collaborators/contact persons (current, prospective, former);
-* Users (e.g., customers, clients, patients, visitors, etc.) and other data subjects that are users of data exporter's services;
-* Partners, stakeholders or individuals who actively collaborate, communicate or otherwise interact with employees of the data exporter and/or use communication tools such as apps and websites provided by the data exporter;
-* Stakeholders or individuals who passively interact with data exporter (e.g., because they are the subject of an investigation, research or mentioned in documents or correspondence from or to the data exporter);
-* Minors; or
-* Professionals with professional privilege (e.g., doctors, lawyers, notaries, religious workers, etc.).
-
-**Categories of data**: The personal data transferred that is included in data processed by the Services.  Microsoft acknowledges that, depending on Customer’s use of the Services, Customer may elect to include personal data from any of the following categories in the personal data:
-
-* Basic personal data (for example place of birth, street name and house number (address), postal code, city of residence, country of residence, mobile phone number, first name, last name, initials, email address, gender, date of birth), including basic personal data about family members and children;
-* Authentication data (for example user name, password or PIN code, security question, audit trail);
-* Contact information (for example addresses, email, phone numbers, social media identifiers; emergency contact details);
-* Unique identification numbers and signatures (for example Social Security number, bank account number, passport and ID card number, driver's license number and vehicle registration data, IP addresses, employee number, student number, patient number, signature, unique identifier in tracking cookies or similar technology);
-* Pseudonymous identifiers; 
-* Financial and insurance information (for example insurance number, bank account name and number, credit card name and number, invoice number, income, type of assurance, payment behavior, creditworthiness);
-* Commercial Information (for example history of purchases, special offers, subscription information, payment history);
-* Biometric Information (for example DNA, fingerprints and iris scans); 
-* Location data (for example, Cell ID, geo-location network data, location by start call/end of the call. Location data derived from use of wifi access points);
-* Photos, video and audio;
-* Internet activity (for example browsing history, search history, reading, television viewing, radio listening activities);
-* Device identification (for example IMEI-number, SIM card number, MAC address);
-* Profiling (for example based on observed criminal or anti-social behavior or pseudonymous profiles based on visited URLs, click streams, browsing logs, IP-addresses, domains, apps installed, or profiles based on marketing preferences);
-* HR and recruitment data (for example declaration of employment status, recruitment information (such as curriculum vitae, employment history, education history details), job and position data, including worked hours, assessments and salary, work permit details, availability, terms of employment, tax details, payment details, insurance details and location and organizations);
-* Education data (for example education history, current education, grades and results, highest degree achieved, learning disability);
-* Citizenship and residency information (for example citizenship, naturalization status, marital status, nationality, immigration status, passport data, details of residency or work permit); 
-* Information processed for the performance of a task carried out in the public interest or in the exercise of an official authority; 
-* Special categories of data (for example racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health, data concerning a natural person’s sex life or sexual orientation, or data relating to criminal convictions or offences); or
-* Any other personal data identified in Article 4 of the GDPR.
-
-**Processing operations**: The personal data transferred will be subject to the following basic processing activities:
-
-1. **Duration and Object of Data Processing**. The duration of data processing shall be for the term of the Preview. The objective of the data processing is the performance of the Services. 
-1. **Scope and Purpose of Data Processing**. The scope and purpose of processing personal data is described in Section 5 of this agreement. The data importer operates a global network of data centers and management/support facilities, and processing may take place in any jurisdiction where data importer or its sub-processors operate such facilities. 
-1. **Customer Data and Personal Data Access**. For the term designated under the applicable volume licensing agreement data importer will at its election and as necessary under applicable law implementing Article 12(b) of the EU Data Protection Directive, either: (1) provide data exporter with the ability to correct, delete, or block Customer Data and personal data, or (2) make such corrections, deletions, or blockages on its behalf. 
-1. **Data Exporter’s Instructions**. For Online Services and Professional Services, data importer will only act upon data exporter’s instructions as conveyed by Microsoft. 
-1. **Preview Data and Personal Data Deletion or Return**. Upon expiration or termination of data exporter’s use of the Services, it may extract Customer Data and personal data and data importer will delete Customer Data and personal data, each in accordance with the terms of this agreement. 
-
-**Subcontractors**: In accordance with the DPA, the data importer may hire other companies to provide limited services on data importer’s behalf, such as providing customer support. Any such subcontractors will be permitted to obtain Customer Data and personal data only to deliver the services the data importer has retained them to provide, and they are prohibited from using Customer Data and personal data for any other purpose.
-
-**Appendix 2 to the Standard Contractual Clauses**
-
-Description of the technical and organizational security measures implemented by the data importer in accordance with Clauses 4(4) and 5(3):
-
-1. **Personnel**. Data importer’s personnel will not process Preview Data or personal data without authorization. Personnel are obligated to maintain the confidentiality of any such Preview Data and personal data and this obligation continues even after their engagement ends. 
-2. **Data Privacy Contact**. The data privacy officer of the data importer can be reached at the following address: </br>Microsoft Corporation </br>Attn: Chief Privacy Officer</br>1 Microsoft Way</br>Redmond, WA 98052 USA
-3. **Technical and Organization Measures**. The data importer has implemented and will maintain appropriate technical and organizational measures, internal controls, and information security routines intended to protect Preview Data and personal data, as defined in Attachment 1 of this agreement, against accidental loss, destruction, or alteration; unauthorized disclosure or access; or unlawful destruction as follows: The technical and organizational measures, internal controls, and information security routines set forth in Attachment 1 of this agreement are hereby incorporated into this Appendix 2 by this reference and are binding on the data importer as if they were set forth in this Appendix 2 in their entirety.

From f00f9cc588b3790c897144e27cd5ea9c520ab2c2 Mon Sep 17 00:00:00 2001
From: Sinead O'Sullivan <siosulli@microsoft.com>
Date: Mon, 14 Jun 2021 14:49:36 +0100
Subject: [PATCH 07/61] Update .openpublishing.redirection.json

---
 .openpublishing.redirection.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json
index 1434fdccf8..445d23b7ea 100644
--- a/.openpublishing.redirection.json
+++ b/.openpublishing.redirection.json
@@ -18926,7 +18926,7 @@
       "redirect_document_id": false
     },
     {
-      "source_path": "data-processor-service-for-windows-enterprise-public-preview-terms.md",
+      "source_path": "windows/privacy/data-processor-service-for-windows-enterprise-public-preview-terms.md",
       "redirect_url": "/windows/privacy/windows-10-and-privacy-compliance",
       "redirect_document_id": false
     } 

From c307294265b743b49e0b295603929e96a82149ac Mon Sep 17 00:00:00 2001
From: Sinead O'Sullivan <siosulli@microsoft.com>
Date: Thu, 17 Jun 2021 13:29:36 +0100
Subject: [PATCH 08/61] Update policy-csp-system.md

---
 .../client-management/mdm/policy-csp-system.md    | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

diff --git a/windows/client-management/mdm/policy-csp-system.md b/windows/client-management/mdm/policy-csp-system.md
index 4d1e1393b7..536bae0e06 100644
--- a/windows/client-management/mdm/policy-csp-system.md
+++ b/windows/client-management/mdm/policy-csp-system.md
@@ -215,13 +215,20 @@ The following list shows the supported values:
 
 <!--/Scope-->
 <!--Description-->
-This policy setting opts the device into the Windows enterprise data pipeline. 
+This policy setting configures an Azure Active Directory joined device so that Microsoft is the processor of the Windows diagnostic data collected from the device, subject to the Product Terms.
 
-If you enable this setting, data collected from the device will be opted into the Windows enterprise data pipeline.
+To enable this behavior, you must complete two steps:
 
-If you disable or don't configure this setting, all data from the device will be collected and processed in accordance with our policies for the Windows standard data pipeline.
+-   Enable this policy setting
+-   Join an Azure Active Directory account to the device
 
-Configuring this setting does not change the telemetry collection level or the ability of the user to change the level. This setting only applies to the Windows operating system and apps included with Windows, not third-party apps or services running on Windows 10.
+Windows diagnostic data is collected when the **AllowTelemetry** policy setting is set to 1 – Required (Basic) or above.
+
+If you disable or do not configure this setting, Microsoft will be the controller of the Windows diagnostic data collected from the device and processed in accordance with Microsoft’s privacy statement at https://go.microsoft.com/fwlink/?LinkId=521839 unless you have enabled policies like 'Allow Update Compliance Processing' or 'Allow Desktop Analytics Processing”.
+
+Configuring this setting does not change the Windows diagnostic data collection level set for the device or the operation of optional analytics processor services like Desktop Analytics and Update Compliance.
+
+See the documentation at https://aka.ms/ConfigureWWD for information on this and other policies that will result in Microsoft being the processor of Windows diagnostic data.
 
 <!--/Description-->
 <!--ADMXMapped-->

From 3017e669b01e2b77df0bfcf621039734caacc8d3 Mon Sep 17 00:00:00 2001
From: Sinead O'Sullivan <siosulli@microsoft.com>
Date: Fri, 18 Jun 2021 14:25:35 +0100
Subject: [PATCH 09/61] minor updates for DPSW

---
 .../changes-to-windows-diagnostic-data-collection.md      | 1 +
 ...figure-windows-diagnostic-data-in-your-organization.md | 8 +++++---
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/windows/privacy/changes-to-windows-diagnostic-data-collection.md b/windows/privacy/changes-to-windows-diagnostic-data-collection.md
index 113c415e29..38c0dfcce4 100644
--- a/windows/privacy/changes-to-windows-diagnostic-data-collection.md
+++ b/windows/privacy/changes-to-windows-diagnostic-data-collection.md
@@ -87,6 +87,7 @@ With the Enhanced diagnostic data level being split out into new policies, we're
 Customers who use services that depend on Windows diagnostic data, such as Microsoft Managed Desktop or Desktop Analytics, may be impacted by the behavioral changes when they are released. These services will be updated to address these changes and guidance will be published on how to configure them properly.
 
 The following provides information on the current configurations:
+
 - [Microsoft Managed Desktop](/microsoft-365/managed-desktop/service-description/device-policies#windows-diagnostic-data)
 - [Desktop Analytics](/mem/configmgr/desktop-analytics/overview)
 
diff --git a/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md b/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md
index b3cf4f88b5..2e8b46a246 100644
--- a/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md
+++ b/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md
@@ -66,7 +66,7 @@ Depending on the diagnostic data settings on the device, diagnostic data can be
 
  - Small payloads of structured information referred to as diagnostic data events, managed by the Connected User Experiences and Telemetry component.
  
- - Diagnostic logs for additional troubleshooting, also managed by the Connected User Experience and Telemetry component. 
+ - Diagnostic logs for additional troubleshooting, also managed by the Connected User Experience and Telemetry component.
  
  - Crash reporting and crash dumps, managed by [Windows Error Reporting](/windows/win32/wer/windows-error-reporting).
 
@@ -120,7 +120,7 @@ Here’s a summary of the types of data that is included with each setting:
 
 This setting was previously labeled as **Security**. When you configure this setting, no Windows diagnostic data is sent from your device. This is only available on Windows Server, Windows 10 Enterprise, and Windows 10 Education. If you choose this setting, devices in your organization will still be secure.
 
->[!NOTE] 
+>[!NOTE]
 > If your organization relies on Windows Update, the minimum recommended setting is **Required diagnostic data**. Because no Windows Update information is collected when diagnostic data is off, important information about update failures is not sent. Microsoft uses this information to fix the causes of those failures and improve the quality of our updates.
 
 ### Required diagnostic data
@@ -247,7 +247,9 @@ Use the instructions below to enable Windows diagnostic data processor configura
 
 In Group Policy, to enable Windows diagnostic data processor configuration, go to **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Data Collection and Preview Builds** and switch the **Allow commercial data pipeline** setting to **enabled**.
 
-If you wish to disable, at any time, switch the same setting to **disabled**. The default state of the above setting is **disabled**. To use an MDM solution, such as [Microsoft Intune](/mem/intune/configuration/custom-settings-windows-10), to deploy the Windows diagnostic data processor configuration to your supported devices, use the following custom OMA-URI setting configuration:
+If you wish to disable, at any time, switch the same setting to **disabled**. The default state of the above setting is **disabled**.
+
+To use an MDM solution, such as [Microsoft Intune](/mem/intune/configuration/custom-settings-windows-10), to deploy the Windows diagnostic data processor configuration to your supported devices, use the following custom OMA-URI setting configuration:
 
  - **Name:** System/AllowCommercialDataPipeline
  - **OMA-URI:** ./Vendor/MSFT/Policy/Config/System/AllowCommercialDataPipeline

From c6737199096ae32a6330abd04fc33755935886f0 Mon Sep 17 00:00:00 2001
From: Sinead O'Sullivan <siosulli@microsoft.com>
Date: Fri, 18 Jun 2021 14:48:37 +0100
Subject: [PATCH 10/61] Update
 configure-windows-diagnostic-data-in-your-organization.md

---
 ...configure-windows-diagnostic-data-in-your-organization.md | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md b/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md
index 2e8b46a246..033030780e 100644
--- a/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md
+++ b/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md
@@ -231,7 +231,8 @@ The Windows diagnostic data processor configuration enables you to be the contro
 
 ### Prerequisites
 
-The device must have Windows 10 Pro, Education or Enterprise edition, version 1809 with July 2021 update or newer. The device must also be joined to Azure Active Directory. 
+- The device must have Windows 10 Pro, Education or Enterprise edition, version 1809 with July 2021 update or newer.
+- The device must be joined to Azure Active Directory.
 
 The diagnostic data setting on the device should be set to Required diagnostic data or higher, and the following endpoints need to be reachable:
 
@@ -257,7 +258,7 @@ To use an MDM solution, such as [Microsoft Intune](/mem/intune/configuration/cus
 
 Under **Value**, use **1** to enable the service.
 
-If you wish to disable, at any time, switch the same setting to **0** to disable. The default is **0**.
+If you wish to disable, at any time, switch the same setting to **0**. The default value is **0**.
 
 >[!Note]
 > - If you have any additional policies that also enable you to be a controller of Windows diagnostic data, such as the services listed below, you will need to turn off all the applicable policies in order to stop being a controller for Windows diagnostic data.

From c0911676bac82fb37ecce47c5823569b32c55e53 Mon Sep 17 00:00:00 2001
From: Sinead O'Sullivan <siosulli@microsoft.com>
Date: Fri, 18 Jun 2021 15:52:14 +0100
Subject: [PATCH 11/61] minor dpsw updates_2

---
 .../changes-to-windows-diagnostic-data-collection.md     | 2 +-
 windows/privacy/windows-10-and-privacy-compliance.md     | 9 +++++----
 2 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/windows/privacy/changes-to-windows-diagnostic-data-collection.md b/windows/privacy/changes-to-windows-diagnostic-data-collection.md
index 38c0dfcce4..814dedb66d 100644
--- a/windows/privacy/changes-to-windows-diagnostic-data-collection.md
+++ b/windows/privacy/changes-to-windows-diagnostic-data-collection.md
@@ -102,4 +102,4 @@ Previously, enterprise customers had two options in managing their Windows diagn
 
 Now, customers will have a third option that allows them to be the controller for their Windows diagnostic data, while still benefiting from the purposes that this data serves, such as quality of updates and device drivers. Under this approach, Microsoft will act as a data [processor](/compliance/regulatory/gdpr#terminology), processing Windows diagnostic data on behalf of the controller.
 
-This new option will enable customers to use familiar tools to manage, export, or delete data to help them meet their compliance obligations. For example, using the Microsoft Azure portal, customers will have the means to respond to their own users’ requests, such as delete and export diagnostic data. Admins can easily enable the Windows diagnostic data processor configuration for Windows devices using group policy or mobile device management ([MDM](/windows/client-management/mdm/policy-csp-system)). For more information, see [Enable Windows diagnostic data processor configuration](configure-windows-diagnostic-data-in-your-organization.md#enable-windows-diagnostic-data-processor-configuration).
+This new option will enable customers to use familiar tools to manage, export, or delete data to help them meet their compliance obligations. For example, using the Microsoft Azure portal, customers will have the means to respond to their own users’ requests, such as delete and export diagnostic data. Admins can easily enable the Windows diagnostic data processor configuration for Windows devices using group policy or mobile device management ([MDM](/windows/client-management/mdm/policy-csp-system)). For more information, see [Enable Windows diagnostic data processor configuration](configure-windows-diagnostic-data-in-your-organization.md#enable-windows-diagnostic-data-processor-configuration) in [https://docs.microsoft.com/en-us/windows/privacy/configure-windows-diagnostic-data-in-your-organization](configure-windows-diagnostic-data-in-your-organization)
diff --git a/windows/privacy/windows-10-and-privacy-compliance.md b/windows/privacy/windows-10-and-privacy-compliance.md
index e5ce1e7e04..c6fade565c 100644
--- a/windows/privacy/windows-10-and-privacy-compliance.md
+++ b/windows/privacy/windows-10-and-privacy-compliance.md
@@ -65,7 +65,7 @@ The following table provides an overview of the Windows 10 privacy settings pres
 An administrator can also use the Diagnostic Data Viewer for PowerShell module to view the diagnostic data collected from the device instead of using the Diagnostic Data Viewer UI. The [Diagnostic Data Viewer for PowerShell Overview](microsoft-diagnosticdataviewer.md) provides further information.
 
 > [!Note]
-> If the Windows diagnostic data processor configuration is enabled, IT administrators should use the admin portal to fulfill data subject request to access or export Windows diagnostic data associated with a particular user’s use of a device. See [The process for exercising data subject rights](#3-the-process-for-exercising-data-subject-rights).
+> If the Windows diagnostic data processor configuration is enabled, IT administrators should use the admin portal to fulfill data subject requests to access or export Windows diagnostic data associated with a particular user’s use of a device. See [The process for exercising data subject rights](#3-the-process-for-exercising-data-subject-rights).
 
 ## 2. Windows 10 data collection management
 
@@ -82,14 +82,14 @@ Administrators can configure and control privacy settings across their organizat
 The following table provides an overview of the privacy settings discussed earlier in this document with details on how to configure these policies. The table also provides information on what the default value would be for each of these privacy settings if you do not manage the setting by using policy and suppress the Out-of-box Experience (OOBE) during device setup. If you’re interested in minimizing data collection, we also provide the recommended value to set.
 
 > [!NOTE]
-> This is not a complete list of settings that involve connecting to Microsoft connected experiences. For more detailed list, see [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md).
+> This is not a complete list of settings that involve connecting to Microsoft connected experiences. For a more detailed list, see [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md).
 
 | Feature/Setting | GP/MDM Documentation | Default State if the Setup experience is suppressed | State to stop/minimize data collection |
 |---|---|---|---|
 | [Speech](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-speech) | Group Policy:<br />**Computer Configuration** > **Control Panel** > **Regional and Language Options** > **Allow users to enable online speech recognition services**<br /><br />MDM: [Privacy/AllowInputPersonalization](/windows/client-management/mdm/policy-csp-privacy#privacy-allowinputpersonalization) | Off | Off |
 | [Location](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-location) | Group Policy:<br />**Computer Configuration** > **Windows Components** > **App Privacy** > **Let Windows apps access location**<br /><br />MDM: [Privacy/LetAppsAccessLocation](/windows/client-management/mdm/policy-csp-privacy#privacy-allowinputpersonalization) | Off (Windows 10, version 1903 and later) | Off |
 | [Find my device](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#find-my-device) | Group Policy:<br />**Computer Configuration** > **Windows Components** > **Find My Device** > **Turn On/Off Find My Device**<br /><br />MDM: [Experience/AllFindMyDevice](/windows/client-management/mdm/policy-csp-experience#experience-allowfindmydevice) | Off | Off |
-| [Diagnostic Data](configure-windows-diagnostic-data-in-your-organization.md#manage-enterprise-diagnostic-data) | Group Policy:<br />**Computer Configuration** > **Windows Components** > **Data Collection and Preview Builds** > **Allow Telemetry**<br /><br />MDM: [System/AllowTelemetry](/windows/client-management/mdm/policy-csp-system#system-allowtelemetry)<br /><br />Note: If you are planning to configure devices, using the Windows diagnostic data processor configuration option, the recommended state to minimize data collection is not applicable. For more information, see [Enabling the Windows diagnostic data processor configuration](#238-diagnostic-data-enabling-the-windows-diagnostic-data-processor-configuration). | Required diagnostic data (Windows 10, version 1903 and later)<br /><br />Server editions:<br />Enhanced diagnostic data | Security (Off) and block endpoints |
+| [Diagnostic Data](configure-windows-diagnostic-data-in-your-organization.md#manage-enterprise-diagnostic-data) | Group Policy:<br />**Computer Configuration** > **Windows Components** > **Data Collection and Preview Builds** > **Allow Telemetry**<br /><br />MDM: [System/AllowTelemetry](/windows/client-management/mdm/policy-csp-system#system-allowtelemetry)<br /><br />Note: If you are planning to configure devices, using the Windows diagnostic data processor configuration option, the recommended state to minimize data collection is not applicable. See [Enabling the Windows diagnostic data processor configuration](#238-diagnostic-data-enabling-the-windows-diagnostic-data-processor-configuration) below for more information. | Required diagnostic data (Windows 10, version 1903 and later)<br /><br />Server editions:<br />Enhanced diagnostic data | Security (Off) and block endpoints |
 | [Inking and typing diagnostics](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-ink) | Group Policy:<br />**Computer Configuration** > **Windows Components** > **Text Input** > **Improve inking and typing recognition**<br /><br />MDM: [TextInput/AllowLinguisticDataCollection](/windows/client-management/mdm/policy-csp-textinput#textinput-allowlinguisticdatacollection) | Off (Windows 10, version 1809 and later) | Off | 
 | Tailored Experiences | Group Policy:<br />**User Configuration** > **Windows Components** > **Cloud Content** > **Do not use diagnostic data for tailored experiences**<br /><br />MDM: [Experience/AllowTailoredExperiencesWithDiagnosticData](/windows/client-management/mdm/policy-csp-experience#experience-allowtailoredexperienceswithdiagnosticdata) | Off | Off | 
 | Advertising ID | Group Policy:<br />**Computer Configuration** > **System** > **User Profile** > **Turn off the advertising Id**<br /><br />MDM: [Privacy/DisableAdvertisingId](/windows/client-management/mdm/policy-csp-privacy#privacy-disableadvertisingid) | Off | Off | 
@@ -108,7 +108,8 @@ If you want the ability to fully control and apply restrictions on data being se
 
 Alternatively, your administrators can also choose to use Windows Autopilot. Autopilot lessens the overall burden of deployment while allowing administrators to fully customize the out-of-box experience. However, since Windows Autopilot is a cloud-based solution, administrators should be aware that a minimal set of device identifiers are sent back to Microsoft during initial device boot up. This device-specific information is used to identify the device so that it can receive the administrator-configured Autopilot profile and policies.
 
-You can use the following articles to learn more about Autopilot and how to use Autopilot to deploy Windows 10: 
+You can use the following articles to learn more about Autopilot and how to use Autopilot to deploy Windows 10:
+
 - [Overview of Windows Autopilot](/windows/deployment/windows-Autopilot/windows-Autopilot)
 - [Windows Autopilot deployment process](/windows/deployment/windows-Autopilot/deployment-process)
 

From 81271f6350475aad223a2ae910817091c42bda69 Mon Sep 17 00:00:00 2001
From: Sinead O'Sullivan <siosulli@microsoft.com>
Date: Fri, 18 Jun 2021 16:00:25 +0100
Subject: [PATCH 12/61] Update changes-to-windows-diagnostic-data-collection.md

---
 .../privacy/changes-to-windows-diagnostic-data-collection.md    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/privacy/changes-to-windows-diagnostic-data-collection.md b/windows/privacy/changes-to-windows-diagnostic-data-collection.md
index 814dedb66d..6d5194e8c5 100644
--- a/windows/privacy/changes-to-windows-diagnostic-data-collection.md
+++ b/windows/privacy/changes-to-windows-diagnostic-data-collection.md
@@ -102,4 +102,4 @@ Previously, enterprise customers had two options in managing their Windows diagn
 
 Now, customers will have a third option that allows them to be the controller for their Windows diagnostic data, while still benefiting from the purposes that this data serves, such as quality of updates and device drivers. Under this approach, Microsoft will act as a data [processor](/compliance/regulatory/gdpr#terminology), processing Windows diagnostic data on behalf of the controller.
 
-This new option will enable customers to use familiar tools to manage, export, or delete data to help them meet their compliance obligations. For example, using the Microsoft Azure portal, customers will have the means to respond to their own users’ requests, such as delete and export diagnostic data. Admins can easily enable the Windows diagnostic data processor configuration for Windows devices using group policy or mobile device management ([MDM](/windows/client-management/mdm/policy-csp-system)). For more information, see [Enable Windows diagnostic data processor configuration](configure-windows-diagnostic-data-in-your-organization.md#enable-windows-diagnostic-data-processor-configuration) in [https://docs.microsoft.com/en-us/windows/privacy/configure-windows-diagnostic-data-in-your-organization](configure-windows-diagnostic-data-in-your-organization)
+This new option will enable customers to use familiar tools to manage, export, or delete data to help them meet their compliance obligations. For example, using the Microsoft Azure portal, customers will have the means to respond to their own users’ requests, such as delete and export diagnostic data. Admins can easily enable the Windows diagnostic data processor configuration for Windows devices using group policy or mobile device management ([MDM](/windows/client-management/mdm/policy-csp-system)). For more information, see [Enable Windows diagnostic data processor configuration](configure-windows-diagnostic-data-in-your-organization.md#enable-windows-diagnostic-data-processor-configuration) in [configure-windows-diagnostic-data-in-your-organization](configure-windows-diagnostic-data-in-your-organization.md)

From ebdaba2b58dc25fc7c53b0af93826d17717fe56f Mon Sep 17 00:00:00 2001
From: Sinead O'Sullivan <siosulli@microsoft.com>
Date: Fri, 18 Jun 2021 16:20:19 +0100
Subject: [PATCH 13/61] minor_update

---
 .../changes-to-windows-diagnostic-data-collection.md       | 2 +-
 windows/privacy/windows-10-and-privacy-compliance.md       | 7 ++++---
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/windows/privacy/changes-to-windows-diagnostic-data-collection.md b/windows/privacy/changes-to-windows-diagnostic-data-collection.md
index 6d5194e8c5..f582ab8f63 100644
--- a/windows/privacy/changes-to-windows-diagnostic-data-collection.md
+++ b/windows/privacy/changes-to-windows-diagnostic-data-collection.md
@@ -102,4 +102,4 @@ Previously, enterprise customers had two options in managing their Windows diagn
 
 Now, customers will have a third option that allows them to be the controller for their Windows diagnostic data, while still benefiting from the purposes that this data serves, such as quality of updates and device drivers. Under this approach, Microsoft will act as a data [processor](/compliance/regulatory/gdpr#terminology), processing Windows diagnostic data on behalf of the controller.
 
-This new option will enable customers to use familiar tools to manage, export, or delete data to help them meet their compliance obligations. For example, using the Microsoft Azure portal, customers will have the means to respond to their own users’ requests, such as delete and export diagnostic data. Admins can easily enable the Windows diagnostic data processor configuration for Windows devices using group policy or mobile device management ([MDM](/windows/client-management/mdm/policy-csp-system)). For more information, see [Enable Windows diagnostic data processor configuration](configure-windows-diagnostic-data-in-your-organization.md#enable-windows-diagnostic-data-processor-configuration) in [configure-windows-diagnostic-data-in-your-organization](configure-windows-diagnostic-data-in-your-organization.md)
+This new option will enable customers to use familiar tools to manage, export, or delete data to help them meet their compliance obligations. For example, using the Microsoft Azure portal, customers will have the means to respond to their own users’ requests, such as delete and export diagnostic data. Admins can easily enable the Windows diagnostic data processor configuration for Windows devices using group policy or mobile device management ([MDM](/windows/client-management/mdm/policy-csp-system)). For more information, see [Enable Windows diagnostic data processor configuration](configure-windows-diagnostic-data-in-your-organization.md#enable-windows-diagnostic-data-processor-configuration) in [Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md)
diff --git a/windows/privacy/windows-10-and-privacy-compliance.md b/windows/privacy/windows-10-and-privacy-compliance.md
index c6fade565c..7a44461fae 100644
--- a/windows/privacy/windows-10-and-privacy-compliance.md
+++ b/windows/privacy/windows-10-and-privacy-compliance.md
@@ -131,9 +131,10 @@ For more information, see [Manage connections from Windows operating system comp
 
 #### _2.3.4 Limited functionality baseline_
 
-An organization may want to further minimize the amount of data sent back to Microsoft or shared with Microsoft apps by managing the connections and configuring additional settings on their devices. Similar to [Windows security baselines](/windows/security/threat-protection/windows-security-baselines), Microsoft has released a limited functionality baseline focused on configuring settings to minimize the data sent back to Microsoft. However, the functionality of the device could be impacted by applying these settings. The [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md) article provides details on how to apply the baseline, along with the full list of settings covered in the baseline and the functionality that would be impacted. Administrators that don’t want to apply the baseline can still find details on how to configure each setting individually to find the right balance between data sharing and impact to functionality for their organization.
+An organization may want to minimize the amount of data sent back to Microsoft or shared with Microsoft apps by managing the connections and configuring additional settings on their devices. Similar to [Windows security baselines](/windows/security/threat-protection/windows-security-baselines), Microsoft has released a limited functionality baseline focused on configuring settings to minimize the data sent back to Microsoft. However, the functionality of the device could be impacted by applying these settings. The [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md) article provides details on how to apply the baseline, along with the full list of settings covered in the baseline and the functionality that would be impacted. Administrators that don’t want to apply the baseline can still find details on how to configure each setting individually to find the right balance between data sharing and impact to functionality for their organization.
 
 >[!IMPORTANT]
+
 > - We recommend that you fully test any modifications to these settings before deploying them in your organization.
 > - We also recommend that if you plan to enable the Windows diagnostic data processor configuration, adjust the limited configuration baseline before deploying to ensure the Windows diagnostic setting is not turned off.
 
@@ -160,14 +161,14 @@ An administrator can disable a user’s ability to delete their device’s diagn
 
 - Windows 10 Enterprise, Pro, Education editions, version 1809 with July 2021 update and newer
 
-The Windows diagnostic data processor configuration enables IT administrators to be the controller, under the definition of the European Union General Data Protection Regulation (GDPR), for the Windows diagnostic data collected from Windows 10 devices that are Azure Active Directory (AAD) joined and meet the configuration requirements. For more information, see [Enable Windows diagnostic data processor configuration](configure-windows-diagnostic-data-in-your-organization.md#enable-windows-diagnostic-data-processor-configuration). Diagnostic data does not include data processed by Microsoft with the use of essential services and connected experiences in Windows.
+The Windows diagnostic data processor configuration enables IT administrators to be the controller, under the definition of the European Union General Data Protection Regulation (GDPR), for the Windows diagnostic data collected from Windows 10 devices that are Azure Active Directory (AAD) joined and meet the configuration requirements. For more information, see [Enable Windows diagnostic data processor configuration](configure-windows-diagnostic-data-in-your-organization.md#enable-windows-diagnostic-data-processor-configuration) in [Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md). Diagnostic data does not include data processed by Microsoft with the use of essential services and connected experiences in Windows.
 
 The Windows diagnostic data collected from devices enabled with the Windows diagnostic data processor configuration may be associated with a specific AAD User ID or device ID. The Windows diagnostic data processor configuration provides you with controls that help respond to data subject requests (DSRs) to delete diagnostic data, at user account closure, for a specific AAD User ID. Additionally, you’re able to execute an export DSR for diagnostic data related to a specific AAD User ID. For more information, see [The process for exercising data subject rights](#3-the-process-for-exercising-data-subject-rights). Microsoft also will accommodate a tenant account closure, either because you decide to close your Azure or Azure AD tenant account, or because you decide you no longer wish to be the data controller for Windows diagnostic data, but still wish to remain an Azure customer.
 
 We recommend that IT administrators who have enabled the Windows diagnostic data processor configuration consider the following:
 
 - Restrict user’s ability to sign-in with a Microsoft Account (MSA) using [Block Microsoft account group policy](/windows/security/threat-protection/security-policy-settings/accounts-block-microsoft-accounts).
-- Restrict user’s ability to submit feedback, as any feedback or additional logs submitted by the user are not managed by the Windows diagnostic data processor configuration option. The Feedback hub app can be removed using [PowerShell](/powershell/module/appx/remove-appxpackage) and block ability to submit feedback in Microsoft Edge using [Feedback group policy](/deployedge/microsoft-edge-policies#userfeedbackallowed).
+- Restrict user’s ability to submit feedback, as any feedback or additional logs submitted by the user are not managed by the Windows diagnostic data processor configuration option. The Feedback hub app can be removed using [PowerShell](/powershell/module/appx/remove-appxpackage) and you can block the ability to submit feedback in Microsoft Edge using [Feedback group policy](/deployedge/microsoft-edge-policies#userfeedbackallowed).
 
 >[!Note]
 >Tenant account closure will lead to the deletion of all data associated with that tenant.

From 0e3e9a00129c3a331ec248982607271001cc853a Mon Sep 17 00:00:00 2001
From: Sinead O'Sullivan <siosulli@microsoft.com>
Date: Fri, 18 Jun 2021 16:34:21 +0100
Subject: [PATCH 14/61] Update windows-10-and-privacy-compliance.md

---
 windows/privacy/windows-10-and-privacy-compliance.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/privacy/windows-10-and-privacy-compliance.md b/windows/privacy/windows-10-and-privacy-compliance.md
index 7a44461fae..9d66846576 100644
--- a/windows/privacy/windows-10-and-privacy-compliance.md
+++ b/windows/privacy/windows-10-and-privacy-compliance.md
@@ -89,7 +89,7 @@ The following table provides an overview of the privacy settings discussed earli
 | [Speech](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-speech) | Group Policy:<br />**Computer Configuration** > **Control Panel** > **Regional and Language Options** > **Allow users to enable online speech recognition services**<br /><br />MDM: [Privacy/AllowInputPersonalization](/windows/client-management/mdm/policy-csp-privacy#privacy-allowinputpersonalization) | Off | Off |
 | [Location](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-location) | Group Policy:<br />**Computer Configuration** > **Windows Components** > **App Privacy** > **Let Windows apps access location**<br /><br />MDM: [Privacy/LetAppsAccessLocation](/windows/client-management/mdm/policy-csp-privacy#privacy-allowinputpersonalization) | Off (Windows 10, version 1903 and later) | Off |
 | [Find my device](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#find-my-device) | Group Policy:<br />**Computer Configuration** > **Windows Components** > **Find My Device** > **Turn On/Off Find My Device**<br /><br />MDM: [Experience/AllFindMyDevice](/windows/client-management/mdm/policy-csp-experience#experience-allowfindmydevice) | Off | Off |
-| [Diagnostic Data](configure-windows-diagnostic-data-in-your-organization.md#manage-enterprise-diagnostic-data) | Group Policy:<br />**Computer Configuration** > **Windows Components** > **Data Collection and Preview Builds** > **Allow Telemetry**<br /><br />MDM: [System/AllowTelemetry](/windows/client-management/mdm/policy-csp-system#system-allowtelemetry)<br /><br />Note: If you are planning to configure devices, using the Windows diagnostic data processor configuration option, the recommended state to minimize data collection is not applicable. See [Enabling the Windows diagnostic data processor configuration](#238-diagnostic-data-enabling-the-windows-diagnostic-data-processor-configuration) below for more information. | Required diagnostic data (Windows 10, version 1903 and later)<br /><br />Server editions:<br />Enhanced diagnostic data | Security (Off) and block endpoints |
+| [Diagnostic Data](configure-windows-diagnostic-data-in-your-organization.md#manage-enterprise-diagnostic-data) | Group Policy:<br />**Computer Configuration** > **Windows Components** > **Data Collection and Preview Builds** > **Allow Telemetry**<br /><br />MDM: [System/AllowTelemetry](/windows/client-management/mdm/policy-csp-system#system-allowtelemetry)<br /><br />**Note**: If you are planning to configure devices, using the Windows diagnostic data processor configuration option, the recommended state to minimize data collection is not applicable. See [Enabling the Windows diagnostic data processor configuration](#238-diagnostic-data-enabling-the-windows-diagnostic-data-processor-configuration) below for more information. | Required diagnostic data (Windows 10, version 1903 and later)<br /><br />Server editions:<br />Enhanced diagnostic data | Security (Off) and block endpoints |
 | [Inking and typing diagnostics](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-ink) | Group Policy:<br />**Computer Configuration** > **Windows Components** > **Text Input** > **Improve inking and typing recognition**<br /><br />MDM: [TextInput/AllowLinguisticDataCollection](/windows/client-management/mdm/policy-csp-textinput#textinput-allowlinguisticdatacollection) | Off (Windows 10, version 1809 and later) | Off | 
 | Tailored Experiences | Group Policy:<br />**User Configuration** > **Windows Components** > **Cloud Content** > **Do not use diagnostic data for tailored experiences**<br /><br />MDM: [Experience/AllowTailoredExperiencesWithDiagnosticData](/windows/client-management/mdm/policy-csp-experience#experience-allowtailoredexperienceswithdiagnosticdata) | Off | Off | 
 | Advertising ID | Group Policy:<br />**Computer Configuration** > **System** > **User Profile** > **Turn off the advertising Id**<br /><br />MDM: [Privacy/DisableAdvertisingId](/windows/client-management/mdm/policy-csp-privacy#privacy-disableadvertisingid) | Off | Off | 

From c24b0d494a1fd3bc184899a90c17e7538289ba6e Mon Sep 17 00:00:00 2001
From: Sinead O'Sullivan <siosulli@microsoft.com>
Date: Mon, 21 Jun 2021 12:40:01 +0100
Subject: [PATCH 15/61] Update policy-csp-system.md

---
 .../mdm/policy-csp-system.md                  | 89 ++++++++++++++++++-
 1 file changed, 85 insertions(+), 4 deletions(-)

diff --git a/windows/client-management/mdm/policy-csp-system.md b/windows/client-management/mdm/policy-csp-system.md
index 536bae0e06..36cad84743 100644
--- a/windows/client-management/mdm/policy-csp-system.md
+++ b/windows/client-management/mdm/policy-csp-system.md
@@ -28,6 +28,9 @@ manager: dansimp
   <dd>
     <a href="#system-allowcommercialdatapipeline">System/AllowCommercialDataPipeline</a>
   </dd>
+  <dd>
+    <a href="#system-allowdesktopanalyticsprocessing">System/AllowDesktopAnalyticsProcessing </a>
+  </dd>
   <dd>
     <a href="#system-allowdevicenameindiagnosticdata">System/AllowDeviceNameInDiagnosticData</a>
   </dd>
@@ -43,6 +46,9 @@ manager: dansimp
   <dd>
     <a href="#system-allowlocation">System/AllowLocation</a>
   </dd>
+  <dd>
+    <a href="#system-allowmicrosoftmanageddesktopprocessing">System/AllowMicrosoftManagedDesktopProcessing</a>
+  </dd>
   <dd>
     <a href="#system-allowstoragecard">System/AllowStorageCard</a>
   </dd>
@@ -55,6 +61,9 @@ manager: dansimp
   <dd>
     <a href="#system-allowusertoresetphone">System/AllowUserToResetPhone</a>
   </dd>
+ <dd>
+    <a href="#system-allowwufbcloudprocessing">System/AllowWuFBCloudProcessing</a>
+  </dd>
   <dd>
     <a href="#system-bootstartdriverinitialization">System/BootStartDriverInitialization</a>
   </dd>
@@ -224,7 +233,7 @@ To enable this behavior, you must complete two steps:
 
 Windows diagnostic data is collected when the **AllowTelemetry** policy setting is set to 1 – Required (Basic) or above.
 
-If you disable or do not configure this setting, Microsoft will be the controller of the Windows diagnostic data collected from the device and processed in accordance with Microsoft’s privacy statement at https://go.microsoft.com/fwlink/?LinkId=521839 unless you have enabled policies like 'Allow Update Compliance Processing' or 'Allow Desktop Analytics Processing”.
+If you disable or do not configure this setting, Microsoft will be the controller of the Windows diagnostic data collected from the device and processed in accordance with Microsoft’s privacy statement at https://go.microsoft.com/fwlink/?LinkId=521839 unless you have enabled policies like Allow Update Compliance Processing or Allow Desktop Analytics Processing.
 
 Configuring this setting does not change the Windows diagnostic data collection level set for the device or the operation of optional analytics processor services like Desktop Analytics and Update Compliance.
 
@@ -257,6 +266,28 @@ The following list shows the supported values:
 
 <hr/>
 
+<!--Policy-->
+<a href="" id="system-allowdesktopanalyticsprocessing"></a>**System/AllowDesktopAnalyticsProcessing**  
+
+<!--/Scope-->
+<!--Description-->
+
+This policy setting, in combination with the Allow Telemetry and Configure the Commercial ID, enables organizations to configure the device so that Microsoft is the processor for Windows diagnostic data collected from the device, subject to the Product Terms.
+
+To enable this behavior, you must complete three steps:
+
+-   Enable this policy setting
+-   Set **AllowTelemetry** to 1 – Required (Basic) or above 1
+-   Set the Configure the Commercial ID setting for your Desktop Analytics workspace
+
+This setting has no effect on devices unless they are properly enrolled in Desktop Analytics.
+
+When these policies are configured, Windows diagnostic data collected from the device will be subject to Microsoft processor commitments.
+
+If you disable or do not configure this policy setting, devices will not appear in Desktop Analytics.
+
+<hr/>
+
 <!--Policy-->
 <a href="" id="system-allowdevicenameindiagnosticdata"></a>**System/AllowDeviceNameInDiagnosticData**  
 
@@ -609,6 +640,27 @@ The following list shows the supported values:
 <!--/Policy-->
 <hr/>
 
+<!--Policy-->
+<a href="" id="system-allowmicrosoftmanageddesktopprocessing"></a>**System/AllowMicrosoftManagedDesktopProcessing**
+
+<!--/Scope-->
+<!--Description-->
+
+This policy setting configures an Azure Active Directory joined device so that Microsoft is the processor of the Windows diagnostic data.
+
+For customers who enroll into the Microsoft Managed Desktop service, this policy will be enabled by default to allow Microsoft to process data for operational and analytic needs. For more information, see [Privacy and personal data - Microsoft Managed Desktop | Microsoft Docs](privacy-personal-data.md).
+
+This setting has no effect on devices unless they are properly enrolled in Microsoft Managed Desktop.
+
+When these policies are configured, Windows diagnostic data collected from the device will be subject to Microsoft processor commitments.
+
+If you disable this policy setting, devices may not appear in Microsoft Managed Desktop.
+
+>[!IMPORTANT]
+
+> You should not disable or make changes to this policy as that will severely impact the ability of Microsoft Managed Desktop to manage the devices. 
+
+<hr/>
 <!--Policy-->
 <a href="" id="system-allowstoragecard"></a>**System/AllowStorageCard**  
 
@@ -845,11 +897,18 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Allows IT admins to enable diagnostic data from this device to be processed by Update Compliance.  
 
-If you enable this setting, it enables data flow through Update Compliance's data processing system and indicates a device's explicit enrollment to the service.
+This policy setting, in combination with the Allow Telemetry and Configure the Commercial ID, enables organizations to configure the device so that Microsoft is the processor of the Windows diagnostic data collected from the device, subject to the Product Terms.
 
-If you disable or do not configure this policy setting, diagnostic data from this device will not be processed by Update Compliance.
+To enable this behavior, you must complete three steps:
+
+-   Enable this policy setting
+-   Set **AllowTelemetry** to 1 – Required (Basic) or above 1
+-   Set the Configure the Commercial ID setting for your Update Compliance workspace
+
+When these policies are configured, Windows diagnostic data collected from the device will be subject to Microsoft processor commitments.
+
+If you disable or do not configure this policy setting, devices will not appear in Update Compliance.
 
 <!--/Description-->
 <!--ADMXMapped-->
@@ -932,6 +991,28 @@ The following list shows the supported values:
 
 <hr/>
 
+<!--Policy-->
+<a href="" id="system-allowwufbcloudprocessing"></a>**System/AllowWuFBCloudProcessing**
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+
+This policy setting configures an Azure Active Directory joined device so that Microsoft is the processor of the Windows diagnostic data collected from the device, subject to the Product Terms. 
+
+To enable this behavior, you must complete three steps:
+
+-   Enable this policy setting
+-   Set **AllowTelemetry** to 1 – Required (Basic) or above 1
+-   Join an Azure Active Directory account to the device
+
+When these policies are configured, Windows diagnostic data collected from the device will be subject to Microsoft processor commitments.
+
+If you disable or do not configure this policy setting, devices enrolled to the Windows Update for Business deployment service will not be able to take advantage of some deployment service features.
+
+<hr/>
+
 <!--Policy-->
 <a href="" id="system-bootstartdriverinitialization"></a>**System/BootStartDriverInitialization**  
 

From 353358e8173321373e87b61fe44c76e11d657b1c Mon Sep 17 00:00:00 2001
From: Sinead O'Sullivan <siosulli@microsoft.com>
Date: Mon, 21 Jun 2021 12:46:24 +0100
Subject: [PATCH 16/61] Update policy-csp-system.md

---
 windows/client-management/mdm/policy-csp-system.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/client-management/mdm/policy-csp-system.md b/windows/client-management/mdm/policy-csp-system.md
index 36cad84743..c19189a66c 100644
--- a/windows/client-management/mdm/policy-csp-system.md
+++ b/windows/client-management/mdm/policy-csp-system.md
@@ -648,7 +648,7 @@ The following list shows the supported values:
 
 This policy setting configures an Azure Active Directory joined device so that Microsoft is the processor of the Windows diagnostic data.
 
-For customers who enroll into the Microsoft Managed Desktop service, this policy will be enabled by default to allow Microsoft to process data for operational and analytic needs. For more information, see [Privacy and personal data - Microsoft Managed Desktop | Microsoft Docs](privacy-personal-data.md).
+For customers who enroll into the Microsoft Managed Desktop service, this policy will be enabled by default to allow Microsoft to process data for operational and analytic needs. For more information, see [Privacy and personal data - Microsoft Managed Desktop | Microsoft Docs](/microsoft-365/managed-desktop/service-description/privacy-personal-data.md).
 
 This setting has no effect on devices unless they are properly enrolled in Microsoft Managed Desktop.
 

From b235ebe8c8421df84a90173b6556e35becf7b33b Mon Sep 17 00:00:00 2001
From: Sinead O'Sullivan <siosulli@microsoft.com>
Date: Mon, 21 Jun 2021 14:45:26 +0100
Subject: [PATCH 17/61] Update policy-csp-system.md

---
 windows/client-management/mdm/policy-csp-system.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/client-management/mdm/policy-csp-system.md b/windows/client-management/mdm/policy-csp-system.md
index c19189a66c..149be2e826 100644
--- a/windows/client-management/mdm/policy-csp-system.md
+++ b/windows/client-management/mdm/policy-csp-system.md
@@ -277,7 +277,7 @@ This policy setting, in combination with the Allow Telemetry and Configure the C
 To enable this behavior, you must complete three steps:
 
 -   Enable this policy setting
--   Set **AllowTelemetry** to 1 – Required (Basic) or above 1
+-   Set **AllowTelemetry** to 1 – Required (Basic) or above
 -   Set the Configure the Commercial ID setting for your Desktop Analytics workspace
 
 This setting has no effect on devices unless they are properly enrolled in Desktop Analytics.
@@ -903,7 +903,7 @@ This policy setting, in combination with the Allow Telemetry and Configure the C
 To enable this behavior, you must complete three steps:
 
 -   Enable this policy setting
--   Set **AllowTelemetry** to 1 – Required (Basic) or above 1
+-   Set **AllowTelemetry** to 1 – **Required (Basic)** or above
 -   Set the Configure the Commercial ID setting for your Update Compliance workspace
 
 When these policies are configured, Windows diagnostic data collected from the device will be subject to Microsoft processor commitments.
@@ -1004,7 +1004,7 @@ This policy setting configures an Azure Active Directory joined device so that M
 To enable this behavior, you must complete three steps:
 
 -   Enable this policy setting
--   Set **AllowTelemetry** to 1 – Required (Basic) or above 1
+-   Set **AllowTelemetry** to 1 – **Required (Basic)** or above
 -   Join an Azure Active Directory account to the device
 
 When these policies are configured, Windows diagnostic data collected from the device will be subject to Microsoft processor commitments.

From d074ecb059aba5a483754965a3fb9c7f097b8813 Mon Sep 17 00:00:00 2001
From: Sinead O'Sullivan <siosulli@microsoft.com>
Date: Mon, 21 Jun 2021 16:16:33 +0100
Subject: [PATCH 18/61] Update policy-csp-system.md

---
 windows/client-management/mdm/policy-csp-system.md | 13 ++++++-------
 1 file changed, 6 insertions(+), 7 deletions(-)

diff --git a/windows/client-management/mdm/policy-csp-system.md b/windows/client-management/mdm/policy-csp-system.md
index 149be2e826..b879108731 100644
--- a/windows/client-management/mdm/policy-csp-system.md
+++ b/windows/client-management/mdm/policy-csp-system.md
@@ -231,13 +231,13 @@ To enable this behavior, you must complete two steps:
 -   Enable this policy setting
 -   Join an Azure Active Directory account to the device
 
-Windows diagnostic data is collected when the **AllowTelemetry** policy setting is set to 1 – Required (Basic) or above.
+Windows diagnostic data is collected when the Allow Telemetry policy setting is set to 1 – **Required (Basic)** or above.
 
-If you disable or do not configure this setting, Microsoft will be the controller of the Windows diagnostic data collected from the device and processed in accordance with Microsoft’s privacy statement at https://go.microsoft.com/fwlink/?LinkId=521839 unless you have enabled policies like Allow Update Compliance Processing or Allow Desktop Analytics Processing.
+If you disable or do not configure this setting, Microsoft will be the controller of the Windows diagnostic data collected from the device and processed in accordance with Microsoft’s [privacy statement](https://go.microsoft.com/fwlink/?LinkId=521839) unless you have enabled policies like Allow Update Compliance Processing or Allow Desktop Analytics Processing.
 
 Configuring this setting does not change the Windows diagnostic data collection level set for the device or the operation of optional analytics processor services like Desktop Analytics and Update Compliance.
 
-See the documentation at https://aka.ms/ConfigureWWD for information on this and other policies that will result in Microsoft being the processor of Windows diagnostic data.
+See the documentation at [ConfigureWWD](https://aka.ms/ConfigureWWD) for information on this and other policies that will result in Microsoft being the processor of Windows diagnostic data.
 
 <!--/Description-->
 <!--ADMXMapped-->
@@ -277,7 +277,7 @@ This policy setting, in combination with the Allow Telemetry and Configure the C
 To enable this behavior, you must complete three steps:
 
 -   Enable this policy setting
--   Set **AllowTelemetry** to 1 – Required (Basic) or above
+-   Set **AllowTelemetry** to 1 – **Required (Basic)** or above
 -   Set the Configure the Commercial ID setting for your Desktop Analytics workspace
 
 This setting has no effect on devices unless they are properly enrolled in Desktop Analytics.
@@ -1764,8 +1764,7 @@ The following list shows the supported values:
 
 <!--/Scope-->
 <!--Description-->
-This policy setting, in combination with the System/AllowTelemetry 
- policy setting, enables organizations to send Microsoft a specific set of diagnostic data for IT insights via Windows Analytics services. 
+This policy setting, in combination with the Allow Telemetry policy setting, enables organizations to send Microsoft a specific set of diagnostic data for IT insights via Windows Analytics services. 
  
 To enable this behavior, you must complete two steps:
 
@@ -1777,7 +1776,7 @@ To enable this behavior, you must complete two steps:
  
 When you configure these policy settings, a basic level of  diagnostic data plus additional events that are required for Windows Analytics are sent to Microsoft. These events are documented here: <a href="/windows/privacy/enhanced-diagnostic-data-windows-analytics-events-and-fields" data-raw-source="[Windows 10, version 1709 enhanced telemetry events and fields used by Windows Analytics](/windows/privacy/enhanced-diagnostic-data-windows-analytics-events-and-fields)">Windows 10, version 1709 enhanced telemetry events and fields used by Windows Analytics</a>.
  
-Enabling enhanced diagnostic data in the System/AllowTelemetry policy in combination with not configuring this policy will also send the required events for Windows Analytics, plus additional enhanced level telemetry data. This setting has no effect on computers configured to send Required (Basic) or Optional (Full) diagnostic data to Microsoft.
+Enabling enhanced diagnostic data in the Allow Telemetry  policy in combination with not configuring this policy will also send the required events for Windows Analytics, plus additional enhanced level telemetry data. This setting has no effect on computers configured to send Required (Basic) or Optional (Full) diagnostic data to Microsoft.
    
 If you disable or do not configure this policy setting, then the level of diagnostic data sent to Microsoft is determined by the System/AllowTelemetry policy.
 

From fbd691a0183bb23582c11491bef1c242689c1d6b Mon Sep 17 00:00:00 2001
From: Sinead O'Sullivan <siosulli@microsoft.com>
Date: Mon, 21 Jun 2021 16:27:11 +0100
Subject: [PATCH 19/61] Update policy-csp-system.md

---
 windows/client-management/mdm/policy-csp-system.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/client-management/mdm/policy-csp-system.md b/windows/client-management/mdm/policy-csp-system.md
index b879108731..7336fae115 100644
--- a/windows/client-management/mdm/policy-csp-system.md
+++ b/windows/client-management/mdm/policy-csp-system.md
@@ -272,7 +272,7 @@ The following list shows the supported values:
 <!--/Scope-->
 <!--Description-->
 
-This policy setting, in combination with the Allow Telemetry and Configure the Commercial ID, enables organizations to configure the device so that Microsoft is the processor for Windows diagnostic data collected from the device, subject to the Product Terms.
+This policy setting, in combination with the Allow Telemetry and Configure the Commercial ID policy settings, enables organizations to configure the device so that Microsoft is the processor for Windows diagnostic data collected from the device, subject to the Product Terms.
 
 To enable this behavior, you must complete three steps:
 
@@ -898,7 +898,7 @@ ADMX Info:
 <!--/Scope-->
 <!--Description-->
 
-This policy setting, in combination with the Allow Telemetry and Configure the Commercial ID, enables organizations to configure the device so that Microsoft is the processor of the Windows diagnostic data collected from the device, subject to the Product Terms.
+This policy setting, in combination with the Allow Telemetry and Configure the Commercial ID policy settings, enables organizations to configure the device so that Microsoft is the processor of the Windows diagnostic data collected from the device, subject to the Product Terms.
 
 To enable this behavior, you must complete three steps:
 

From f18c6b40cad1b33dc34ec88253677dfe4068bcb5 Mon Sep 17 00:00:00 2001
From: Sinead O'Sullivan <siosulli@microsoft.com>
Date: Mon, 21 Jun 2021 16:35:32 +0100
Subject: [PATCH 20/61] Update policy-csp-system.md

---
 windows/client-management/mdm/policy-csp-system.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/client-management/mdm/policy-csp-system.md b/windows/client-management/mdm/policy-csp-system.md
index 7336fae115..68a2c05711 100644
--- a/windows/client-management/mdm/policy-csp-system.md
+++ b/windows/client-management/mdm/policy-csp-system.md
@@ -657,10 +657,10 @@ When these policies are configured, Windows diagnostic data collected from the d
 If you disable this policy setting, devices may not appear in Microsoft Managed Desktop.
 
 >[!IMPORTANT]
-
-> You should not disable or make changes to this policy as that will severely impact the ability of Microsoft Managed Desktop to manage the devices. 
+> You should not disable or make changes to this policy as that will severely impact the ability of Microsoft Managed Desktop to manage the devices.
 
 <hr/>
+
 <!--Policy-->
 <a href="" id="system-allowstoragecard"></a>**System/AllowStorageCard**  
 

From 21f573f0e47e9e85938b128248927a49f433b529 Mon Sep 17 00:00:00 2001
From: Sinead O'Sullivan <siosulli@microsoft.com>
Date: Mon, 21 Jun 2021 16:40:42 +0100
Subject: [PATCH 21/61] Update policy-csp-system.md

---
 windows/client-management/mdm/policy-csp-system.md | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/windows/client-management/mdm/policy-csp-system.md b/windows/client-management/mdm/policy-csp-system.md
index 68a2c05711..766e283570 100644
--- a/windows/client-management/mdm/policy-csp-system.md
+++ b/windows/client-management/mdm/policy-csp-system.md
@@ -56,7 +56,7 @@ manager: dansimp
     <a href="#system-allowtelemetry">System/AllowTelemetry</a>
   </dd>
   <dd>
-    <a href="#system-allowUpdateComplianceProcessing">System/AllowUpdateComplianceProcessing</a>
+    <a href="#system-allowupdatecomplianceprocessing">System/AllowUpdateComplianceProcessing</a>
   </dd>
   <dd>
     <a href="#system-allowusertoresetphone">System/AllowUserToResetPhone</a>
@@ -801,7 +801,8 @@ The following list shows the supported values for Windows 8.1:
 In Windows 10, you can configure this policy setting to decide what level of diagnostic data to send to Microsoft.
 
 The following list shows the supported values for Windows 10 version 1809 and older, choose the value that is applicable to your OS version (older OS values are displayed in the brackets):
--   0 – **Off (Security)** This turns Windows diagnostic data off.  
+
+-   0 – **Off (Security)** This turns Windows diagnostic data off.
     **Note**: This value is only applicable to Windows 10 Enterprise, Windows 10 Education, Windows 10 IoT Core (IoT Core), HoloLens 2, and Windows Server 2016 (and later versions). Using this setting on other devices editions of Windows is equivalent to setting the value of 1.
 -   1 – **Required (Basic)** Sends basic device info, including quality-related data, app compatibility, and other similar data to keep the device secure and up-to-date.
 -   2 – (**Enhanced**) Sends the same data as a value of 1, plus additional insights, including how Windows apps are used, how they perform, and advanced reliability data, such as limited crash dumps.  
@@ -854,7 +855,7 @@ ADMX Info:
 <hr/>
 
 <!--Policy-->
-<a href="" id="system-allowUpdateComplianceProcessing"></a>**System/AllowUpdateComplianceProcessing**  
+<a href="" id="system-allowupdatecomplianceprocessing"></a>**System/AllowUpdateComplianceProcessing**  
 
 <!--SupportedSKUs-->
 <table>

From cbad357f3183fc6e0ddb449aba1b72f50c11a548 Mon Sep 17 00:00:00 2001
From: Sinead O'Sullivan <siosulli@microsoft.com>
Date: Mon, 21 Jun 2021 16:40:52 +0100
Subject: [PATCH 22/61] Update policy-csp-system.md

---
 windows/client-management/mdm/policy-csp-system.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/windows/client-management/mdm/policy-csp-system.md b/windows/client-management/mdm/policy-csp-system.md
index 766e283570..6443af10bb 100644
--- a/windows/client-management/mdm/policy-csp-system.md
+++ b/windows/client-management/mdm/policy-csp-system.md
@@ -657,6 +657,7 @@ When these policies are configured, Windows diagnostic data collected from the d
 If you disable this policy setting, devices may not appear in Microsoft Managed Desktop.
 
 >[!IMPORTANT]
+
 > You should not disable or make changes to this policy as that will severely impact the ability of Microsoft Managed Desktop to manage the devices.
 
 <hr/>

From 92a5cbe7b46044ad7c91c55d4f7de5a46bd74fec Mon Sep 17 00:00:00 2001
From: Sinead O'Sullivan <siosulli@microsoft.com>
Date: Mon, 21 Jun 2021 16:43:33 +0100
Subject: [PATCH 23/61] Update policy-csp-system.md

---
 windows/client-management/mdm/policy-csp-system.md | 1 -
 1 file changed, 1 deletion(-)

diff --git a/windows/client-management/mdm/policy-csp-system.md b/windows/client-management/mdm/policy-csp-system.md
index 6443af10bb..766e283570 100644
--- a/windows/client-management/mdm/policy-csp-system.md
+++ b/windows/client-management/mdm/policy-csp-system.md
@@ -657,7 +657,6 @@ When these policies are configured, Windows diagnostic data collected from the d
 If you disable this policy setting, devices may not appear in Microsoft Managed Desktop.
 
 >[!IMPORTANT]
-
 > You should not disable or make changes to this policy as that will severely impact the ability of Microsoft Managed Desktop to manage the devices.
 
 <hr/>

From 6490ee28f6d7c7c4d1a202416f8a4b44e3cc887e Mon Sep 17 00:00:00 2001
From: Sinead O'Sullivan <siosulli@microsoft.com>
Date: Mon, 21 Jun 2021 16:47:56 +0100
Subject: [PATCH 24/61] Update policy-csp-system.md

---
 windows/client-management/mdm/policy-csp-system.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/client-management/mdm/policy-csp-system.md b/windows/client-management/mdm/policy-csp-system.md
index 766e283570..71b47496b8 100644
--- a/windows/client-management/mdm/policy-csp-system.md
+++ b/windows/client-management/mdm/policy-csp-system.md
@@ -657,8 +657,8 @@ When these policies are configured, Windows diagnostic data collected from the d
 If you disable this policy setting, devices may not appear in Microsoft Managed Desktop.
 
 >[!IMPORTANT]
-> You should not disable or make changes to this policy as that will severely impact the ability of Microsoft Managed Desktop to manage the devices.
 
+> You should not disable or make changes to this policy as that will severely impact the ability of Microsoft Managed Desktop to manage the devices.
 <hr/>
 
 <!--Policy-->

From 0f75888d9b2259f5e0de1dc080ba46e15b6ff8a5 Mon Sep 17 00:00:00 2001
From: Sinead O'Sullivan <siosulli@microsoft.com>
Date: Mon, 21 Jun 2021 16:52:05 +0100
Subject: [PATCH 25/61] Update policy-csp-system.md

---
 windows/client-management/mdm/policy-csp-system.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/client-management/mdm/policy-csp-system.md b/windows/client-management/mdm/policy-csp-system.md
index 71b47496b8..766e283570 100644
--- a/windows/client-management/mdm/policy-csp-system.md
+++ b/windows/client-management/mdm/policy-csp-system.md
@@ -657,8 +657,8 @@ When these policies are configured, Windows diagnostic data collected from the d
 If you disable this policy setting, devices may not appear in Microsoft Managed Desktop.
 
 >[!IMPORTANT]
-
 > You should not disable or make changes to this policy as that will severely impact the ability of Microsoft Managed Desktop to manage the devices.
+
 <hr/>
 
 <!--Policy-->

From 26809832d8713b27cfbff76bbec99d77a988873f Mon Sep 17 00:00:00 2001
From: Sinead O'Sullivan <siosulli@microsoft.com>
Date: Mon, 21 Jun 2021 16:58:23 +0100
Subject: [PATCH 26/61] Update policy-csp-system.md

---
 .../mdm/policy-csp-system.md                  | 26 +++++++++----------
 1 file changed, 13 insertions(+), 13 deletions(-)

diff --git a/windows/client-management/mdm/policy-csp-system.md b/windows/client-management/mdm/policy-csp-system.md
index 766e283570..74b876af4f 100644
--- a/windows/client-management/mdm/policy-csp-system.md
+++ b/windows/client-management/mdm/policy-csp-system.md
@@ -228,8 +228,8 @@ This policy setting configures an Azure Active Directory joined device so that M
 
 To enable this behavior, you must complete two steps:
 
--   Enable this policy setting
--   Join an Azure Active Directory account to the device
+ 1. Enable this policy setting
+ 2. Join an Azure Active Directory account to the device
 
 Windows diagnostic data is collected when the Allow Telemetry policy setting is set to 1 – **Required (Basic)** or above.
 
@@ -276,9 +276,9 @@ This policy setting, in combination with the Allow Telemetry and Configure the C
 
 To enable this behavior, you must complete three steps:
 
--   Enable this policy setting
--   Set **AllowTelemetry** to 1 – **Required (Basic)** or above
--   Set the Configure the Commercial ID setting for your Desktop Analytics workspace
+ 1. Enable this policy setting
+ 2. Set **AllowTelemetry** to 1 – **Required (Basic)** or above
+ 3. Set the Configure the Commercial ID setting for your Desktop Analytics workspace
 
 This setting has no effect on devices unless they are properly enrolled in Desktop Analytics.
 
@@ -903,9 +903,9 @@ This policy setting, in combination with the Allow Telemetry and Configure the C
 
 To enable this behavior, you must complete three steps:
 
--   Enable this policy setting
--   Set **AllowTelemetry** to 1 – **Required (Basic)** or above
--   Set the Configure the Commercial ID setting for your Update Compliance workspace
+ 1. Enable this policy setting
+ 2. Set **AllowTelemetry** to 1 – **Required (Basic)** or above
+ 3. Set the Configure the Commercial ID setting for your Update Compliance workspace
 
 When these policies are configured, Windows diagnostic data collected from the device will be subject to Microsoft processor commitments.
 
@@ -1004,9 +1004,9 @@ This policy setting configures an Azure Active Directory joined device so that M
 
 To enable this behavior, you must complete three steps:
 
--   Enable this policy setting
--   Set **AllowTelemetry** to 1 – **Required (Basic)** or above
--   Join an Azure Active Directory account to the device
+ 1. Enable this policy setting
+ 2. Set **AllowTelemetry** to 1 – **Required (Basic)** or above
+ 3. Join an Azure Active Directory account to the device
 
 When these policies are configured, Windows diagnostic data collected from the device will be subject to Microsoft processor commitments.
 
@@ -1769,8 +1769,8 @@ This policy setting, in combination with the Allow Telemetry policy setting, ena
  
 To enable this behavior, you must complete two steps:
 
--   Enable this policy setting
--   Set the **AllowTelemetry** level:
+ 1. Enable this policy setting
+ 2. Set the **AllowTelemetry** level:
     - For Windows 10 version 1809 and older: set **AllowTelemetry** to Enhanced. (**Note**: **Enhanced** is no longer an option for Windows Holographic, version 21H1)
     - For Windows 10 version 19H1 and later: set **AllowTelemetry** to Optional (Full)
 

From ff1f1a9d6aad7464fa236d97408e0830397b2f7b Mon Sep 17 00:00:00 2001
From: Sinead O'Sullivan <siosulli@microsoft.com>
Date: Mon, 21 Jun 2021 17:30:23 +0100
Subject: [PATCH 27/61] dpsw updates

---
 windows/client-management/mdm/policy-csp-system.md |  2 +-
 ...windows-diagnostic-data-in-your-organization.md | 14 +++++++-------
 .../privacy/windows-10-and-privacy-compliance.md   |  2 +-
 3 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/windows/client-management/mdm/policy-csp-system.md b/windows/client-management/mdm/policy-csp-system.md
index 74b876af4f..2c16e189c8 100644
--- a/windows/client-management/mdm/policy-csp-system.md
+++ b/windows/client-management/mdm/policy-csp-system.md
@@ -648,7 +648,7 @@ The following list shows the supported values:
 
 This policy setting configures an Azure Active Directory joined device so that Microsoft is the processor of the Windows diagnostic data.
 
-For customers who enroll into the Microsoft Managed Desktop service, this policy will be enabled by default to allow Microsoft to process data for operational and analytic needs. For more information, see [Privacy and personal data - Microsoft Managed Desktop | Microsoft Docs](/microsoft-365/managed-desktop/service-description/privacy-personal-data.md).
+For customers who enroll into the Microsoft Managed Desktop service, this policy will be enabled by default to allow Microsoft to process data for operational and analytic needs. For more information, see [Privacy and personal data - Microsoft Managed Desktop](/microsoft-365/managed-desktop/service-description/privacy-personal-data.md).
 
 This setting has no effect on devices unless they are properly enrolled in Microsoft Managed Desktop.
 
diff --git a/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md b/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md
index 033030780e..e1399e402a 100644
--- a/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md
+++ b/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md
@@ -271,22 +271,22 @@ For information on these services and how to configure the group policies, refer
 
 Desktop Analytics:
 
-- [Enable data sharing - Configuration Manager | Microsoft Docs](/mem/configmgr/desktop-analytics/enable-data-sharing)
-- [Desktop Analytics data privacy - Configuration Manager | Microsoft Docs](/mem/configmgr/desktop-analytics/privacy)
-- [Group policy settings - Configuration Manager | Microsoft Docs](/mem/configmgr/desktop-analytics/group-policy-settings)
+- [Enable data sharing](/mem/configmgr/desktop-analytics/enable-data-sharing)
+- [Desktop Analytics data privacy](/mem/configmgr/desktop-analytics/privacy)
+- [Group policy settings](/mem/configmgr/desktop-analytics/group-policy-settings)
 
 Update Compliance:
 
-- [Privacy in Update Compliance - Windows Deployment | Microsoft Docs](/windows/deployment/update/update-compliance-privacy)
-- [Manually configuring devices for Update Compliance - Windows Deployment | Microsoft Docs](/windows/deployment/update/update-compliance-configuration-manual#required-policies)
+- [Privacy in Update Compliance](/windows/deployment/update/update-compliance-privacy)
+- [Manually configuring devices for Update Compliance](/windows/deployment/update/update-compliance-configuration-manual#required-policies)
 
 Microsoft Managed Desktop:
 
-- [Privacy and personal data - Microsoft Managed Desktop | Microsoft Docs](/microsoft-365/managed-desktop/service-description/privacy-personal-data)
+- [Privacy and personal data - Microsoft Managed Desktop](/microsoft-365/managed-desktop/service-description/privacy-personal-data)
 
 Windows Update for Business:
 
-- [Windows Update for Business deployment service - Windows Deployment | Microsoft Docs](/windows/deployment/update/deployment-service-overview#how-to-enable-deployment-protections)
+- [Windows Update for Business deployment service](/windows/deployment/update/deployment-service-overview#how-to-enable-deployment-protections)
 
 ## Limit optional diagnostic data for Desktop Analytics
 
diff --git a/windows/privacy/windows-10-and-privacy-compliance.md b/windows/privacy/windows-10-and-privacy-compliance.md
index 9d66846576..b75beff331 100644
--- a/windows/privacy/windows-10-and-privacy-compliance.md
+++ b/windows/privacy/windows-10-and-privacy-compliance.md
@@ -175,7 +175,7 @@ We recommend that IT administrators who have enabled the Windows diagnostic data
 
 Specific services that depend on Windows diagnostic data will also result in the enterprise becoming controllers of their Windows diagnostic data. These services include Update Compliance, Desktop Analytics, and Microsoft Managed Devices. For more information, see [Related Windows product considerations](#5-related-windows-product-considerations).
 
-For more information on how Microsoft can help you honor rights and fulfill obligations under the GDPR when using Windows diagnostic data processor configurations, see [General Data Protection Regulation - Microsoft GDPR | Microsoft Docs](/compliance/regulatory/gdpr).
+For more information on how Microsoft can help you honor rights and fulfill obligations under the GDPR when using Windows diagnostic data processor configurations, see [General Data Protection Regulation Summary](/compliance/regulatory/gdpr).
 
 ## 3. The process for exercising data subject rights
 

From 0a665b0078552a7d72dfd7b721edbc5700c5fde4 Mon Sep 17 00:00:00 2001
From: Sinead O'Sullivan <siosulli@microsoft.com>
Date: Mon, 21 Jun 2021 17:40:57 +0100
Subject: [PATCH 28/61] dpsw updates

---
 windows/client-management/mdm/policy-csp-system.md        | 2 +-
 ...figure-windows-diagnostic-data-in-your-organization.md | 8 ++++----
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/windows/client-management/mdm/policy-csp-system.md b/windows/client-management/mdm/policy-csp-system.md
index 2c16e189c8..934e125625 100644
--- a/windows/client-management/mdm/policy-csp-system.md
+++ b/windows/client-management/mdm/policy-csp-system.md
@@ -648,7 +648,7 @@ The following list shows the supported values:
 
 This policy setting configures an Azure Active Directory joined device so that Microsoft is the processor of the Windows diagnostic data.
 
-For customers who enroll into the Microsoft Managed Desktop service, this policy will be enabled by default to allow Microsoft to process data for operational and analytic needs. For more information, see [Privacy and personal data - Microsoft Managed Desktop](/microsoft-365/managed-desktop/service-description/privacy-personal-data.md).
+For customers who enroll into the Microsoft Managed Desktop service, this policy will be enabled by default to allow Microsoft to process data for operational and analytic needs. For more information, see [Privacy and personal data](/microsoft-365/managed-desktop/service-description/privacy-personal-data.md).
 
 This setting has no effect on devices unless they are properly enrolled in Microsoft Managed Desktop.
 
diff --git a/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md b/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md
index e1399e402a..25b389048a 100644
--- a/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md
+++ b/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md
@@ -271,9 +271,9 @@ For information on these services and how to configure the group policies, refer
 
 Desktop Analytics:
 
-- [Enable data sharing](/mem/configmgr/desktop-analytics/enable-data-sharing)
+- [Enable data sharing for Desktop Analytics](/mem/configmgr/desktop-analytics/enable-data-sharing)
 - [Desktop Analytics data privacy](/mem/configmgr/desktop-analytics/privacy)
-- [Group policy settings](/mem/configmgr/desktop-analytics/group-policy-settings)
+- [Group policy settings for Desktop Analytics](/mem/configmgr/desktop-analytics/group-policy-settings)
 
 Update Compliance:
 
@@ -282,11 +282,11 @@ Update Compliance:
 
 Microsoft Managed Desktop:
 
-- [Privacy and personal data - Microsoft Managed Desktop](/microsoft-365/managed-desktop/service-description/privacy-personal-data)
+- [Privacy and personal data](/microsoft-365/managed-desktop/service-description/privacy-personal-data)
 
 Windows Update for Business:
 
-- [Windows Update for Business deployment service](/windows/deployment/update/deployment-service-overview#how-to-enable-deployment-protections)
+- [How to enable deployment protections](/windows/deployment/update/deployment-service-overview#how-to-enable-deployment-protections)
 
 ## Limit optional diagnostic data for Desktop Analytics
 

From 1f63e30538e368bba8f7804d7d131e3d0d940f8d Mon Sep 17 00:00:00 2001
From: Sinead O'Sullivan <siosulli@microsoft.com>
Date: Mon, 21 Jun 2021 17:53:58 +0100
Subject: [PATCH 29/61] Update policy-csp-system.md

---
 windows/client-management/mdm/policy-csp-system.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/client-management/mdm/policy-csp-system.md b/windows/client-management/mdm/policy-csp-system.md
index 934e125625..641739b466 100644
--- a/windows/client-management/mdm/policy-csp-system.md
+++ b/windows/client-management/mdm/policy-csp-system.md
@@ -237,7 +237,7 @@ If you disable or do not configure this setting, Microsoft will be the controlle
 
 Configuring this setting does not change the Windows diagnostic data collection level set for the device or the operation of optional analytics processor services like Desktop Analytics and Update Compliance.
 
-See the documentation at [ConfigureWWD](https://aka.ms/ConfigureWWD) for information on this and other policies that will result in Microsoft being the processor of Windows diagnostic data.
+See the documentation at [ConfigureWDD](https://aka.ms/ConfigureWDD) for information on this and other policies that will result in Microsoft being the processor of Windows diagnostic data.
 
 <!--/Description-->
 <!--ADMXMapped-->

From 665bbb05d938f640924b6f83e18e5dbc65f781f7 Mon Sep 17 00:00:00 2001
From: Sinead O'Sullivan <siosulli@microsoft.com>
Date: Tue, 22 Jun 2021 16:03:34 +0100
Subject: [PATCH 30/61] Update policy-csp-system.md

---
 windows/client-management/mdm/policy-csp-system.md | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/windows/client-management/mdm/policy-csp-system.md b/windows/client-management/mdm/policy-csp-system.md
index 641739b466..276a6d4d84 100644
--- a/windows/client-management/mdm/policy-csp-system.md
+++ b/windows/client-management/mdm/policy-csp-system.md
@@ -286,6 +286,14 @@ When these policies are configured, Windows diagnostic data collected from the d
 
 If you disable or do not configure this policy setting, devices will not appear in Desktop Analytics.
 
+The following list shows the supported values:
+
+-   0 (default) – Disabled.
+-   2 – Allowed.
+
+
+<!--/Policy-->
+
 <hr/>
 
 <!--Policy-->

From b915fcd508c19e17ede088707e2fff4770a5c2ef Mon Sep 17 00:00:00 2001
From: Sinead O'Sullivan <siosulli@microsoft.com>
Date: Thu, 24 Jun 2021 10:55:29 +0100
Subject: [PATCH 31/61] Update policy-csp-system.md

---
 .../mdm/policy-csp-system.md                  | 96 -------------------
 1 file changed, 96 deletions(-)

diff --git a/windows/client-management/mdm/policy-csp-system.md b/windows/client-management/mdm/policy-csp-system.md
index 276a6d4d84..5437a4ae9e 100644
--- a/windows/client-management/mdm/policy-csp-system.md
+++ b/windows/client-management/mdm/policy-csp-system.md
@@ -125,10 +125,6 @@ manager: dansimp
     <td>Pro</td>
     <td><img src="images/checkmark.png" alt="check mark" /></td>
 </tr>
-<tr>
-    <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
 <tr>
     <td>Enterprise</td>
     <td><img src="images/checkmark.png" alt="check mark" /></td>
@@ -197,10 +193,6 @@ The following list shows the supported values:
     <td>Pro</td>
     <td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
 </tr>
-<tr>
-    <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
-</tr>
 <tr>
     <td>Enterprise</td>
     <td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
@@ -313,10 +305,6 @@ The following list shows the supported values:
     <td>Pro</td>
     <td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
 </tr>
-<tr>
-    <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
-</tr>
 <tr>
     <td>Enterprise</td>
     <td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
@@ -386,10 +374,6 @@ The following list shows the supported values:
     <td>Pro</td>
     <td><img src="images/checkmark.png" alt="check mark" /></td>
 </tr>
-<tr>
-    <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
 <tr>
     <td>Enterprise</td>
     <td><img src="images/checkmark.png" alt="check mark" /></td>
@@ -446,10 +430,6 @@ The following list shows the supported values:
     <td>Pro</td>
     <td><img src="images/checkmark.png" alt="check mark" /></td>
 </tr>
-<tr>
-    <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
 <tr>
     <td>Enterprise</td>
     <td><img src="images/checkmark.png" alt="check mark" /></td>
@@ -511,10 +491,6 @@ The following list shows the supported values:
     <td>Pro</td>
     <td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
 </tr>
-<tr>
-    <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-</tr>
 <tr>
     <td>Enterprise</td>
     <td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
@@ -590,10 +566,6 @@ To verify if System/AllowFontProviders is set to true:
     <td>Pro</td>
     <td><img src="images/checkmark.png" alt="check mark" /></td>
 </tr>
-<tr>
-    <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
 <tr>
     <td>Enterprise</td>
     <td><img src="images/checkmark.png" alt="check mark" /></td>
@@ -686,10 +658,6 @@ If you disable this policy setting, devices may not appear in Microsoft Managed
     <td>Pro</td>
     <td><img src="images/checkmark.png" alt="check mark" /></td>
 </tr>
-<tr>
-    <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
 <tr>
     <td>Enterprise</td>
     <td><img src="images/checkmark.png" alt="check mark" /></td>
@@ -746,10 +714,6 @@ The following list shows the supported values:
     <td>Pro</td>
     <td><img src="images/checkmark.png" alt="check mark" /></td>
 </tr>
-<tr>
-    <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
 <tr>
     <td>Enterprise</td>
     <td><img src="images/checkmark.png" alt="check mark" /></td>
@@ -879,10 +843,6 @@ ADMX Info:
     <td>Pro</td>
     <td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
 </tr>
-<tr>
-    <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
-</tr>
 <tr>
     <td>Enterprise</td>
     <td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
@@ -957,10 +917,6 @@ The following list shows the supported values:
     <td>Pro</td>
     <td><img src="images/checkmark.png" alt="check mark" /></td>
 </tr>
-<tr>
-    <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
 <tr>
     <td>Enterprise</td>
     <td><img src="images/checkmark.png" alt="check mark" /></td>
@@ -1039,10 +995,6 @@ If you disable or do not configure this policy setting, devices enrolled to the
     <td>Pro</td>
     <td><img src="images/checkmark.png" alt="check mark" /></td>
 </tr>
-<tr>
-    <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
 <tr>
     <td>Enterprise</td>
     <td><img src="images/checkmark.png" alt="check mark" /></td>
@@ -1115,10 +1067,6 @@ ADMX Info:
     <td>Pro</td>
     <td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
 </tr>
-<tr>
-    <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
-</tr>
 <tr>
     <td>Enterprise</td>
     <td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
@@ -1189,10 +1137,6 @@ ADMX Info:
     <td>Pro</td>
     <td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
 </tr>
-<tr>
-    <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
-</tr>
 <tr>
     <td>Enterprise</td>
     <td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
@@ -1256,10 +1200,6 @@ The following list shows the supported values:
     <td>Pro</td>
     <td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
 </tr>
-<tr>
-    <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
-</tr>
 <tr>
     <td>Enterprise</td>
     <td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
@@ -1328,10 +1268,6 @@ The following list shows the supported values:
     <td>Pro</td>
     <td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
 </tr>
-<tr>
-    <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
-</tr>
 <tr>
     <td>Enterprise</td>
     <td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
@@ -1399,10 +1335,6 @@ ADMX Info:
     <td>Pro</td>
     <td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
 </tr>
-<tr>
-    <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
-</tr>
 <tr>
     <td>Enterprise</td>
     <td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
@@ -1470,10 +1402,6 @@ ADMX Info:
     <td>Pro</td>
     <td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
 </tr>
-<tr>
-    <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
-</tr>
 <tr>
     <td>Enterprise</td>
     <td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
@@ -1530,10 +1458,6 @@ ADMX Info:
     <td>Pro</td>
     <td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
 </tr>
-<tr>
-    <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-</tr>
 <tr>
     <td>Enterprise</td>
     <td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
@@ -1612,10 +1536,6 @@ To validate on Desktop, do the following:
     <td>Pro</td>
     <td><img src="images/checkmark.png" alt="check mark" /></td>
 </tr>
-<tr>
-    <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
 <tr>
     <td>Enterprise</td>
     <td><img src="images/checkmark.png" alt="check mark" /></td>
@@ -1688,10 +1608,6 @@ ADMX Info:
     <td>Pro</td>
     <td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
 </tr>
-<tr>
-    <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
-</tr>
 <tr>
     <td>Enterprise</td>
     <td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
@@ -1746,10 +1662,6 @@ The following list shows the supported values:
     <td>Pro</td>
     <td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
 </tr>
-<tr>
-    <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
-</tr>
 <tr>
     <td>Enterprise</td>
     <td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
@@ -1820,10 +1732,6 @@ ADMX Info:
     <td>Pro</td>
     <td><img src="images/checkmark.png" alt="check mark" /></td>
 </tr>
-<tr>
-    <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
 <tr>
     <td>Enterprise</td>
     <td><img src="images/checkmark.png" alt="check mark" /></td>
@@ -1882,10 +1790,6 @@ ADMX Info:
     <td>Pro</td>
     <td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
 </tr>
-<tr>
-    <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
-</tr>
 <tr>
     <td>Enterprise</td>
     <td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>

From 2cf7921e7559caccf3b41501d549254e522a586b Mon Sep 17 00:00:00 2001
From: Sinead O'Sullivan <siosulli@microsoft.com>
Date: Thu, 24 Jun 2021 11:00:58 +0100
Subject: [PATCH 32/61] Update policy-csp-system.md

---
 windows/client-management/mdm/policy-csp-system.md | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/windows/client-management/mdm/policy-csp-system.md b/windows/client-management/mdm/policy-csp-system.md
index 5437a4ae9e..7b1b43d816 100644
--- a/windows/client-management/mdm/policy-csp-system.md
+++ b/windows/client-management/mdm/policy-csp-system.md
@@ -123,7 +123,7 @@ manager: dansimp
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup>11</sup></td>
 </tr>
 <tr>
     <td>Enterprise</td>
@@ -191,7 +191,7 @@ The following list shows the supported values:
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup><sup>11</sup></td>
 </tr>
 <tr>
     <td>Enterprise</td>
@@ -1855,5 +1855,6 @@ Footnotes:
 - 8 - Available in Windows 10, version 2004.
 - 9 - Available in Windows 10, version 20H2.
 - 10 - Available in Windows 10, version 21H1.
+- 11 - Also applies to Windows 10 Business.
 
 <!--/Policies-->

From dcb6afdeb3d9678cd3f309198fabefebce739a88 Mon Sep 17 00:00:00 2001
From: Sinead O'Sullivan <siosulli@microsoft.com>
Date: Thu, 24 Jun 2021 11:12:11 +0100
Subject: [PATCH 33/61] Update policy-csp-system.md

---
 windows/client-management/mdm/policy-csp-system.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/client-management/mdm/policy-csp-system.md b/windows/client-management/mdm/policy-csp-system.md
index 7b1b43d816..2a6aaac456 100644
--- a/windows/client-management/mdm/policy-csp-system.md
+++ b/windows/client-management/mdm/policy-csp-system.md
@@ -191,7 +191,7 @@ The following list shows the supported values:
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup><sup>11</sup></td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup>  <sup>11</sup></td>
 </tr>
 <tr>
     <td>Enterprise</td>

From 61d096380db60f3105e32860f97ca5ba51f09567 Mon Sep 17 00:00:00 2001
From: Sinead O'Sullivan <siosulli@microsoft.com>
Date: Thu, 24 Jun 2021 16:35:12 +0100
Subject: [PATCH 34/61] Update windows-10-and-privacy-compliance.md

---
 windows/privacy/windows-10-and-privacy-compliance.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/privacy/windows-10-and-privacy-compliance.md b/windows/privacy/windows-10-and-privacy-compliance.md
index b75beff331..22f9a75bed 100644
--- a/windows/privacy/windows-10-and-privacy-compliance.md
+++ b/windows/privacy/windows-10-and-privacy-compliance.md
@@ -89,7 +89,7 @@ The following table provides an overview of the privacy settings discussed earli
 | [Speech](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-speech) | Group Policy:<br />**Computer Configuration** > **Control Panel** > **Regional and Language Options** > **Allow users to enable online speech recognition services**<br /><br />MDM: [Privacy/AllowInputPersonalization](/windows/client-management/mdm/policy-csp-privacy#privacy-allowinputpersonalization) | Off | Off |
 | [Location](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-location) | Group Policy:<br />**Computer Configuration** > **Windows Components** > **App Privacy** > **Let Windows apps access location**<br /><br />MDM: [Privacy/LetAppsAccessLocation](/windows/client-management/mdm/policy-csp-privacy#privacy-allowinputpersonalization) | Off (Windows 10, version 1903 and later) | Off |
 | [Find my device](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#find-my-device) | Group Policy:<br />**Computer Configuration** > **Windows Components** > **Find My Device** > **Turn On/Off Find My Device**<br /><br />MDM: [Experience/AllFindMyDevice](/windows/client-management/mdm/policy-csp-experience#experience-allowfindmydevice) | Off | Off |
-| [Diagnostic Data](configure-windows-diagnostic-data-in-your-organization.md#manage-enterprise-diagnostic-data) | Group Policy:<br />**Computer Configuration** > **Windows Components** > **Data Collection and Preview Builds** > **Allow Telemetry**<br /><br />MDM: [System/AllowTelemetry](/windows/client-management/mdm/policy-csp-system#system-allowtelemetry)<br /><br />**Note**: If you are planning to configure devices, using the Windows diagnostic data processor configuration option, the recommended state to minimize data collection is not applicable. See [Enabling the Windows diagnostic data processor configuration](#238-diagnostic-data-enabling-the-windows-diagnostic-data-processor-configuration) below for more information. | Required diagnostic data (Windows 10, version 1903 and later)<br /><br />Server editions:<br />Enhanced diagnostic data | Security (Off) and block endpoints |
+| [Diagnostic Data](configure-windows-diagnostic-data-in-your-organization.md#manage-enterprise-diagnostic-data) | Group Policy:<br />**Computer Configuration** > **Windows Components** > **Data Collection and Preview Builds** > **Allow Telemetry**<br /><br />MDM: [System/AllowTelemetry](/windows/client-management/mdm/policy-csp-system#system-allowtelemetry)<br /><br />**Note**: If you are planning to configure devices, using the Windows diagnostic data processor configuration option, the state to minimize data collection is not recommended. See [Enabling the Windows diagnostic data processor configuration](#238-diagnostic-data-enabling-the-windows-diagnostic-data-processor-configuration) below for more information. | Required diagnostic data (Windows 10, version 1903 and later)<br /><br />Server editions:<br />Enhanced diagnostic data | Security (Off) and block endpoints |
 | [Inking and typing diagnostics](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-ink) | Group Policy:<br />**Computer Configuration** > **Windows Components** > **Text Input** > **Improve inking and typing recognition**<br /><br />MDM: [TextInput/AllowLinguisticDataCollection](/windows/client-management/mdm/policy-csp-textinput#textinput-allowlinguisticdatacollection) | Off (Windows 10, version 1809 and later) | Off | 
 | Tailored Experiences | Group Policy:<br />**User Configuration** > **Windows Components** > **Cloud Content** > **Do not use diagnostic data for tailored experiences**<br /><br />MDM: [Experience/AllowTailoredExperiencesWithDiagnosticData](/windows/client-management/mdm/policy-csp-experience#experience-allowtailoredexperienceswithdiagnosticdata) | Off | Off | 
 | Advertising ID | Group Policy:<br />**Computer Configuration** > **System** > **User Profile** > **Turn off the advertising Id**<br /><br />MDM: [Privacy/DisableAdvertisingId](/windows/client-management/mdm/policy-csp-privacy#privacy-disableadvertisingid) | Off | Off | 
@@ -161,7 +161,7 @@ An administrator can disable a user’s ability to delete their device’s diagn
 
 - Windows 10 Enterprise, Pro, Education editions, version 1809 with July 2021 update and newer
 
-The Windows diagnostic data processor configuration enables IT administrators to be the controller, under the definition of the European Union General Data Protection Regulation (GDPR), for the Windows diagnostic data collected from Windows 10 devices that are Azure Active Directory (AAD) joined and meet the configuration requirements. For more information, see [Enable Windows diagnostic data processor configuration](configure-windows-diagnostic-data-in-your-organization.md#enable-windows-diagnostic-data-processor-configuration) in [Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md). Diagnostic data does not include data processed by Microsoft with the use of essential services and connected experiences in Windows.
+The Windows diagnostic data processor configuration enables IT administrators to be the controller, under the definition of the European Union General Data Protection Regulation (GDPR), for the Windows diagnostic data collected from Windows 10 devices that are Azure Active Directory (AAD) joined and meet the configuration requirements. For more information, see [Enable Windows diagnostic data processor configuration](configure-windows-diagnostic-data-in-your-organization.md#enable-windows-diagnostic-data-processor-configuration) in [Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md). Windows diagnostic data does not include data processed by Microsoft in connection with providing the service based capabilities of essential services and connected experiences.
 
 The Windows diagnostic data collected from devices enabled with the Windows diagnostic data processor configuration may be associated with a specific AAD User ID or device ID. The Windows diagnostic data processor configuration provides you with controls that help respond to data subject requests (DSRs) to delete diagnostic data, at user account closure, for a specific AAD User ID. Additionally, you’re able to execute an export DSR for diagnostic data related to a specific AAD User ID. For more information, see [The process for exercising data subject rights](#3-the-process-for-exercising-data-subject-rights). Microsoft also will accommodate a tenant account closure, either because you decide to close your Azure or Azure AD tenant account, or because you decide you no longer wish to be the data controller for Windows diagnostic data, but still wish to remain an Azure customer.
 
@@ -173,7 +173,7 @@ We recommend that IT administrators who have enabled the Windows diagnostic data
 >[!Note]
 >Tenant account closure will lead to the deletion of all data associated with that tenant.
 
-Specific services that depend on Windows diagnostic data will also result in the enterprise becoming controllers of their Windows diagnostic data. These services include Update Compliance, Desktop Analytics, and Microsoft Managed Devices. For more information, see [Related Windows product considerations](#5-related-windows-product-considerations).
+Specific services that depend on Windows diagnostic data will also result in the enterprise becoming controllers of their Windows diagnostic data. These services include Update Compliance, Desktop Analytics, Windows Update for Business, and Microsoft Managed Desktop. For more information, see [Related Windows product considerations](#5-related-windows-product-considerations).
 
 For more information on how Microsoft can help you honor rights and fulfill obligations under the GDPR when using Windows diagnostic data processor configurations, see [General Data Protection Regulation Summary](/compliance/regulatory/gdpr).
 

From 4e9d6926b6e6f04c67c7638a648df8894f9fabd7 Mon Sep 17 00:00:00 2001
From: Sinead O'Sullivan <siosulli@microsoft.com>
Date: Thu, 24 Jun 2021 17:00:27 +0100
Subject: [PATCH 35/61] Update windows-10-and-privacy-compliance.md

---
 windows/privacy/windows-10-and-privacy-compliance.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/privacy/windows-10-and-privacy-compliance.md b/windows/privacy/windows-10-and-privacy-compliance.md
index 22f9a75bed..2b896c075b 100644
--- a/windows/privacy/windows-10-and-privacy-compliance.md
+++ b/windows/privacy/windows-10-and-privacy-compliance.md
@@ -115,7 +115,7 @@ You can use the following articles to learn more about Autopilot and how to use
 
 #### _2.3.2 Windows 10 connected experiences and essential services_
 
-Windows includes built-in apps, services, and features, that connect to the internet to provide enhanced experiences and additional capabilities. These are called “connected experiences”. For example, Microsoft Defender Antivirus is a connected experience that delivers updated protection to keep the devices in your organization secure.
+Windows includes features that connect to the internet to provide enhanced experiences and additional service based capabilities. These are called “connected experiences”. For example, Microsoft Defender Antivirus is a connected experience that delivers updated protection to keep the devices in your organization secure.
 
 Connected experiences that are critical to the proper functioning of Windows are called “essential services”. For example, the Windows licensing service confirms that you are properly licensed to use Windows.
 

From d74f41201939238b63d3182185543bf9eb5daad9 Mon Sep 17 00:00:00 2001
From: Sinead O'Sullivan <siosulli@microsoft.com>
Date: Mon, 28 Jun 2021 11:19:27 +0100
Subject: [PATCH 36/61] Update windows-diagnostic-data.md

---
 windows/privacy/windows-diagnostic-data.md | 36 +++++++++++-----------
 1 file changed, 18 insertions(+), 18 deletions(-)

diff --git a/windows/privacy/windows-diagnostic-data.md b/windows/privacy/windows-diagnostic-data.md
index 68ebf78103..f80e09a6a4 100644
--- a/windows/privacy/windows-diagnostic-data.md
+++ b/windows/privacy/windows-diagnostic-data.md
@@ -28,7 +28,7 @@ Applies to:
 
 Microsoft uses Windows diagnostic data to keep Windows secure and up-to-date, troubleshoot problems, and make product improvements. For users who have turned on "Tailored experiences", it can also be used to offer you personalized tips, ads, and recommendations to enhance Microsoft products and services for your needs. This article describes all types of diagnostic data collected by Windows at the Full level (inclusive of data collected at Basic), with comprehensive examples of data we collect per each type. For additional, detailed technical descriptions of Basic data items, see [Windows 10, version 20H2 required diagnostic events and fields](/windows/configuration/basic-level-windows-diagnostic-events-and-fields).
 
-In addition, this article provides references to equivalent definitions for the data types and examples from [ISO/IEC 19944:2017 Information technology - Cloud computing - Cloud services and devices: Data flow, data categories, and data use](https://www.iso.org/standard/66674.html). Each data type also has a Data Use statement, for diagnostics and for Tailored experiences on the device, using the terms as defined by the standard. These Data Use statements define the purposes for which Microsoft processes each type of Windows diagnostic data, using a uniform set of definitions referenced at the end of this document and based on the ISO standard. Reference to the ISO standard provides additional clarity about the information collected, and allows easy comparison with other services or guidance that also references the standard.
+In addition, this article provides references to equivalent definitions for the data types and examples from [ISO/IEC 19944-1:2020 Information technology - Cloud computing - Cloud services and devices: Data flow, data categories, and data use](https://www.iso.org/standard/79573.html). Each data type also has a Data Use statement, for diagnostics and for Tailored experiences on the device, using the terms as defined by the standard. These Data Use statements define the purposes for which Microsoft processes each type of Windows diagnostic data, using a uniform set of definitions referenced at the end of this document and based on the ISO standard. Reference to the ISO standard provides additional clarity about the information collected, and allows easy comparison with other services or guidance that also references the standard.
 
 The data covered in this article is grouped into the following types:
 
@@ -41,7 +41,7 @@ The data covered in this article is grouped into the following types:
 - Inking, Typing, and Speech Utterance data
 
 ## Common data extensions
-Most diagnostic events contain a header of common data. In each example, the info in parentheses provides the equivalent definition for ISO/IEC 19944:2017.
+Most diagnostic events contain a header of common data. In each example, the info in parentheses provides the equivalent definition for ISO/IEC 19944-1:2020.
 
 **Data Use for Common data extensions**
 Header data supports the use of data associated with all diagnostic events. Therefore, Common data is used to [provide](#provide) Windows 10, and may be used to [improve](#improve), [personalize](#personalize), [recommend](#recommend), [offer](#offer), or [promote](#promote) Microsoft and third-party products and services, depending on the uses described in the **Data Use** statements for each data category.
@@ -66,7 +66,7 @@ Information that is added to most diagnostic events, if relevant and available:
 
 
 ## Device, Connectivity, and Configuration data
-This type of data includes details about the device, its configuration and connectivity capabilities, and status. Device, Connectivity, and Configuration data is equivalent to ISO/IEC 19944:2017, 8.2.3.2.3 Connectivity data.
+This type of data includes details about the device, its configuration and connectivity capabilities, and status. Device, Connectivity, and Configuration data is equivalent to ISO/IEC 19944-1:2020, 8.2.3.2.3 Connectivity data.
 
 ### Data Use for Device, Connectivity, and Configuration data 
 
@@ -178,7 +178,7 @@ If a user has enabled Tailored experiences on the device, [Pseudonymized](#pseud
 - Hashed IP address
 
 ## Product and Service Usage data
-This type of data includes details about the usage of the device, operating system, applications, and services. Product and Service Usage data is equivalent to ISO/IEC 19944:2017, 8.2.3.2.4 Observed Usage of the Service Capability.
+This type of data includes details about the usage of the device, operating system, applications, and services. Product and Service Usage data is equivalent to ISO/IEC 19944-1:2020, 8.2.3.2.4 Observed Usage of the Service Capability.
 
 ### Data Use for Product and Service Usage data
 
@@ -242,7 +242,7 @@ If a user has enabled Tailored experiences on the device, [pseudonymized](#pseud
 - Login sessions and state
 
 ## Product and Service Performance data
-This type of data includes details about the health of the device, operating system, apps, and drivers. Product and Service Performance data is equivalent to ISO/IEC 19944:2017 8.2.3.2.2 EUII Telemetry data.
+This type of data includes details about the health of the device, operating system, apps, and drivers. Product and Service Performance data is equivalent to ISO/IEC 19944-1:2020 8.2.3.2.2 EUII Telemetry data.
 
 ### Data Use for Product and Service Performance data
 
@@ -355,7 +355,7 @@ If a user has enabled Tailored experiences on the device, [pseudonymized](#pseud
 - License usage session
 
 ## Software Setup and Inventory data
-This type of data includes software installation and update information on the device. Software Setup and Inventory Data is a subtype of ISO/IEC 19944:2017 8.2.3.2.4 Observed Usage of the Service Capability.
+This type of data includes software installation and update information on the device. Software Setup and Inventory Data is a subtype of ISO/IEC 19944-1:2020 8.2.3.2.4 Observed Usage of the Service Capability.
 
 ### Data Use for Software Setup and Inventory data
 
@@ -397,7 +397,7 @@ If a user has enabled Tailored experiences on the device, [pseudonymized](#pseud
 - Windows Insider build details
 
 ## Browsing History data
-This type of data includes details about web browsing in the Microsoft browsers. Browsing History data is equivalent to ISO/IEC 19944:2017 8.2.3.2.8 Client-side browsing history.
+This type of data includes details about web browsing in the Microsoft browsers. Browsing History data is equivalent to ISO/IEC 19944-1:2020 8.2.3.2.8 Client-side browsing history.
 
 ### Data Use for Browsing History data
 
@@ -429,7 +429,7 @@ If a user has enabled Tailored experiences on the device, [pseudonymized](#pseud
 - Page title
 
 ## Inking Typing and Speech Utterance data
-This type of data gathers details about the voice, inking, and typing input features on the device. Inking, Typing, and Speech Utterance data is a subtype of ISO/IEC 19944:2017 8.2.3.2.1 End User Identifiable information.
+This type of data gathers details about the voice, inking, and typing input features on the device. Inking, Typing, and Speech Utterance data is a subtype of ISO/IEC 19944-1:2020 8.2.3.2.1 End User Identifiable information.
 
 ### Data Use for Inking, Typing, and Speech Utterance data
 
@@ -462,31 +462,31 @@ This type of data gathers details about the voice, inking, and typing input feat
 - Whether user is known to be a child
 - Confidence and success or failure of speech recognition
 
-## ISO/IEC 19944:2017-specific terminology
+## ISO/IEC 19944-1:2020-specific terminology
 
-This section provides the ISO/IEC 19944:2017-specific definitions for use and de-identification qualifiers used in this article.
+This section provides the ISO/IEC 19944-1:2020-specific definitions for use and de-identification qualifiers used in this article.
 
 ### Provide
 
-ISO/IEC 19944:2017 Reference: **9.3.2 Provide**
+ISO/IEC 19944-1:2020 Reference: **9.3.2 Provide**
 
 Use of a specified data category by a Microsoft product or service to protect and provide the described service, including, (i) troubleshoot and fix issues with the product or service or (ii) provide product or service updates.
 
 ### Improve
 
-ISO/IEC 19944:2017 Reference: **9.3.3 Improve**
+ISO/IEC 19944-1:2020 Reference: **9.3.3 Improve**
 
 Use of a specified data category to improve or increase the quality of a Microsoft product or service. Those improvements may be available to end users.
 
 ### Personalize
 
-ISO/IEC 19944:2017 Reference: **9.3.4 Personalize**
+ISO/IEC 19944-1:2020 Reference: **9.3.4 Personalize**
 
 Use of the specified data categories to create a customized experience for the end user in any Microsoft product or service.
 
 ### Recommend
 
-ISO/IEC 19944:2017 Reference: **9.3.4 Personalize**
+ISO/IEC 19944-1:2020 Reference: **9.3.4 Personalize**
 
 “Recommend” means use of the specified data categories to Personalize (9.3.4) the end user’s experience by recommending Microsoft products or services that can be accessed without the need to make a purchase or pay money.
 
@@ -494,7 +494,7 @@ Use of the specified data categories give recommendations about Microsoft produc
 
 ### Offer
 
-ISO/IEC 19944:2017 Reference: **9.3.5 Offer upgrades or upsell**
+ISO/IEC 19944-1:2020 Reference: **9.3.5 Offer upgrades or upsell**
 
 Implies that the source of the data is Microsoft products and services, and the upgrades offered come from Microsoft products and services that are relevant to the context of the current capability. The target audience for the offer is Microsoft customers.
 
@@ -502,14 +502,14 @@ Specifically, use of the specified data categories to make an offer or upsell ne
 
 ### Promote
 
-ISO/IEC 19944:2017 Reference: **9.3.6 Market/advertise/promote**
+ISO/IEC 19944-1:2020 Reference: **9.3.6 Market/advertise/promote**
 
 Use of the specified data categories to promote a product or service in or on a first-party Microsoft product or service.
 
 ### Data identification qualifiers
 
-Here are the data identification qualifiers and the ISO/IEC 19944:2017 reference:
+Here are the data identification qualifiers and the ISO/IEC 19944-1:2020 reference:
 
 - **<a name="pseudo">Pseudonymized Data</a>** 8.3.3 Pseudonymized data. Microsoft usage notes are as defined.
 - **<a name="anon">Anonymized Data</a>** 8.3.5 Anonymized data. Microsoft usage notes are as defined.
-- **<a name="aggregate">Aggregated Data</a>** 8.3.6 Aggregated data. Microsoft usage notes are as defined.
\ No newline at end of file
+- **<a name="aggregate">Aggregated Data</a>** 8.3.6 Aggregated data. Microsoft usage notes are as defined.

From 3cc91638b91f73efcb650ff26887737485d41420 Mon Sep 17 00:00:00 2001
From: Sinead O'Sullivan <siosulli@microsoft.com>
Date: Mon, 28 Jun 2021 15:43:30 +0100
Subject: [PATCH 37/61] Create essential-services-and-connected-experiences.md

---
 ...tial-services-and-connected-experiences.md | 301 ++++++++++++++++++
 1 file changed, 301 insertions(+)
 create mode 100644 windows/privacy/essential-services-and-connected-experiences.md

diff --git a/windows/privacy/essential-services-and-connected-experiences.md b/windows/privacy/essential-services-and-connected-experiences.md
new file mode 100644
index 0000000000..b19454a5ab
--- /dev/null
+++ b/windows/privacy/essential-services-and-connected-experiences.md
@@ -0,0 +1,301 @@
+---
+title: Essential Services and Connected Experiences for Windows 10
+description: This article provides information to help IT on the essential services and connected experiences for Windows 10.
+keywords: privacy, GDPR, compliance
+ms.prod: w10
+ms.mktglfcycl: manage
+ms.sitesec: library
+ms.pagetype: security
+ms.localizationpriority: high
+audience: ITPro
+author: sosulli
+ms.author: sosulli
+manager: dansimp
+ms.collection: M365-security-compliance
+ms.topic: article
+ms.date: 28/06/2021
+---
+
+# Essential Services and Connected Experiences for Windows 10
+
+Applies to:
+
+- Windows 10, version 1903 and later
+
+Windows includes features that connect to the internet to provide enhanced experiences and additional service based capabilities. These are called “connected experiences”. For example, Microsoft Defender Antivirus is a connected experience that delivers updated protection to keep the devices in your organization secure. Required service data is collected to enables us provide these cloud-based connected experiences and it's crucial to help keep them secure, up to date and performing properly. Windows diagnostic data is separate from required service data.For more information on Windows diagnostic data see [Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md).
+
+Connected experiences that are critical to the proper functioning of Windows are called “essential services”. For example, the Windows licensing service confirms that you are properly licensed to use Windows.
+
+While you can control many of the connected experiences that are available to you and your organization, we recommend that you carefully assess the impact of turning off essential services.
+
+Windows connected experiences and essential services transfer data to Microsoft network endpoints. The article [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md) provides details about the different ways to control traffic to these endpoints. Where applicable, each connected experience or essential service includes a link to the specific details on how to control that traffic.
+
+>[!Note]
+>The information in this article describes the most common connected experiences and essential services. We will continue to update our list of connected experiences over time as Windows evolves.
+
+## Windows 10 Essential Services
+
+<table>
+<thead>
+<tr class="header">
+<th><strong>Essential Service</strong></th>
+<th><strong>Description</strong></th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td>Authentication</td>
+<td><p>The authentication service is required to enable sign in to work or school accounts. It validates a user’s identity and provides access to multiple apps and system components like OneDrive and activity history. Using a work or school account to sign in to Windows 10 enables Microsoft to provide a consistent experience across your devices. If the authentication service is turned off, many apps and components may lose functionality and users may not be able to sign in.</p>
+<p>To turn it off, see <a href="https://docs.microsoft.com/en-us/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#12-microsoft-account">Microsoft Account</a></p></td>
+</tr>
+<tr class="even">
+<td>Certificates</td>
+<td><p>Certificates are digital files, stored on client devices, used to both encrypt data and verify the identity of an individual or organization. Trusted root certificates issued by a certification authority (CA), are stored in a certificate trust list (CTL). The Automatic Root Certificates Update mechanism contacts Windows Updates to update the CTL. If a new version of the CTL is identified, the list of trusted root certificates cached on the local device will be updated. Untrusted certificates are certificates that are publicly known to be fraudulent. Untrusted certificates are also stored in a list on the local device and updated by the Automatic Root Certificates Update mechanism.<br />
+If automatic updates are turned off, applications and websites may stop working because they did not receive an updated root certificate that the application uses. Additionally, the list of untrusted certificates will no longer be updated, which increases the attack vector on the device.</p>
+<p>To turn it off, see <a href="https://docs.microsoft.com/en-us/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#1-automatic-root-certificates-update">Automatic Root Certificates Update</a></p></td>
+</tr>
+<tr class="odd">
+<td><del>Configuration Service</del> Services Configuration</td>
+<td><p>Services Configuration is used by Windows components and apps, such as the telemetry service, to dynamically update their configuration. If you turn off this service, apps using this service may stop working.</p>
+<p>To turn it off, see <u>Services</u> <a href="https://docs.microsoft.com/en-us/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#1816-feedback--diagnostics">Configuration</a>.</p></td>
+</tr>
+<tr class="even">
+<td>Date and Time</td>
+<td><p>The Windows Time service is used to synchronize and maintain the most accurate date and time on your devices. It is installed by default and starts automatically on devices that are part of a domain. It can be started manually on other devices. If this service is stopped, date and time synchronization will be unavailable and any services that explicitly depend on it will fail to start.</p>
+<p>To turn it off, see <a href="https://docs.microsoft.com/en-us/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#3-date--time"><u>Date and Time</u></a></p></td>
+</tr>
+<tr class="odd">
+<td>Licensing</td>
+<td><p>Licensing services are used for the activation of Windows, and apps purchased from the Microsoft Store. If you disable the Windows License Manager Service or the Software Protection Platform Service, it may prevent activation of genuine Windows as well as store applications.</p>
+<p>To turn it off, see <a href="https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fprivacy%2Fmanage-connections-from-windows-operating-system-components-to-microsoft-services%239-license-manager&amp;data=04%7C01%7Csuwani%40microsoft.com%7Cc9aa0b97613144fd7c7708d8fed425cc%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637539534480159603%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=dLgSLUMjZnrPQXeF2havS8jUg8ZtfKirkWqTMg3hwh8%3D&amp;reserved=0">License Manager</a> and <a href="https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fprivacy%2Fmanage-connections-from-windows-operating-system-components-to-microsoft-services%2319-software-protection-platform&amp;data=04%7C01%7Csuwani%40microsoft.com%7Cc9aa0b97613144fd7c7708d8fed425cc%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637539534480169565%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=LPlTuyhJ%2FtrAJ72iprIq9yVe4QcGWiuFwHc3t721jvo%3D&amp;reserved=0">Software Protection Platform</a>.</p></td>
+</tr>
+<tr class="even">
+<td>Networking</td>
+<td><p>Networking in Windows provides connectivity to and from your devices to the local intranet and internet. If you turn off networking, Windows 10 devices will lose network connectivity.</p>
+<p>To turn off Network Adapters, see <a href="https://docs.microsoft.com/en-us/powershell/module/netadapter/disable-netadapter?view=windowsserver2019-ps">Disable-NetAdapter</a></p></td>
+</tr>
+<tr class="odd">
+<td><del>Setup Service</del> Device setup</td>
+<td><p>The first time a user sets up a new device, the Windows out-of-box experience (OOBE) guides the user through the steps to accept the license agreement, connect to the internet, sign in to (or sign up for) a Microsoft account, and takes care of other important tasks. Most settings can also be changed after setup is completed.</p>
+<p>To customize the initial setup experience, see <a href="https://docs.microsoft.com/en-us/windows-hardware/customize/desktop/customize-oobe">Customize Setup</a></p></td>
+</tr>
+<tr class="even">
+<td>Telemetry</td>
+<td><p>Microsoft collects diagnostic data including error data about your device with the help of the telemetry service. Diagnostic data gives every user a voice in the operating system’s development and ongoing improvement. It helps us understand how Windows 10 behaves in the real world, focus on user priorities, find, and fix problems, and improve services. This data allows Microsoft to improve the Windows experience. Setting diagnostic data to off means important information to help fix issues and improve quality will not be available to Microsoft.</p>
+<p>To turn it off, see <a href="https://docs.microsoft.com/en-us/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#1816-feedback--diagnostics">Telemetry Services</a>.</p></td>
+</tr>
+<tr class="odd">
+<td>Windows Update</td>
+<td><p>Windows Update ensures devices are kept up to date and secure by downloading the latest updates and security patches for Windows. This service also enables users download apps from the Microsoft Store and keep them up to date.</p>
+<p>Turning off Windows Update will potentially leave your Windows devices in a vulnerable state and more prone to security threats.</p>
+<p>To turn it off, see <a href="https://docs.microsoft.com/en-us/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#29-windows-update">Windows Update</a></p></td>
+</tr>
+</tbody>
+</table>
+
+**Windows 10 Connected Experiences**
+
+<table>
+<thead>
+<tr class="header">
+<th><strong>Connected Experience</strong></th>
+<th><strong>Description</strong></th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td>Device metadata retrieval</td>
+<td><p>When Windows 10 detects a new device, it queries an online service called the Windows Metadata and Internet Services (WMIS) for a metadata package for the device. If a device metadata package is available on WMIS, the Device Metadata Retrieval Client (DMRC) that runs on the local device downloads and installs the package.</p>
+<p>To turn it off, see <a href="https://docs.microsoft.com/en-us/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#4-device-metadata-retrieval">Device Metadata Retrieval</a>.</p></td>
+</tr>
+<tr class="even">
+<td>Delivery optimization</td>
+<td><p>Delivery Optimization is a cloud-managed, peer-to-peer client and a downloader service for Windows updates, upgrades, and applications to an organization's networked devices. Delivery Optimization allows devices to download updates from alternate sources (such as other peers on the network), in addition to Microsoft servers. This helps when you have a limited or unreliable Internet connection and reduces the bandwidth needed to keep all your organization's devices up to date.</p>
+<p>If you have Delivery Optimization Peer-to-Peer option turned on, devices on your network may send and receive updates and apps to other devices on your local network, if you choose, or to devices on the Internet.</p>
+<p>By default, devices running Windows 10 will only use Delivery Optimization to get and receive updates for devices and apps on your local network.</p>
+<p>To turn it off, see <a href="https://docs.microsoft.com/en-us/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#28-delivery-optimization">Delivery Optimization.</a></p></td>
+</tr>
+<tr class="odd">
+<td>Speech Recognition</td>
+<td><p>Microsoft provides a cloud-based (online) speech recognition technology that allows users to write text by speaking or interact with this system using your voice. It functions by converting speech audio into transcribed text. Turning on the online speech recognition setting enables the use of Microsoft cloud-based speech recognition in Cortana, the Mixed Reality Portal, dictation in Windows from the software keyboard, supported Microsoft Store apps, and in other parts of Windows 10.</p>
+<p>To turn it off, see <a href="https://docs.microsoft.com/en-us/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#186-speech">Speech</a> Recognition.</p></td>
+</tr>
+<tr class="even">
+<td>Find My Device</td>
+<td><p>Find My Device is a feature that can help users locate their Windows 10 device if it's lost or stolen. This feature only works if a Microsoft account is used to logon to the device, the user is an administrator on the device and when location is turned on for the device. Users can find their device by logging in to https://account.microsoft.com/devices under the Find My Device tab.</p>
+<p>To turn it off, see <a href="https://docs.microsoft.com/en-us/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#5-find-my-device">Find My Device.</a></p></td>
+</tr>
+<tr class="odd">
+<td>Windows Insider Program</td>
+<td><p>The Windows Insider Preview program lets you help shape the future of Windows, be part of the community, and get early access to releases of Windows 10. Once you've registered for the program, you can run Insider Preview builds on as many devices as you want, each in the channel of your choice. Learn how to join the Windows Insider program by visiting the program’s <a href="https://insider.windows.com/">website</a>.</p>
+<p>To turn it off, see <a href="https://docs.microsoft.com/en-us/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#7-insider-preview-builds">Windows</a> Insider Program.</p></td>
+</tr>
+<tr class="even">
+<td>Location services</td>
+<td><p>The device location setting enables certain Windows features such as auto setting the time zone or Find My Device to function properly. When the device location setting is enabled, the Microsoft location service will use a combination of global positioning service (GPS), nearby wireless access points, cell towers, and IP address to determine the device’s location. Depending on the capabilities of the device, its location can be determined with varying degrees of accuracy and may in some cases be determined precisely.</p>
+<p>To turn it off, see <a href="https://docs.microsoft.com/en-us/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#182-location">Location Services.</a></p></td>
+</tr>
+<tr class="odd">
+<td>Microsoft Store</td>
+<td><p>Microsoft Store enables users to purchase and download apps, games, and digital content. The Store also enables the developers of these apps to send toast, tile, badge, and raw updates from their own cloud service. This provides a mechanism to deliver new updates to store apps in a power-efficient and dependable way. The Store can also revoke malicious apps.</p>
+<p>To turn it off, see <a href="https://docs.microsoft.com/en-us/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#26-microsoft-store">Microsoft Store.</a></p></td>
+</tr>
+<tr class="even">
+<td>Microsoft Defender Antivirus</td>
+<td><p>Microsoft Defender Antivirus provides cloud-delivered protection against new and emerging threats for the devices in your organization.</p>
+<p>Turning off Microsoft Defender Antivirus will potentially leave your Windows devices in a vulnerable state and more prone to security threats.</p>
+<p>To turn it off, see <a href="https://docs.microsoft.com/en-us/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#24-windows-defender">Microsoft Defender</a> Antivirus.</p></td>
+</tr>
+<tr class="odd">
+<td>Microsoft Defender SmartScreen</td>
+<td><p>Microsoft Defender SmartScreen is a feature of Windows, Internet Explorer, and Microsoft Edge. It helps protect users against phishing or malware websites and applications, and the downloading of potentially malicious files.</p>
+<p>Turning off Microsoft Defender SmartScreen means you cannot block a website or warn users they may be accessing a malicious site.</p>
+<p>To turn it off, see <a href="https://docs.microsoft.com/en-us/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#241-windows-defender-smartscreen">Microsoft Defender SmartScreen</a>.</p></td>
+</tr>
+<tr class="even">
+<td>Windows Search</td>
+<td><p>Windows Search lets users use the search box on the taskbar to find what they are looking for, whether it’s on their device, in the cloud, or on the web. Windows Search can provide results for items from the device (including apps, settings, and files), the users account(including OneDrive, SharePoint, and other Microsoft services), and the internet.</p>
+<p>To turn it off, see <a href="https://docs.microsoft.com/en-us/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#21-cortana-and-search-group-policies">Windows Search</a>.</p></td>
+</tr>
+<tr class="odd">
+<td>Windows Spotlight</td>
+<td><p>Windows Spotlight displays new background images on the lock screen each day. Additionally, it provides feature suggestions, fun facts, and tips on the lock screen background.</p>
+<p>Administrators can turn off Windows Spotlight features to prevent users from using the Windows Spotlight background.</p>
+<p>To turn it off, see <a href="https://docs.microsoft.com/en-us/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#25-windows-spotlight">Windows Spotlight.</a></p></td>
+</tr>
+<tr class="even">
+<td>Activity History</td>
+<td><p>Activity History shows a history of activities a user has performed and can even synchronize activities across multiple devices for the same user.</p>
+<p>Synchronization across devices only works when a user signs in with the same account.</p>
+<p>To turn it off, see <a href="https://docs.microsoft.com/en-us/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#bkmk-act-history">Activity History.</a></p></td>
+</tr>
+<tr class="odd">
+<td>Settings Synchronization</td>
+<td><p>With settings synchronization is turned on, a user's settings are synced across all Windows 10 devices when they sign in with the same account.</p>
+<p>To turn it off, see <a href="https://docs.microsoft.com/en-us/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#21-sync-your-settings">Sync Your Settings</a></p></td>
+</tr>
+<tr class="even">
+<td>Cloud Clipboard</td>
+<td><p>Cloud Clipboard enables users to copy images and text across all Windows 10 devices when they sign in with the same account. Users can paste from their clipboard history and also pin items.</p>
+<p>To turn it off, see <a href="https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-allowcrossdeviceclipboard">Cloud Clipboard</a></p></td>
+</tr>
+<tr class="odd">
+<td>OneDrive</td>
+<td><p>OneDrive is a cloud storage system that allows you to save your files and photos, and access them from any device, anywhere.</p>
+<p>To turn off OneDrive, see <a href="https://docs.microsoft.com/en-us/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#16-onedrive">OneDrive</a>.</p></td>
+</tr>
+<tr class="even">
+<td>Font Streaming</td>
+<td><p>Font Streaming enables Windows 10 devices to download fonts that are included in Windows but that are not stored on the local device on demand.</p>
+<p>To turn it off, see <a href="https://docs.microsoft.com/en-us/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#6-font-streaming">Font Streaming</a>.</p></td>
+</tr>
+</tbody>
+</table>
+
+**Edge Essential Services and Connected Experiences**
+
+Windows ships with Microsoft Edge and Internet Explorer on Windows 10 devices. Microsoft Edge is the default browser and is recommended for the best web browsing experience.
+
+You can find details on all of Edge's connected experiences and essential services [here](https://docs.microsoft.com/en-us/microsoft-edge/privacy-whitepaper/).
+
+To turn off specific Edge feature, see [Microsoft Edge](https://docs.microsoft.com/en-us/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#13-microsoft-edge).
+
+**IE Essential Services and Connected Experiences**
+
+Internet Explorer shares many of the Windows essential services listed above. The following table provides more details on the essential services and connected experiences specific to Internet Explorer.
+
+Note: Apart from ActiveX Filtering, which is an essential service, all other features listed below are connected experiences. To turn off specific connected experiences, see [Internet Explorer](https://docs.microsoft.com/en-us/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#8-internet-explorer).
+
+<table>
+<thead>
+<tr class="header">
+<th><strong>Connected Experiences</strong></th>
+<th><strong>Description</strong></th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td>ActiveX Filtering</td>
+<td><p>ActiveX controls are small apps that allow websites to provide content such as videos and games, and let users interact with controls like toolbars and stock tickers. However, these apps can sometimes malfunction, and in some cases, they might be used to collect information from user devices, install software without a user's agreement, or be used to control a device remotely without user's permission.</p>
+<p>ActiveX Filtering in Internet Explorer prevents sites from installing and using these apps. This can help keep users safer as they browse, but it can also affect the user experience of certain sites as interactive content might not work when ActiveX Filtering is on.</p>
+<p>To further enhance security, Internet Explorer also allows you to block out-of-date ActiveX controls.</p></td>
+</tr>
+<tr class="even">
+<td>Suggested Sites</td>
+<td>Suggested Sites is an online experience that recommends websites, images, or videos a user might be interested in. When Suggested Sites is turned on, a user’s web browsing history is periodically sent to Microsoft.</td>
+</tr>
+<tr class="odd">
+<td>Address Bar and Search suggestions</td>
+<td>With search suggestions enabled, users will be offered suggested search terms as they type in the Address Bar. As users type information it will be sent to the default search provider.</td>
+</tr>
+<tr class="even">
+<td>Auto-complete feature for web addresses</td>
+<td>The auto-complete feature suggests possible matches when users are typing web addresses in the browser address bar.</td>
+</tr>
+<tr class="odd">
+<td></td>
+<td></td>
+</tr>
+<tr class="even">
+<td>Compatibility logging</td>
+<td>This feature is designed for use by developers and IT professionals to determine the compatibility of their websites with Internet Explorer. It is disabled by default and needs to be enabled to start logging Internet Explorer events in the Windows Event Viewer. These events describe failures that might have happened on the site and can include information about specific controls and webpages that failed.</td>
+</tr>
+<tr class="odd">
+<td>Compatibility View</td>
+<td>Compatibility View helps make websites designed for older browsers look better when viewed in Internet Explorer. The compatibility view setting allows you to choose whether an employee can fix website display problems they encounter while browsing.</td>
+</tr>
+<tr class="even">
+<td>Flip ahead</td>
+<td>Flip ahead enables your users to flip through web content quickly by swiping across the page or by clicking forward. When flip ahead is turned on, web browsing history is periodically sent to Microsoft. If you turn off this setting your users will no longer be able swipe across a screen or click forward to go to the next pre-loaded page of a website.</td>
+</tr>
+<tr class="odd">
+<td>Web Slices</td>
+<td>A Web Slice enables users to subscribe to and automatically receive updates to content directly within a Web page. Disabling the RSS Feeds setting will turn off background synchronization for feeds and Web Slices.</td>
+</tr>
+<tr class="even">
+<td>Accelerators</td>
+<td><p>Accelerators are menu options in Internet Explorer that help automate common browser-related tasks. In Internet Explorer, when you right-click selected text, Accelerators appear in the list of available options.</p>
+<p>For example, if you select a word, you can use the "Translate with Bing" Accelerator to obtain a translation of that word.</p></td>
+</tr>
+<tr class="odd">
+<td>Pinning websites to Start</td>
+<td>When a user pins a website to the Start menu, it displays as a tile similar to the way apps are displayed. Like Microsoft Store apps, website tiles might display updates if the website has been designed to do so. For example, an online email website might send updates to the tile indicating how many new messages a user has.</td>
+</tr>
+</tbody>
+</table>
+
+**Related links**
+
+[Manage connections from Windows 10 operating system components to Microsoft services](https://docs.microsoft.com/en-us/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services)
+
+[Connected Experiences in Office.](https://docs.microsoft.com/en-us/deployoffice/privacy/connected-experiences)
+
+[Essential Services in Office.](https://docs.microsoft.com/en-us/deployoffice/privacy/essential-services)
+
+To view endpoints for Windows 10 Enterprise, see:
+
+-   
+
+-   [Manage connection endpoints for Windows 10, version 20H2](https://docs.microsoft.com/en-us/windows/privacy/manage-windows-20h2-endpoints)[Manage connection endpoints for Windows 10, version 1909](https://docs.microsoft.com/en-us/windows/privacy/manage-windows-1909-endpoints)
+
+-   [Manage connection endpoints for Windows 10, version 1903](https://docs.microsoft.com/en-us/windows/privacy/manage-windows-1903-endpoints)
+
+-   [Manage connection endpoints for Windows 10, version 1809](https://docs.microsoft.com/en-us/windows/privacy/manage-windows-1809-endpoints)
+
+-   [Manage connection endpoints for Windows 10, version 1803](https://docs.microsoft.com/en-us/windows/privacy/manage-windows-1803-endpoints)
+
+-   [Manage connection endpoints for Windows 10, version 1709](https://docs.microsoft.com/en-us/windows/privacy/manage-windows-1709-endpoints)
+
+To view endpoints for non-Enterprise Windows 10 editions, see:
+
+-   Windows 10, version 20H2, connection endpoints for non-Enterprise editions
+
+-   [Windows 10, version 1909, connection endpoints for non-Enterprise editions](https://docs.microsoft.com/en-us/windows/privacy/windows-endpoints-1909-non-enterprise-editions)
+
+-   [Windows 10, version 1903, connection endpoints for non-Enterprise editions](https://docs.microsoft.com/en-us/windows/privacy/windows-endpoints-1903-non-enterprise-editions)
+
+-   [Windows 10, version 1809, connection endpoints for non-Enterprise editions](https://docs.microsoft.com/en-us/windows/privacy/windows-endpoints-1809-non-enterprise-editions)
+
+-   [Windows 10, version 1803, connection endpoints for non-Enterprise editions](https://docs.microsoft.com/en-us/windows/privacy/windows-endpoints-1803-non-enterprise-editions)
+
+-   [Windows 10, version 1709, connection endpoints for non-Enterprise editions](https://docs.microsoft.com/en-us/windows/privacy/windows-endpoints-1709-non-enterprise-editions)

From 32b7cf8dbc6f55f3891acf7c5c0d695c4f4933ef Mon Sep 17 00:00:00 2001
From: Sinead O'Sullivan <siosulli@microsoft.com>
Date: Mon, 28 Jun 2021 15:58:53 +0100
Subject: [PATCH 38/61] Update essential-services-and-connected-experiences.md

---
 ...tial-services-and-connected-experiences.md | 100 +++++++++---------
 1 file changed, 50 insertions(+), 50 deletions(-)

diff --git a/windows/privacy/essential-services-and-connected-experiences.md b/windows/privacy/essential-services-and-connected-experiences.md
index b19454a5ab..ae5024d5d3 100644
--- a/windows/privacy/essential-services-and-connected-experiences.md
+++ b/windows/privacy/essential-services-and-connected-experiences.md
@@ -8,12 +8,12 @@ ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: high
 audience: ITPro
-author: sosulli
-ms.author: sosulli
+author: siosulli
+ms.author: siosulli
 manager: dansimp
 ms.collection: M365-security-compliance
 ms.topic: article
-ms.date: 28/06/2021
+ms.date: 6/28/2021
 ---
 
 # Essential Services and Connected Experiences for Windows 10
@@ -46,54 +46,54 @@ Windows connected experiences and essential services transfer data to Microsoft
 <tr class="odd">
 <td>Authentication</td>
 <td><p>The authentication service is required to enable sign in to work or school accounts. It validates a user’s identity and provides access to multiple apps and system components like OneDrive and activity history. Using a work or school account to sign in to Windows 10 enables Microsoft to provide a consistent experience across your devices. If the authentication service is turned off, many apps and components may lose functionality and users may not be able to sign in.</p>
-<p>To turn it off, see <a href="https://docs.microsoft.com/en-us/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#12-microsoft-account">Microsoft Account</a></p></td>
+<p>To turn it off, see <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services#12-microsoft-account">Microsoft Account</a></p></td>
 </tr>
 <tr class="even">
 <td>Certificates</td>
 <td><p>Certificates are digital files, stored on client devices, used to both encrypt data and verify the identity of an individual or organization. Trusted root certificates issued by a certification authority (CA), are stored in a certificate trust list (CTL). The Automatic Root Certificates Update mechanism contacts Windows Updates to update the CTL. If a new version of the CTL is identified, the list of trusted root certificates cached on the local device will be updated. Untrusted certificates are certificates that are publicly known to be fraudulent. Untrusted certificates are also stored in a list on the local device and updated by the Automatic Root Certificates Update mechanism.<br />
 If automatic updates are turned off, applications and websites may stop working because they did not receive an updated root certificate that the application uses. Additionally, the list of untrusted certificates will no longer be updated, which increases the attack vector on the device.</p>
-<p>To turn it off, see <a href="https://docs.microsoft.com/en-us/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#1-automatic-root-certificates-update">Automatic Root Certificates Update</a></p></td>
+<p>To turn it off, see <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services#1-automatic-root-certificates-update">Automatic Root Certificates Update</a></p></td>
 </tr>
 <tr class="odd">
 <td><del>Configuration Service</del> Services Configuration</td>
 <td><p>Services Configuration is used by Windows components and apps, such as the telemetry service, to dynamically update their configuration. If you turn off this service, apps using this service may stop working.</p>
-<p>To turn it off, see <u>Services</u> <a href="https://docs.microsoft.com/en-us/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#1816-feedback--diagnostics">Configuration</a>.</p></td>
+<p>To turn it off, see <u>Services</u> <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services#1816-feedback--diagnostics">Configuration</a>.</p></td>
 </tr>
 <tr class="even">
 <td>Date and Time</td>
 <td><p>The Windows Time service is used to synchronize and maintain the most accurate date and time on your devices. It is installed by default and starts automatically on devices that are part of a domain. It can be started manually on other devices. If this service is stopped, date and time synchronization will be unavailable and any services that explicitly depend on it will fail to start.</p>
-<p>To turn it off, see <a href="https://docs.microsoft.com/en-us/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#3-date--time"><u>Date and Time</u></a></p></td>
+<p>To turn it off, see <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services#3-date--time"><u>Date and Time</u></a></p></td>
 </tr>
 <tr class="odd">
 <td>Licensing</td>
 <td><p>Licensing services are used for the activation of Windows, and apps purchased from the Microsoft Store. If you disable the Windows License Manager Service or the Software Protection Platform Service, it may prevent activation of genuine Windows as well as store applications.</p>
-<p>To turn it off, see <a href="https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fprivacy%2Fmanage-connections-from-windows-operating-system-components-to-microsoft-services%239-license-manager&amp;data=04%7C01%7Csuwani%40microsoft.com%7Cc9aa0b97613144fd7c7708d8fed425cc%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637539534480159603%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=dLgSLUMjZnrPQXeF2havS8jUg8ZtfKirkWqTMg3hwh8%3D&amp;reserved=0">License Manager</a> and <a href="https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fprivacy%2Fmanage-connections-from-windows-operating-system-components-to-microsoft-services%2319-software-protection-platform&amp;data=04%7C01%7Csuwani%40microsoft.com%7Cc9aa0b97613144fd7c7708d8fed425cc%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637539534480169565%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=LPlTuyhJ%2FtrAJ72iprIq9yVe4QcGWiuFwHc3t721jvo%3D&amp;reserved=0">Software Protection Platform</a>.</p></td>
+<p>To turn it off, see <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services#9-license-manager">License Manager</a> and <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services#19-software-protection-platform">Software Protection Platform</a>.</p></td>
 </tr>
 <tr class="even">
 <td>Networking</td>
 <td><p>Networking in Windows provides connectivity to and from your devices to the local intranet and internet. If you turn off networking, Windows 10 devices will lose network connectivity.</p>
-<p>To turn off Network Adapters, see <a href="https://docs.microsoft.com/en-us/powershell/module/netadapter/disable-netadapter?view=windowsserver2019-ps">Disable-NetAdapter</a></p></td>
+<p>To turn off Network Adapters, see <a href="/powershell/module/netadapter/disable-netadapter?view=windowsserver2019-ps">Disable-NetAdapter</a></p></td>
 </tr>
 <tr class="odd">
 <td><del>Setup Service</del> Device setup</td>
 <td><p>The first time a user sets up a new device, the Windows out-of-box experience (OOBE) guides the user through the steps to accept the license agreement, connect to the internet, sign in to (or sign up for) a Microsoft account, and takes care of other important tasks. Most settings can also be changed after setup is completed.</p>
-<p>To customize the initial setup experience, see <a href="https://docs.microsoft.com/en-us/windows-hardware/customize/desktop/customize-oobe">Customize Setup</a></p></td>
+<p>To customize the initial setup experience, see <a href="/windows-hardware/customize/desktop/customize-oobe">Customize Setup</a></p></td>
 </tr>
 <tr class="even">
 <td>Telemetry</td>
 <td><p>Microsoft collects diagnostic data including error data about your device with the help of the telemetry service. Diagnostic data gives every user a voice in the operating system’s development and ongoing improvement. It helps us understand how Windows 10 behaves in the real world, focus on user priorities, find, and fix problems, and improve services. This data allows Microsoft to improve the Windows experience. Setting diagnostic data to off means important information to help fix issues and improve quality will not be available to Microsoft.</p>
-<p>To turn it off, see <a href="https://docs.microsoft.com/en-us/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#1816-feedback--diagnostics">Telemetry Services</a>.</p></td>
+<p>To turn it off, see <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services#1816-feedback--diagnostics">Telemetry Services</a>.</p></td>
 </tr>
 <tr class="odd">
 <td>Windows Update</td>
 <td><p>Windows Update ensures devices are kept up to date and secure by downloading the latest updates and security patches for Windows. This service also enables users download apps from the Microsoft Store and keep them up to date.</p>
 <p>Turning off Windows Update will potentially leave your Windows devices in a vulnerable state and more prone to security threats.</p>
-<p>To turn it off, see <a href="https://docs.microsoft.com/en-us/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#29-windows-update">Windows Update</a></p></td>
+<p>To turn it off, see <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services#29-windows-update">Windows Update</a></p></td>
 </tr>
 </tbody>
 </table>
 
-**Windows 10 Connected Experiences**
+## Windows 10 Connected Experiences
 
 <table>
 <thead>
@@ -106,105 +106,105 @@ If automatic updates are turned off, applications and websites may stop working
 <tr class="odd">
 <td>Device metadata retrieval</td>
 <td><p>When Windows 10 detects a new device, it queries an online service called the Windows Metadata and Internet Services (WMIS) for a metadata package for the device. If a device metadata package is available on WMIS, the Device Metadata Retrieval Client (DMRC) that runs on the local device downloads and installs the package.</p>
-<p>To turn it off, see <a href="https://docs.microsoft.com/en-us/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#4-device-metadata-retrieval">Device Metadata Retrieval</a>.</p></td>
+<p>To turn it off, see <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services#4-device-metadata-retrieval">Device Metadata Retrieval</a>.</p></td>
 </tr>
 <tr class="even">
 <td>Delivery optimization</td>
 <td><p>Delivery Optimization is a cloud-managed, peer-to-peer client and a downloader service for Windows updates, upgrades, and applications to an organization's networked devices. Delivery Optimization allows devices to download updates from alternate sources (such as other peers on the network), in addition to Microsoft servers. This helps when you have a limited or unreliable Internet connection and reduces the bandwidth needed to keep all your organization's devices up to date.</p>
 <p>If you have Delivery Optimization Peer-to-Peer option turned on, devices on your network may send and receive updates and apps to other devices on your local network, if you choose, or to devices on the Internet.</p>
 <p>By default, devices running Windows 10 will only use Delivery Optimization to get and receive updates for devices and apps on your local network.</p>
-<p>To turn it off, see <a href="https://docs.microsoft.com/en-us/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#28-delivery-optimization">Delivery Optimization.</a></p></td>
+<p>To turn it off, see <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services#28-delivery-optimization">Delivery Optimization.</a></p></td>
 </tr>
 <tr class="odd">
 <td>Speech Recognition</td>
 <td><p>Microsoft provides a cloud-based (online) speech recognition technology that allows users to write text by speaking or interact with this system using your voice. It functions by converting speech audio into transcribed text. Turning on the online speech recognition setting enables the use of Microsoft cloud-based speech recognition in Cortana, the Mixed Reality Portal, dictation in Windows from the software keyboard, supported Microsoft Store apps, and in other parts of Windows 10.</p>
-<p>To turn it off, see <a href="https://docs.microsoft.com/en-us/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#186-speech">Speech</a> Recognition.</p></td>
+<p>To turn it off, see <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services#186-speech">Speech</a> Recognition.</p></td>
 </tr>
 <tr class="even">
 <td>Find My Device</td>
 <td><p>Find My Device is a feature that can help users locate their Windows 10 device if it's lost or stolen. This feature only works if a Microsoft account is used to logon to the device, the user is an administrator on the device and when location is turned on for the device. Users can find their device by logging in to https://account.microsoft.com/devices under the Find My Device tab.</p>
-<p>To turn it off, see <a href="https://docs.microsoft.com/en-us/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#5-find-my-device">Find My Device.</a></p></td>
+<p>To turn it off, see <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services#5-find-my-device">Find My Device.</a></p></td>
 </tr>
 <tr class="odd">
 <td>Windows Insider Program</td>
 <td><p>The Windows Insider Preview program lets you help shape the future of Windows, be part of the community, and get early access to releases of Windows 10. Once you've registered for the program, you can run Insider Preview builds on as many devices as you want, each in the channel of your choice. Learn how to join the Windows Insider program by visiting the program’s <a href="https://insider.windows.com/">website</a>.</p>
-<p>To turn it off, see <a href="https://docs.microsoft.com/en-us/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#7-insider-preview-builds">Windows</a> Insider Program.</p></td>
+<p>To turn it off, see <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services#7-insider-preview-builds">Windows</a> Insider Program.</p></td>
 </tr>
 <tr class="even">
 <td>Location services</td>
 <td><p>The device location setting enables certain Windows features such as auto setting the time zone or Find My Device to function properly. When the device location setting is enabled, the Microsoft location service will use a combination of global positioning service (GPS), nearby wireless access points, cell towers, and IP address to determine the device’s location. Depending on the capabilities of the device, its location can be determined with varying degrees of accuracy and may in some cases be determined precisely.</p>
-<p>To turn it off, see <a href="https://docs.microsoft.com/en-us/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#182-location">Location Services.</a></p></td>
+<p>To turn it off, see <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services#182-location">Location Services.</a></p></td>
 </tr>
 <tr class="odd">
 <td>Microsoft Store</td>
 <td><p>Microsoft Store enables users to purchase and download apps, games, and digital content. The Store also enables the developers of these apps to send toast, tile, badge, and raw updates from their own cloud service. This provides a mechanism to deliver new updates to store apps in a power-efficient and dependable way. The Store can also revoke malicious apps.</p>
-<p>To turn it off, see <a href="https://docs.microsoft.com/en-us/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#26-microsoft-store">Microsoft Store.</a></p></td>
+<p>To turn it off, see <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services#26-microsoft-store">Microsoft Store.</a></p></td>
 </tr>
 <tr class="even">
 <td>Microsoft Defender Antivirus</td>
 <td><p>Microsoft Defender Antivirus provides cloud-delivered protection against new and emerging threats for the devices in your organization.</p>
 <p>Turning off Microsoft Defender Antivirus will potentially leave your Windows devices in a vulnerable state and more prone to security threats.</p>
-<p>To turn it off, see <a href="https://docs.microsoft.com/en-us/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#24-windows-defender">Microsoft Defender</a> Antivirus.</p></td>
+<p>To turn it off, see <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services#24-windows-defender">Microsoft Defender</a> Antivirus.</p></td>
 </tr>
 <tr class="odd">
 <td>Microsoft Defender SmartScreen</td>
 <td><p>Microsoft Defender SmartScreen is a feature of Windows, Internet Explorer, and Microsoft Edge. It helps protect users against phishing or malware websites and applications, and the downloading of potentially malicious files.</p>
 <p>Turning off Microsoft Defender SmartScreen means you cannot block a website or warn users they may be accessing a malicious site.</p>
-<p>To turn it off, see <a href="https://docs.microsoft.com/en-us/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#241-windows-defender-smartscreen">Microsoft Defender SmartScreen</a>.</p></td>
+<p>To turn it off, see <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services#241-windows-defender-smartscreen">Microsoft Defender SmartScreen</a>.</p></td>
 </tr>
 <tr class="even">
 <td>Windows Search</td>
 <td><p>Windows Search lets users use the search box on the taskbar to find what they are looking for, whether it’s on their device, in the cloud, or on the web. Windows Search can provide results for items from the device (including apps, settings, and files), the users account(including OneDrive, SharePoint, and other Microsoft services), and the internet.</p>
-<p>To turn it off, see <a href="https://docs.microsoft.com/en-us/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#21-cortana-and-search-group-policies">Windows Search</a>.</p></td>
+<p>To turn it off, see <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services#21-cortana-and-search-group-policies">Windows Search</a>.</p></td>
 </tr>
 <tr class="odd">
 <td>Windows Spotlight</td>
 <td><p>Windows Spotlight displays new background images on the lock screen each day. Additionally, it provides feature suggestions, fun facts, and tips on the lock screen background.</p>
 <p>Administrators can turn off Windows Spotlight features to prevent users from using the Windows Spotlight background.</p>
-<p>To turn it off, see <a href="https://docs.microsoft.com/en-us/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#25-windows-spotlight">Windows Spotlight.</a></p></td>
+<p>To turn it off, see <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services#25-windows-spotlight">Windows Spotlight.</a></p></td>
 </tr>
 <tr class="even">
 <td>Activity History</td>
 <td><p>Activity History shows a history of activities a user has performed and can even synchronize activities across multiple devices for the same user.</p>
 <p>Synchronization across devices only works when a user signs in with the same account.</p>
-<p>To turn it off, see <a href="https://docs.microsoft.com/en-us/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#bkmk-act-history">Activity History.</a></p></td>
+<p>To turn it off, see <a href="privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#bkmk-act-history">Activity History.</a></p></td>
 </tr>
 <tr class="odd">
 <td>Settings Synchronization</td>
 <td><p>With settings synchronization is turned on, a user's settings are synced across all Windows 10 devices when they sign in with the same account.</p>
-<p>To turn it off, see <a href="https://docs.microsoft.com/en-us/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#21-sync-your-settings">Sync Your Settings</a></p></td>
+<p>To turn it off, see <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services#21-sync-your-settings">Sync Your Settings</a></p></td>
 </tr>
 <tr class="even">
 <td>Cloud Clipboard</td>
 <td><p>Cloud Clipboard enables users to copy images and text across all Windows 10 devices when they sign in with the same account. Users can paste from their clipboard history and also pin items.</p>
-<p>To turn it off, see <a href="https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-allowcrossdeviceclipboard">Cloud Clipboard</a></p></td>
+<p>To turn it off, see <a href="/windows/client-management/mdm/policy-csp-privacy#privacy-allowcrossdeviceclipboard">Cloud Clipboard</a></p></td>
 </tr>
 <tr class="odd">
 <td>OneDrive</td>
 <td><p>OneDrive is a cloud storage system that allows you to save your files and photos, and access them from any device, anywhere.</p>
-<p>To turn off OneDrive, see <a href="https://docs.microsoft.com/en-us/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#16-onedrive">OneDrive</a>.</p></td>
+<p>To turn off OneDrive, see <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services#16-onedrive">OneDrive</a>.</p></td>
 </tr>
 <tr class="even">
 <td>Font Streaming</td>
 <td><p>Font Streaming enables Windows 10 devices to download fonts that are included in Windows but that are not stored on the local device on demand.</p>
-<p>To turn it off, see <a href="https://docs.microsoft.com/en-us/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#6-font-streaming">Font Streaming</a>.</p></td>
+<p>To turn it off, see <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services#6-font-streaming">Font Streaming</a>.</p></td>
 </tr>
 </tbody>
 </table>
 
-**Edge Essential Services and Connected Experiences**
+## Edge Essential Services and Connected Experiences
 
 Windows ships with Microsoft Edge and Internet Explorer on Windows 10 devices. Microsoft Edge is the default browser and is recommended for the best web browsing experience.
 
-You can find details on all of Edge's connected experiences and essential services [here](https://docs.microsoft.com/en-us/microsoft-edge/privacy-whitepaper/).
+You can find details on all of Edge's connected experiences and essential services [here](/microsoft-edge/privacy-whitepaper/).
 
-To turn off specific Edge feature, see [Microsoft Edge](https://docs.microsoft.com/en-us/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#13-microsoft-edge).
+To turn off specific Edge feature, see [Microsoft Edge](manage-connections-from-windows-operating-system-components-to-microsoft-services#13-microsoft-edge).
 
-**IE Essential Services and Connected Experiences**
+## IE Essential Services and Connected Experiences
 
 Internet Explorer shares many of the Windows essential services listed above. The following table provides more details on the essential services and connected experiences specific to Internet Explorer.
 
-Note: Apart from ActiveX Filtering, which is an essential service, all other features listed below are connected experiences. To turn off specific connected experiences, see [Internet Explorer](https://docs.microsoft.com/en-us/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#8-internet-explorer).
+Note: Apart from ActiveX Filtering, which is an essential service, all other features listed below are connected experiences. To turn off specific connected experiences, see [Internet Explorer](manage-connections-from-windows-operating-system-components-to-microsoft-services#8-internet-explorer).
 
 <table>
 <thead>
@@ -264,38 +264,38 @@ Note: Apart from ActiveX Filtering, which is an essential service, all other fea
 </tbody>
 </table>
 
-**Related links**
+## Related links
 
-[Manage connections from Windows 10 operating system components to Microsoft services](https://docs.microsoft.com/en-us/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services)
+- [Manage connections from Windows 10 operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services)
 
-[Connected Experiences in Office.](https://docs.microsoft.com/en-us/deployoffice/privacy/connected-experiences)
+- [Connected Experiences in Office.](/deployoffice/privacy/connected-experiences)
 
-[Essential Services in Office.](https://docs.microsoft.com/en-us/deployoffice/privacy/essential-services)
+- [Essential Services in Office.](/deployoffice/privacy/essential-services)
 
 To view endpoints for Windows 10 Enterprise, see:
 
--   
+- [Manage connection endpoints for Windows 10, version 20H2](manage-windows-20h2-endpoints)
 
--   [Manage connection endpoints for Windows 10, version 20H2](https://docs.microsoft.com/en-us/windows/privacy/manage-windows-20h2-endpoints)[Manage connection endpoints for Windows 10, version 1909](https://docs.microsoft.com/en-us/windows/privacy/manage-windows-1909-endpoints)
+- [Manage connection endpoints for Windows 10, version 1909](manage-windows-1909-endpoints)
 
--   [Manage connection endpoints for Windows 10, version 1903](https://docs.microsoft.com/en-us/windows/privacy/manage-windows-1903-endpoints)
+- [Manage connection endpoints for Windows 10, version 1903](manage-windows-1903-endpoints)
 
--   [Manage connection endpoints for Windows 10, version 1809](https://docs.microsoft.com/en-us/windows/privacy/manage-windows-1809-endpoints)
+- [Manage connection endpoints for Windows 10, version 1809](manage-windows-1809-endpoints)
 
--   [Manage connection endpoints for Windows 10, version 1803](https://docs.microsoft.com/en-us/windows/privacy/manage-windows-1803-endpoints)
+- [Manage connection endpoints for Windows 10, version 1803](manage-windows-1803-endpoints)
 
--   [Manage connection endpoints for Windows 10, version 1709](https://docs.microsoft.com/en-us/windows/privacy/manage-windows-1709-endpoints)
+- [Manage connection endpoints for Windows 10, version 1709](manage-windows-1709-endpoints)
 
 To view endpoints for non-Enterprise Windows 10 editions, see:
 
--   Windows 10, version 20H2, connection endpoints for non-Enterprise editions
+- Windows 10, version 20H2, connection endpoints for non-Enterprise editions
 
--   [Windows 10, version 1909, connection endpoints for non-Enterprise editions](https://docs.microsoft.com/en-us/windows/privacy/windows-endpoints-1909-non-enterprise-editions)
+- [Windows 10, version 1909, connection endpoints for non-Enterprise editions](windows-endpoints-1909-non-enterprise-editions)
 
--   [Windows 10, version 1903, connection endpoints for non-Enterprise editions](https://docs.microsoft.com/en-us/windows/privacy/windows-endpoints-1903-non-enterprise-editions)
+- [Windows 10, version 1903, connection endpoints for non-Enterprise editions](windows-endpoints-1903-non-enterprise-editions)
 
--   [Windows 10, version 1809, connection endpoints for non-Enterprise editions](https://docs.microsoft.com/en-us/windows/privacy/windows-endpoints-1809-non-enterprise-editions)
+- [Windows 10, version 1809, connection endpoints for non-Enterprise editions](windows-endpoints-1809-non-enterprise-editions)
 
--   [Windows 10, version 1803, connection endpoints for non-Enterprise editions](https://docs.microsoft.com/en-us/windows/privacy/windows-endpoints-1803-non-enterprise-editions)
+- [Windows 10, version 1803, connection endpoints for non-Enterprise editions](windows-endpoints-1803-non-enterprise-editions)
 
--   [Windows 10, version 1709, connection endpoints for non-Enterprise editions](https://docs.microsoft.com/en-us/windows/privacy/windows-endpoints-1709-non-enterprise-editions)
+- [Windows 10, version 1709, connection endpoints for non-Enterprise editions](windows-endpoints-1709-non-enterprise-editions)

From 920a6be5544faecf7c71b35fcc58abb9d9d391fc Mon Sep 17 00:00:00 2001
From: Sinead O'Sullivan <siosulli@microsoft.com>
Date: Mon, 28 Jun 2021 16:13:09 +0100
Subject: [PATCH 39/61] Update essential-services-and-connected-experiences.md

---
 ...tial-services-and-connected-experiences.md | 48 ++++++++-----------
 1 file changed, 21 insertions(+), 27 deletions(-)

diff --git a/windows/privacy/essential-services-and-connected-experiences.md b/windows/privacy/essential-services-and-connected-experiences.md
index ae5024d5d3..a6f49de021 100644
--- a/windows/privacy/essential-services-and-connected-experiences.md
+++ b/windows/privacy/essential-services-and-connected-experiences.md
@@ -198,13 +198,13 @@ Windows ships with Microsoft Edge and Internet Explorer on Windows 10 devices. M
 
 You can find details on all of Edge's connected experiences and essential services [here](/microsoft-edge/privacy-whitepaper/).
 
-To turn off specific Edge feature, see [Microsoft Edge](manage-connections-from-windows-operating-system-components-to-microsoft-services#13-microsoft-edge).
+To turn off specific Edge feature, see [Microsoft Edge](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#13-microsoft-edge).
 
 ## IE Essential Services and Connected Experiences
 
 Internet Explorer shares many of the Windows essential services listed above. The following table provides more details on the essential services and connected experiences specific to Internet Explorer.
 
-Note: Apart from ActiveX Filtering, which is an essential service, all other features listed below are connected experiences. To turn off specific connected experiences, see [Internet Explorer](manage-connections-from-windows-operating-system-components-to-microsoft-services#8-internet-explorer).
+Note: Apart from ActiveX Filtering, which is an essential service, all other features listed below are connected experiences. To turn off specific connected experiences, see [Internet Explorer](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#8-internet-explorer).
 
 <table>
 <thead>
@@ -266,36 +266,30 @@ Note: Apart from ActiveX Filtering, which is an essential service, all other fea
 
 ## Related links
 
-- [Manage connections from Windows 10 operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services)
+- [Manage connections from Windows 10 operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md)
 
-- [Connected Experiences in Office.](/deployoffice/privacy/connected-experiences)
+- [Connected Experiences in Office.](/deployoffice/privacy/connected-experiences.md)
 
-- [Essential Services in Office.](/deployoffice/privacy/essential-services)
+- [Essential Services in Office.](/deployoffice/privacy/essential-services.md)
+
+## Other Windows 10 editions
 
 To view endpoints for Windows 10 Enterprise, see:
 
-- [Manage connection endpoints for Windows 10, version 20H2](manage-windows-20h2-endpoints)
-
-- [Manage connection endpoints for Windows 10, version 1909](manage-windows-1909-endpoints)
-
-- [Manage connection endpoints for Windows 10, version 1903](manage-windows-1903-endpoints)
-
-- [Manage connection endpoints for Windows 10, version 1809](manage-windows-1809-endpoints)
-
-- [Manage connection endpoints for Windows 10, version 1803](manage-windows-1803-endpoints)
-
-- [Manage connection endpoints for Windows 10, version 1709](manage-windows-1709-endpoints)
+- [Manage connection endpoints for Windows 10, version 20H2](manage-windows-20h2-endpoints.md)
+- [Manage connection endpoints for Windows 10, version 2004](manage-windows-2004-endpoints.md)
+- [Manage connection endpoints for Windows 10, version 1909](manage-windows-1909-endpoints.md)
+- [Manage connection endpoints for Windows 10, version 1903](manage-windows-1903-endpoints.md)
+- [Manage connection endpoints for Windows 10, version 1809](manage-windows-1809-endpoints.md)
+- [Manage connection endpoints for Windows 10, version 1803](manage-windows-1803-endpoints.md)
+- [Manage connection endpoints for Windows 10, version 1709](manage-windows-1709-endpoints.md)
 
 To view endpoints for non-Enterprise Windows 10 editions, see:
 
-- Windows 10, version 20H2, connection endpoints for non-Enterprise editions
-
-- [Windows 10, version 1909, connection endpoints for non-Enterprise editions](windows-endpoints-1909-non-enterprise-editions)
-
-- [Windows 10, version 1903, connection endpoints for non-Enterprise editions](windows-endpoints-1903-non-enterprise-editions)
-
-- [Windows 10, version 1809, connection endpoints for non-Enterprise editions](windows-endpoints-1809-non-enterprise-editions)
-
-- [Windows 10, version 1803, connection endpoints for non-Enterprise editions](windows-endpoints-1803-non-enterprise-editions)
-
-- [Windows 10, version 1709, connection endpoints for non-Enterprise editions](windows-endpoints-1709-non-enterprise-editions)
+- [Windows 10, version 20H2, connection endpoints for non-Enterprise editions](manage-windows-20h2-endpoints.md)
+- [Windows 10, version 2004, connection endpoints for non-Enterprise editions](windows-endpoints-2004-non-enterprise-editions.md.md)
+- [Windows 10, version 1909, connection endpoints for non-Enterprise editions](windows-endpoints-1909-non-enterprise-editions.md)
+- [Windows 10, version 1903, connection endpoints for non-Enterprise editions](windows-endpoints-1903-non-enterprise-editions.md)
+- [Windows 10, version 1809, connection endpoints for non-Enterprise editions](windows-endpoints-1809-non-enterprise-editions.md)
+- [Windows 10, version 1803, connection endpoints for non-Enterprise editions](windows-endpoints-1803-non-enterprise-editions.md)
+- [Windows 10, version 1709, connection endpoints for non-Enterprise editions](windows-endpoints-1709-non-enterprise-editions.md)

From f23a81195983e60ab45ed29453efc575f44485ea Mon Sep 17 00:00:00 2001
From: Sinead O'Sullivan <siosulli@microsoft.com>
Date: Mon, 28 Jun 2021 16:29:50 +0100
Subject: [PATCH 40/61] Update essential-services-and-connected-experiences.md

---
 .../essential-services-and-connected-experiences.md  | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/windows/privacy/essential-services-and-connected-experiences.md b/windows/privacy/essential-services-and-connected-experiences.md
index a6f49de021..effda1cdb9 100644
--- a/windows/privacy/essential-services-and-connected-experiences.md
+++ b/windows/privacy/essential-services-and-connected-experiences.md
@@ -46,28 +46,28 @@ Windows connected experiences and essential services transfer data to Microsoft
 <tr class="odd">
 <td>Authentication</td>
 <td><p>The authentication service is required to enable sign in to work or school accounts. It validates a user’s identity and provides access to multiple apps and system components like OneDrive and activity history. Using a work or school account to sign in to Windows 10 enables Microsoft to provide a consistent experience across your devices. If the authentication service is turned off, many apps and components may lose functionality and users may not be able to sign in.</p>
-<p>To turn it off, see <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services#12-microsoft-account">Microsoft Account</a></p></td>
+<p>To turn it off, see <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services#12-microsoft-account.md">Microsoft Account</a></p></td>
 </tr>
 <tr class="even">
 <td>Certificates</td>
 <td><p>Certificates are digital files, stored on client devices, used to both encrypt data and verify the identity of an individual or organization. Trusted root certificates issued by a certification authority (CA), are stored in a certificate trust list (CTL). The Automatic Root Certificates Update mechanism contacts Windows Updates to update the CTL. If a new version of the CTL is identified, the list of trusted root certificates cached on the local device will be updated. Untrusted certificates are certificates that are publicly known to be fraudulent. Untrusted certificates are also stored in a list on the local device and updated by the Automatic Root Certificates Update mechanism.<br />
 If automatic updates are turned off, applications and websites may stop working because they did not receive an updated root certificate that the application uses. Additionally, the list of untrusted certificates will no longer be updated, which increases the attack vector on the device.</p>
-<p>To turn it off, see <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services#1-automatic-root-certificates-update">Automatic Root Certificates Update</a></p></td>
+<p>To turn it off, see <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services#1-automatic-root-certificates-update.md">Automatic Root Certificates Update</a></p></td>
 </tr>
 <tr class="odd">
 <td><del>Configuration Service</del> Services Configuration</td>
 <td><p>Services Configuration is used by Windows components and apps, such as the telemetry service, to dynamically update their configuration. If you turn off this service, apps using this service may stop working.</p>
-<p>To turn it off, see <u>Services</u> <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services#1816-feedback--diagnostics">Configuration</a>.</p></td>
+<p>To turn it off, see <u>Services</u> <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services.md#1816-feedback--diagnostics">Configuration</a>.</p></td>
 </tr>
 <tr class="even">
 <td>Date and Time</td>
 <td><p>The Windows Time service is used to synchronize and maintain the most accurate date and time on your devices. It is installed by default and starts automatically on devices that are part of a domain. It can be started manually on other devices. If this service is stopped, date and time synchronization will be unavailable and any services that explicitly depend on it will fail to start.</p>
-<p>To turn it off, see <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services#3-date--time"><u>Date and Time</u></a></p></td>
+<p>To turn it off, see <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services.md#3-date--time"><u>Date and Time</u></a></p></td>
 </tr>
 <tr class="odd">
 <td>Licensing</td>
 <td><p>Licensing services are used for the activation of Windows, and apps purchased from the Microsoft Store. If you disable the Windows License Manager Service or the Software Protection Platform Service, it may prevent activation of genuine Windows as well as store applications.</p>
-<p>To turn it off, see <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services#9-license-manager">License Manager</a> and <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services#19-software-protection-platform">Software Protection Platform</a>.</p></td>
+<p>To turn it off, see <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services.md#9-license-manager">License Manager</a> and <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services.md#19-software-protection-platform">Software Protection Platform</a>.</p></td>
 </tr>
 <tr class="even">
 <td>Networking</td>
@@ -77,7 +77,7 @@ If automatic updates are turned off, applications and websites may stop working
 <tr class="odd">
 <td><del>Setup Service</del> Device setup</td>
 <td><p>The first time a user sets up a new device, the Windows out-of-box experience (OOBE) guides the user through the steps to accept the license agreement, connect to the internet, sign in to (or sign up for) a Microsoft account, and takes care of other important tasks. Most settings can also be changed after setup is completed.</p>
-<p>To customize the initial setup experience, see <a href="/windows-hardware/customize/desktop/customize-oobe">Customize Setup</a></p></td>
+<p>To customize the initial setup experience, see <a href="/windows-hardware/customize/desktop/customize-oobe.md">Customize Setup</a></p></td>
 </tr>
 <tr class="even">
 <td>Telemetry</td>

From 14e116c6ffe6f80bd2ef37c544854d76a84dd00f Mon Sep 17 00:00:00 2001
From: Sinead O'Sullivan <siosulli@microsoft.com>
Date: Mon, 28 Jun 2021 16:35:40 +0100
Subject: [PATCH 41/61] Update essential-services-and-connected-experiences.md

---
 ...tial-services-and-connected-experiences.md | 40 +++++++++----------
 1 file changed, 20 insertions(+), 20 deletions(-)

diff --git a/windows/privacy/essential-services-and-connected-experiences.md b/windows/privacy/essential-services-and-connected-experiences.md
index effda1cdb9..eeb9953de7 100644
--- a/windows/privacy/essential-services-and-connected-experiences.md
+++ b/windows/privacy/essential-services-and-connected-experiences.md
@@ -46,13 +46,13 @@ Windows connected experiences and essential services transfer data to Microsoft
 <tr class="odd">
 <td>Authentication</td>
 <td><p>The authentication service is required to enable sign in to work or school accounts. It validates a user’s identity and provides access to multiple apps and system components like OneDrive and activity history. Using a work or school account to sign in to Windows 10 enables Microsoft to provide a consistent experience across your devices. If the authentication service is turned off, many apps and components may lose functionality and users may not be able to sign in.</p>
-<p>To turn it off, see <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services#12-microsoft-account.md">Microsoft Account</a></p></td>
+<p>To turn it off, see <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services.md#12-microsoft-account">Microsoft Account</a></p></td>
 </tr>
 <tr class="even">
 <td>Certificates</td>
 <td><p>Certificates are digital files, stored on client devices, used to both encrypt data and verify the identity of an individual or organization. Trusted root certificates issued by a certification authority (CA), are stored in a certificate trust list (CTL). The Automatic Root Certificates Update mechanism contacts Windows Updates to update the CTL. If a new version of the CTL is identified, the list of trusted root certificates cached on the local device will be updated. Untrusted certificates are certificates that are publicly known to be fraudulent. Untrusted certificates are also stored in a list on the local device and updated by the Automatic Root Certificates Update mechanism.<br />
 If automatic updates are turned off, applications and websites may stop working because they did not receive an updated root certificate that the application uses. Additionally, the list of untrusted certificates will no longer be updated, which increases the attack vector on the device.</p>
-<p>To turn it off, see <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services#1-automatic-root-certificates-update.md">Automatic Root Certificates Update</a></p></td>
+<p>To turn it off, see <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services.md#1-automatic-root-certificates-update">Automatic Root Certificates Update</a></p></td>
 </tr>
 <tr class="odd">
 <td><del>Configuration Service</del> Services Configuration</td>
@@ -82,13 +82,13 @@ If automatic updates are turned off, applications and websites may stop working
 <tr class="even">
 <td>Telemetry</td>
 <td><p>Microsoft collects diagnostic data including error data about your device with the help of the telemetry service. Diagnostic data gives every user a voice in the operating system’s development and ongoing improvement. It helps us understand how Windows 10 behaves in the real world, focus on user priorities, find, and fix problems, and improve services. This data allows Microsoft to improve the Windows experience. Setting diagnostic data to off means important information to help fix issues and improve quality will not be available to Microsoft.</p>
-<p>To turn it off, see <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services#1816-feedback--diagnostics">Telemetry Services</a>.</p></td>
+<p>To turn it off, see <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services.md#1816-feedback--diagnostics">Telemetry Services</a>.</p></td>
 </tr>
 <tr class="odd">
 <td>Windows Update</td>
 <td><p>Windows Update ensures devices are kept up to date and secure by downloading the latest updates and security patches for Windows. This service also enables users download apps from the Microsoft Store and keep them up to date.</p>
 <p>Turning off Windows Update will potentially leave your Windows devices in a vulnerable state and more prone to security threats.</p>
-<p>To turn it off, see <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services#29-windows-update">Windows Update</a></p></td>
+<p>To turn it off, see <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services.md#29-windows-update">Windows Update</a></p></td>
 </tr>
 </tbody>
 </table>
@@ -106,88 +106,88 @@ If automatic updates are turned off, applications and websites may stop working
 <tr class="odd">
 <td>Device metadata retrieval</td>
 <td><p>When Windows 10 detects a new device, it queries an online service called the Windows Metadata and Internet Services (WMIS) for a metadata package for the device. If a device metadata package is available on WMIS, the Device Metadata Retrieval Client (DMRC) that runs on the local device downloads and installs the package.</p>
-<p>To turn it off, see <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services#4-device-metadata-retrieval">Device Metadata Retrieval</a>.</p></td>
+<p>To turn it off, see <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services.md#4-device-metadata-retrieval">Device Metadata Retrieval</a>.</p></td>
 </tr>
 <tr class="even">
 <td>Delivery optimization</td>
 <td><p>Delivery Optimization is a cloud-managed, peer-to-peer client and a downloader service for Windows updates, upgrades, and applications to an organization's networked devices. Delivery Optimization allows devices to download updates from alternate sources (such as other peers on the network), in addition to Microsoft servers. This helps when you have a limited or unreliable Internet connection and reduces the bandwidth needed to keep all your organization's devices up to date.</p>
 <p>If you have Delivery Optimization Peer-to-Peer option turned on, devices on your network may send and receive updates and apps to other devices on your local network, if you choose, or to devices on the Internet.</p>
 <p>By default, devices running Windows 10 will only use Delivery Optimization to get and receive updates for devices and apps on your local network.</p>
-<p>To turn it off, see <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services#28-delivery-optimization">Delivery Optimization.</a></p></td>
+<p>To turn it off, see <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services.md#28-delivery-optimization">Delivery Optimization.</a></p></td>
 </tr>
 <tr class="odd">
 <td>Speech Recognition</td>
 <td><p>Microsoft provides a cloud-based (online) speech recognition technology that allows users to write text by speaking or interact with this system using your voice. It functions by converting speech audio into transcribed text. Turning on the online speech recognition setting enables the use of Microsoft cloud-based speech recognition in Cortana, the Mixed Reality Portal, dictation in Windows from the software keyboard, supported Microsoft Store apps, and in other parts of Windows 10.</p>
-<p>To turn it off, see <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services#186-speech">Speech</a> Recognition.</p></td>
+<p>To turn it off, see <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services.md#186-speech">Speech</a> Recognition.</p></td>
 </tr>
 <tr class="even">
 <td>Find My Device</td>
 <td><p>Find My Device is a feature that can help users locate their Windows 10 device if it's lost or stolen. This feature only works if a Microsoft account is used to logon to the device, the user is an administrator on the device and when location is turned on for the device. Users can find their device by logging in to https://account.microsoft.com/devices under the Find My Device tab.</p>
-<p>To turn it off, see <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services#5-find-my-device">Find My Device.</a></p></td>
+<p>To turn it off, see <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services.md#5-find-my-device">Find My Device.</a></p></td>
 </tr>
 <tr class="odd">
 <td>Windows Insider Program</td>
 <td><p>The Windows Insider Preview program lets you help shape the future of Windows, be part of the community, and get early access to releases of Windows 10. Once you've registered for the program, you can run Insider Preview builds on as many devices as you want, each in the channel of your choice. Learn how to join the Windows Insider program by visiting the program’s <a href="https://insider.windows.com/">website</a>.</p>
-<p>To turn it off, see <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services#7-insider-preview-builds">Windows</a> Insider Program.</p></td>
+<p>To turn it off, see <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services.md#7-insider-preview-builds">Windows</a> Insider Program.</p></td>
 </tr>
 <tr class="even">
 <td>Location services</td>
 <td><p>The device location setting enables certain Windows features such as auto setting the time zone or Find My Device to function properly. When the device location setting is enabled, the Microsoft location service will use a combination of global positioning service (GPS), nearby wireless access points, cell towers, and IP address to determine the device’s location. Depending on the capabilities of the device, its location can be determined with varying degrees of accuracy and may in some cases be determined precisely.</p>
-<p>To turn it off, see <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services#182-location">Location Services.</a></p></td>
+<p>To turn it off, see <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services.md#182-location">Location Services.</a></p></td>
 </tr>
 <tr class="odd">
 <td>Microsoft Store</td>
 <td><p>Microsoft Store enables users to purchase and download apps, games, and digital content. The Store also enables the developers of these apps to send toast, tile, badge, and raw updates from their own cloud service. This provides a mechanism to deliver new updates to store apps in a power-efficient and dependable way. The Store can also revoke malicious apps.</p>
-<p>To turn it off, see <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services#26-microsoft-store">Microsoft Store.</a></p></td>
+<p>To turn it off, see <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services.md#26-microsoft-store">Microsoft Store.</a></p></td>
 </tr>
 <tr class="even">
 <td>Microsoft Defender Antivirus</td>
 <td><p>Microsoft Defender Antivirus provides cloud-delivered protection against new and emerging threats for the devices in your organization.</p>
 <p>Turning off Microsoft Defender Antivirus will potentially leave your Windows devices in a vulnerable state and more prone to security threats.</p>
-<p>To turn it off, see <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services#24-windows-defender">Microsoft Defender</a> Antivirus.</p></td>
+<p>To turn it off, see <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services.md#24-windows-defender">Microsoft Defender</a> Antivirus.</p></td>
 </tr>
 <tr class="odd">
 <td>Microsoft Defender SmartScreen</td>
 <td><p>Microsoft Defender SmartScreen is a feature of Windows, Internet Explorer, and Microsoft Edge. It helps protect users against phishing or malware websites and applications, and the downloading of potentially malicious files.</p>
 <p>Turning off Microsoft Defender SmartScreen means you cannot block a website or warn users they may be accessing a malicious site.</p>
-<p>To turn it off, see <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services#241-windows-defender-smartscreen">Microsoft Defender SmartScreen</a>.</p></td>
+<p>To turn it off, see <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services.md#241-windows-defender-smartscreen">Microsoft Defender SmartScreen</a>.</p></td>
 </tr>
 <tr class="even">
 <td>Windows Search</td>
 <td><p>Windows Search lets users use the search box on the taskbar to find what they are looking for, whether it’s on their device, in the cloud, or on the web. Windows Search can provide results for items from the device (including apps, settings, and files), the users account(including OneDrive, SharePoint, and other Microsoft services), and the internet.</p>
-<p>To turn it off, see <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services#21-cortana-and-search-group-policies">Windows Search</a>.</p></td>
+<p>To turn it off, see <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services.md#21-cortana-and-search-group-policies">Windows Search</a>.</p></td>
 </tr>
 <tr class="odd">
 <td>Windows Spotlight</td>
 <td><p>Windows Spotlight displays new background images on the lock screen each day. Additionally, it provides feature suggestions, fun facts, and tips on the lock screen background.</p>
 <p>Administrators can turn off Windows Spotlight features to prevent users from using the Windows Spotlight background.</p>
-<p>To turn it off, see <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services#25-windows-spotlight">Windows Spotlight.</a></p></td>
+<p>To turn it off, see <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services.md#25-windows-spotlight">Windows Spotlight.</a></p></td>
 </tr>
 <tr class="even">
 <td>Activity History</td>
 <td><p>Activity History shows a history of activities a user has performed and can even synchronize activities across multiple devices for the same user.</p>
 <p>Synchronization across devices only works when a user signs in with the same account.</p>
-<p>To turn it off, see <a href="privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#bkmk-act-history">Activity History.</a></p></td>
+<p>To turn it off, see <a href="privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-act-history">Activity History.</a></p></td>
 </tr>
 <tr class="odd">
 <td>Settings Synchronization</td>
 <td><p>With settings synchronization is turned on, a user's settings are synced across all Windows 10 devices when they sign in with the same account.</p>
-<p>To turn it off, see <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services#21-sync-your-settings">Sync Your Settings</a></p></td>
+<p>To turn it off, see <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services.md#21-sync-your-settings">Sync Your Settings</a></p></td>
 </tr>
 <tr class="even">
 <td>Cloud Clipboard</td>
 <td><p>Cloud Clipboard enables users to copy images and text across all Windows 10 devices when they sign in with the same account. Users can paste from their clipboard history and also pin items.</p>
-<p>To turn it off, see <a href="/windows/client-management/mdm/policy-csp-privacy#privacy-allowcrossdeviceclipboard">Cloud Clipboard</a></p></td>
+<p>To turn it off, see <a href="/windows/client-management/mdm/policy-csp-privacy.md#privacy-allowcrossdeviceclipboard">Cloud Clipboard</a></p></td>
 </tr>
 <tr class="odd">
 <td>OneDrive</td>
 <td><p>OneDrive is a cloud storage system that allows you to save your files and photos, and access them from any device, anywhere.</p>
-<p>To turn off OneDrive, see <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services#16-onedrive">OneDrive</a>.</p></td>
+<p>To turn off OneDrive, see <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services.md#16-onedrive">OneDrive</a>.</p></td>
 </tr>
 <tr class="even">
 <td>Font Streaming</td>
 <td><p>Font Streaming enables Windows 10 devices to download fonts that are included in Windows but that are not stored on the local device on demand.</p>
-<p>To turn it off, see <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services#6-font-streaming">Font Streaming</a>.</p></td>
+<p>To turn it off, see <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services.md#6-font-streaming">Font Streaming</a>.</p></td>
 </tr>
 </tbody>
 </table>

From 9463ad848deeff7a0933e11584528a307f57f1a5 Mon Sep 17 00:00:00 2001
From: Sinead O'Sullivan <siosulli@microsoft.com>
Date: Mon, 28 Jun 2021 16:49:51 +0100
Subject: [PATCH 42/61] Update essential-services-and-connected-experiences.md

---
 .../essential-services-and-connected-experiences.md       | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/windows/privacy/essential-services-and-connected-experiences.md b/windows/privacy/essential-services-and-connected-experiences.md
index eeb9953de7..c0255242e2 100644
--- a/windows/privacy/essential-services-and-connected-experiences.md
+++ b/windows/privacy/essential-services-and-connected-experiences.md
@@ -72,8 +72,8 @@ If automatic updates are turned off, applications and websites may stop working
 <tr class="even">
 <td>Networking</td>
 <td><p>Networking in Windows provides connectivity to and from your devices to the local intranet and internet. If you turn off networking, Windows 10 devices will lose network connectivity.</p>
-<p>To turn off Network Adapters, see <a href="/powershell/module/netadapter/disable-netadapter?view=windowsserver2019-ps">Disable-NetAdapter</a></p></td>
-</tr>
+<p>To turn off Network Adapters, see <a href="/powershell/module/netadapter/disable-netadapter?view=windowsserver2019-ps&preserve-view=true">Disable-NetAdapter</a></p></td>
+</tr
 <tr class="odd">
 <td><del>Setup Service</del> Device setup</td>
 <td><p>The first time a user sets up a new device, the Windows out-of-box experience (OOBE) guides the user through the steps to accept the license agreement, connect to the internet, sign in to (or sign up for) a Microsoft account, and takes care of other important tasks. Most settings can also be changed after setup is completed.</p>
@@ -167,7 +167,7 @@ If automatic updates are turned off, applications and websites may stop working
 <td>Activity History</td>
 <td><p>Activity History shows a history of activities a user has performed and can even synchronize activities across multiple devices for the same user.</p>
 <p>Synchronization across devices only works when a user signs in with the same account.</p>
-<p>To turn it off, see <a href="privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-act-history">Activity History.</a></p></td>
+<p>To turn it off, see <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-act-history">Activity History.</a></p></td>
 </tr>
 <tr class="odd">
 <td>Settings Synchronization</td>
@@ -287,7 +287,7 @@ To view endpoints for Windows 10 Enterprise, see:
 To view endpoints for non-Enterprise Windows 10 editions, see:
 
 - [Windows 10, version 20H2, connection endpoints for non-Enterprise editions](manage-windows-20h2-endpoints.md)
-- [Windows 10, version 2004, connection endpoints for non-Enterprise editions](windows-endpoints-2004-non-enterprise-editions.md.md)
+- [Windows 10, version 2004, connection endpoints for non-Enterprise editions](windows-endpoints-2004-non-enterprise-editions.md)
 - [Windows 10, version 1909, connection endpoints for non-Enterprise editions](windows-endpoints-1909-non-enterprise-editions.md)
 - [Windows 10, version 1903, connection endpoints for non-Enterprise editions](windows-endpoints-1903-non-enterprise-editions.md)
 - [Windows 10, version 1809, connection endpoints for non-Enterprise editions](windows-endpoints-1809-non-enterprise-editions.md)

From 6243c7987c3dbc7c8594428897aff7ced287c61f Mon Sep 17 00:00:00 2001
From: Sinead O'Sullivan <siosulli@microsoft.com>
Date: Mon, 28 Jun 2021 18:26:32 +0100
Subject: [PATCH 43/61] Update essential-services-and-connected-experiences.md

---
 .../essential-services-and-connected-experiences.md | 13 +++++--------
 1 file changed, 5 insertions(+), 8 deletions(-)

diff --git a/windows/privacy/essential-services-and-connected-experiences.md b/windows/privacy/essential-services-and-connected-experiences.md
index c0255242e2..d887a20743 100644
--- a/windows/privacy/essential-services-and-connected-experiences.md
+++ b/windows/privacy/essential-services-and-connected-experiences.md
@@ -18,15 +18,13 @@ ms.date: 6/28/2021
 
 # Essential Services and Connected Experiences for Windows 10
 
-Applies to:
+**Applies to:**
 
 - Windows 10, version 1903 and later
 
-Windows includes features that connect to the internet to provide enhanced experiences and additional service based capabilities. These are called “connected experiences”. For example, Microsoft Defender Antivirus is a connected experience that delivers updated protection to keep the devices in your organization secure. Required service data is collected to enables us provide these cloud-based connected experiences and it's crucial to help keep them secure, up to date and performing properly. Windows diagnostic data is separate from required service data.For more information on Windows diagnostic data see [Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md).
+Windows includes features that connect to the internet to provide enhanced experiences and additional service based capabilities. These are called “connected experiences”. For example, Microsoft Defender Antivirus is a connected experience that delivers updated protection to keep the devices in your organization secure. When a connected experience is used, data is sent to and processed by Microsoft to provide that connected experiences. This data is crucial because this information enables us to deliver these cloud-based connected experiences. We refer to this data as required service data. Required service data can include information related to the operation of the connected experience that is needed to keep the underlying service secure, up to date, and performing as expected. Required service data is separate from Windows diagnostic data. For more information on Windows diagnostic data see [Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md).
 
-Connected experiences that are critical to the proper functioning of Windows are called “essential services”. For example, the Windows licensing service confirms that you are properly licensed to use Windows.
-
-While you can control many of the connected experiences that are available to you and your organization, we recommend that you carefully assess the impact of turning off essential services.
+Connected experiences that are critical to the proper functioning of Windows are called “essential services”. For example, the Windows licensing service confirms that you are properly licensed to use Windows. While you can control many of the connected experiences that are available to you and your organization, we recommend that you carefully assess the impact of turning off essential services.
 
 Windows connected experiences and essential services transfer data to Microsoft network endpoints. The article [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md) provides details about the different ways to control traffic to these endpoints. Where applicable, each connected experience or essential service includes a link to the specific details on how to control that traffic.
 
@@ -55,7 +53,6 @@ If automatic updates are turned off, applications and websites may stop working
 <p>To turn it off, see <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services.md#1-automatic-root-certificates-update">Automatic Root Certificates Update</a></p></td>
 </tr>
 <tr class="odd">
-<td><del>Configuration Service</del> Services Configuration</td>
 <td><p>Services Configuration is used by Windows components and apps, such as the telemetry service, to dynamically update their configuration. If you turn off this service, apps using this service may stop working.</p>
 <p>To turn it off, see <u>Services</u> <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services.md#1816-feedback--diagnostics">Configuration</a>.</p></td>
 </tr>
@@ -73,9 +70,9 @@ If automatic updates are turned off, applications and websites may stop working
 <td>Networking</td>
 <td><p>Networking in Windows provides connectivity to and from your devices to the local intranet and internet. If you turn off networking, Windows 10 devices will lose network connectivity.</p>
 <p>To turn off Network Adapters, see <a href="/powershell/module/netadapter/disable-netadapter?view=windowsserver2019-ps&preserve-view=true">Disable-NetAdapter</a></p></td>
-</tr
+</tr>
 <tr class="odd">
-<td><del>Setup Service</del> Device setup</td>
+<td>Device setup</td>
 <td><p>The first time a user sets up a new device, the Windows out-of-box experience (OOBE) guides the user through the steps to accept the license agreement, connect to the internet, sign in to (or sign up for) a Microsoft account, and takes care of other important tasks. Most settings can also be changed after setup is completed.</p>
 <p>To customize the initial setup experience, see <a href="/windows-hardware/customize/desktop/customize-oobe.md">Customize Setup</a></p></td>
 </tr>

From 6c795d046171f634cb9ce4dcff38fa7af202ad1a Mon Sep 17 00:00:00 2001
From: Sinead O'Sullivan <siosulli@microsoft.com>
Date: Mon, 28 Jun 2021 18:28:01 +0100
Subject: [PATCH 44/61] updates-dpsw

---
 .../privacy/essential-services-and-connected-experiences.md   | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/windows/privacy/essential-services-and-connected-experiences.md b/windows/privacy/essential-services-and-connected-experiences.md
index d887a20743..6248a9e940 100644
--- a/windows/privacy/essential-services-and-connected-experiences.md
+++ b/windows/privacy/essential-services-and-connected-experiences.md
@@ -229,10 +229,6 @@ Note: Apart from ActiveX Filtering, which is an essential service, all other fea
 <td>Auto-complete feature for web addresses</td>
 <td>The auto-complete feature suggests possible matches when users are typing web addresses in the browser address bar.</td>
 </tr>
-<tr class="odd">
-<td></td>
-<td></td>
-</tr>
 <tr class="even">
 <td>Compatibility logging</td>
 <td>This feature is designed for use by developers and IT professionals to determine the compatibility of their websites with Internet Explorer. It is disabled by default and needs to be enabled to start logging Internet Explorer events in the Windows Event Viewer. These events describe failures that might have happened on the site and can include information about specific controls and webpages that failed.</td>

From 6d52b9b2c51d029a930e117fa7a3b71fca4af698 Mon Sep 17 00:00:00 2001
From: Sinead O'Sullivan <siosulli@microsoft.com>
Date: Mon, 28 Jun 2021 18:34:15 +0100
Subject: [PATCH 45/61] Update essential-services-and-connected-experiences.md

---
 windows/privacy/essential-services-and-connected-experiences.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/windows/privacy/essential-services-and-connected-experiences.md b/windows/privacy/essential-services-and-connected-experiences.md
index 6248a9e940..1e45b7afda 100644
--- a/windows/privacy/essential-services-and-connected-experiences.md
+++ b/windows/privacy/essential-services-and-connected-experiences.md
@@ -53,6 +53,7 @@ If automatic updates are turned off, applications and websites may stop working
 <p>To turn it off, see <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services.md#1-automatic-root-certificates-update">Automatic Root Certificates Update</a></p></td>
 </tr>
 <tr class="odd">
+<td>Services Configuration</td>
 <td><p>Services Configuration is used by Windows components and apps, such as the telemetry service, to dynamically update their configuration. If you turn off this service, apps using this service may stop working.</p>
 <p>To turn it off, see <u>Services</u> <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services.md#1816-feedback--diagnostics">Configuration</a>.</p></td>
 </tr>

From 69c8580b7110cb2a8743e7c3f037fcd51c0b5578 Mon Sep 17 00:00:00 2001
From: Sinead O'Sullivan <siosulli@microsoft.com>
Date: Mon, 28 Jun 2021 20:21:59 +0100
Subject: [PATCH 46/61] Update essential-services-and-connected-experiences.md

---
 ...essential-services-and-connected-experiences.md | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/windows/privacy/essential-services-and-connected-experiences.md b/windows/privacy/essential-services-and-connected-experiences.md
index 1e45b7afda..adb832d45c 100644
--- a/windows/privacy/essential-services-and-connected-experiences.md
+++ b/windows/privacy/essential-services-and-connected-experiences.md
@@ -22,7 +22,11 @@ ms.date: 6/28/2021
 
 - Windows 10, version 1903 and later
 
-Windows includes features that connect to the internet to provide enhanced experiences and additional service based capabilities. These are called “connected experiences”. For example, Microsoft Defender Antivirus is a connected experience that delivers updated protection to keep the devices in your organization secure. When a connected experience is used, data is sent to and processed by Microsoft to provide that connected experiences. This data is crucial because this information enables us to deliver these cloud-based connected experiences. We refer to this data as required service data. Required service data can include information related to the operation of the connected experience that is needed to keep the underlying service secure, up to date, and performing as expected. Required service data is separate from Windows diagnostic data. For more information on Windows diagnostic data see [Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md).
+Windows includes features that connect to the internet to provide enhanced experiences and additional service based capabilities. These are called “connected experiences”. For example, Microsoft Defender Antivirus is a connected experience that delivers updated protection to keep the devices in your organization secure.
+
+When a connected experience is used, data is sent to and processed by Microsoft to provide that connected experiences. This data is crucial because this information enables us to deliver these cloud-based connected experiences. We refer to this data as required service data. Required service data can include information related to the operation of the connected experience that is needed to keep the underlying service secure, up to date, and performing as expected.
+
+Required service data is separate from Windows diagnostic data. For more information on Windows diagnostic data see [Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md).
 
 Connected experiences that are critical to the proper functioning of Windows are called “essential services”. For example, the Windows licensing service confirms that you are properly licensed to use Windows. While you can control many of the connected experiences that are available to you and your organization, we recommend that you carefully assess the impact of turning off essential services.
 
@@ -55,7 +59,7 @@ If automatic updates are turned off, applications and websites may stop working
 <tr class="odd">
 <td>Services Configuration</td>
 <td><p>Services Configuration is used by Windows components and apps, such as the telemetry service, to dynamically update their configuration. If you turn off this service, apps using this service may stop working.</p>
-<p>To turn it off, see <u>Services</u> <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services.md#1816-feedback--diagnostics">Configuration</a>.</p></td>
+<p>To turn it off, see <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services.md#1816-feedback--diagnostics"><u>Services Configuration</u></a>.</p></td>
 </tr>
 <tr class="even">
 <td>Date and Time</td>
@@ -116,7 +120,7 @@ If automatic updates are turned off, applications and websites may stop working
 <tr class="odd">
 <td>Speech Recognition</td>
 <td><p>Microsoft provides a cloud-based (online) speech recognition technology that allows users to write text by speaking or interact with this system using your voice. It functions by converting speech audio into transcribed text. Turning on the online speech recognition setting enables the use of Microsoft cloud-based speech recognition in Cortana, the Mixed Reality Portal, dictation in Windows from the software keyboard, supported Microsoft Store apps, and in other parts of Windows 10.</p>
-<p>To turn it off, see <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services.md#186-speech">Speech</a> Recognition.</p></td>
+<p>To turn it off, see <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services.md#186-speech">Speech Recognition.</a></p></td>
 </tr>
 <tr class="even">
 <td>Find My Device</td>
@@ -126,7 +130,7 @@ If automatic updates are turned off, applications and websites may stop working
 <tr class="odd">
 <td>Windows Insider Program</td>
 <td><p>The Windows Insider Preview program lets you help shape the future of Windows, be part of the community, and get early access to releases of Windows 10. Once you've registered for the program, you can run Insider Preview builds on as many devices as you want, each in the channel of your choice. Learn how to join the Windows Insider program by visiting the program’s <a href="https://insider.windows.com/">website</a>.</p>
-<p>To turn it off, see <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services.md#7-insider-preview-builds">Windows</a> Insider Program.</p></td>
+<p>To turn it off, see <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services.md#7-insider-preview-builds">Windows Insider Program.</a></p></td>
 </tr>
 <tr class="even">
 <td>Location services</td>
@@ -142,7 +146,7 @@ If automatic updates are turned off, applications and websites may stop working
 <td>Microsoft Defender Antivirus</td>
 <td><p>Microsoft Defender Antivirus provides cloud-delivered protection against new and emerging threats for the devices in your organization.</p>
 <p>Turning off Microsoft Defender Antivirus will potentially leave your Windows devices in a vulnerable state and more prone to security threats.</p>
-<p>To turn it off, see <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services.md#24-windows-defender">Microsoft Defender</a> Antivirus.</p></td>
+<p>To turn it off, see <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services.md#24-windows-defender">Microsoft Defender Antivirus.</a></p></td>
 </tr>
 <tr class="odd">
 <td>Microsoft Defender SmartScreen</td>

From 4d4b75f0bc10e3d9ce65b83fe68e68261f6f6b79 Mon Sep 17 00:00:00 2001
From: Sinead O'Sullivan <siosulli@microsoft.com>
Date: Mon, 28 Jun 2021 20:35:29 +0100
Subject: [PATCH 47/61] Update essential-services-and-connected-experiences.md

---
 .../privacy/essential-services-and-connected-experiences.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/privacy/essential-services-and-connected-experiences.md b/windows/privacy/essential-services-and-connected-experiences.md
index adb832d45c..71770ac219 100644
--- a/windows/privacy/essential-services-and-connected-experiences.md
+++ b/windows/privacy/essential-services-and-connected-experiences.md
@@ -24,7 +24,7 @@ ms.date: 6/28/2021
 
 Windows includes features that connect to the internet to provide enhanced experiences and additional service based capabilities. These are called “connected experiences”. For example, Microsoft Defender Antivirus is a connected experience that delivers updated protection to keep the devices in your organization secure.
 
-When a connected experience is used, data is sent to and processed by Microsoft to provide that connected experiences. This data is crucial because this information enables us to deliver these cloud-based connected experiences. We refer to this data as required service data. Required service data can include information related to the operation of the connected experience that is needed to keep the underlying service secure, up to date, and performing as expected.
+When a connected experience is used, data is sent to and processed by Microsoft to provide that connected experience. This data is crucial because this information enables us to deliver these cloud-based connected experiences. We refer to this data as required service data. Required service data can include information related to the operation of the connected experience that is needed to keep the underlying service secure, up to date, and performing as expected.
 
 Required service data is separate from Windows diagnostic data. For more information on Windows diagnostic data see [Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md).
 
@@ -59,12 +59,12 @@ If automatic updates are turned off, applications and websites may stop working
 <tr class="odd">
 <td>Services Configuration</td>
 <td><p>Services Configuration is used by Windows components and apps, such as the telemetry service, to dynamically update their configuration. If you turn off this service, apps using this service may stop working.</p>
-<p>To turn it off, see <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services.md#1816-feedback--diagnostics"><u>Services Configuration</u></a>.</p></td>
+<p>To turn it off, see <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services.md#1816-feedback--diagnostics">Services Configuration</a>.</p></td>
 </tr>
 <tr class="even">
 <td>Date and Time</td>
 <td><p>The Windows Time service is used to synchronize and maintain the most accurate date and time on your devices. It is installed by default and starts automatically on devices that are part of a domain. It can be started manually on other devices. If this service is stopped, date and time synchronization will be unavailable and any services that explicitly depend on it will fail to start.</p>
-<p>To turn it off, see <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services.md#3-date--time"><u>Date and Time</u></a></p></td>
+<p>To turn it off, see <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services.md#3-date--time">Date and Time</a></p></td>
 </tr>
 <tr class="odd">
 <td>Licensing</td>

From 213795e4ba375fb38d95579d5c2a46cbf3f77d7a Mon Sep 17 00:00:00 2001
From: Sinead O'Sullivan <siosulli@microsoft.com>
Date: Mon, 28 Jun 2021 20:42:06 +0100
Subject: [PATCH 48/61] Update essential-services-and-connected-experiences.md

---
 ...tial-services-and-connected-experiences.md | 38 +++++++++----------
 1 file changed, 19 insertions(+), 19 deletions(-)

diff --git a/windows/privacy/essential-services-and-connected-experiences.md b/windows/privacy/essential-services-and-connected-experiences.md
index 71770ac219..3e9c11626f 100644
--- a/windows/privacy/essential-services-and-connected-experiences.md
+++ b/windows/privacy/essential-services-and-connected-experiences.md
@@ -24,7 +24,7 @@ ms.date: 6/28/2021
 
 Windows includes features that connect to the internet to provide enhanced experiences and additional service based capabilities. These are called “connected experiences”. For example, Microsoft Defender Antivirus is a connected experience that delivers updated protection to keep the devices in your organization secure.
 
-When a connected experience is used, data is sent to and processed by Microsoft to provide that connected experience. This data is crucial because this information enables us to deliver these cloud-based connected experiences. We refer to this data as required service data. Required service data can include information related to the operation of the connected experience that is needed to keep the underlying service secure, up to date, and performing as expected.
+When a connected experience is used, data is sent to and processed by Microsoft to provide that connected experiences. This data is crucial because this information enables us to deliver these cloud-based connected experiences. We refer to this data as required service data. Required service data can include information related to the operation of the connected experience that is needed to keep the underlying service secure, up to date, and performing as expected.
 
 Required service data is separate from Windows diagnostic data. For more information on Windows diagnostic data see [Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md).
 
@@ -48,23 +48,23 @@ Windows connected experiences and essential services transfer data to Microsoft
 <tr class="odd">
 <td>Authentication</td>
 <td><p>The authentication service is required to enable sign in to work or school accounts. It validates a user’s identity and provides access to multiple apps and system components like OneDrive and activity history. Using a work or school account to sign in to Windows 10 enables Microsoft to provide a consistent experience across your devices. If the authentication service is turned off, many apps and components may lose functionality and users may not be able to sign in.</p>
-<p>To turn it off, see <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services.md#12-microsoft-account">Microsoft Account</a></p></td>
+<p>To turn it off, see <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services.md#12-microsoft-account">Microsoft Account</a>.</p></td>
 </tr>
 <tr class="even">
 <td>Certificates</td>
 <td><p>Certificates are digital files, stored on client devices, used to both encrypt data and verify the identity of an individual or organization. Trusted root certificates issued by a certification authority (CA), are stored in a certificate trust list (CTL). The Automatic Root Certificates Update mechanism contacts Windows Updates to update the CTL. If a new version of the CTL is identified, the list of trusted root certificates cached on the local device will be updated. Untrusted certificates are certificates that are publicly known to be fraudulent. Untrusted certificates are also stored in a list on the local device and updated by the Automatic Root Certificates Update mechanism.<br />
 If automatic updates are turned off, applications and websites may stop working because they did not receive an updated root certificate that the application uses. Additionally, the list of untrusted certificates will no longer be updated, which increases the attack vector on the device.</p>
-<p>To turn it off, see <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services.md#1-automatic-root-certificates-update">Automatic Root Certificates Update</a></p></td>
+<p>To turn it off, see <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services.md#1-automatic-root-certificates-update">Automatic Root Certificates Update</a>.</p></td>
 </tr>
 <tr class="odd">
 <td>Services Configuration</td>
 <td><p>Services Configuration is used by Windows components and apps, such as the telemetry service, to dynamically update their configuration. If you turn off this service, apps using this service may stop working.</p>
-<p>To turn it off, see <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services.md#1816-feedback--diagnostics">Services Configuration</a>.</p></td>
+<p>To turn it off, see <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services.md#1816-feedback--diagnostics"><u>Services Configuration</u></a>.</p></td>
 </tr>
 <tr class="even">
 <td>Date and Time</td>
 <td><p>The Windows Time service is used to synchronize and maintain the most accurate date and time on your devices. It is installed by default and starts automatically on devices that are part of a domain. It can be started manually on other devices. If this service is stopped, date and time synchronization will be unavailable and any services that explicitly depend on it will fail to start.</p>
-<p>To turn it off, see <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services.md#3-date--time">Date and Time</a></p></td>
+<p>To turn it off, see <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services.md#3-date--time"><u>Date and Time</u></a></p></td>
 </tr>
 <tr class="odd">
 <td>Licensing</td>
@@ -74,12 +74,12 @@ If automatic updates are turned off, applications and websites may stop working
 <tr class="even">
 <td>Networking</td>
 <td><p>Networking in Windows provides connectivity to and from your devices to the local intranet and internet. If you turn off networking, Windows 10 devices will lose network connectivity.</p>
-<p>To turn off Network Adapters, see <a href="/powershell/module/netadapter/disable-netadapter?view=windowsserver2019-ps&preserve-view=true">Disable-NetAdapter</a></p></td>
+<p>To turn off Network Adapters, see <a href="/powershell/module/netadapter/disable-netadapter?view=windowsserver2019-ps&preserve-view=true">Disable-NetAdapter</a>.</p></td>
 </tr>
 <tr class="odd">
 <td>Device setup</td>
 <td><p>The first time a user sets up a new device, the Windows out-of-box experience (OOBE) guides the user through the steps to accept the license agreement, connect to the internet, sign in to (or sign up for) a Microsoft account, and takes care of other important tasks. Most settings can also be changed after setup is completed.</p>
-<p>To customize the initial setup experience, see <a href="/windows-hardware/customize/desktop/customize-oobe.md">Customize Setup</a></p></td>
+<p>To customize the initial setup experience, see <a href="/windows-hardware/customize/desktop/customize-oobe.md">Customize Setup</a>.</p></td>
 </tr>
 <tr class="even">
 <td>Telemetry</td>
@@ -90,7 +90,7 @@ If automatic updates are turned off, applications and websites may stop working
 <td>Windows Update</td>
 <td><p>Windows Update ensures devices are kept up to date and secure by downloading the latest updates and security patches for Windows. This service also enables users download apps from the Microsoft Store and keep them up to date.</p>
 <p>Turning off Windows Update will potentially leave your Windows devices in a vulnerable state and more prone to security threats.</p>
-<p>To turn it off, see <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services.md#29-windows-update">Windows Update</a></p></td>
+<p>To turn it off, see <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services.md#29-windows-update">Windows Update</a>.</p></td>
 </tr>
 </tbody>
 </table>
@@ -115,38 +115,38 @@ If automatic updates are turned off, applications and websites may stop working
 <td><p>Delivery Optimization is a cloud-managed, peer-to-peer client and a downloader service for Windows updates, upgrades, and applications to an organization's networked devices. Delivery Optimization allows devices to download updates from alternate sources (such as other peers on the network), in addition to Microsoft servers. This helps when you have a limited or unreliable Internet connection and reduces the bandwidth needed to keep all your organization's devices up to date.</p>
 <p>If you have Delivery Optimization Peer-to-Peer option turned on, devices on your network may send and receive updates and apps to other devices on your local network, if you choose, or to devices on the Internet.</p>
 <p>By default, devices running Windows 10 will only use Delivery Optimization to get and receive updates for devices and apps on your local network.</p>
-<p>To turn it off, see <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services.md#28-delivery-optimization">Delivery Optimization.</a></p></td>
+<p>To turn it off, see <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services.md#28-delivery-optimization">Delivery Optimization</a>.</p></td>
 </tr>
 <tr class="odd">
 <td>Speech Recognition</td>
 <td><p>Microsoft provides a cloud-based (online) speech recognition technology that allows users to write text by speaking or interact with this system using your voice. It functions by converting speech audio into transcribed text. Turning on the online speech recognition setting enables the use of Microsoft cloud-based speech recognition in Cortana, the Mixed Reality Portal, dictation in Windows from the software keyboard, supported Microsoft Store apps, and in other parts of Windows 10.</p>
-<p>To turn it off, see <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services.md#186-speech">Speech Recognition.</a></p></td>
+<p>To turn it off, see <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services.md#186-speech">Speech Recognition</a>.</p></td>
 </tr>
 <tr class="even">
 <td>Find My Device</td>
 <td><p>Find My Device is a feature that can help users locate their Windows 10 device if it's lost or stolen. This feature only works if a Microsoft account is used to logon to the device, the user is an administrator on the device and when location is turned on for the device. Users can find their device by logging in to https://account.microsoft.com/devices under the Find My Device tab.</p>
-<p>To turn it off, see <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services.md#5-find-my-device">Find My Device.</a></p></td>
+<p>To turn it off, see <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services.md#5-find-my-device">Find My Device</a>.</p></td>
 </tr>
 <tr class="odd">
 <td>Windows Insider Program</td>
 <td><p>The Windows Insider Preview program lets you help shape the future of Windows, be part of the community, and get early access to releases of Windows 10. Once you've registered for the program, you can run Insider Preview builds on as many devices as you want, each in the channel of your choice. Learn how to join the Windows Insider program by visiting the program’s <a href="https://insider.windows.com/">website</a>.</p>
-<p>To turn it off, see <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services.md#7-insider-preview-builds">Windows Insider Program.</a></p></td>
+<p>To turn it off, see <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services.md#7-insider-preview-builds">Windows Insider Program</a>.</p></td>
 </tr>
 <tr class="even">
 <td>Location services</td>
 <td><p>The device location setting enables certain Windows features such as auto setting the time zone or Find My Device to function properly. When the device location setting is enabled, the Microsoft location service will use a combination of global positioning service (GPS), nearby wireless access points, cell towers, and IP address to determine the device’s location. Depending on the capabilities of the device, its location can be determined with varying degrees of accuracy and may in some cases be determined precisely.</p>
-<p>To turn it off, see <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services.md#182-location">Location Services.</a></p></td>
+<p>To turn it off, see <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services.md#182-location">Location Services</a>.</p></td>
 </tr>
 <tr class="odd">
 <td>Microsoft Store</td>
 <td><p>Microsoft Store enables users to purchase and download apps, games, and digital content. The Store also enables the developers of these apps to send toast, tile, badge, and raw updates from their own cloud service. This provides a mechanism to deliver new updates to store apps in a power-efficient and dependable way. The Store can also revoke malicious apps.</p>
-<p>To turn it off, see <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services.md#26-microsoft-store">Microsoft Store.</a></p></td>
+<p>To turn it off, see <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services.md#26-microsoft-store">Microsoft Store</a>.</p></td>
 </tr>
 <tr class="even">
 <td>Microsoft Defender Antivirus</td>
 <td><p>Microsoft Defender Antivirus provides cloud-delivered protection against new and emerging threats for the devices in your organization.</p>
 <p>Turning off Microsoft Defender Antivirus will potentially leave your Windows devices in a vulnerable state and more prone to security threats.</p>
-<p>To turn it off, see <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services.md#24-windows-defender">Microsoft Defender Antivirus.</a></p></td>
+<p>To turn it off, see <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services.md#24-windows-defender">Microsoft Defender Antivirus.</a>.</p></td>
 </tr>
 <tr class="odd">
 <td>Microsoft Defender SmartScreen</td>
@@ -163,23 +163,23 @@ If automatic updates are turned off, applications and websites may stop working
 <td>Windows Spotlight</td>
 <td><p>Windows Spotlight displays new background images on the lock screen each day. Additionally, it provides feature suggestions, fun facts, and tips on the lock screen background.</p>
 <p>Administrators can turn off Windows Spotlight features to prevent users from using the Windows Spotlight background.</p>
-<p>To turn it off, see <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services.md#25-windows-spotlight">Windows Spotlight.</a></p></td>
+<p>To turn it off, see <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services.md#25-windows-spotlight">Windows Spotlight</a>.</p></td>
 </tr>
 <tr class="even">
 <td>Activity History</td>
 <td><p>Activity History shows a history of activities a user has performed and can even synchronize activities across multiple devices for the same user.</p>
 <p>Synchronization across devices only works when a user signs in with the same account.</p>
-<p>To turn it off, see <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-act-history">Activity History.</a></p></td>
+<p>To turn it off, see <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-act-history">Activity History.</a>.</p></td>
 </tr>
 <tr class="odd">
 <td>Settings Synchronization</td>
 <td><p>With settings synchronization is turned on, a user's settings are synced across all Windows 10 devices when they sign in with the same account.</p>
-<p>To turn it off, see <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services.md#21-sync-your-settings">Sync Your Settings</a></p></td>
+<p>To turn it off, see <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services.md#21-sync-your-settings">Sync Your Settings</a>.</p></td>
 </tr>
 <tr class="even">
 <td>Cloud Clipboard</td>
 <td><p>Cloud Clipboard enables users to copy images and text across all Windows 10 devices when they sign in with the same account. Users can paste from their clipboard history and also pin items.</p>
-<p>To turn it off, see <a href="/windows/client-management/mdm/policy-csp-privacy.md#privacy-allowcrossdeviceclipboard">Cloud Clipboard</a></p></td>
+<p>To turn it off, see <a href="/windows/client-management/mdm/policy-csp-privacy.md#privacy-allowcrossdeviceclipboard">Cloud Clipboard</a>.</p></td>
 </tr>
 <tr class="odd">
 <td>OneDrive</td>

From 7817b987f75462c82fc7d34787be04d87fddc23c Mon Sep 17 00:00:00 2001
From: Sinead O'Sullivan <siosulli@microsoft.com>
Date: Mon, 28 Jun 2021 20:48:22 +0100
Subject: [PATCH 49/61] Update essential-services-and-connected-experiences.md

---
 .../essential-services-and-connected-experiences.md       | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/windows/privacy/essential-services-and-connected-experiences.md b/windows/privacy/essential-services-and-connected-experiences.md
index 3e9c11626f..edb5b8d8af 100644
--- a/windows/privacy/essential-services-and-connected-experiences.md
+++ b/windows/privacy/essential-services-and-connected-experiences.md
@@ -52,8 +52,8 @@ Windows connected experiences and essential services transfer data to Microsoft
 </tr>
 <tr class="even">
 <td>Certificates</td>
-<td><p>Certificates are digital files, stored on client devices, used to both encrypt data and verify the identity of an individual or organization. Trusted root certificates issued by a certification authority (CA), are stored in a certificate trust list (CTL). The Automatic Root Certificates Update mechanism contacts Windows Updates to update the CTL. If a new version of the CTL is identified, the list of trusted root certificates cached on the local device will be updated. Untrusted certificates are certificates that are publicly known to be fraudulent. Untrusted certificates are also stored in a list on the local device and updated by the Automatic Root Certificates Update mechanism.<br />
-If automatic updates are turned off, applications and websites may stop working because they did not receive an updated root certificate that the application uses. Additionally, the list of untrusted certificates will no longer be updated, which increases the attack vector on the device.</p>
+<td><p>Certificates are digital files, stored on client devices, used to both encrypt data and verify the identity of an individual or organization. Trusted root certificates issued by a certification authority (CA), are stored in a certificate trust list (CTL). The Automatic Root Certificates Update mechanism contacts Windows Updates to update the CTL. If a new version of the CTL is identified, the list of trusted root certificates cached on the local device will be updated. Untrusted certificates are certificates that are publicly known to be fraudulent. Untrusted certificates are also stored in a list on the local device and updated by the Automatic Root Certificates Update mechanism.</p>
+<p>If automatic updates are turned off, applications and websites may stop working because they did not receive an updated root certificate that the application uses. Additionally, the list of untrusted certificates will no longer be updated, which increases the attack vector on the device.</p>
 <p>To turn it off, see <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services.md#1-automatic-root-certificates-update">Automatic Root Certificates Update</a>.</p></td>
 </tr>
 <tr class="odd">
@@ -146,7 +146,7 @@ If automatic updates are turned off, applications and websites may stop working
 <td>Microsoft Defender Antivirus</td>
 <td><p>Microsoft Defender Antivirus provides cloud-delivered protection against new and emerging threats for the devices in your organization.</p>
 <p>Turning off Microsoft Defender Antivirus will potentially leave your Windows devices in a vulnerable state and more prone to security threats.</p>
-<p>To turn it off, see <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services.md#24-windows-defender">Microsoft Defender Antivirus.</a>.</p></td>
+<p>To turn it off, see <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services.md#24-windows-defender">Microsoft Defender Antivirus</a>.</p></td>
 </tr>
 <tr class="odd">
 <td>Microsoft Defender SmartScreen</td>
@@ -169,7 +169,7 @@ If automatic updates are turned off, applications and websites may stop working
 <td>Activity History</td>
 <td><p>Activity History shows a history of activities a user has performed and can even synchronize activities across multiple devices for the same user.</p>
 <p>Synchronization across devices only works when a user signs in with the same account.</p>
-<p>To turn it off, see <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-act-history">Activity History.</a>.</p></td>
+<p>To turn it off, see <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-act-history">Activity History</a>.</p></td>
 </tr>
 <tr class="odd">
 <td>Settings Synchronization</td>

From 780cd79c510cee80c6299ed39180ca0fc2981110 Mon Sep 17 00:00:00 2001
From: Sinead O'Sullivan <siosulli@microsoft.com>
Date: Wed, 30 Jun 2021 11:34:46 +0100
Subject: [PATCH 50/61] Update windows-10-and-privacy-compliance.md

---
 windows/privacy/windows-10-and-privacy-compliance.md | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/windows/privacy/windows-10-and-privacy-compliance.md b/windows/privacy/windows-10-and-privacy-compliance.md
index 2b896c075b..cec31902a8 100644
--- a/windows/privacy/windows-10-and-privacy-compliance.md
+++ b/windows/privacy/windows-10-and-privacy-compliance.md
@@ -65,7 +65,7 @@ The following table provides an overview of the Windows 10 privacy settings pres
 An administrator can also use the Diagnostic Data Viewer for PowerShell module to view the diagnostic data collected from the device instead of using the Diagnostic Data Viewer UI. The [Diagnostic Data Viewer for PowerShell Overview](microsoft-diagnosticdataviewer.md) provides further information.
 
 > [!Note]
-> If the Windows diagnostic data processor configuration is enabled, IT administrators should use the admin portal to fulfill data subject requests to access or export Windows diagnostic data associated with a particular user’s use of a device. See [The process for exercising data subject rights](#3-the-process-for-exercising-data-subject-rights).
+> If the Windows diagnostic data processor configuration is enabled, IT administrators should use the admin portal to fulfill data subject requests to access or export Windows diagnostic data associated with a particular user’s device usage. See [The process for exercising data subject rights](#3-the-process-for-exercising-data-subject-rights).
 
 ## 2. Windows 10 data collection management
 
@@ -134,7 +134,6 @@ For more information, see [Manage connections from Windows operating system comp
 An organization may want to minimize the amount of data sent back to Microsoft or shared with Microsoft apps by managing the connections and configuring additional settings on their devices. Similar to [Windows security baselines](/windows/security/threat-protection/windows-security-baselines), Microsoft has released a limited functionality baseline focused on configuring settings to minimize the data sent back to Microsoft. However, the functionality of the device could be impacted by applying these settings. The [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md) article provides details on how to apply the baseline, along with the full list of settings covered in the baseline and the functionality that would be impacted. Administrators that don’t want to apply the baseline can still find details on how to configure each setting individually to find the right balance between data sharing and impact to functionality for their organization.
 
 >[!IMPORTANT]
-
 > - We recommend that you fully test any modifications to these settings before deploying them in your organization.
 > - We also recommend that if you plan to enable the Windows diagnostic data processor configuration, adjust the limited configuration baseline before deploying to ensure the Windows diagnostic setting is not turned off.
 

From 50787a11cc4a540861b8cb84c89cbaa601635322 Mon Sep 17 00:00:00 2001
From: Sinead O'Sullivan <siosulli@microsoft.com>
Date: Wed, 30 Jun 2021 11:39:49 +0100
Subject: [PATCH 51/61] Update windows-10-and-privacy-compliance.md

---
 windows/privacy/windows-10-and-privacy-compliance.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/privacy/windows-10-and-privacy-compliance.md b/windows/privacy/windows-10-and-privacy-compliance.md
index cec31902a8..41228e335e 100644
--- a/windows/privacy/windows-10-and-privacy-compliance.md
+++ b/windows/privacy/windows-10-and-privacy-compliance.md
@@ -160,7 +160,7 @@ An administrator can disable a user’s ability to delete their device’s diagn
 
 - Windows 10 Enterprise, Pro, Education editions, version 1809 with July 2021 update and newer
 
-The Windows diagnostic data processor configuration enables IT administrators to be the controller, under the definition of the European Union General Data Protection Regulation (GDPR), for the Windows diagnostic data collected from Windows 10 devices that are Azure Active Directory (AAD) joined and meet the configuration requirements. For more information, see [Enable Windows diagnostic data processor configuration](configure-windows-diagnostic-data-in-your-organization.md#enable-windows-diagnostic-data-processor-configuration) in [Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md). Windows diagnostic data does not include data processed by Microsoft in connection with providing the service based capabilities of essential services and connected experiences.
+The Windows diagnostic data processor configuration enables IT administrators to be the controller, as defined by the European Union General Data Protection Regulation (GDPR), for the Windows diagnostic data collected from Windows 10 devices that are Azure Active Directory (AAD) joined and meet the configuration requirements. For more information, see [Enable Windows diagnostic data processor configuration](configure-windows-diagnostic-data-in-your-organization.md#enable-windows-diagnostic-data-processor-configuration) in [Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md). Windows diagnostic data does not include data processed by Microsoft in connection with providing the service based capabilities of essential services and connected experiences.
 
 The Windows diagnostic data collected from devices enabled with the Windows diagnostic data processor configuration may be associated with a specific AAD User ID or device ID. The Windows diagnostic data processor configuration provides you with controls that help respond to data subject requests (DSRs) to delete diagnostic data, at user account closure, for a specific AAD User ID. Additionally, you’re able to execute an export DSR for diagnostic data related to a specific AAD User ID. For more information, see [The process for exercising data subject rights](#3-the-process-for-exercising-data-subject-rights). Microsoft also will accommodate a tenant account closure, either because you decide to close your Azure or Azure AD tenant account, or because you decide you no longer wish to be the data controller for Windows diagnostic data, but still wish to remain an Azure customer.
 

From 2c2ab9127603dc37fb703b7b00db63c80dd47dd3 Mon Sep 17 00:00:00 2001
From: Sinead O'Sullivan <siosulli@microsoft.com>
Date: Thu, 1 Jul 2021 12:40:28 +0100
Subject: [PATCH 52/61] update to remove connected experiences

---
 ...tial-services-and-connected-experiences.md | 293 ------------------
 .../windows-10-and-privacy-compliance.md      |  20 +-
 2 files changed, 8 insertions(+), 305 deletions(-)
 delete mode 100644 windows/privacy/essential-services-and-connected-experiences.md

diff --git a/windows/privacy/essential-services-and-connected-experiences.md b/windows/privacy/essential-services-and-connected-experiences.md
deleted file mode 100644
index edb5b8d8af..0000000000
--- a/windows/privacy/essential-services-and-connected-experiences.md
+++ /dev/null
@@ -1,293 +0,0 @@
----
-title: Essential Services and Connected Experiences for Windows 10
-description: This article provides information to help IT on the essential services and connected experiences for Windows 10.
-keywords: privacy, GDPR, compliance
-ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
-ms.pagetype: security
-ms.localizationpriority: high
-audience: ITPro
-author: siosulli
-ms.author: siosulli
-manager: dansimp
-ms.collection: M365-security-compliance
-ms.topic: article
-ms.date: 6/28/2021
----
-
-# Essential Services and Connected Experiences for Windows 10
-
-**Applies to:**
-
-- Windows 10, version 1903 and later
-
-Windows includes features that connect to the internet to provide enhanced experiences and additional service based capabilities. These are called “connected experiences”. For example, Microsoft Defender Antivirus is a connected experience that delivers updated protection to keep the devices in your organization secure.
-
-When a connected experience is used, data is sent to and processed by Microsoft to provide that connected experiences. This data is crucial because this information enables us to deliver these cloud-based connected experiences. We refer to this data as required service data. Required service data can include information related to the operation of the connected experience that is needed to keep the underlying service secure, up to date, and performing as expected.
-
-Required service data is separate from Windows diagnostic data. For more information on Windows diagnostic data see [Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md).
-
-Connected experiences that are critical to the proper functioning of Windows are called “essential services”. For example, the Windows licensing service confirms that you are properly licensed to use Windows. While you can control many of the connected experiences that are available to you and your organization, we recommend that you carefully assess the impact of turning off essential services.
-
-Windows connected experiences and essential services transfer data to Microsoft network endpoints. The article [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md) provides details about the different ways to control traffic to these endpoints. Where applicable, each connected experience or essential service includes a link to the specific details on how to control that traffic.
-
->[!Note]
->The information in this article describes the most common connected experiences and essential services. We will continue to update our list of connected experiences over time as Windows evolves.
-
-## Windows 10 Essential Services
-
-<table>
-<thead>
-<tr class="header">
-<th><strong>Essential Service</strong></th>
-<th><strong>Description</strong></th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td>Authentication</td>
-<td><p>The authentication service is required to enable sign in to work or school accounts. It validates a user’s identity and provides access to multiple apps and system components like OneDrive and activity history. Using a work or school account to sign in to Windows 10 enables Microsoft to provide a consistent experience across your devices. If the authentication service is turned off, many apps and components may lose functionality and users may not be able to sign in.</p>
-<p>To turn it off, see <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services.md#12-microsoft-account">Microsoft Account</a>.</p></td>
-</tr>
-<tr class="even">
-<td>Certificates</td>
-<td><p>Certificates are digital files, stored on client devices, used to both encrypt data and verify the identity of an individual or organization. Trusted root certificates issued by a certification authority (CA), are stored in a certificate trust list (CTL). The Automatic Root Certificates Update mechanism contacts Windows Updates to update the CTL. If a new version of the CTL is identified, the list of trusted root certificates cached on the local device will be updated. Untrusted certificates are certificates that are publicly known to be fraudulent. Untrusted certificates are also stored in a list on the local device and updated by the Automatic Root Certificates Update mechanism.</p>
-<p>If automatic updates are turned off, applications and websites may stop working because they did not receive an updated root certificate that the application uses. Additionally, the list of untrusted certificates will no longer be updated, which increases the attack vector on the device.</p>
-<p>To turn it off, see <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services.md#1-automatic-root-certificates-update">Automatic Root Certificates Update</a>.</p></td>
-</tr>
-<tr class="odd">
-<td>Services Configuration</td>
-<td><p>Services Configuration is used by Windows components and apps, such as the telemetry service, to dynamically update their configuration. If you turn off this service, apps using this service may stop working.</p>
-<p>To turn it off, see <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services.md#1816-feedback--diagnostics"><u>Services Configuration</u></a>.</p></td>
-</tr>
-<tr class="even">
-<td>Date and Time</td>
-<td><p>The Windows Time service is used to synchronize and maintain the most accurate date and time on your devices. It is installed by default and starts automatically on devices that are part of a domain. It can be started manually on other devices. If this service is stopped, date and time synchronization will be unavailable and any services that explicitly depend on it will fail to start.</p>
-<p>To turn it off, see <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services.md#3-date--time"><u>Date and Time</u></a></p></td>
-</tr>
-<tr class="odd">
-<td>Licensing</td>
-<td><p>Licensing services are used for the activation of Windows, and apps purchased from the Microsoft Store. If you disable the Windows License Manager Service or the Software Protection Platform Service, it may prevent activation of genuine Windows as well as store applications.</p>
-<p>To turn it off, see <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services.md#9-license-manager">License Manager</a> and <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services.md#19-software-protection-platform">Software Protection Platform</a>.</p></td>
-</tr>
-<tr class="even">
-<td>Networking</td>
-<td><p>Networking in Windows provides connectivity to and from your devices to the local intranet and internet. If you turn off networking, Windows 10 devices will lose network connectivity.</p>
-<p>To turn off Network Adapters, see <a href="/powershell/module/netadapter/disable-netadapter?view=windowsserver2019-ps&preserve-view=true">Disable-NetAdapter</a>.</p></td>
-</tr>
-<tr class="odd">
-<td>Device setup</td>
-<td><p>The first time a user sets up a new device, the Windows out-of-box experience (OOBE) guides the user through the steps to accept the license agreement, connect to the internet, sign in to (or sign up for) a Microsoft account, and takes care of other important tasks. Most settings can also be changed after setup is completed.</p>
-<p>To customize the initial setup experience, see <a href="/windows-hardware/customize/desktop/customize-oobe.md">Customize Setup</a>.</p></td>
-</tr>
-<tr class="even">
-<td>Telemetry</td>
-<td><p>Microsoft collects diagnostic data including error data about your device with the help of the telemetry service. Diagnostic data gives every user a voice in the operating system’s development and ongoing improvement. It helps us understand how Windows 10 behaves in the real world, focus on user priorities, find, and fix problems, and improve services. This data allows Microsoft to improve the Windows experience. Setting diagnostic data to off means important information to help fix issues and improve quality will not be available to Microsoft.</p>
-<p>To turn it off, see <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services.md#1816-feedback--diagnostics">Telemetry Services</a>.</p></td>
-</tr>
-<tr class="odd">
-<td>Windows Update</td>
-<td><p>Windows Update ensures devices are kept up to date and secure by downloading the latest updates and security patches for Windows. This service also enables users download apps from the Microsoft Store and keep them up to date.</p>
-<p>Turning off Windows Update will potentially leave your Windows devices in a vulnerable state and more prone to security threats.</p>
-<p>To turn it off, see <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services.md#29-windows-update">Windows Update</a>.</p></td>
-</tr>
-</tbody>
-</table>
-
-## Windows 10 Connected Experiences
-
-<table>
-<thead>
-<tr class="header">
-<th><strong>Connected Experience</strong></th>
-<th><strong>Description</strong></th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td>Device metadata retrieval</td>
-<td><p>When Windows 10 detects a new device, it queries an online service called the Windows Metadata and Internet Services (WMIS) for a metadata package for the device. If a device metadata package is available on WMIS, the Device Metadata Retrieval Client (DMRC) that runs on the local device downloads and installs the package.</p>
-<p>To turn it off, see <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services.md#4-device-metadata-retrieval">Device Metadata Retrieval</a>.</p></td>
-</tr>
-<tr class="even">
-<td>Delivery optimization</td>
-<td><p>Delivery Optimization is a cloud-managed, peer-to-peer client and a downloader service for Windows updates, upgrades, and applications to an organization's networked devices. Delivery Optimization allows devices to download updates from alternate sources (such as other peers on the network), in addition to Microsoft servers. This helps when you have a limited or unreliable Internet connection and reduces the bandwidth needed to keep all your organization's devices up to date.</p>
-<p>If you have Delivery Optimization Peer-to-Peer option turned on, devices on your network may send and receive updates and apps to other devices on your local network, if you choose, or to devices on the Internet.</p>
-<p>By default, devices running Windows 10 will only use Delivery Optimization to get and receive updates for devices and apps on your local network.</p>
-<p>To turn it off, see <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services.md#28-delivery-optimization">Delivery Optimization</a>.</p></td>
-</tr>
-<tr class="odd">
-<td>Speech Recognition</td>
-<td><p>Microsoft provides a cloud-based (online) speech recognition technology that allows users to write text by speaking or interact with this system using your voice. It functions by converting speech audio into transcribed text. Turning on the online speech recognition setting enables the use of Microsoft cloud-based speech recognition in Cortana, the Mixed Reality Portal, dictation in Windows from the software keyboard, supported Microsoft Store apps, and in other parts of Windows 10.</p>
-<p>To turn it off, see <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services.md#186-speech">Speech Recognition</a>.</p></td>
-</tr>
-<tr class="even">
-<td>Find My Device</td>
-<td><p>Find My Device is a feature that can help users locate their Windows 10 device if it's lost or stolen. This feature only works if a Microsoft account is used to logon to the device, the user is an administrator on the device and when location is turned on for the device. Users can find their device by logging in to https://account.microsoft.com/devices under the Find My Device tab.</p>
-<p>To turn it off, see <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services.md#5-find-my-device">Find My Device</a>.</p></td>
-</tr>
-<tr class="odd">
-<td>Windows Insider Program</td>
-<td><p>The Windows Insider Preview program lets you help shape the future of Windows, be part of the community, and get early access to releases of Windows 10. Once you've registered for the program, you can run Insider Preview builds on as many devices as you want, each in the channel of your choice. Learn how to join the Windows Insider program by visiting the program’s <a href="https://insider.windows.com/">website</a>.</p>
-<p>To turn it off, see <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services.md#7-insider-preview-builds">Windows Insider Program</a>.</p></td>
-</tr>
-<tr class="even">
-<td>Location services</td>
-<td><p>The device location setting enables certain Windows features such as auto setting the time zone or Find My Device to function properly. When the device location setting is enabled, the Microsoft location service will use a combination of global positioning service (GPS), nearby wireless access points, cell towers, and IP address to determine the device’s location. Depending on the capabilities of the device, its location can be determined with varying degrees of accuracy and may in some cases be determined precisely.</p>
-<p>To turn it off, see <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services.md#182-location">Location Services</a>.</p></td>
-</tr>
-<tr class="odd">
-<td>Microsoft Store</td>
-<td><p>Microsoft Store enables users to purchase and download apps, games, and digital content. The Store also enables the developers of these apps to send toast, tile, badge, and raw updates from their own cloud service. This provides a mechanism to deliver new updates to store apps in a power-efficient and dependable way. The Store can also revoke malicious apps.</p>
-<p>To turn it off, see <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services.md#26-microsoft-store">Microsoft Store</a>.</p></td>
-</tr>
-<tr class="even">
-<td>Microsoft Defender Antivirus</td>
-<td><p>Microsoft Defender Antivirus provides cloud-delivered protection against new and emerging threats for the devices in your organization.</p>
-<p>Turning off Microsoft Defender Antivirus will potentially leave your Windows devices in a vulnerable state and more prone to security threats.</p>
-<p>To turn it off, see <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services.md#24-windows-defender">Microsoft Defender Antivirus</a>.</p></td>
-</tr>
-<tr class="odd">
-<td>Microsoft Defender SmartScreen</td>
-<td><p>Microsoft Defender SmartScreen is a feature of Windows, Internet Explorer, and Microsoft Edge. It helps protect users against phishing or malware websites and applications, and the downloading of potentially malicious files.</p>
-<p>Turning off Microsoft Defender SmartScreen means you cannot block a website or warn users they may be accessing a malicious site.</p>
-<p>To turn it off, see <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services.md#241-windows-defender-smartscreen">Microsoft Defender SmartScreen</a>.</p></td>
-</tr>
-<tr class="even">
-<td>Windows Search</td>
-<td><p>Windows Search lets users use the search box on the taskbar to find what they are looking for, whether it’s on their device, in the cloud, or on the web. Windows Search can provide results for items from the device (including apps, settings, and files), the users account(including OneDrive, SharePoint, and other Microsoft services), and the internet.</p>
-<p>To turn it off, see <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services.md#21-cortana-and-search-group-policies">Windows Search</a>.</p></td>
-</tr>
-<tr class="odd">
-<td>Windows Spotlight</td>
-<td><p>Windows Spotlight displays new background images on the lock screen each day. Additionally, it provides feature suggestions, fun facts, and tips on the lock screen background.</p>
-<p>Administrators can turn off Windows Spotlight features to prevent users from using the Windows Spotlight background.</p>
-<p>To turn it off, see <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services.md#25-windows-spotlight">Windows Spotlight</a>.</p></td>
-</tr>
-<tr class="even">
-<td>Activity History</td>
-<td><p>Activity History shows a history of activities a user has performed and can even synchronize activities across multiple devices for the same user.</p>
-<p>Synchronization across devices only works when a user signs in with the same account.</p>
-<p>To turn it off, see <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-act-history">Activity History</a>.</p></td>
-</tr>
-<tr class="odd">
-<td>Settings Synchronization</td>
-<td><p>With settings synchronization is turned on, a user's settings are synced across all Windows 10 devices when they sign in with the same account.</p>
-<p>To turn it off, see <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services.md#21-sync-your-settings">Sync Your Settings</a>.</p></td>
-</tr>
-<tr class="even">
-<td>Cloud Clipboard</td>
-<td><p>Cloud Clipboard enables users to copy images and text across all Windows 10 devices when they sign in with the same account. Users can paste from their clipboard history and also pin items.</p>
-<p>To turn it off, see <a href="/windows/client-management/mdm/policy-csp-privacy.md#privacy-allowcrossdeviceclipboard">Cloud Clipboard</a>.</p></td>
-</tr>
-<tr class="odd">
-<td>OneDrive</td>
-<td><p>OneDrive is a cloud storage system that allows you to save your files and photos, and access them from any device, anywhere.</p>
-<p>To turn off OneDrive, see <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services.md#16-onedrive">OneDrive</a>.</p></td>
-</tr>
-<tr class="even">
-<td>Font Streaming</td>
-<td><p>Font Streaming enables Windows 10 devices to download fonts that are included in Windows but that are not stored on the local device on demand.</p>
-<p>To turn it off, see <a href="manage-connections-from-windows-operating-system-components-to-microsoft-services.md#6-font-streaming">Font Streaming</a>.</p></td>
-</tr>
-</tbody>
-</table>
-
-## Edge Essential Services and Connected Experiences
-
-Windows ships with Microsoft Edge and Internet Explorer on Windows 10 devices. Microsoft Edge is the default browser and is recommended for the best web browsing experience.
-
-You can find details on all of Edge's connected experiences and essential services [here](/microsoft-edge/privacy-whitepaper/).
-
-To turn off specific Edge feature, see [Microsoft Edge](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#13-microsoft-edge).
-
-## IE Essential Services and Connected Experiences
-
-Internet Explorer shares many of the Windows essential services listed above. The following table provides more details on the essential services and connected experiences specific to Internet Explorer.
-
-Note: Apart from ActiveX Filtering, which is an essential service, all other features listed below are connected experiences. To turn off specific connected experiences, see [Internet Explorer](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#8-internet-explorer).
-
-<table>
-<thead>
-<tr class="header">
-<th><strong>Connected Experiences</strong></th>
-<th><strong>Description</strong></th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td>ActiveX Filtering</td>
-<td><p>ActiveX controls are small apps that allow websites to provide content such as videos and games, and let users interact with controls like toolbars and stock tickers. However, these apps can sometimes malfunction, and in some cases, they might be used to collect information from user devices, install software without a user's agreement, or be used to control a device remotely without user's permission.</p>
-<p>ActiveX Filtering in Internet Explorer prevents sites from installing and using these apps. This can help keep users safer as they browse, but it can also affect the user experience of certain sites as interactive content might not work when ActiveX Filtering is on.</p>
-<p>To further enhance security, Internet Explorer also allows you to block out-of-date ActiveX controls.</p></td>
-</tr>
-<tr class="even">
-<td>Suggested Sites</td>
-<td>Suggested Sites is an online experience that recommends websites, images, or videos a user might be interested in. When Suggested Sites is turned on, a user’s web browsing history is periodically sent to Microsoft.</td>
-</tr>
-<tr class="odd">
-<td>Address Bar and Search suggestions</td>
-<td>With search suggestions enabled, users will be offered suggested search terms as they type in the Address Bar. As users type information it will be sent to the default search provider.</td>
-</tr>
-<tr class="even">
-<td>Auto-complete feature for web addresses</td>
-<td>The auto-complete feature suggests possible matches when users are typing web addresses in the browser address bar.</td>
-</tr>
-<tr class="even">
-<td>Compatibility logging</td>
-<td>This feature is designed for use by developers and IT professionals to determine the compatibility of their websites with Internet Explorer. It is disabled by default and needs to be enabled to start logging Internet Explorer events in the Windows Event Viewer. These events describe failures that might have happened on the site and can include information about specific controls and webpages that failed.</td>
-</tr>
-<tr class="odd">
-<td>Compatibility View</td>
-<td>Compatibility View helps make websites designed for older browsers look better when viewed in Internet Explorer. The compatibility view setting allows you to choose whether an employee can fix website display problems they encounter while browsing.</td>
-</tr>
-<tr class="even">
-<td>Flip ahead</td>
-<td>Flip ahead enables your users to flip through web content quickly by swiping across the page or by clicking forward. When flip ahead is turned on, web browsing history is periodically sent to Microsoft. If you turn off this setting your users will no longer be able swipe across a screen or click forward to go to the next pre-loaded page of a website.</td>
-</tr>
-<tr class="odd">
-<td>Web Slices</td>
-<td>A Web Slice enables users to subscribe to and automatically receive updates to content directly within a Web page. Disabling the RSS Feeds setting will turn off background synchronization for feeds and Web Slices.</td>
-</tr>
-<tr class="even">
-<td>Accelerators</td>
-<td><p>Accelerators are menu options in Internet Explorer that help automate common browser-related tasks. In Internet Explorer, when you right-click selected text, Accelerators appear in the list of available options.</p>
-<p>For example, if you select a word, you can use the "Translate with Bing" Accelerator to obtain a translation of that word.</p></td>
-</tr>
-<tr class="odd">
-<td>Pinning websites to Start</td>
-<td>When a user pins a website to the Start menu, it displays as a tile similar to the way apps are displayed. Like Microsoft Store apps, website tiles might display updates if the website has been designed to do so. For example, an online email website might send updates to the tile indicating how many new messages a user has.</td>
-</tr>
-</tbody>
-</table>
-
-## Related links
-
-- [Manage connections from Windows 10 operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md)
-
-- [Connected Experiences in Office.](/deployoffice/privacy/connected-experiences.md)
-
-- [Essential Services in Office.](/deployoffice/privacy/essential-services.md)
-
-## Other Windows 10 editions
-
-To view endpoints for Windows 10 Enterprise, see:
-
-- [Manage connection endpoints for Windows 10, version 20H2](manage-windows-20h2-endpoints.md)
-- [Manage connection endpoints for Windows 10, version 2004](manage-windows-2004-endpoints.md)
-- [Manage connection endpoints for Windows 10, version 1909](manage-windows-1909-endpoints.md)
-- [Manage connection endpoints for Windows 10, version 1903](manage-windows-1903-endpoints.md)
-- [Manage connection endpoints for Windows 10, version 1809](manage-windows-1809-endpoints.md)
-- [Manage connection endpoints for Windows 10, version 1803](manage-windows-1803-endpoints.md)
-- [Manage connection endpoints for Windows 10, version 1709](manage-windows-1709-endpoints.md)
-
-To view endpoints for non-Enterprise Windows 10 editions, see:
-
-- [Windows 10, version 20H2, connection endpoints for non-Enterprise editions](manage-windows-20h2-endpoints.md)
-- [Windows 10, version 2004, connection endpoints for non-Enterprise editions](windows-endpoints-2004-non-enterprise-editions.md)
-- [Windows 10, version 1909, connection endpoints for non-Enterprise editions](windows-endpoints-1909-non-enterprise-editions.md)
-- [Windows 10, version 1903, connection endpoints for non-Enterprise editions](windows-endpoints-1903-non-enterprise-editions.md)
-- [Windows 10, version 1809, connection endpoints for non-Enterprise editions](windows-endpoints-1809-non-enterprise-editions.md)
-- [Windows 10, version 1803, connection endpoints for non-Enterprise editions](windows-endpoints-1803-non-enterprise-editions.md)
-- [Windows 10, version 1709, connection endpoints for non-Enterprise editions](windows-endpoints-1709-non-enterprise-editions.md)
diff --git a/windows/privacy/windows-10-and-privacy-compliance.md b/windows/privacy/windows-10-and-privacy-compliance.md
index 41228e335e..46785e5d17 100644
--- a/windows/privacy/windows-10-and-privacy-compliance.md
+++ b/windows/privacy/windows-10-and-privacy-compliance.md
@@ -29,7 +29,7 @@ Applies to:
 
 At Microsoft, we are committed to data privacy across all our products and services. With this guide, we provide administrators and compliance professionals with data privacy considerations for Windows 10.
 
-Microsoft collects data through multiple interactions with users of Windows 10 devices. This information can contain personal data that may be used to provide, secure, and improve Windows 10 and our connected experiences. To help users and organizations control the collection of personal data, Windows 10 provides comprehensive transparency features, settings choices, controls, and support for data subject requests, all of which are detailed in this article.
+Microsoft collects data through multiple interactions with users of Windows 10 devices. This information can contain personal data that may be used to provide, secure, and improve Windows 10 services. To help users and organizations control the collection of personal data, Windows 10 provides comprehensive transparency features, settings choices, controls, and support for data subject requests, all of which are detailed in this article.
 
 This information allows administrators and compliance professionals to work together to better manage personal data privacy considerations and related regulations, such as the General Data Protection Regulation (GDPR)
 
@@ -82,7 +82,7 @@ Administrators can configure and control privacy settings across their organizat
 The following table provides an overview of the privacy settings discussed earlier in this document with details on how to configure these policies. The table also provides information on what the default value would be for each of these privacy settings if you do not manage the setting by using policy and suppress the Out-of-box Experience (OOBE) during device setup. If you’re interested in minimizing data collection, we also provide the recommended value to set.
 
 > [!NOTE]
-> This is not a complete list of settings that involve connecting to Microsoft connected experiences. For a more detailed list, see [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md).
+> This is not a complete list of settings that involve connecting to Microsoft services. For a more detailed list, see [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md).
 
 | Feature/Setting | GP/MDM Documentation | Default State if the Setup experience is suppressed | State to stop/minimize data collection |
 |---|---|---|---|
@@ -113,21 +113,17 @@ You can use the following articles to learn more about Autopilot and how to use
 - [Overview of Windows Autopilot](/windows/deployment/windows-Autopilot/windows-Autopilot)
 - [Windows Autopilot deployment process](/windows/deployment/windows-Autopilot/deployment-process)
 
-#### _2.3.2 Windows 10 connected experiences and essential services_
+#### _2.3.2 Managing connections from Windows components to Microsoft services_
 
-Windows includes features that connect to the internet to provide enhanced experiences and additional service based capabilities. These are called “connected experiences”. For example, Microsoft Defender Antivirus is a connected experience that delivers updated protection to keep the devices in your organization secure.
+Administrators can manage the data sent from their organization to Microsoft by configuring settings associated with the functionality provided by Windows components.
 
-Connected experiences that are critical to the proper functioning of Windows are called “essential services”. For example, the Windows licensing service confirms that you are properly licensed to use Windows.
+For more details, see [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md). This topic includes the different methods available on how to configure each setting, the impact to functionality, and which versions of Windows that are applicable.
 
-Windows connected experiences and essential services transfer data to Microsoft network endpoints, and while an administrator may want to block these endpoints for their organization to meet specific compliance objectives, we recommend that you carefully assess the impact of turning off essential services.
+#### _2.3.3 Managing Windows 10 connections_
 
-The article [Manage connection endpoints for Windows 10, version 20H2](/windows/privacy/manage-windows-20h2-endpoints) provides a list of endpoints for the latest Windows 10 release, along with descriptions of any functionality that would be impacted by restricting data collection. Details for additional Windows versions can be found under the **Manage Windows 10 connection endpoints** section of the left-hand navigation menu.
+Some Windows components, apps, and related services transfer data to Microsoft network endpoints. An administrator may want to block these endpoints for their organization to meet their specific compliance objectives.
 
-#### _2.3.3 Managing connections from Windows connected experiences to Microsoft services_
-
-Administrators can manage the data sent from their organization to Microsoft by configuring settings associated with the functionality provided by Windows connected experiences and essential services.
-
-For more information, see [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md). This topic includes the different methods available on how to configure each setting, the impact to functionality, and which versions of Windows that are applicable.
+[Manage connection endpoints for Windows 10, version 1903](manage-windows-1903-endpoints.md) provides a list of endpoints for the latest Windows 10 release, along with descriptions of any functionality that would be impacted by restricting data collection. Details for additional Windows versions can be found on the Windows Privacy site under the **Manage Windows 10 connection endpoints** section of the left-hand navigation menu.
 
 #### _2.3.4 Limited functionality baseline_
 

From 1b807b71c5ab488e6d9f8d7457e5d8831ce71d26 Mon Sep 17 00:00:00 2001
From: Sinead O'Sullivan <siosulli@microsoft.com>
Date: Thu, 1 Jul 2021 14:03:40 +0100
Subject: [PATCH 53/61] Update .openpublishing.redirection.json

---
 .openpublishing.redirection.json | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json
index 846b85c807..be4d1a5f5b 100644
--- a/.openpublishing.redirection.json
+++ b/.openpublishing.redirection.json
@@ -18926,8 +18926,6 @@
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/privacy/data-processor-service-for-windows-enterprise-public-preview-terms.md",
-      "redirect_url": "/windows/privacy/windows-10-and-privacy-compliance",
       "source_path": "windows/security/threat-protection/intelligence/ransomware-malware.md",
       "redirect_url": "/security/compass/human-operated-ransomware",
       "redirect_document_id": false
@@ -18937,5 +18935,10 @@
       "redirect_url": "/windows/security/threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows",
       "redirect_document_id": false
     } 
+    {
+      "source_path": "windows/privacy/data-processor-service-for-windows-enterprise-public-preview-terms.md",
+      "redirect_url": "/windows/privacy/windows-10-and-privacy-compliance",
+      "redirect_document_id": false
+    }
 	    ]
 }

From 68bcf56182d52345bc0257da4648c2f806f061f2 Mon Sep 17 00:00:00 2001
From: Sinead O'Sullivan <siosulli@microsoft.com>
Date: Thu, 1 Jul 2021 14:06:18 +0100
Subject: [PATCH 54/61] Update .openpublishing.redirection.json

---
 .openpublishing.redirection.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json
index be4d1a5f5b..dc1dd3eca7 100644
--- a/.openpublishing.redirection.json
+++ b/.openpublishing.redirection.json
@@ -18934,7 +18934,7 @@
       "source_path": "windows/security/threat-protection/windows-defender-system-guard/system-guard-how-hardware-based-root-of-trust-helps-protect-windows.md",
       "redirect_url": "/windows/security/threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows",
       "redirect_document_id": false
-    } 
+    }, 
     {
       "source_path": "windows/privacy/data-processor-service-for-windows-enterprise-public-preview-terms.md",
       "redirect_url": "/windows/privacy/windows-10-and-privacy-compliance",

From c11057d4b61000ca78fa04542873e6a5d725d98d Mon Sep 17 00:00:00 2001
From: Sinead O'Sullivan <siosulli@microsoft.com>
Date: Thu, 1 Jul 2021 17:05:14 +0100
Subject: [PATCH 55/61] Update windows-10-and-privacy-compliance.md

---
 windows/privacy/windows-10-and-privacy-compliance.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/privacy/windows-10-and-privacy-compliance.md b/windows/privacy/windows-10-and-privacy-compliance.md
index 46785e5d17..cfe581ed04 100644
--- a/windows/privacy/windows-10-and-privacy-compliance.md
+++ b/windows/privacy/windows-10-and-privacy-compliance.md
@@ -156,7 +156,7 @@ An administrator can disable a user’s ability to delete their device’s diagn
 
 - Windows 10 Enterprise, Pro, Education editions, version 1809 with July 2021 update and newer
 
-The Windows diagnostic data processor configuration enables IT administrators to be the controller, as defined by the European Union General Data Protection Regulation (GDPR), for the Windows diagnostic data collected from Windows 10 devices that are Azure Active Directory (AAD) joined and meet the configuration requirements. For more information, see [Enable Windows diagnostic data processor configuration](configure-windows-diagnostic-data-in-your-organization.md#enable-windows-diagnostic-data-processor-configuration) in [Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md). Windows diagnostic data does not include data processed by Microsoft in connection with providing the service based capabilities of essential services and connected experiences.
+The Windows diagnostic data processor configuration enables IT administrators to be the controller, as defined by the European Union General Data Protection Regulation (GDPR), for the Windows diagnostic data collected from Windows 10 devices that are Azure Active Directory (AAD) joined and meet the configuration requirements. For more information, see [Enable Windows diagnostic data processor configuration](configure-windows-diagnostic-data-in-your-organization.md#enable-windows-diagnostic-data-processor-configuration) in [Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md). Windows diagnostic data does not include data processed by Microsoft in connection with providing service-based capabilities.
 
 The Windows diagnostic data collected from devices enabled with the Windows diagnostic data processor configuration may be associated with a specific AAD User ID or device ID. The Windows diagnostic data processor configuration provides you with controls that help respond to data subject requests (DSRs) to delete diagnostic data, at user account closure, for a specific AAD User ID. Additionally, you’re able to execute an export DSR for diagnostic data related to a specific AAD User ID. For more information, see [The process for exercising data subject rights](#3-the-process-for-exercising-data-subject-rights). Microsoft also will accommodate a tenant account closure, either because you decide to close your Azure or Azure AD tenant account, or because you decide you no longer wish to be the data controller for Windows diagnostic data, but still wish to remain an Azure customer.
 

From c1999346b7134f8aaac64d67c825f641c5963ef2 Mon Sep 17 00:00:00 2001
From: Sinead O'Sullivan <siosulli@microsoft.com>
Date: Fri, 2 Jul 2021 11:19:22 +0100
Subject: [PATCH 56/61] Update
 manage-connections-from-windows-operating-system-components-to-microsoft-services.md

---
 ...erating-system-components-to-microsoft-services.md | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
index 189ace9071..50a249906b 100644
--- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
+++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
@@ -42,7 +42,7 @@ Microsoft provides a [Windows Restricted Traffic Limited Functionality Baseline]
 > - To restrict a device effectively (first time or subsequently), it is recommended to apply the Restricted Traffic Limited Functionality Baseline settings package in offline mode.
 > - During update or upgrade of Windows, egress traffic may occur.
 
-To use Microsoft Intune cloud-based device management for restricting traffic please refer to the [Manage connections from Windows 10 operating system components to Microsoft services using Microsoft Intune MDM Server](./manage-connections-from-windows-operating-system-components-to-microsoft-services-using-mdm.md).
+To use Microsoft Intune cloud-based device management for restricting traffic please refer to the [Manage connections from Windows 10 operating system components to Microsoft services using Microsoft Intune MDM Server](./manage-connections-from-windows-operating-system-components-to-microsoft-services-using-mdm).
 
 We are always striving to improve our documentation and welcome your feedback. You can provide feedback by contacting **telmhelp**@**microsoft.com**.
 
@@ -1293,7 +1293,7 @@ To turn off **Let your apps use your trusted devices (hardware you've already co
 
 ### <a href="" id="bkmk-priv-feedback"></a>18.16 Feedback & diagnostics
 
-In the **Feedback & Diagnostics** area, you can choose how often you're asked for feedback and how much diagnostic and usage information is sent to Microsoft. If you're looking for content on what each diagnostic data level means and how to configure it in your organization, see [Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md).
+In the **Feedback & Diagnostics** area, you can choose how often you're asked for feedback and how much diagnostic and usage information is sent to Microsoft. If you're looking for content on what each diagnostic data level means and how to configure it in your organization, see [Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization).
 
 To change how frequently **Windows should ask for my feedback**:
 
@@ -1876,11 +1876,9 @@ For a comprehensive list of Delivery Optimization Policies, see [Delivery Optimi
 
 - Create a new REG_DWORD registry setting named **DODownloadMode** in **HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\DeliveryOptimization** to a value of **99 (Ninety-nine)**.
 
-
 For more info about Delivery Optimization in general, see [Windows Update Delivery Optimization: FAQ](https://go.microsoft.com/fwlink/p/?LinkId=730684).
 
-For IT Professionals, information about Delivery Optimization is available here: [Delivery Optimization for Windows 10 updates]
-(https://docs.microsoft.com/windows/deployment/update/waas-delivery-optimization).
+For IT Professionals, information about Delivery Optimization is available here: [Delivery Optimization for Windows 10 updates](/windows/deployment/update/waas-delivery-optimization).
 
 ### <a href="" id="bkmk-wu"></a>29. Windows Update
 
@@ -1948,7 +1946,8 @@ ADMX Info:
 - GP ADMX file name: OSPolicy.admx<br>
 
 The following list shows the supported values:<br>
-0 – Not allowed. 1 (default) – Allowed.<br>
+ - 0 – Not allowed<br>
+ - 1 (default) – Allowed<br>
 
 ### <a href="" id="bkmk-svccfg"></a>31. Services Configuration
 

From 68c9a286072a4b5ddc68d983ad9b1d3f3737c4ef Mon Sep 17 00:00:00 2001
From: Sinead O'Sullivan <siosulli@microsoft.com>
Date: Fri, 2 Jul 2021 11:24:57 +0100
Subject: [PATCH 57/61] Update
 manage-connections-from-windows-operating-system-components-to-microsoft-services.md

---
 ...ndows-operating-system-components-to-microsoft-services.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
index 50a249906b..d55e34120b 100644
--- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
+++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
@@ -42,7 +42,7 @@ Microsoft provides a [Windows Restricted Traffic Limited Functionality Baseline]
 > - To restrict a device effectively (first time or subsequently), it is recommended to apply the Restricted Traffic Limited Functionality Baseline settings package in offline mode.
 > - During update or upgrade of Windows, egress traffic may occur.
 
-To use Microsoft Intune cloud-based device management for restricting traffic please refer to the [Manage connections from Windows 10 operating system components to Microsoft services using Microsoft Intune MDM Server](./manage-connections-from-windows-operating-system-components-to-microsoft-services-using-mdm).
+To use Microsoft Intune cloud-based device management for restricting traffic please refer to the [Manage connections from Windows 10 operating system components to Microsoft services using Microsoft Intune MDM Server](manage-connections-from-windows-operating-system-components-to-microsoft-services-using-mdm.md).
 
 We are always striving to improve our documentation and welcome your feedback. You can provide feedback by contacting **telmhelp**@**microsoft.com**.
 
@@ -1293,7 +1293,7 @@ To turn off **Let your apps use your trusted devices (hardware you've already co
 
 ### <a href="" id="bkmk-priv-feedback"></a>18.16 Feedback & diagnostics
 
-In the **Feedback & Diagnostics** area, you can choose how often you're asked for feedback and how much diagnostic and usage information is sent to Microsoft. If you're looking for content on what each diagnostic data level means and how to configure it in your organization, see [Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization).
+In the **Feedback & Diagnostics** area, you can choose how often you're asked for feedback and how much diagnostic and usage information is sent to Microsoft. If you're looking for content on what each diagnostic data level means and how to configure it in your organization, see [Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md).
 
 To change how frequently **Windows should ask for my feedback**:
 

From d03e2338d4aba5636a3ef3f09f08f432ae88e006 Mon Sep 17 00:00:00 2001
From: Sinead O'Sullivan <siosulli@microsoft.com>
Date: Fri, 2 Jul 2021 11:41:19 +0100
Subject: [PATCH 58/61] Update policy-csp-system.md

---
 .../mdm/policy-csp-system.md                  | 52 +++++++++----------
 1 file changed, 26 insertions(+), 26 deletions(-)

diff --git a/windows/client-management/mdm/policy-csp-system.md b/windows/client-management/mdm/policy-csp-system.md
index 2a6aaac456..446f7de318 100644
--- a/windows/client-management/mdm/policy-csp-system.md
+++ b/windows/client-management/mdm/policy-csp-system.md
@@ -216,7 +216,7 @@ The following list shows the supported values:
 
 <!--/Scope-->
 <!--Description-->
-This policy setting configures an Azure Active Directory joined device so that Microsoft is the processor of the Windows diagnostic data collected from the device, subject to the Product Terms.
+This policy setting configures an Azure Active Directory joined device so that Microsoft is the processor of the Windows diagnostic data collected from the device, subject to the [Product Terms](https://www.microsoft.com/licensing/terms/productoffering).
 
 To enable this behavior, you must complete two steps:
 
@@ -264,7 +264,7 @@ The following list shows the supported values:
 <!--/Scope-->
 <!--Description-->
 
-This policy setting, in combination with the Allow Telemetry and Configure the Commercial ID policy settings, enables organizations to configure the device so that Microsoft is the processor for Windows diagnostic data collected from the device, subject to the Product Terms.
+This policy setting, in combination with the Allow Telemetry and Configure the Commercial ID policy settings, enables organizations to configure the device so that Microsoft is the processor for Windows diagnostic data collected from the device, subject to the [Product Terms](https://www.microsoft.com/licensing/terms/productoffering).
 
 To enable this behavior, you must complete three steps:
 
@@ -303,7 +303,7 @@ The following list shows the supported values:
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup>  <sup>11</sup></td>
 </tr>
 <tr>
     <td>Enterprise</td>
@@ -372,7 +372,7 @@ The following list shows the supported values:
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup>11</sup></td>
 </tr>
 <tr>
     <td>Enterprise</td>
@@ -428,7 +428,7 @@ The following list shows the supported values:
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup>11</sup></td>
 </tr>
 <tr>
     <td>Enterprise</td>
@@ -489,7 +489,7 @@ The following list shows the supported values:
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup>  <sup>11</sup></td>
 </tr>
 <tr>
     <td>Enterprise</td>
@@ -564,7 +564,7 @@ To verify if System/AllowFontProviders is set to true:
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup>11</sup></td>
 </tr>
 <tr>
     <td>Enterprise</td>
@@ -656,7 +656,7 @@ If you disable this policy setting, devices may not appear in Microsoft Managed
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup>11</sup></td>
 </tr>
 <tr>
     <td>Enterprise</td>
@@ -712,7 +712,7 @@ The following list shows the supported values:
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup>11</sup></td>
 </tr>
 <tr>
     <td>Enterprise</td>
@@ -841,7 +841,7 @@ ADMX Info:
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup>  <sup>11</sup></td>
 </tr>
 <tr>
     <td>Enterprise</td>
@@ -867,7 +867,7 @@ ADMX Info:
 <!--/Scope-->
 <!--Description-->
 
-This policy setting, in combination with the Allow Telemetry and Configure the Commercial ID policy settings, enables organizations to configure the device so that Microsoft is the processor of the Windows diagnostic data collected from the device, subject to the Product Terms.
+This policy setting, in combination with the Allow Telemetry and Configure the Commercial ID policy settings, enables organizations to configure the device so that Microsoft is the processor of the Windows diagnostic data collected from the device, subject to the [Product Terms](https://www.microsoft.com/licensing/terms/productoffering).
 
 To enable this behavior, you must complete three steps:
 
@@ -915,7 +915,7 @@ The following list shows the supported values:
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup>11</sup></td>
 </tr>
 <tr>
     <td>Enterprise</td>
@@ -964,7 +964,7 @@ The following list shows the supported values:
 <!--/Scope-->
 <!--Description-->
 
-This policy setting configures an Azure Active Directory joined device so that Microsoft is the processor of the Windows diagnostic data collected from the device, subject to the Product Terms. 
+This policy setting configures an Azure Active Directory joined device so that Microsoft is the processor of the Windows diagnostic data collected from the device, subject to the [Product Terms](https://www.microsoft.com/licensing/terms/productoffering).
 
 To enable this behavior, you must complete three steps:
 
@@ -993,7 +993,7 @@ If you disable or do not configure this policy setting, devices enrolled to the
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup>11</sup></td>
 </tr>
 <tr>
     <td>Enterprise</td>
@@ -1065,7 +1065,7 @@ ADMX Info:
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>  <sup>11</sup></td>
 </tr>
 <tr>
     <td>Enterprise</td>
@@ -1135,7 +1135,7 @@ ADMX Info:
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup>  <sup>11</sup></td>
 </tr>
 <tr>
     <td>Enterprise</td>
@@ -1198,7 +1198,7 @@ The following list shows the supported values:
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>  <sup>11</sup></td>
 </tr>
 <tr>
     <td>Enterprise</td>
@@ -1266,7 +1266,7 @@ The following list shows the supported values:
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup>  <sup>11</sup></td>
 </tr>
 <tr>
     <td>Enterprise</td>
@@ -1333,7 +1333,7 @@ ADMX Info:
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup>  <sup>11</sup></td>
 </tr>
 <tr>
     <td>Enterprise</td>
@@ -1400,7 +1400,7 @@ ADMX Info:
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup>  <sup>11</sup></td>
 </tr>
 <tr>
     <td>Enterprise</td>
@@ -1456,7 +1456,7 @@ ADMX Info:
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup>  <sup>11</sup></td>
 </tr>
 <tr>
     <td>Enterprise</td>
@@ -1534,7 +1534,7 @@ To validate on Desktop, do the following:
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td><img src="images/checkmark.png" alt="check mark" />  <sup>11</sup></td>
 </tr>
 <tr>
     <td>Enterprise</td>
@@ -1606,7 +1606,7 @@ ADMX Info:
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup>  <sup>11</sup></td>
 </tr>
 <tr>
     <td>Enterprise</td>
@@ -1660,7 +1660,7 @@ The following list shows the supported values:
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup>  <sup>11</sup></td>
 </tr>
 <tr>
     <td>Enterprise</td>
@@ -1730,7 +1730,7 @@ ADMX Info:
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td><img src="images/checkmark.png" alt="check mark" />  <sup>11</sup></td>
 </tr>
 <tr>
     <td>Enterprise</td>
@@ -1788,7 +1788,7 @@ ADMX Info:
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup>  <sup>11</sup></td>
 </tr>
 <tr>
     <td>Enterprise</td>

From 1ca2ae82bbaad95d17957f9c9e3331a0aa0c8b56 Mon Sep 17 00:00:00 2001
From: Gary Moore <v-gmoor@microsoft.com>
Date: Fri, 2 Jul 2021 15:13:33 -0700
Subject: [PATCH 59/61] Applied proper "> [!NOTE]" style

---
 .../mdm/policy-csp-system.md                  | 29 ++++++++++++++-----
 1 file changed, 21 insertions(+), 8 deletions(-)

diff --git a/windows/client-management/mdm/policy-csp-system.md b/windows/client-management/mdm/policy-csp-system.md
index 446f7de318..a16101aa46 100644
--- a/windows/client-management/mdm/policy-csp-system.md
+++ b/windows/client-management/mdm/policy-csp-system.md
@@ -774,12 +774,19 @@ In Windows 10, you can configure this policy setting to decide what level of dia
 
 The following list shows the supported values for Windows 10 version 1809 and older, choose the value that is applicable to your OS version (older OS values are displayed in the brackets):
 
--   0 – **Off (Security)** This turns Windows diagnostic data off.
-    **Note**: This value is only applicable to Windows 10 Enterprise, Windows 10 Education, Windows 10 IoT Core (IoT Core), HoloLens 2, and Windows Server 2016 (and later versions). Using this setting on other devices editions of Windows is equivalent to setting the value of 1.
--   1 – **Required (Basic)** Sends basic device info, including quality-related data, app compatibility, and other similar data to keep the device secure and up-to-date.
--   2 – (**Enhanced**) Sends the same data as a value of 1, plus additional insights, including how Windows apps are used, how they perform, and advanced reliability data, such as limited crash dumps.  
-    **Note**:  **Enhanced** is no longer an option for Windows Holographic, version 21H1.
--   3 – **Optional (Full)** Sends the same data as a value of 2, plus additional data necessary to identify and fix problems with devices such as enhanced error logs.
+- 0 – **Off (Security)** This turns Windows diagnostic data off.
+
+      > [!NOTE]
+      > This value is only applicable to Windows 10 Enterprise, Windows 10 Education, Windows 10 IoT Core (IoT Core), HoloLens 2, and Windows Server 2016 (and later versions). Using this setting on other devices editions of Windows is equivalent to setting the value of 1.
+
+- 1 – **Required (Basic)** Sends basic device info, including quality-related data, app compatibility, and other similar data to keep the device secure and up-to-date.
+
+- 2 – (**Enhanced**) Sends the same data as a value of 1, plus additional insights, including how Windows apps are used, how they perform, and advanced reliability data, such as limited crash dumps.
+
+      > [!NOTE]
+      > **Enhanced** is no longer an option for Windows Holographic, version 21H1.
+
+- 3 – **Optional (Full)** Sends the same data as a value of 2, plus additional data necessary to identify and fix problems with devices such as enhanced error logs.
 
 Most restrictive value is 0.
 
@@ -1689,9 +1696,15 @@ This policy setting, in combination with the Allow Telemetry policy setting, ena
  
 To enable this behavior, you must complete two steps:
 
- 1. Enable this policy setting
+ 1. Enable this policy setting.
+
  2. Set the **AllowTelemetry** level:
-    - For Windows 10 version 1809 and older: set **AllowTelemetry** to Enhanced. (**Note**: **Enhanced** is no longer an option for Windows Holographic, version 21H1)
+
+    - For Windows 10 version 1809 and older: set **AllowTelemetry** to Enhanced. 
+
+      > [!NOTE]
+      > **Enhanced** is no longer an option for Windows Holographic, version 21H1.
+
     - For Windows 10 version 19H1 and later: set **AllowTelemetry** to Optional (Full)
 
  

From 510f2a2891edb668452b6be08ac22866b997e30a Mon Sep 17 00:00:00 2001
From: Gary Moore <v-gmoor@microsoft.com>
Date: Fri, 2 Jul 2021 17:05:34 -0700
Subject: [PATCH 60/61] Adjusted placement of some notes

---
 ...system-components-to-microsoft-services.md | 35 +++++++++----------
 1 file changed, 17 insertions(+), 18 deletions(-)

diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
index d55e34120b..aad2616468 100644
--- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
+++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
@@ -634,9 +634,8 @@ You can turn off NCSI by doing one of the following:
 
 - **Enable** the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **System** &gt; **Internet Communication Management** &gt; **Internet Communication Settings** &gt; **Turn off Windows Network Connectivity Status Indicator active tests**
 
-
-> [!NOTE]
-> After you apply this policy, you must restart the device for the policy setting to take effect.
+  > [!NOTE]
+  > After you apply this policy, you must restart the device for the policy setting to take effect.
 
 -or-
 
@@ -692,8 +691,9 @@ To remove the News app:
 - Right-click the app in Start, and then click **Uninstall**.
 
   -or-
-> [!IMPORTANT]
-> If you have any issues with these commands, restart the system and try the scripts again.
+
+  > [!IMPORTANT]
+  > If you have any issues with the following commands, restart the system and try the scripts again.
 
 - Remove the app for new user accounts. From an elevated command prompt, run the following Windows PowerShell command: **Get-AppxProvisionedPackage -Online | Where-Object {$\_.PackageName -Like "Microsoft.BingNews"} | ForEach-Object { Remove-AppxProvisionedPackage -Online -PackageName $\_.PackageName}**
 
@@ -863,11 +863,11 @@ Use Settings &gt; Privacy to configure some settings that may be important to yo
 
 To turn off **Let apps use advertising ID to make ads more interesting to you based on your app usage (turning this off will reset your ID)**:
 
-> [!NOTE]
-> When you turn this feature off in the UI, it turns off the advertising ID, not just resets it.
-
 - Turn off the feature in the UI.
 
+  > [!NOTE]
+  > When you turn this feature off in the UI, it turns off the advertising ID, not just resets it.
+
   -or-
 
 - **Enable** the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **System** &gt; **User Profiles** &gt; **Turn off the advertising ID**.
@@ -900,11 +900,11 @@ To turn off **Let Windows track app launches to improve Start and search results
 
 To turn off **Let apps use my advertising ID for experiences across apps (turning this off will reset your ID)**:
 
-> [!NOTE]
-> When you turn this feature off in the UI, it turns off the advertising ID, not just resets it.
-
 - Turn off the feature in the UI.
 
+  > [!NOTE]
+  > When you turn this feature off in the UI, it turns off the advertising ID, not just resets it.
+
   -or-
 
 - **Enable** the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **System** &gt; **User Profiles** &gt; **Turn off the advertising ID**.
@@ -1295,11 +1295,10 @@ To turn off **Let your apps use your trusted devices (hardware you've already co
 
 In the **Feedback & Diagnostics** area, you can choose how often you're asked for feedback and how much diagnostic and usage information is sent to Microsoft. If you're looking for content on what each diagnostic data level means and how to configure it in your organization, see [Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md).
 
-To change how frequently **Windows should ask for my feedback**:
-
 > [!NOTE]
 > Feedback frequency only applies to user-generated feedback, not diagnostic and usage data sent from the device.
 
+To change how frequently **Windows should ask for my feedback**:
 
 - To change from **Automatically (Recommended)**, use the drop-down list in the UI.
 
@@ -1579,11 +1578,11 @@ You can control if your settings are synchronized:
 
 To turn off Messaging cloud sync:
 
-> [!NOTE]
-> There is no Group Policy corresponding to this registry key.
-
 - Create a REG_DWORD registry setting named **CloudServiceSyncEnabled** in **HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Messaging** and set to a **value of 0 (zero)**.
 
+  > [!NOTE]
+  > There is no Group Policy corresponding to this registry key.
+
 ### <a href="" id="bkmk-teredo"></a>22. Teredo
 
 You can disable Teredo by using Group Policy or by using the netsh.exe command. For more info on Teredo, see [Internet Protocol Version 6, Teredo, and Related Technologies](/previous-versions/windows/it-pro/windows-vista/cc722030(v=ws.10)).
@@ -1674,8 +1673,8 @@ You can turn off **Malicious Software Reporting Tool (MSRT) diagnostic data**:
 
 - Set the REG_DWORD value **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\MRT\\DontReportInfectionInformation** to **1**.
 
-> [!NOTE]
-> There is no Group Policy to turn off the Malicious Software Reporting Tool diagnostic data.
+  > [!NOTE]
+  > There is no Group Policy to turn off the Malicious Software Reporting Tool diagnostic data.
 
 
 You can turn off **Enhanced Notifications** as follows:

From 3c5c4e12aeb8282e8ec4500bcb3e9aca6d69dbd1 Mon Sep 17 00:00:00 2001
From: Gary Moore <v-gmoor@microsoft.com>
Date: Fri, 2 Jul 2021 17:13:46 -0700
Subject: [PATCH 61/61] Removed extra indentation of notes

---
 windows/client-management/mdm/policy-csp-system.md | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/windows/client-management/mdm/policy-csp-system.md b/windows/client-management/mdm/policy-csp-system.md
index a16101aa46..f199fbc4c1 100644
--- a/windows/client-management/mdm/policy-csp-system.md
+++ b/windows/client-management/mdm/policy-csp-system.md
@@ -776,15 +776,15 @@ The following list shows the supported values for Windows 10 version 1809 and ol
 
 - 0 – **Off (Security)** This turns Windows diagnostic data off.
 
-      > [!NOTE]
-      > This value is only applicable to Windows 10 Enterprise, Windows 10 Education, Windows 10 IoT Core (IoT Core), HoloLens 2, and Windows Server 2016 (and later versions). Using this setting on other devices editions of Windows is equivalent to setting the value of 1.
+    > [!NOTE]
+    > This value is only applicable to Windows 10 Enterprise, Windows 10 Education, Windows 10 IoT Core (IoT Core), HoloLens 2, and Windows Server 2016 (and later versions). Using this setting on other devices editions of Windows is equivalent to setting the value of 1.
 
 - 1 – **Required (Basic)** Sends basic device info, including quality-related data, app compatibility, and other similar data to keep the device secure and up-to-date.
 
 - 2 – (**Enhanced**) Sends the same data as a value of 1, plus additional insights, including how Windows apps are used, how they perform, and advanced reliability data, such as limited crash dumps.
 
-      > [!NOTE]
-      > **Enhanced** is no longer an option for Windows Holographic, version 21H1.
+    > [!NOTE]
+    > **Enhanced** is no longer an option for Windows Holographic, version 21H1.
 
 - 3 – **Optional (Full)** Sends the same data as a value of 2, plus additional data necessary to identify and fix problems with devices such as enhanced error logs.