From 3dbff05a43dd01b8c6b22de3fda7dc12a636feb1 Mon Sep 17 00:00:00 2001
From: mahi-choudhary <146124087+mahi-choudhary@users.noreply.github.com>
Date: Tue, 15 Oct 2024 17:10:32 -0700
Subject: [PATCH 1/7] Update appcontrol.md

excluding the Smart App Control Enforced Blocks as these were originally blocked by SAC, but some are removed due to app compat issues
---
 .../app-control-for-business/appcontrol.md               | 9 ---------
 1 file changed, 9 deletions(-)

diff --git a/windows/security/application-security/application-control/app-control-for-business/appcontrol.md b/windows/security/application-security/application-control/app-control-for-business/appcontrol.md
index 561da483b6e..222af152726 100644
--- a/windows/security/application-security/application-control/app-control-for-business/appcontrol.md
+++ b/windows/security/application-security/application-control/app-control-for-business/appcontrol.md
@@ -43,15 +43,6 @@ Smart App Control is only available on clean installation of Windows 11 version
 > [!IMPORTANT]
 > Once you turn Smart App Control off, it can't be turned on without resetting or reinstalling Windows.
 
-### Smart App Control Enforced Blocks
-
-Smart App Control enforces the [Microsoft Recommended Driver Block rules](design/microsoft-recommended-driver-block-rules.md) and the [Microsoft Recommended Block Rules](design/applications-that-can-bypass-appcontrol.md), with a few exceptions for compatibility considerations. The following aren't blocked by Smart App Control:
-
-- Infdefaultinstall.exe
-- Microsoft.Build.dll
-- Microsoft.Build.Framework.dll
-- Wslhost.dll
-
 [!INCLUDE [windows-defender-application-control-wdac](../../../../../includes/licensing/windows-defender-application-control-wdac.md)]
 
 ## Related articles

From 17859b50a12d2a6a3a738b306d15bd3022a199f6 Mon Sep 17 00:00:00 2001
From: "Chris J. Lin" <36452239+chrisjlin@users.noreply.github.com>
Date: Thu, 31 Oct 2024 15:55:35 -0700
Subject: [PATCH 2/7] Update mcc-ent-prerequisites.md

Add in trusted launch callout (not sure why it didn't stay in from last PR https://github.com/MicrosoftDocs/windows-docs-pr/pull/10322)
---
 windows/deployment/do/mcc-ent-prerequisites.md | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/windows/deployment/do/mcc-ent-prerequisites.md b/windows/deployment/do/mcc-ent-prerequisites.md
index 3252fa77cb5..e32c143f2ff 100644
--- a/windows/deployment/do/mcc-ent-prerequisites.md
+++ b/windows/deployment/do/mcc-ent-prerequisites.md
@@ -44,14 +44,12 @@ This article details the requirements and recommended specifications for using M
 - The Windows host machine must be using Windows 11 or Windows Server 2022 with the latest cumulative update applied.
     - Windows 11 must have [OS Build 22631.3296](https://support.microsoft.com/topic/march-12-2024-kb5035853-os-builds-22621-3296-and-22631-3296-a69ac07f-e893-4d16-bbe1-554b7d9dd39b) or later
     - Windows Server 2022 must have [OS Build 20348.2227](https://support.microsoft.com/topic/january-9-2024-kb5034129-os-build-20348-2227-6958a36f-efaf-4ef5-a576-c5931072a89a) or later
-
-- The Windows host machine must support nested virtualization.
+- The Windows host machine must support nested virtualization. Ensure that any security settings that may restrict nested virtualization are not enabled, such as ["Trusted launch" in Azure VMs](https://learn.microsoft.com/en-us/azure/virtual-machines/trusted-launch-portal?tabs=portal%2Cportal3%2Cportal2).
 - The Windows host machine must have [WSL 2 installed](/windows/wsl/install#install-wsl-command). You can install this on Windows 11 and Windows Server 2022 by running the PowerShell command `wsl.exe --install --no-distribution`.
 
 ### Additional requirements for Linux host machines
 
 - The Linux host machine must be using one of the following operating systems:
-
     - Ubuntu 22.04
     - Red Hat Enterprise Linux (RHEL) 8.* or 9.*
         - If using RHEL, the default container engine (Podman) must be replaced with [Moby](https://github.com/moby/moby#readme)

From cdf6c43a043a5a5b7b14759d529727c8ff693a6c Mon Sep 17 00:00:00 2001
From: "Chris J. Lin" <36452239+chrisjlin@users.noreply.github.com>
Date: Thu, 31 Oct 2024 16:01:11 -0700
Subject: [PATCH 3/7] Update mcc-ent-prerequisites.md

Fixing link to Trusted Launch docs
---
 windows/deployment/do/mcc-ent-prerequisites.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deployment/do/mcc-ent-prerequisites.md b/windows/deployment/do/mcc-ent-prerequisites.md
index e32c143f2ff..1793f5be78a 100644
--- a/windows/deployment/do/mcc-ent-prerequisites.md
+++ b/windows/deployment/do/mcc-ent-prerequisites.md
@@ -44,7 +44,7 @@ This article details the requirements and recommended specifications for using M
 - The Windows host machine must be using Windows 11 or Windows Server 2022 with the latest cumulative update applied.
     - Windows 11 must have [OS Build 22631.3296](https://support.microsoft.com/topic/march-12-2024-kb5035853-os-builds-22621-3296-and-22631-3296-a69ac07f-e893-4d16-bbe1-554b7d9dd39b) or later
     - Windows Server 2022 must have [OS Build 20348.2227](https://support.microsoft.com/topic/january-9-2024-kb5034129-os-build-20348-2227-6958a36f-efaf-4ef5-a576-c5931072a89a) or later
-- The Windows host machine must support nested virtualization. Ensure that any security settings that may restrict nested virtualization are not enabled, such as ["Trusted launch" in Azure VMs](https://learn.microsoft.com/en-us/azure/virtual-machines/trusted-launch-portal?tabs=portal%2Cportal3%2Cportal2).
+- The Windows host machine must support nested virtualization. Ensure that any security settings that may restrict nested virtualization are not enabled, such as ["Trusted launch" in Azure VMs](https://learn.microsoft.com/azure/virtual-machines/trusted-launch-portal).
 - The Windows host machine must have [WSL 2 installed](/windows/wsl/install#install-wsl-command). You can install this on Windows 11 and Windows Server 2022 by running the PowerShell command `wsl.exe --install --no-distribution`.
 
 ### Additional requirements for Linux host machines

From f436b65fe3acd995cca9f58f76540e3350c769cd Mon Sep 17 00:00:00 2001
From: Aaron Czechowski <aczechowski@users.noreply.github.com>
Date: Thu, 31 Oct 2024 16:17:57 -0700
Subject: [PATCH 4/7] fix link

---
 windows/deployment/do/mcc-ent-prerequisites.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deployment/do/mcc-ent-prerequisites.md b/windows/deployment/do/mcc-ent-prerequisites.md
index 1793f5be78a..ff48d18c87a 100644
--- a/windows/deployment/do/mcc-ent-prerequisites.md
+++ b/windows/deployment/do/mcc-ent-prerequisites.md
@@ -44,7 +44,7 @@ This article details the requirements and recommended specifications for using M
 - The Windows host machine must be using Windows 11 or Windows Server 2022 with the latest cumulative update applied.
     - Windows 11 must have [OS Build 22631.3296](https://support.microsoft.com/topic/march-12-2024-kb5035853-os-builds-22621-3296-and-22631-3296-a69ac07f-e893-4d16-bbe1-554b7d9dd39b) or later
     - Windows Server 2022 must have [OS Build 20348.2227](https://support.microsoft.com/topic/january-9-2024-kb5034129-os-build-20348-2227-6958a36f-efaf-4ef5-a576-c5931072a89a) or later
-- The Windows host machine must support nested virtualization. Ensure that any security settings that may restrict nested virtualization are not enabled, such as ["Trusted launch" in Azure VMs](https://learn.microsoft.com/azure/virtual-machines/trusted-launch-portal).
+- The Windows host machine must support nested virtualization. Ensure that any security settings that may restrict nested virtualization are not enabled, such as ["Trusted launch" in Azure VMs](/azure/virtual-machines/trusted-launch-portal).
 - The Windows host machine must have [WSL 2 installed](/windows/wsl/install#install-wsl-command). You can install this on Windows 11 and Windows Server 2022 by running the PowerShell command `wsl.exe --install --no-distribution`.
 
 ### Additional requirements for Linux host machines

From df133b25fa8ff1d7675a9f03250d44d49b9f1224 Mon Sep 17 00:00:00 2001
From: Aaron Czechowski <aczechowski@users.noreply.github.com>
Date: Thu, 31 Oct 2024 17:26:21 -0700
Subject: [PATCH 5/7] fix links

---
 windows/deployment/customize-boot-image.md | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/windows/deployment/customize-boot-image.md b/windows/deployment/customize-boot-image.md
index 31420e8890f..e473fdf8241 100644
--- a/windows/deployment/customize-boot-image.md
+++ b/windows/deployment/customize-boot-image.md
@@ -23,7 +23,7 @@ appliesto:
 
 The Windows PE (WinPE) boot images that are included with the Windows ADK have a minimal number of features and drivers. However the boot images can be customized by adding drivers, optional components, and applying the latest cumulative update.
 
-Microsoft recommends updating Windows PE boot images with the latest cumulative update for maximum security and protection. The latest cumulative updates may also resolve known issues. For example, the Windows PE boot image can be updated with the latest cumulative update to address the BlackLotus UEFI bootkit vulnerability as documented in [KB5025885: How to manage the Windows Boot Manager revocations for Secure Boot changes associated with CVE-2023-24932](https://prod.support.services.microsoft.com/topic/kb5025885-how-to-manage-the-windows-boot-manager-revocations-for-secure-boot-changes-associated-with-cve-2023-24932-41a975df-beb2-40c1-99a3-b3ff139f832d) and [CVE-2023-24932](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24932).
+Microsoft recommends updating Windows PE boot images with the latest cumulative update for maximum security and protection. The latest cumulative updates may also resolve known issues. For example, the Windows PE boot image can be updated with the latest cumulative update to address the BlackLotus UEFI bootkit vulnerability as documented in [KB5025885: How to manage the Windows Boot Manager revocations for Secure Boot changes associated with CVE-2023-24932](https://support.microsoft.com/topic/kb5025885-how-to-manage-the-windows-boot-manager-revocations-for-secure-boot-changes-associated-with-cve-2023-24932-41a975df-beb2-40c1-99a3-b3ff139f832d) and [CVE-2023-24932](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24932).
 
 > [!TIP]
 >
@@ -332,7 +332,7 @@ The cumulative update installed later in this walkthrough doesn't affect drivers
     **Example**:
 
     ```powershell
-     Add-WindowsPackage -PackagePath "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\WinPE_OCs\en-us\WinPE-Scripting_en-us.cab" -Path "C:\Mount" -Verbose   
+     Add-WindowsPackage -PackagePath "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\WinPE_OCs\en-us\WinPE-Scripting_en-us.cab" -Path "C:\Mount" -Verbose
     ```
 
     These examples assume a 64-bit boot image. If a different architecture is being used, then adjust the paths accordingly.
@@ -668,7 +668,7 @@ For more information, see [copy](/windows-server/administration/windows-commands
 
 This step doesn't update or change the boot image. However, it makes sure that the latest bootmgr boot files are available to the Windows ADK when creating bootable media via the Windows ADK. When these files are updated in the Windows ADK, products that use the Windows ADK to create bootable media, such as **Microsoft Deployment Toolkit (MDT)**, also have access to the updated bootmgr boot files.
 
-In particular, this step is needed when addressing the BlackLotus UEFI bootkit vulnerability as documented in [KB5025885: How to manage the Windows Boot Manager revocations for Secure Boot changes associated with CVE-2023-24932](https://prod.support.services.microsoft.com/topic/kb5025885-how-to-manage-the-windows-boot-manager-revocations-for-secure-boot-changes-associated-with-cve-2023-24932-41a975df-beb2-40c1-99a3-b3ff139f832d) and [CVE-2023-24932](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24932).
+In particular, this step is needed when addressing the BlackLotus UEFI bootkit vulnerability as documented in [KB5025885: How to manage the Windows Boot Manager revocations for Secure Boot changes associated with CVE-2023-24932](https://support.microsoft.com/topic/kb5025885-how-to-manage-the-windows-boot-manager-revocations-for-secure-boot-changes-associated-with-cve-2023-24932-41a975df-beb2-40c1-99a3-b3ff139f832d) and [CVE-2023-24932](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24932).
 
 > [!TIP]
 >
@@ -839,7 +839,7 @@ For more information, see [Modify a Windows image using DISM: Unmounting an imag
     ---
 
 1. Once the export has completed:
-  
+
     1. Delete the original updated boot image:
 
         ### [:::image type="icon" source="images/icons/powershell-18.svg"::: **PowerShell**](#tab/powershell)
@@ -1295,4 +1295,4 @@ For more information, see [Windows Server 2012 R2 Lifecycle](/lifecycle/products
 
 - [Create bootable Windows PE media: Update the Windows PE add-on for the Windows ADK](/windows-hardware/manufacture/desktop/winpe-create-usb-bootable-drive#update-the-windows-pe-add-on-for-the-windows-adk)
 - [Update Windows installation media with Dynamic Update: Update WinPE](/windows/deployment/update/media-dynamic-update#update-winpe)
-- [KB5025885: How to manage the Windows Boot Manager revocations for Secure Boot changes associated with CVE-2023-24932: Updating bootable media](https://prod.support.services.microsoft.com/topic/kb5025885-how-to-manage-the-windows-boot-manager-revocations-for-secure-boot-changes-associated-with-cve-2023-24932-41a975df-beb2-40c1-99a3-b3ff139f832d?preview=true#updatebootable5025885)
+- [KB5025885: How to manage the Windows Boot Manager revocations for Secure Boot changes associated with CVE-2023-24932: Updating bootable media](https://support.microsoft.com/topic/kb5025885-how-to-manage-the-windows-boot-manager-revocations-for-secure-boot-changes-associated-with-cve-2023-24932-41a975df-beb2-40c1-99a3-b3ff139f832d)

From decb639ece8626e8bdb6ab956aba3867ce2aa9a5 Mon Sep 17 00:00:00 2001
From: Stacyrch140 <102548089+Stacyrch140@users.noreply.github.com>
Date: Fri, 1 Nov 2024 11:23:55 -0400
Subject: [PATCH 6/7] pencil edits

---
 windows/deployment/customize-boot-image.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/deployment/customize-boot-image.md b/windows/deployment/customize-boot-image.md
index e473fdf8241..858a5e63bfe 100644
--- a/windows/deployment/customize-boot-image.md
+++ b/windows/deployment/customize-boot-image.md
@@ -1,6 +1,6 @@
 ---
 title: Customize Windows PE boot images
-description: This article describes how to customize a Windows PE (WinPE) boot image including updating it with the latest cumulative update, adding drivers, and adding optional components.
+description: This article describes how to customize a Windows PE (WinPE) boot image, including updating it with the latest cumulative update, adding drivers, and adding optional components.
 ms.service: windows-client
 ms.localizationpriority: medium
 author: frankroj
@@ -29,7 +29,7 @@ Microsoft recommends updating Windows PE boot images with the latest cumulative
 >
 > The boot images from the [ADK 10.1.26100.1 (May 2024)](/windows-hardware/get-started/adk-install) and later already contain the cumulative update to address the BlackLotus UEFI bootkit vulnerability.
 
-This walkthrough describes how to customize a Windows PE boot image including updating with the latest cumulative update, adding drivers, and adding optional components. Additionally this walkthrough goes over how customizations in boot images affect several different popular products that utilize boot images, such as Microsoft Configuration Manager, Microsoft Deployment Toolkit (MDT), and Windows Deployment Services (WDS).
+This walkthrough describes how to customize a Windows PE boot image, including updating with the latest cumulative update, adding drivers, and adding optional components. Additionally this walkthrough goes over how customizations in boot images affect several different popular products that utilize boot images, such as Microsoft Configuration Manager, Microsoft Deployment Toolkit (MDT), and Windows Deployment Services (WDS).
 
 ## Prerequisites
 

From 8b51cf49e5e226f5cfbdcb5e1813928d7926f646 Mon Sep 17 00:00:00 2001
From: Nidhi Doshi <77081571+doshnid@users.noreply.github.com>
Date: Fri, 1 Nov 2024 10:16:15 -0700
Subject: [PATCH 7/7] fixing typo mcc-ent-edu-overview.md

---
 windows/deployment/do/mcc-ent-edu-overview.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deployment/do/mcc-ent-edu-overview.md b/windows/deployment/do/mcc-ent-edu-overview.md
index 70acb8886c0..125aed12f4b 100644
--- a/windows/deployment/do/mcc-ent-edu-overview.md
+++ b/windows/deployment/do/mcc-ent-edu-overview.md
@@ -65,7 +65,7 @@ See [Connected Cache node host machine requirements](mcc-ent-prerequisites.md) f
 |---|---|---|
 |Branch office|< 1 Gbps Peak| 500 Mbps => 1,800 GB </br></br> 250 Mbps => 900 GB </br></br> 100 Mbps => 360 GB </br></br> 50 Mbps => 180 GB|
 |Small to medium enterprises/Autopilot provisioning center (50 - 500 devices in a single location) |1 - 5 Gbps| 5 Gbps => 18,000 GB </br></br>3 Gbps => 10,800 GB </br></br>1 Gbps => 3,600 GB|
-|Medium to large enterprises/Autopilot provisioning center (500 - 5,000 devices in a single location) |5 - 101 Gbps Peak|   9 Gbps => 32,400 GB </br></br> 5 Gbps => 18,000 GB </br></br>3 Gbps => 10,800 GB|
+|Medium to large enterprises/Autopilot provisioning center (500 - 5,000 devices in a single location) |5 - 10 Gbps Peak|   9 Gbps => 32,400 GB </br></br> 5 Gbps => 18,000 GB </br></br>3 Gbps => 10,800 GB|
 
 ## Supported content types