Merge branch 'public' into cgerke-autopilot-conflicts

education/windows/edu-take-a-test-kiosk-mode.md

@@ -1,7 +1,7 @@
 ---
 title: Configure Take a Test in kiosk mode
 description: Learn how to configure Windows to execute the Take a Test app in kiosk mode, using Intune and provisioning packages.
-ms.date: 11/08/2023
+ms.date: 09/06/2024
 ms.topic: how-to
 ---
 
@@ -26,7 +26,7 @@ The other options allow you to configure Take a Test in kiosk mode using a local
 
 Follow the instructions below to configure your devices, selecting the option that best suits your needs.
 
-# [:::image type="icon" source="images/icons/intune.svg"::: **Intune**](#tab/intune)
+# [:::image type="icon" source="images/icons/intune.svg"::: **Intune/CSP**](#tab/intune)
 
 You can use Intune for Education or a custom profile in Microsoft Intune:
 

education/windows/take-a-test-app-technical.md

@@ -1,7 +1,7 @@
 ---
 title: Take a Test app technical reference
 description: List of policies and settings applied by the Take a Test app.
-ms.date: 11/02/2023
+ms.date: 09/06/2024
 ms.topic: reference
 ---
 
@@ -15,7 +15,7 @@ Assessment vendors can use Take a Test as a platform to lock down the operating
 
 ## PC lock-down for assessment
 
- When the assessment page initiates lock-down, the student's desktop is locked and the app executes above the Windows lock screen. This provides a sandbox that ensures the student can only interact with the Take a Test app. After transitioning to the lock screen, Take a Test applies local MDM policies to further lock down the device. The whole process of going above the lock screen and applying policies is what defines lock-down. The lock-down process is atomic, which means that if any part of the lock-down operation fails, the app won't be above lock and won't have any of the policies applied.  
+ When the assessment page initiates lock-down, the student's desktop is locked and the app executes above the Windows lock screen. This provides a sandbox that ensures the student can only interact with the Take a Test app. After transitioning to the lock screen, Take a Test applies local MDM policies to further lock down the device. The whole process of going above the lock screen and applying policies is what defines lock-down. The lock-down process is atomic, which means that if any part of the lock-down operation fails, the app won't be above lock and won't have any of the policies applied.
 
 When running above the lock screen:
 
@@ -64,7 +64,7 @@ When Take a Test is running, the following functionality is available to student
     - Assistive technology that might be running
     - Lock screen (not available if student is using a dedicated test account)
 
-    > [!NOTE] 
+    > [!NOTE]
     > The app will exit if the student signs in to an account from the lock screen.
     > Progress made in the test may be lost or invalidated.
 - The student can exit the test by pressing <kbd>Ctrl</kbd>+<kbd>Alt</kbd>+<kbd>Delete</kbd>

windows/configuration/assigned-access/shell-launcher/index.md

@@ -127,5 +127,4 @@ Depending on your configuration, you can have a user to automatically sign in to
 <!--links-->
 
 [MEM-1]: /mem/intune/configuration/custom-settings-windows-10
-[MEM-2]: /mem/intune/fundamentals/licenses#device-only-licenses
 [WIN-3]: /windows/client-management/mdm/assignedaccess-csp

windows/configuration/shared-pc/set-up-shared-or-guest-pc.md

@@ -1,7 +1,7 @@
 ---
 title: Configure a shared or guest Windows device
 description: Description of how to configured Shared PC mode, which is a Windows feature that optimizes devices for shared use scenarios.
-ms.date: 11/08/2023
+ms.date: 09/06/2024
 ms.topic: how-to
 ---
 
@@ -25,9 +25,7 @@ Shared PC can be configured using the following methods:
 
 Follow the instructions below to configure your devices, selecting the option that best suits your needs.
 
-#### [:::image type="icon" source="../images/icons/intune.svg"::: **Intune**](#tab/intune)
-
-
+#### [:::image type="icon" source="../images/icons/intune.svg"::: **Intune/CSP**](#tab/intune)
 
 To configure devices using Microsoft Intune, [create a **Settings catalog** policy][MEM-2], and use the settings listed under the category **`Shared PC`**:
 

windows/security/identity-protection/access-control/access-control.md

@@ -1,9 +1,9 @@
 ---
-ms.date: 11/07/2023
+ms.date: 09/06/2024
 title: Access Control overview
 description: Learn about access control in Windows, which is the process of authorizing users, groups, and computers to access objects on the network or computer.
 ms.topic: overview
-appliesto: 
+appliesto:
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2022</a>

windows/security/identity-protection/access-control/local-accounts.md

@@ -1,9 +1,9 @@
 ---
-ms.date: 11/07/2023
+ms.date: 09/06/2024
 title: Local Accounts
 description: Learn how to secure and manage access to the resources on a standalone or member server for services or users.
 ms.topic: concept-article
-appliesto: 
+appliesto:
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2022</a>
@@ -37,7 +37,7 @@ The default Administrator account can't be deleted or locked out, but it can be
 
 Windows setup disables the built-in Administrator account and creates another local account that is a member of the Administrators group.
 
-Members of the Administrators groups can run apps with elevated permissions without using the *Run as Administrator* option. Fast User Switching is more secure than using `runas` or different-user elevation.  
+Members of the Administrators groups can run apps with elevated permissions without using the *Run as Administrator* option. Fast User Switching is more secure than using `runas` or different-user elevation.
 
 #### Account group membership
 
@@ -219,7 +219,7 @@ The following table shows the Group Policy and registry settings that are used t
 ||Registry value data|0|
 
 > [!NOTE]
-> You can also enforce the default for LocalAccountTokenFilterPolicy by using the custom ADMX in Security Templates. 
+> You can also enforce the default for LocalAccountTokenFilterPolicy by using the custom ADMX in Security Templates.
 
 #### To enforce local account restrictions for remote access
 

windows/security/identity-protection/passkeys/index.md

@@ -4,7 +4,7 @@ description: Learn about passkeys and how to use them on Windows devices.
 ms.collection:
 - tier1
 ms.topic: overview
-ms.date: 11/07/2023
+ms.date: 09/06/2024
 appliesto:
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>

windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-deploy-virtual-smart-cards.md

@@ -2,7 +2,7 @@
 title: Deploy Virtual Smart Cards
 description: Learn about what to consider when deploying a virtual smart card authentication solution
 ms.topic: concept-article
-ms.date: 11/06/2023
+ms.date: 09/06/2024
 ---
 
 # Deploy Virtual Smart Cards

windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-evaluate-security.md

@@ -2,7 +2,7 @@
 title: Evaluate Virtual Smart Card Security
 description: Learn about the security characteristics and considerations when deploying TPM virtual smart cards.
 ms.topic: concept-article
-ms.date: 11/06/2023
+ms.date: 09/06/2024
 ---
 
 # Evaluate Virtual Smart Card Security

windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-get-started.md

@@ -1,8 +1,8 @@
 ---
-title: Get Started with Virtual Smart Cards - Walkthrough Guide 
+title: Get Started with Virtual Smart Cards - Walkthrough Guide
 description: This topic for the IT professional describes how to set up a basic test environment for using TPM virtual smart cards.
 ms.topic: get-started
-ms.date: 11/06/2023
+ms.date: 09/06/2024
 ---
 
 # Get Started with Virtual Smart Cards: Walkthrough Guide
@@ -79,10 +79,11 @@ In this step, you create the virtual smart card on the client computer by using
 
   `tpmvscmgr.exe create /name TestVSC /pin default /adminkey random /generate`
 
-  This creates a virtual smart card with the name **TestVSC**, omit the unlock key, and generate the file system on the card. The PIN is set to the default, 12345678. To be prompted for a PIN, instead of **/pin default** you can type **/pin prompt**.\
-  For more information about the Tpmvscmgr command-line tool, see [Use Virtual Smart Cards](virtual-smart-card-use-virtual-smart-cards.md) and [Tpmvscmgr](virtual-smart-card-tpmvscmgr.md).
+  This creates a virtual smart card with the name **TestVSC**, omit the unlock key, and generate the file system on the card. The PIN is set to the default, 12345678.
 
-1. Wait several seconds for the process to finish. Upon completion, Tpmvscmgr.exe provides you with the device instance ID for the TPM Virtual Smart Card. Store this ID for later reference because you need it to manage or remove the virtual smart card.
+1. Wait several seconds for the process to finish. Upon completion, Tpmvscmgr.exe provides you with the device instance ID for the TPM Virtual Smart Card. Store this ID for later reference because you need it to manage or remove the virtual smart card. To be prompted for a PIN, instead of **/pin default** you can type **/pin prompt**.
+
+For more information about the Tpmvscmgr command-line tool, see [Use Virtual Smart Cards](virtual-smart-card-use-virtual-smart-cards.md) and [Tpmvscmgr](virtual-smart-card-tpmvscmgr.md).
 
 ## Step 3: Enroll for the certificate on the TPM Virtual Smart Card
 

windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-overview.md

@@ -2,7 +2,7 @@
 title: Virtual Smart Card Overview
 description: Learn about virtual smart card technology for Windows.
 ms.topic: overview
-ms.date: 11/06/2023
+ms.date: 09/06/2024
 ---
 
 # Virtual Smart Card Overview

windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-tpmvscmgr.md

@@ -2,7 +2,7 @@
 title: Tpmvscmgr
 description: Learn about the Tpmvscmgr command-line tool, through which an administrator can create and delete TPM virtual smart cards on a computer.
 ms.topic: reference
-ms.date: 11/06/2023
+ms.date: 09/06/2024
 ---
 
 # Tpmvscmgr

windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-understanding-and-evaluating.md

@@ -2,7 +2,7 @@
 title: Understanding and Evaluating Virtual Smart Cards
 description: Learn how smart card technology can fit into your authentication design.
 ms.topic: overview
-ms.date: 11/06/2023
+ms.date: 09/06/2024
 ---
 
 # Understand and Evaluate Virtual Smart Cards

windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-use-virtual-smart-cards.md

@@ -2,7 +2,7 @@
 title: Use Virtual Smart Cards
 description: Learn about the requirements for virtual smart cards, how to use and manage them.
 ms.topic: concept-article
-ms.date: 11/06/2023
+ms.date: 09/06/2024
 ---
 
 # Use Virtual Smart Cards

windows/security/operating-system-security/device-management/windows-security-configuration-framework/get-support-for-security-baselines.md

@@ -65,7 +65,7 @@ No. SCM supported only SCAP 1.0, which wasn't updated as SCAP evolved. The new t
 | Name | Details | Security Tools |
 |--|--|--|
 | Microsoft 365 Apps for enterprise, version 2306 | [SecGuide](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-for-m365-apps-for-enterprise-v2306/ba-p/3858702) | [SCT 1.0](https://www.microsoft.com/download/details.aspx?id=55319) |
-| Microsoft Edge, version 117 | [SecGuide](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-for-microsoft-edge-version-117/ba-p/3930862) | [SCT 1.0](https://www.microsoft.com/download/details.aspx?id=55319) |
+| Microsoft Edge, version 128 | [SecGuide](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-for-microsoft-edge-version-128/ba-p/4237524) | [SCT 1.0](https://www.microsoft.com/download/details.aspx?id=55319) |
 
 ## Related articles
 

windows/security/operating-system-security/device-management/windows-security-configuration-framework/security-compliance-toolkit-10.md

@@ -35,7 +35,7 @@ The Security Compliance Toolkit consists of:
   - Office 2016
   - Microsoft 365 Apps for Enterprise Version 2206
 - Microsoft Edge security baseline
-  - Microsoft Edge version 114
+  - Microsoft Edge version 128
 - Tools
   - Policy Analyzer
   - Local Group Policy Object (LGPO)

windows/security/operating-system-security/network-security/windows-firewall/configure-logging.md

@@ -1,8 +1,8 @@
 ---
-title: Configure Windows Firewall logging 
+title: Configure Windows Firewall logging
 description: Learn how to configure Windows Firewall to log dropped packets or successful connections with CSP and group policy.
 ms.topic: how-to
-ms.date: 11/21/2023
+ms.date: 09/06/2024
 ---
 
 # Configure Windows Firewall logging
@@ -137,7 +137,7 @@ If not, add *FullControl* permissions for `mpssvc` to the folder, subfolders and
 
 ```PowerShell
 $LogPath = Join-Path -path $env:windir -ChildPath "System32\LogFiles\Firewall"
-$NewAcl = Get-Acl -Path $LogPath 
+$NewAcl = Get-Acl -Path $LogPath
 
 $identity = "NT SERVICE\mpssvc"
 $fileSystemRights = "FullControl"

windows/security/operating-system-security/network-security/windows-firewall/configure-with-command-line.md

@@ -2,7 +2,7 @@
 title: Manage Windows Firewall with the command line
 description: Learn how to manage Windows Firewall from the command line. This guide provides examples how to manage Windows Firewall with PowerShell and Netsh.
 ms.topic: how-to
-ms.date: 11/21/2023
+ms.date: 09/06/2024
 ---
 
 # Manage Windows Firewall with the command line

windows/security/operating-system-security/network-security/windows-firewall/configure.md

@@ -2,7 +2,7 @@
 title: Configure firewall rules with group policy
 description: Learn how to configure firewall rules using group policy with the Windows Firewall with Advanced Security console.
 ms.topic: how-to
-ms.date: 11/21/2023
+ms.date: 09/06/2024
 ---
 
 # Configure rules with group policy

windows/security/operating-system-security/network-security/windows-firewall/dynamic-keywords.md

@@ -2,7 +2,7 @@
 title: Windows Firewall dynamic keywords
 description: Learn about Windows Firewall dynamic keywords and how to configure it using Windows PowerShell.
 ms.topic: how-to
-ms.date: 01/16/2024
+ms.date: 09/06/2024
 ---
 
 # Windows Firewall dynamic keywords

windows/security/operating-system-security/network-security/windows-firewall/filter-origin-documentation.md

@@ -2,7 +2,7 @@
 title: Filter origin audit log
 description: Learn about Windows Firewall and filter origin audit log to troubleshoot packet drops.
 ms.topic: troubleshooting
-ms.date: 11/21/2023
+ms.date: 09/06/2024
 ---
 
 # Filter origin audit log

windows/security/operating-system-security/network-security/windows-firewall/hyper-v-firewall.md

@@ -1,8 +1,8 @@
 ---
-title: Hyper-V firewall 
+title: Hyper-V firewall
 description: Learn how to configure Hyper-V firewall rules and settings using PowerShell or Configuration Service Provider (CSP).
 ms.topic: how-to
-ms.date: 11/21/2023
+ms.date: 09/06/2024
 appliesto:
 - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
 ---
@@ -21,18 +21,18 @@ This section describes the steps to manage Hyper-V firewall using PowerShell.
 
 ### Obtain the WSL GUID
 
-Hyper-V firewall rules are enabled per *VMCreatorId*. To obtain the VMCreatorId, use the cmdlet:  
+Hyper-V firewall rules are enabled per *VMCreatorId*. To obtain the VMCreatorId, use the cmdlet:
 
 ```powershell
-Get-NetFirewallHyperVVMCreator 
+Get-NetFirewallHyperVVMCreator
 ```
 
 The output contains a VmCreator object type, which has unique identifier `VMCreatorId` and `friendly name` properties. For example, the following output shows the properties of WSL:
 
 ```powershell
 PS C:\> Get-NetFirewallHyperVVMCreator
-VMCreatorId : {40E0AC32-46A5-438A-A0B2-2B479E8F2E90} 
-FriendlyName : WSL 
+VMCreatorId : {40E0AC32-46A5-438A-A0B2-2B479E8F2E90}
+FriendlyName : WSL
 ```
 
 > [!NOTE]
@@ -63,7 +63,7 @@ The output contains the following values:
 To configure Hyper-V firewall, use the [Set-NetFirewallHyperVVMSetting][PS-2] command. For example, the following command sets the default inbound connection to *Allow*:
 
 ```powershell
-Set-NetFirewallHyperVVMSetting -Name '{40E0AC32-46A5-438A-A0B2-2B479E8F2E90}' -DefaultInboundAction Allow 
+Set-NetFirewallHyperVVMSetting -Name '{40E0AC32-46A5-438A-A0B2-2B479E8F2E90}' -DefaultInboundAction Allow
 ```
 
 ### Firewall Rules
@@ -76,10 +76,10 @@ Get-NetFirewallHyperVRule -VMCreatorId '{40E0AC32-46A5-438A-A0B2-2B479E8F2E90}'
 
 To configure specific rules, use the [Set-NetFirewallHyperVRule][PS-4] cmdlet.
 
-For example, to create an inbound rule to allow TCP traffic to WSL on port 80, use the following command:  
+For example, to create an inbound rule to allow TCP traffic to WSL on port 80, use the following command:
 
 ```powershell
-New-NetFirewallHyperVRule -Name MyWebServer -DisplayName "My Web Server" -Direction Inbound -VMCreatorId '{40E0AC32-46A5-438A-A0B2-2B479E8F2E90}' -Protocol TCP -LocalPorts 80 
+New-NetFirewallHyperVRule -Name MyWebServer -DisplayName "My Web Server" -Direction Inbound -VMCreatorId '{40E0AC32-46A5-438A-A0B2-2B479E8F2E90}' -Protocol TCP -LocalPorts 80
 ```
 
 ### Target Hyper-V firewall rules and settings to specific profiles
@@ -95,7 +95,7 @@ The policy options are similar to the ones already described, but are applied to
 To view the settings per profile, use the following command:
 
 ```powershell
-Get-NetFirewallHyperVProfile -PolicyStore ActiveStore 
+Get-NetFirewallHyperVProfile -PolicyStore ActiveStore
 ```
 
 > [!NOTE]

windows/security/operating-system-security/network-security/windows-firewall/index.md

@@ -1,8 +1,8 @@
 ---
-title: Windows Firewall overview 
+title: Windows Firewall overview
 description: Learn overview information about the Windows Firewall security feature.
 ms.topic: overview
-ms.date: 11/21/2023
+ms.date: 09/06/2024
 ---
 
 # Windows Firewall overview

windows/security/operating-system-security/network-security/windows-firewall/quarantine.md

@@ -2,7 +2,7 @@
 title: Quarantine behavior
 description: Learn about Windows Firewall and the quarantine feature behavior.
 ms.topic: concept-article
-ms.date: 11/21/2023
+ms.date: 09/06/2024
 ---
 
 # Quarantine behavior
@@ -77,7 +77,7 @@ Inside the wfpdiag.xml, search for `netEvents` that have `FWPM_NET_EVENT_TYPE_CL
 The characters in the application ID name are separated by periods:
 
 ```XML
- <asString>         \\.d.e.v.i.c.e.\\.h.a.r.d.d.i.s.k.v.o.l.u.m.e.1.\\.w.i.n.d.o.w.s.\\.s.y.s.t.e.m.3.2.\\.s.v.c.h.o.s.t...e.x.e... </asString> 
+ <asString>         \\.d.e.v.i.c.e.\\.h.a.r.d.d.i.s.k.v.o.l.u.m.e.1.\\.w.i.n.d.o.w.s.\\.s.y.s.t.e.m.3.2.\\.s.v.c.h.o.s.t...e.x.e... </asString>
 ```
 
 The `netEvent` contains more information about the dropped packet, including information about its capabilities, the filter that dropped the packet, and much more.

windows/security/operating-system-security/network-security/windows-firewall/rules.md

@@ -1,7 +1,7 @@
 ---
 title: Windows Firewall rules
 description: Learn about Windows Firewall rules and design recommendations.
-ms.date: 11/21/2023
+ms.date: 09/06/2024
 ms.topic: concept-article
 ---
 

windows/security/operating-system-security/network-security/windows-firewall/tools.md

@@ -1,7 +1,7 @@
 ---
 title: Windows Firewall tools
 description: Learn about the available tools to configure Windows Firewall and firewall rules.
-ms.date: 11/20/2023
+ms.date: 09/06/2024
 ms.topic: best-practice
 ---