Merge branch 'public' into patch-1

.acrolinx-config.edn

@@ -39,7 +39,7 @@ For more information about the exception criteria and exception process, see [Mi
  
 Select the total score link to review all feedback on clarity, consistency, tone, brand, terms, spelling, grammar, readability, and inclusive language. _You should fix all spelling errors regardless of your total score_. Fixing spelling errors helps maintain customer trust in overall content quality.
 
-| Article | Total score<br>(Required: 80) | Words + phrases<br>(Brand, terms) | Correctness<br>(Spelling, grammar) | Clarity<br>(Readability) |
+| Article | Total score<br>(Required: 80) | Terminology | Spelling and Grammar| Clarity<br>(Readability) |
 |---------|:--------------:|:--------------------:|:------:|:---------:|
 "
 

.github/workflows/BuildValidation.yml

@@ -0,0 +1,21 @@
+name: PR has no warnings or errors
+
+permissions:
+  pull-requests: write
+  statuses: write
+
+on: 
+  issue_comment:
+    types: [created]
+
+jobs:
+
+  build-status:
+    uses: MicrosoftDocs/microsoft-365-docs/.github/workflows/Shared-BuildValidation.yml@workflows-prod
+    with:
+      PayloadJson: ${{ toJSON(github) }}
+    secrets:
+      AccessToken: ${{ secrets.GITHUB_TOKEN }}
+
+
+

.openpublishing.redirection.windows-security.json

@@ -5,6 +5,11 @@
       "redirect_url": "/windows/security/hardware-security/kernel-dma-protection-for-thunderbolt",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-overview.md",
+      "redirect_url": "/windows/security/application-security/application-isolation/windows-sandbox/index",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md",
       "redirect_url": "/windows/security/hardware-security/enable-virtualization-based-protection-of-code-integrity",

README.md

@@ -6,7 +6,7 @@ Anyone who is interested can contribute to the topics. When you contribute, your
 
 ### Quickly update an article using github.com
 
-Contributors who only make infrequent or small updates can edit the file directly on github.com without having to install any additional software. This article shows you how. [This two-minute video](https://www.microsoft.com/videoplayer/embed/RE1XQTG) also covers how to contribute.
+Contributors who only make infrequent or small updates can edit the file directly on github.com without having to install any additional software. This article shows you how. [This two-minute video](https://learn-video.azurefd.net/vod/player?id=b5167c5a-9c69-499b-99ac-e5467882bc92) also covers how to contribute.
 
 1. Make sure you're signed in to github.com with your GitHub account.
 2. Browse to the page you want to edit on Microsoft Learn.

education/windows/federated-sign-in.md

@@ -1,7 +1,7 @@
 ---
 title: Configure federated sign-in for Windows devices
 description: Learn how federated sign-in in Windows works and how to configure it.
-ms.date: 06/03/2024
+ms.date: 01/27/2025
 ms.topic: how-to
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>

education/windows/tutorial-deploy-apps-winse/create-policies.md

@@ -54,7 +54,7 @@ To create supplemental policies, download and install the [WDAC Policy Wizard][E
 
 The following video provides an overview and explains how to create supplemental policies for apps blocked by the Windows 11 SE base policy.
 
-> [!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RWWReO]
+> [!VIDEO https://learn-video.azurefd.net/vod/player?id=1eedb284-5592-43e7-9446-ce178953502d]
 
 ### Create a supplemental policy for Win32 apps
 

includes/iot/supported-os-enterprise-plus.md

@@ -0,0 +1,8 @@
+---
+author: TerryWarwick
+ms.author: twarwick
+ms-topic: include
+ms.date: 09/30/2024
+---
+
+**Supported Editions** </br> ✅ IoT Enterprise LTSC</br>✅ IoT Enterprise</br>✅ Enterprise LTSC</br>✅ Enterprise</br>✅ Education

windows/client-management/mdm/bitlocker-csp.md

@@ -551,6 +551,10 @@ The possible values for 'zz' are:
 
 - 1 = Store recovery passwords and key packages
 - 2 = Store recovery passwords only
+
+For Microsoft Entra hybrid joined devices, the BitLocker recovery password is backed up to both Active Directory and Entra ID.
+
+For Microsoft Entra joined devices, the BitLocker recovery password is backed up to Entra ID.
 <!-- Device-FixedDrivesRecoveryOptions-Editable-End -->
 
 <!-- Device-FixedDrivesRecoveryOptions-DFProperties-Begin -->
@@ -2092,6 +2096,10 @@ The possible values for 'zz' are:
 
 - 1 = Store recovery passwords and key packages.
 - 2 = Store recovery passwords only.
+
+For Microsoft Entra hybrid joined devices, the BitLocker recovery password is backed up to both Active Directory and Entra ID.
+
+For Microsoft Entra joined devices, the BitLocker recovery password is backed up to Entra ID.
 <!-- Device-SystemDrivesRecoveryOptions-Editable-End -->
 
 <!-- Device-SystemDrivesRecoveryOptions-DFProperties-Begin -->

windows/client-management/mdm/healthattestation-csp.md

@@ -1,7 +1,7 @@
 ---
 title: HealthAttestation CSP
 description: Learn more about the HealthAttestation CSP.
-ms.date: 01/31/2024
+ms.date: 01/14/2025
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -51,7 +51,7 @@ The following list shows the HealthAttestation configuration service provider no
 <!-- Device-AttestErrorMessage-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 with [KB5046732](https://support.microsoft.com/help/5046732) [10.0.22621.4541] and later <br> ✅ Windows 11, version 24H2 with [KB5046617](https://support.microsoft.com/help/5046617) [10.0.26100.2314] and later <br> ✅ Windows Insider Preview |
 <!-- Device-AttestErrorMessage-Applicability-End -->
 
 <!-- Device-AttestErrorMessage-OmaUri-Begin -->

windows/client-management/mdm/healthattestation-ddf.md

@@ -1,7 +1,7 @@
 ---
 title: HealthAttestation DDF file
 description: View the XML file containing the device description framework (DDF) for the HealthAttestation configuration service provider.
-ms.date: 06/28/2024
+ms.date: 01/14/2025
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -436,7 +436,7 @@ The following XML file contains the device description framework (DDF) for the H
           <MIME />
         </DFType>
         <MSFT:Applicability>
-          <MSFT:OsBuildVersion>99.9.99999</MSFT:OsBuildVersion>
+          <MSFT:OsBuildVersion>99.9.99999, 10.0.26100.2314, 10.0.22621.4541</MSFT:OsBuildVersion>
           <MSFT:CspVersion>1.4</MSFT:CspVersion>
         </MSFT:Applicability>
       </DFProperties>

windows/client-management/mdm/policies-in-preview.md

@@ -1,7 +1,7 @@
 ---
 title: Configuration service provider preview policies
 description: Learn more about configuration service provider (CSP) policies that are available for Windows Insider Preview.
-ms.date: 11/27/2024
+ms.date: 01/14/2025
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -31,6 +31,7 @@ This article lists the policies that are applicable for Windows Insider Preview
 
 ## Connectivity
 
+- [DisableCrossDeviceResume](policy-csp-connectivity.md#disablecrossdeviceresume)
 - [UseCellularWhenWiFiPoor](policy-csp-connectivity.md#usecellularwhenwifipoor)
 - [DisableCellularSettingsPage](policy-csp-connectivity.md#disablecellularsettingspage)
 - [DisableCellularOperatorSettingsPage](policy-csp-connectivity.md#disablecellularoperatorsettingspage)
@@ -46,6 +47,10 @@ This article lists the policies that are applicable for Windows Insider Preview
 - [DODisallowCacheServerDownloadsOnVPN](policy-csp-deliveryoptimization.md#dodisallowcacheserverdownloadsonvpn)
 - [DOVpnKeywords](policy-csp-deliveryoptimization.md#dovpnkeywords)
 
+## DeviceGuard
+
+- [MachineIdentityIsolation](policy-csp-deviceguard.md#machineidentityisolation)
+
 ## DevicePreparation CSP
 
 - [PageEnabled](devicepreparation-csp.md#pageenabled)
@@ -80,6 +85,12 @@ This article lists the policies that are applicable for Windows Insider Preview
 
 - [AttestErrorMessage](healthattestation-csp.md#attesterrormessage)
 
+## HumanPresence
+
+- [ForcePrivacyScreen](policy-csp-humanpresence.md#forceprivacyscreen)
+- [ForcePrivacyScreenDim](policy-csp-humanpresence.md#forceprivacyscreendim)
+- [ForcePrivacyScreenNotification](policy-csp-humanpresence.md#forceprivacyscreennotification)
+
 ## InternetExplorer
 
 - [AllowLegacyURLFields](policy-csp-internetexplorer.md#allowlegacyurlfields)
@@ -115,6 +126,10 @@ This article lists the policies that are applicable for Windows Insider Preview
 
 - [DisablePostLogonProvisioning](passportforwork-csp.md#devicetenantidpoliciesdisablepostlogonprovisioning)
 
+## Printers
+
+- [ConfigureIppTlsCertificatePolicy](policy-csp-printers.md#configureipptlscertificatepolicy)
+
 ## Reboot CSP
 
 - [WeeklyRecurrent](reboot-csp.md#scheduleweeklyrecurrent)

windows/client-management/mdm/policy-csp-connectivity.md

@@ -1,7 +1,7 @@
 ---
 title: Connectivity Policy CSP
 description: Learn more about the Connectivity Area in Policy CSP.
-ms.date: 11/05/2024
+ms.date: 01/14/2025
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -684,6 +684,61 @@ This policy makes all configurable settings in the 'Cellular' Settings page read
 
 <!-- DisableCellularSettingsPage-End -->
 
+<!-- DisableCrossDeviceResume-Begin -->
+## DisableCrossDeviceResume
+
+<!-- DisableCrossDeviceResume-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+<!-- DisableCrossDeviceResume-Applicability-End -->
+
+<!-- DisableCrossDeviceResume-OmaUri-Begin -->
+```User
+./User/Vendor/MSFT/Policy/Config/Connectivity/DisableCrossDeviceResume
+```
+<!-- DisableCrossDeviceResume-OmaUri-End -->
+
+<!-- DisableCrossDeviceResume-Description-Begin -->
+<!-- Description-Source-DDF -->
+This policy allows IT admins to turn off CrossDeviceResume feature to continue tasks, such as browsing file, continue using 1P/3P apps that require linking between Phone and PC.
+
+- If you enable this policy setting, the Windows device won't receive any CrossDeviceResume notification.
+
+- If you disable this policy setting, the Windows device will receive notification to resume activity from linked phone.
+
+- If you don't configure this policy setting, the default behavior is that the CrossDeviceResume feature is turned 'ON'. Changes to this policy take effect on reboot.
+<!-- DisableCrossDeviceResume-Description-End -->
+
+<!-- DisableCrossDeviceResume-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- DisableCrossDeviceResume-Editable-End -->
+
+<!-- DisableCrossDeviceResume-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value  | 0 |
+<!-- DisableCrossDeviceResume-DFProperties-End -->
+
+<!-- DisableCrossDeviceResume-AllowedValues-Begin -->
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 (Default) | CrossDeviceResume is Enabled. |
+| 1 | CrossDeviceResume is Disabled. |
+<!-- DisableCrossDeviceResume-AllowedValues-End -->
+
+<!-- DisableCrossDeviceResume-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- DisableCrossDeviceResume-Examples-End -->
+
+<!-- DisableCrossDeviceResume-End -->
+
 <!-- DisableDownloadingOfPrintDriversOverHTTP-Begin -->
 ## DisableDownloadingOfPrintDriversOverHTTP