diff --git a/docs/solutions/configuration-profiles/BlockMDMUnenrollment.xml b/docs/solutions/Windows/configuration-profiles/Disallow manual MDM unenrollment - [AllowManualMDMUnenrollment].xml
similarity index 96%
rename from docs/solutions/configuration-profiles/BlockMDMUnenrollment.xml
rename to docs/solutions/Windows/configuration-profiles/Disallow manual MDM unenrollment - [AllowManualMDMUnenrollment].xml
index acd5994f64..0c4374576b 100644
--- a/docs/solutions/configuration-profiles/BlockMDMUnenrollment.xml
+++ b/docs/solutions/Windows/configuration-profiles/Disallow manual MDM unenrollment - [AllowManualMDMUnenrollment].xml
@@ -10,4 +10,4 @@
0
-
\ No newline at end of file
+
diff --git a/docs/solutions/Windows/configuration-profiles/account lock out - [AccountLockoutPolicy].xml b/docs/solutions/Windows/configuration-profiles/account lock out - [AccountLockoutPolicy].xml
new file mode 100644
index 0000000000..f103bde8a7
--- /dev/null
+++ b/docs/solutions/Windows/configuration-profiles/account lock out - [AccountLockoutPolicy].xml
@@ -0,0 +1,11 @@
+
+ -
+
+ chr
+
+
+ ./Device/Vendor/MSFT/Policy/Config/DeviceLock/AccountLockoutPolicy
+
+ AccountLockoutDuration:30, AccountLockoutThreshold:10, ResetAccountLockoutCounterAfter:3
+
+
diff --git a/docs/solutions/windows/configuration-profiles/allow-spotlight-collections.xml b/docs/solutions/Windows/configuration-profiles/allow Windows Spotlight collections - [AllowSpotlightCollection].xml
similarity index 100%
rename from docs/solutions/windows/configuration-profiles/allow-spotlight-collections.xml
rename to docs/solutions/Windows/configuration-profiles/allow Windows Spotlight collections - [AllowSpotlightCollection].xml
diff --git a/docs/solutions/Windows/configuration-profiles/disable built-in Administrator account – [Accounts_EnableAdministratorAccountStatus].xml b/docs/solutions/Windows/configuration-profiles/disable built-in Administrator account – [Accounts_EnableAdministratorAccountStatus].xml
new file mode 100644
index 0000000000..70563197ba
--- /dev/null
+++ b/docs/solutions/Windows/configuration-profiles/disable built-in Administrator account – [Accounts_EnableAdministratorAccountStatus].xml
@@ -0,0 +1,12 @@
+
+ 1
+ -
+
+ ./Device/Vendor/MSFT/Policy/Config/LocalPoliciesSecurityOptions/Accounts_EnableAdministratorAccountStatus
+
+
+ int
+
+ 0
+
+
diff --git a/docs/solutions/windows/configuration-profiles/windows-device-privacy-speechrecognition-disabled.xml b/docs/solutions/Windows/configuration-profiles/disable online speech recognition and personalization - [AllowInputPersonalization].xml
similarity index 99%
rename from docs/solutions/windows/configuration-profiles/windows-device-privacy-speechrecognition-disabled.xml
rename to docs/solutions/Windows/configuration-profiles/disable online speech recognition and personalization - [AllowInputPersonalization].xml
index 86afe426ed..f68b4a8853 100644
--- a/docs/solutions/windows/configuration-profiles/windows-device-privacy-speechrecognition-disabled.xml
+++ b/docs/solutions/Windows/configuration-profiles/disable online speech recognition and personalization - [AllowInputPersonalization].xml
@@ -9,4 +9,3 @@
0
-
diff --git a/docs/solutions/windows/configuration-profiles/windows-device-remoteassistance-disabled.xml b/docs/solutions/Windows/configuration-profiles/disable remote assistance - [AllowRemoteAssistance].xml
similarity index 100%
rename from docs/solutions/windows/configuration-profiles/windows-device-remoteassistance-disabled.xml
rename to docs/solutions/Windows/configuration-profiles/disable remote assistance - [AllowRemoteAssistance].xml
diff --git a/docs/solutions/windows/configuration-profiles/windows-device-systemservices-simptcp-disabled.xml b/docs/solutions/Windows/configuration-profiles/disable simple TCPIP services – [SimpleTcp].xml
similarity index 100%
rename from docs/solutions/windows/configuration-profiles/windows-device-systemservices-simptcp-disabled.xml
rename to docs/solutions/Windows/configuration-profiles/disable simple TCPIP services – [SimpleTcp].xml
diff --git a/docs/solutions/Windows/configuration-profiles/enable Microsoft Defender SmartScreen - [EnableSmartScreen].xml b/docs/solutions/Windows/configuration-profiles/enable Microsoft Defender SmartScreen - [EnableSmartScreen].xml
new file mode 100644
index 0000000000..018190b1a7
--- /dev/null
+++ b/docs/solutions/Windows/configuration-profiles/enable Microsoft Defender SmartScreen - [EnableSmartScreen].xml
@@ -0,0 +1,12 @@
+
+
+ -
+
+ int
+
+
+ ./Device/Vendor/MSFT/Policy/Config/WebThreatDefense/ServiceEnabled
+
+ 1
+
+
diff --git a/docs/solutions/windows/configuration-profiles/block-user-from-showing-account-details-on-sign-in.xml b/docs/solutions/Windows/configuration-profiles/hide account details on sign in - [BlockUserFromShowingAccountDetailsOnSignin].xml
similarity index 91%
rename from docs/solutions/windows/configuration-profiles/block-user-from-showing-account-details-on-sign-in.xml
rename to docs/solutions/Windows/configuration-profiles/hide account details on sign in - [BlockUserFromShowingAccountDetailsOnSignin].xml
index d5ec2c610f..ee0aa85714 100644
--- a/docs/solutions/windows/configuration-profiles/block-user-from-showing-account-details-on-sign-in.xml
+++ b/docs/solutions/Windows/configuration-profiles/hide account details on sign in - [BlockUserFromShowingAccountDetailsOnSignin].xml
@@ -9,7 +9,7 @@
./Device/Vendor/MSFT/Policy/Config/ADMX_Logon/BlockUserFromShowingAccountDetailsOnSignin
- ]]>
+ ]]>
diff --git a/docs/solutions/Windows/configuration-profiles/install Okta attestation certificate - [Bundle].xml b/docs/solutions/Windows/configuration-profiles/install Okta attestation certificate - [Bundle].xml
new file mode 100644
index 0000000000..eadc58d7df
--- /dev/null
+++ b/docs/solutions/Windows/configuration-profiles/install Okta attestation certificate - [Bundle].xml
@@ -0,0 +1,103 @@
+
+
+ 1
+ -
+
+ ./Device/Vendor/MSFT/ClientCertificateInstall/SCEP/OktaVerify
+
+
+ node
+
+
+
+
+
+ 2
+ -
+
+ ./Device/Vendor/MSFT/ClientCertificateInstall/SCEP/OktaVerify/Install/ServerURL
+
+
+ chr
+
+ yourUrlHere
+
+
+
+
+ 3
+ -
+
+ ./Device/Vendor/MSFT/ClientCertificateInstall/SCEP/OktaVerify/Install/Challenge
+
+
+ chr
+
+ yourChallengeHere
+
+
+
+
+ 4
+ -
+
+ ./Device/Vendor/MSFT/ClientCertificateInstall/SCEP/OktaVerify/Install/SubjectName
+
+
+ chr
+
+ $FLEET_VAR_HOST_UUID
+
+
+
+
+ 5
+ -
+
+ ./Device/Vendor/MSFT/ClientCertificateInstall/SCEP/OktaVerify/Install/KeyLength
+
+
+ int
+
+ 2048
+
+
+
+
+ 6
+ -
+
+ ./Device/Vendor/MSFT/ClientCertificateInstall/SCEP/OktaVerify/Install/HashAlgorithm
+
+
+ chr
+
+ SHA256
+
+
+
+
+ 7
+ -
+
+ ./Device/Vendor/MSFT/ClientCertificateInstall/SCEP/OktaVerify/Install/KeyUsage
+
+
+ int
+
+ 160
+
+
+
+
+ 8
+ -
+
+ ./Device/Vendor/MSFT/ClientCertificateInstall/SCEP/OktaVerify/Install/EKUMapping
+
+
+ chr
+
+ 1.3.6.1.5.5.7.3.2
+
+
diff --git a/docs/solutions/Windows/configuration-profiles/require admin consent before UAC elevation - [ConsentPromptBehaviorAdmin].xml b/docs/solutions/Windows/configuration-profiles/require admin consent before UAC elevation - [ConsentPromptBehaviorAdmin].xml
new file mode 100644
index 0000000000..48b576915e
--- /dev/null
+++ b/docs/solutions/Windows/configuration-profiles/require admin consent before UAC elevation - [ConsentPromptBehaviorAdmin].xml
@@ -0,0 +1,12 @@
+
+
+ -
+
+ int
+
+
+ ./Device/Vendor/MSFT/Policy/Config/LocalPoliciesSecurityOptions/UserAccountControl_DetectApplicationInstallationsAndPromptForElevation
+
+ 1
+
+
diff --git a/docs/solutions/windows/configuration-profiles/windows-device-networkaccess-everyonepermissions.xml b/docs/solutions/Windows/configuration-profiles/restrict Everyone permissions in network access - [NetworkAccess_RestrictAnonymousAccess].xml
similarity index 99%
rename from docs/solutions/windows/configuration-profiles/windows-device-networkaccess-everyonepermissions.xml
rename to docs/solutions/Windows/configuration-profiles/restrict Everyone permissions in network access - [NetworkAccess_RestrictAnonymousAccess].xml
index 83aa820dc1..f53b77dc9a 100644
--- a/docs/solutions/windows/configuration-profiles/windows-device-networkaccess-everyonepermissions.xml
+++ b/docs/solutions/Windows/configuration-profiles/restrict Everyone permissions in network access - [NetworkAccess_RestrictAnonymousAccess].xml
@@ -10,4 +10,3 @@
0
-
diff --git a/docs/solutions/Windows/configuration-profiles/set maximum device lock timeout (10 min max) - [MaxInactivityTimeDeviceLock].xml b/docs/solutions/Windows/configuration-profiles/set maximum device lock timeout (10 min max) - [MaxInactivityTimeDeviceLock].xml
new file mode 100644
index 0000000000..bb8bb078ba
--- /dev/null
+++ b/docs/solutions/Windows/configuration-profiles/set maximum device lock timeout (10 min max) - [MaxInactivityTimeDeviceLock].xml
@@ -0,0 +1,11 @@
+
+ -
+
+ int
+
+
+ ./Device/Vendor/MSFT/Policy/Config/DeviceLock/MaxInactivityTimeDeviceLock
+
+ 10
+
+
diff --git a/docs/solutions/policies/windows-fleet-hardening.policies.yml b/docs/solutions/Windows/policies/windows-fleet-hardening.policies.yml
similarity index 100%
rename from docs/solutions/policies/windows-fleet-hardening.policies.yml
rename to docs/solutions/Windows/policies/windows-fleet-hardening.policies.yml
diff --git a/docs/solutions/windows/scripts/disable-insider-ui-page.ps1 b/docs/solutions/Windows/scripts/disable-insider-ui-page.ps1
similarity index 100%
rename from docs/solutions/windows/scripts/disable-insider-ui-page.ps1
rename to docs/solutions/Windows/scripts/disable-insider-ui-page.ps1
diff --git a/docs/solutions/Windows/scripts/disallow local Fleet osquery modification.ps1 b/docs/solutions/Windows/scripts/disallow local Fleet osquery modification.ps1
new file mode 100644
index 0000000000..27cc5045c3
--- /dev/null
+++ b/docs/solutions/Windows/scripts/disallow local Fleet osquery modification.ps1
@@ -0,0 +1,28 @@
+# Prevents uninstall/change of Fleet osquery via Windows UI.
+# Sets NoRemove and NoModify = 1 under Fleet osquery uninstall entry.
+# Hides uninstall/change options across Control Panel and Settings > Apps.
+# Works on all Windows editions.
+
+$UninstallPaths = @(
+ "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\*",
+ "HKLM:\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\*"
+)
+
+$FleetEntry = Get-ItemProperty -Path $UninstallPaths -ErrorAction SilentlyContinue |
+Where-Object { $_.DisplayName -like "Fleet osquery*" }
+
+if ($FleetEntry) {
+ Write-Output "[INFO] Fleet osquery found: $($FleetEntry.DisplayName)"
+ $RegKeyPath = $FleetEntry.PSPath
+
+ New-ItemProperty -Path $RegKeyPath -Name "NoRemove" -Value 1 -PropertyType DWord -Force | Out-Null
+ Write-Output "[SET] NoRemove = 1"
+
+ New-ItemProperty -Path $RegKeyPath -Name "NoModify" -Value 1 -PropertyType DWord -Force | Out-Null
+ Write-Output "[SET] NoModify = 1"
+
+ Write-Output "[DONE] Fleet osquery uninstall options hardened."
+}
+else {
+ Write-Output "[WARN] Fleet osquery not found. Nothing changed."
+}
diff --git a/docs/solutions/windows/scripts/Set_ScreenSaverGracePeriod.ps1 b/docs/solutions/Windows/scripts/set screen saver grace period – [ScreenSaverGracePeriod].ps1
similarity index 100%
rename from docs/solutions/windows/scripts/Set_ScreenSaverGracePeriod.ps1
rename to docs/solutions/Windows/scripts/set screen saver grace period – [ScreenSaverGracePeriod].ps1
diff --git a/docs/solutions/account-lock-out.xml b/docs/solutions/account-lock-out.xml
deleted file mode 100644
index 20c7e6ecba..0000000000
--- a/docs/solutions/account-lock-out.xml
+++ /dev/null
@@ -1,11 +0,0 @@
-
- -
-
- chr
-
-
- ./Device/Vendor/MSFT/Policy/Config/DeviceLock/AccountLockoutPolicy
-
- AccountLockoutDuration:30, AccountLockoutThreshold:10, ResetAccountLockoutCounterAfter:3
-
-
diff --git a/docs/solutions/configuration-profiles/crowdstrike-full-disk-access.mobileconfig b/docs/solutions/macOS/configuration-profiles/crowdstrike-full-disk-access.mobileconfig
similarity index 100%
rename from docs/solutions/configuration-profiles/crowdstrike-full-disk-access.mobileconfig
rename to docs/solutions/macOS/configuration-profiles/crowdstrike-full-disk-access.mobileconfig
diff --git a/docs/solutions/configuration-profiles/crowdstrike-notification.mobileconfig b/docs/solutions/macOS/configuration-profiles/crowdstrike-notification.mobileconfig
similarity index 100%
rename from docs/solutions/configuration-profiles/crowdstrike-notification.mobileconfig
rename to docs/solutions/macOS/configuration-profiles/crowdstrike-notification.mobileconfig
diff --git a/docs/solutions/configuration-profiles/crowdstrike-service-management.mobileconfig b/docs/solutions/macOS/configuration-profiles/crowdstrike-service-management.mobileconfig
similarity index 100%
rename from docs/solutions/configuration-profiles/crowdstrike-service-management.mobileconfig
rename to docs/solutions/macOS/configuration-profiles/crowdstrike-service-management.mobileconfig
diff --git a/docs/solutions/configuration-profiles/crowdstrike-system-extension.mobileconfig b/docs/solutions/macOS/configuration-profiles/crowdstrike-system-extension.mobileconfig
similarity index 100%
rename from docs/solutions/configuration-profiles/crowdstrike-system-extension.mobileconfig
rename to docs/solutions/macOS/configuration-profiles/crowdstrike-system-extension.mobileconfig
diff --git a/docs/solutions/configuration-profiles/crowdstrike-web-filter.mobileconfig b/docs/solutions/macOS/configuration-profiles/crowdstrike-web-filter.mobileconfig
similarity index 100%
rename from docs/solutions/configuration-profiles/crowdstrike-web-filter.mobileconfig
rename to docs/solutions/macOS/configuration-profiles/crowdstrike-web-filter.mobileconfig
diff --git a/docs/solutions/scripts/windows-fleet-hardening.ps1 b/docs/solutions/scripts/windows-fleet-hardening.ps1
deleted file mode 100644
index 0b3ce09f02..0000000000
--- a/docs/solutions/scripts/windows-fleet-hardening.ps1
+++ /dev/null
@@ -1,27 +0,0 @@
-# Prevents uninstall/change of Fleet osquery via Windows UI.
-# Sets NoRemove and NoModify = 1 under Fleet osquery uninstall entry.
-# Hides uninstall/change options across Control Panel and Settings > Apps.
-# Works on all Windows editions.
-
-$UninstallPaths = @(
- "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\*",
- "HKLM:\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\*"
-)
-
-$FleetEntry = Get-ItemProperty -Path $UninstallPaths -ErrorAction SilentlyContinue |
- Where-Object { $_.DisplayName -like "Fleet osquery*" }
-
-if ($FleetEntry) {
- Write-Output "[INFO] Fleet osquery found: $($FleetEntry.DisplayName)"
- $RegKeyPath = $FleetEntry.PSPath
-
- New-ItemProperty -Path $RegKeyPath -Name "NoRemove" -Value 1 -PropertyType DWord -Force | Out-Null
- Write-Output "[SET] NoRemove = 1"
-
- New-ItemProperty -Path $RegKeyPath -Name "NoModify" -Value 1 -PropertyType DWord -Force | Out-Null
- Write-Output "[SET] NoModify = 1"
-
- Write-Output "[DONE] Fleet osquery uninstall options hardened."
-} else {
- Write-Output "[WARN] Fleet osquery not found. Nothing changed."
-}
diff --git a/docs/solutions/windows/configuration-profiles/defender-smartscreen-service-enabled.xml b/docs/solutions/windows/configuration-profiles/defender-smartscreen-service-enabled.xml
deleted file mode 100644
index a21d5f1044..0000000000
--- a/docs/solutions/windows/configuration-profiles/defender-smartscreen-service-enabled.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-
-
- -
-
- int
-
-
- ./Device/Vendor/MSFT/Policy/Config/WebThreatDefense/ServiceEnabled
-
- 1
-
-
diff --git a/docs/solutions/windows/configuration-profiles/okta-attestation-cert.xml b/docs/solutions/windows/configuration-profiles/okta-attestation-cert.xml
deleted file mode 100644
index d7e74dd7d2..0000000000
--- a/docs/solutions/windows/configuration-profiles/okta-attestation-cert.xml
+++ /dev/null
@@ -1,103 +0,0 @@
-
-
- 1
- -
-
- ./Device/Vendor/MSFT/ClientCertificateInstall/SCEP/OktaVerify
-
-
- node
-
-
-
-
-
- 2
- -
-
- ./Device/Vendor/MSFT/ClientCertificateInstall/SCEP/OktaVerify/Install/ServerURL
-
-
- chr
-
- yourUrlHere
-
-
-
-
- 3
- -
-
- ./Device/Vendor/MSFT/ClientCertificateInstall/SCEP/OktaVerify/Install/Challenge
-
-
- chr
-
- yourChallengeHere
-
-
-
-
- 4
- -
-
- ./Device/Vendor/MSFT/ClientCertificateInstall/SCEP/OktaVerify/Install/SubjectName
-
-
- chr
-
- $FLEET_VAR_HOST_UUID
-
-
-
-
- 5
- -
-
- ./Device/Vendor/MSFT/ClientCertificateInstall/SCEP/OktaVerify/Install/KeyLength
-
-
- int
-
- 2048
-
-
-
-
- 6
- -
-
- ./Device/Vendor/MSFT/ClientCertificateInstall/SCEP/OktaVerify/Install/HashAlgorithm
-
-
- chr
-
- SHA256
-
-
-
-
- 7
- -
-
- ./Device/Vendor/MSFT/ClientCertificateInstall/SCEP/OktaVerify/Install/KeyUsage
-
-
- int
-
- 160
-
-
-
-
- 8
- -
-
- ./Device/Vendor/MSFT/ClientCertificateInstall/SCEP/OktaVerify/Install/EKUMapping
-
-
- chr
-
- 1.3.6.1.5.5.7.3.2
-
-
diff --git a/docs/solutions/windows/configuration-profiles/uac-prompt-for-elevation.xml b/docs/solutions/windows/configuration-profiles/uac-prompt-for-elevation.xml
deleted file mode 100644
index 0549f3ba92..0000000000
--- a/docs/solutions/windows/configuration-profiles/uac-prompt-for-elevation.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-
-
- -
-
- int
-
-
- ./Device/Vendor/MSFT/Policy/Config/LocalPoliciesSecurityOptions/UserAccountControl_DetectApplicationInstallationsAndPromptForElevation
-
- 1
-
-
diff --git a/docs/solutions/windows/configuration-profiles/windows-localpoliciessecurityoptions-disable-adminaccountstatus.xml b/docs/solutions/windows/configuration-profiles/windows-localpoliciessecurityoptions-disable-adminaccountstatus.xml
deleted file mode 100644
index bc91f81d6d..0000000000
--- a/docs/solutions/windows/configuration-profiles/windows-localpoliciessecurityoptions-disable-adminaccountstatus.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-
- 1
- -
-
- ./Device/Vendor/MSFT/Policy/Config/LocalPoliciesSecurityOptions/Accounts_EnableAdministratorAccountStatus
-
-
- int
-
- 0
-
-