`
If you disable or don’t configure this setting, your default Home page is the webpage specified in App settings. |**Enabled:** Configure your Home pages. If you use this option, you must also include site URLs.
**Disabled or not configured (default):** Uses the Home pages and URLs specified in the App settings. | -|Configure Password Manager |Windows 10 or later |This policy setting lets you decide whether employees can save their passwords locally, using Password Manager. By default, Password Manager is turned on.
If you enable this setting, employees can use Password Manager to save their passwords locally.
If you disable this setting, employees can’t use Password Manager to save their passwords locally.
If you don’t configure this setting, employees can choose whether to use Password Manager to save their passwords locally. |**Not configured:** Employees can choose whether to use Password Manager.
**Enabled (default):** Employees can use Password Manager to save passwords locally.
**Disabled:** Employees can't use Password Manager to save passwords locally. | -|Configure Pop-up Blocker |Windows 10 or later |This policy setting lets you decide whether to turn on Pop-up Blocker. By default, Pop-up Blocker is turned on.
If you enable this setting, Pop-up Blocker is turned on, stopping pop-up windows from appearing.
If you disable this setting, Pop-up Blocker is turned off, letting pop-ups windows appear.
If you don’t configure this setting, employees can choose whether to use Pop-up Blocker. |**Enabled or not configured (default):** Turns on Pop-up Blocker, stopping pop-up windows.
**Disabled:** Turns off Pop-up Blocker, allowing pop-up windows. | -|Configure search suggestions in Address bar |Windows 10 or later |This policy setting lets you decide whether search suggestions appear in the Address bar of Microsoft Edge. By default, employees can choose whether search suggestions appear in the Address bar of Microsoft Edge.
If you enable this setting, employees can see search suggestions in the Address bar of Microsoft Edge.
If you disable this setting, employees can't see search suggestions in the Address bar of Microsoft Edge.
If you don’t configure this setting, employees can choose whether search suggestions appear in the Address bar of Microsoft Edge. |**Not configured (default):** Employees can choose whether search suggestions appear in the Address bar of Microsoft Edge.
**Enabled:** Employees can see search suggestions in the Address bar of Microsoft Edge.
**Disabled:** Employees can’t see search suggestions in the Address bar of Microsoft Edge. | -|Configure SmartScreen Filter |Windows 10 or later |This policy setting lets you configure whether to turn on SmartScreen Filter. SmartScreen Filter provides warning messages to help protect your employees from potential phishing scams and malicious software. By default, SmartScreen Filter is turned on.
If you enable this setting, SmartScreen Filter is turned on and employees can’t turn it off.
If you disable this setting, SmartScreen Filter is turned off and employees can’t turn it on.
If you don’t configure this setting, employees can choose whether to use SmartScreen Filter. |**Not configured (default):** Employees can choose whether to use SmartScreen Filter.
**Enabled:** Turns on SmartScreen Filter, providing warning messages to your employees about potential phishing scams and malicious software.
**Disabled:** Turns off SmartScreen Filter. | -|Configure the Enterprise Mode Site List |Windows 10 or later| This policy setting lets you configure whether to use Enterprise Mode and the Enterprise Mode Site List to address common compatibility problems with legacy apps.
If you enable this setting, Microsoft Edge looks for the Enterprise Mode Site List XML file. This file includes the sites and domains that need to be viewed using Internet Explorer 11 and Enterprise Mode.
If you disable or don’t configure this setting, Microsoft Edge won’t use the Enterprise Mode Site List XML file. In this case, employees might experience compatibility problems while using legacy apps.
**Note**
If there’s an .xml file in the cache container, IE waits 65 seconds and then checks the local cache for a newer version of the file from the server, based on standard caching rules. If the server file has a different version number than the version in the cache container, the server file is used and stored in the cache container.
If you’re already using a site list, enterprise mode continues to work during the 65 second wait; it just uses your existing site list instead of your new one.|**Enabled:** Lets you use the Enterprise Mode Site List to address common compatibility problems with legacy apps, if it’s configured.
If you use this option, you must also add the location to your site list in the `{URI}` box. When configured, any site on the list will always open in Internet Explorer 11.
**Disabled or not configured (default):** You won't be able to use the Enterprise Mode Site List.| -|Prevent access to the about:flags page |Windows 10, Version 1607 or later|This policy setting lets you decide whether employees can access the about:flags page, which is used to change developer settings and to enable experimental features.
If you enable this policy setting, employees can’t access the about:flags page.
If you disable or don’t configure this setting, employees can access the about:flags page. |**Enabled:** Stops employees from using the about:flags page.
**Disabled or not configured (default):** Lets employees use the about:flags page. | -|Prevent bypassing SmartScreen prompts for files |Windows 10, Version 1511 or later |This policy setting lets you decide whether employees can override the SmartScreen Filter warnings about downloading unverified files.
If you enable this setting, employees can’t ignore SmartScreen Filter warnings and they’re blocked from downloading the unverified files.
If you disable or don’t configure this setting, employees can ignore SmartScreen Filter warnings and continue the download process. |**Enabled:** Stops employees from ignoring the SmartScreen Filter warnings about unverified files.
**Disabled or not configured (default):** Lets employees ignore the SmartScreen Filter warnings about unverified files and lets them continue the download process. | -|Prevent bypassing SmartScreen prompts for sites |Windows 10, Version 1511 or later |This policy setting lets you decide whether employees can override the SmartScreen Filter warnings about potentially malicious websites.
If you enable this setting, employees can’t ignore SmartScreen Filter warnings and they’re blocked from continuing to the site.
If you disable or don’t configure this setting, employees can ignore SmartScreen Filter warnings and continue to the site. |**Enabled:** Stops employees from ignoring the SmartScreen Filter warnings about potentially malicious sites.
**Disabled or not configured (default):** Lets employees ignore the SmartScreen Filter warnings about potentially malicious sites and continue to the site. | -|Prevent using Localhost IP address for WebRTC |Windows 10, Version 1511 or later |This policy setting lets you decide whether an employee’s Localhost IP address shows while making calls using the WebRTC protocol. By default, this setting is turned off.
If you enable this setting, Localhost IP addresses are hidden while making calls using the WebRTC protocol.
If you disable or don’t configure this setting, Localhost IP addresses are shown while making calls using the WebRTC protocol. |**Enabled:** Hides the Localhost IP address during calls using the WebRTC protocol.
**Disabled or not configured (default):** Shows the Localhost IP address during phone calls using the WebRTC protocol. | -|Send all intranet sites to Internet Explorer 11 |Windows 10 or later |This policy setting lets you decide whether your intranet sites should all open using Internet Explorer 11. This setting should only be used if there are known compatibility problems with Microsoft Edge.
If you enable this setting, all intranet sites are automatically opened using Internet Explorer 11.
If you disable or don’t configure this setting, all websites, including intranet sites, are automatically opened using Microsoft Edge. |**Enabled:** Automatically opens all intranet sites using Internet Explorer 11.
**Disabled or not configured (default):** Automatically opens all websites, including intranet sites, using Microsoft Edge. | -|Show message when opening sites in Internet Explorer |Windows 10, Version 1607 and later |This policy setting lets you decide whether employees see an additional page in Microsoft Edge, stating that a site has been opened using Internet Explorer 11.
If you enable this setting, employees see an additional page in Microsoft Edge, stating that a site has been opened using Internet Explorer 11.
If you disable or don’t configure this setting, the default app behavior occurs and no additional page appears. |**Enabled:** Shows an additional page in Microsoft Edge, stating that a site has been opened using Internet Explorer 11.
**Disabled or not configured (default):** Doesn’t show an additional page in Microsoft Edge, stating that a site has been opened using Internet Explorer 11. |
+### Allow Address bar drop-down list suggestions
+- **Supported versions:** Windows 10, Windows Insider Program
-## Using Microsoft Intune to manage your Mobile Data Management (MDM) settings for Microsoft Edge
+- **Description:** This policy setting lets you decide whether the Address bar drop-down functionality is available in Microsoft Edge. We recommend disabling this setting if you want to minimize network connections from Microsoft Edge to Microsoft services.
+
+ - If you enable or don't configure this setting (default), employees can see the Address bar drop-down functionality in Microsoft Edge.
+
+ - If you disable this setting, employees won't see the Address bar drop-down functionality in Microsoft Edge. This setting also disables the user-defined setting, "Show search and site suggestions as I type".
+
+ > [!Note]
+ > Disabling this setting turns off the Address bar drop-down functionality. Therefore, because search suggestions are shown in the drop-down, this setting takes precedence over the "Configure search suggestions in Address bar" setting.
+
+### Allow Adobe Flash
+- **Supported versions:** Windows 10 or later
+
+- **Description:** This setting lets you decide whether employees can run Adobe Flash in Microsoft Edge.
+
+ - If you enable or don't configure this setting (default), employees can use Adobe Flash.
+
+ - If you disable this setting, employees can't use Adobe Flash.
+
+### Allow clearing browsing data on exit
+- **Supported versions:** Windows 10, Windows Insider Program
+
+- **Description:** This policy setting allows the automatic clearing of browsing data when Microsoft Edge closes.
+
+ - If you enable this policy setting, clearing browsing history on exit is turned on.
+
+ - If you disable or don't configure this policy setting (default), it can be turned on and configured by the employee in the Clear browsing data options area, under Settings.
+
+### Allow Developer Tools
+- **Supported versions:** Windows 10, Version 1511 or later
+
+- **Description:** This policy setting lets you decide whether F12 Developer Tools are available on Microsoft Edge.
+ - If you enable or don’t configure this setting (default), the F12 Developer Tools are available in Microsoft Edge.
+
+ - If you disable this setting, the F12 Developer Tools aren’t available in Microsoft Edge.
+
+### Allow Extensions
+- **Supported versions:** Windows 10, Version 1607 or later
+
+- **Description:** This policy setting lets you decide whether employees can use Edge Extensions.
+
+ - If you enable or don’t configure this setting, employees can use Edge Extensions.
+
+ - If you disable this setting, employees can’t use Edge Extensions.
+
+### Allow InPrivate browsing
+- **Supported versions:** Windows 10, Version 1511 or later
+
+- **Description:** This policy setting lets you decide whether employees can browse using InPrivate website browsing.
+
+ - If you enable or don’t configure this setting (default), employees can use InPrivate website browsing.
+
+ - If you disable this setting, employees can’t use InPrivate website browsing.
+
+### Allow Microsoft Compatibility List
+- **Supported versions:** Windows 10, Version 1607 or later
+
+- **Description:** This policy setting lets you decide whether to use the Microsoft Compatibility List (a Microsoft-provided list that helps sites with known compatibility issues to display properly) in Microsoft Edge. By default, the Microsoft Compatibility List is enabled and can be viewed by visiting about:compat.
+
+ - If you enable or don’t configure this setting (default), Microsoft Edge periodically downloads the latest version of the list from Microsoft, applying the updates during browser navigation. Visiting any site on the Microsoft Compatibility List prompts the employee to use Internet Explorer 11, where the site is automatically rendered as though it’s in whatever version of IE is necessary for it to appear properly.
+
+ - If you disable this setting, the Microsoft Compatibility List isn’t used during browser navigation.
+
+### Allow search engine customization
+- **Supported versions:** Windows 10, Windows Insider Program
+
+- **Description:** This policy setting lets you decide whether users can change their search engine.
+
+ >[!Important]
+ >This setting can only be used with domain-joined or MDM-enrolled devices. For more info, see the Microsoft browser extension policy (aka.ms/browserpolicy).
+
+ - If you enable or don't configure this policy (default), users can add new search engines and change the default used in the Address bar from within Microsoft Edge Settings.
+
+ - If you disable this setting, users can't add search engines or change the default used in the address bar.
+
+### Allow web content on New Tab page
+- **Supported versions:** Windows 10 or later
+
+- **Description:** This policy setting lets you configure what appears when Microsoft Edge opens a new tab. By default, Microsoft Edge opens the New Tab page. If you use this setting, employees can’t change it.
+
+ - If you enable this setting, Microsoft Edge opens a new tab with the New Tab page.
+
+ - If you disable this setting, Microsoft Edge opens a new tab with a blank page.
+
+ - If you don’t configure this setting (default), employees can choose how new tabs appears.
+
+### Configure additional search engines
+- **Supported versions:** Windows 10, Windows Insider Program
+
+- **Description:** This policy setting lets you add up to 5 additional search engines, which can't be removed by your employees, but can be made a personal default engine. This setting doesn't set the default search engine. For that, you must use the "Set default search engine" setting.
+
+ > [!Important]
+ > This setting can only be used with domain-joined or MDM-enrolled devices. For more info, see the Microsoft browser extension policy (aka.ms/browserpolicy).
+
+ - If you enable this setting, you can add up to 5 additional search engines. For each additional engine, you must also add a link to your OpenSearch XML file, including at least the short name and https: URL of the search engine, using this format:
+
+
+ >If you’re already using a site list, enterprise mode continues to work during the 65 second wait; it just uses your existing site list instead of your new one.
+
+### Configure Windows Defender SmartScreen
+- **Supported versions:** Windows 10 or later
+
+- **Description:** This policy setting lets you configure whether to turn on Windows Defender SmartScreen. Windows Defender SmartScreen provides warning messages to help protect your employees from potential phishing scams and malicious software. By default, Windows Defender SmartScreen is turned on.
+
+ - If you enable this setting, Windows Defender SmartScreen is turned on and employees can’t turn it off.
+
+ - If you disable this setting, Windows Defender SmartScreen is turned off and employees can’t turn it on.
+
+ - If you don’t configure this setting (default), employees can choose whether to use Windows Defender SmartScreen.
+
+### Disable lockdown of Start pages
+- **Supported versions:** Windows 10, Windows Insider Program
+
+- **Description:** This policy setting lets you disable the lock down of Start pages, letting employees modify the Start pages when the "Configure Start pages" setting is in effect.
+
+ >[!Important]
+ >This setting only applies when you're using the “Configure Start pages" setting and can only be used with domain-joined or MDM-enrolled devices. For more info, see the Microsoft browser extension policy (aka.ms/browserpolicy).
+
+ - If you enable this setting, you can't lock down any Start pages that are configured using the "Configure Start pages" setting, which means that employees can modify them.
+
+ - If you disable or don't configure this setting (default), employees can't change any Start pages configured using the "Configure Start pages" setting, thereby locking down the Start pages.
+
+### Keep favorites in sync between Internet Explorer and Microsoft Edge
+- **Supported versions:** Windows 10, Windows Insider Program
+
+- **Description:** This setting lets you decide whether people can sync their favorites between Internet Explorer and Microsoft Edge.
+
+ - If you enable this setting, employees can sync their favorites between Internet Explorer and Microsoft Edge.
+
+ - If you disable or don't configure this setting (default), employees can’t sync their favorites between Internet Explorer and Microsoft Edge.
+
+### Prevent access to the about:flags page
+- **Supported versions:** Windows 10, Version 1607 or later
+
+- **Description:** This policy setting lets you decide whether employees can access the about:flags page, which is used to change developer settings and to enable experimental features.
+
+ - If you enable this policy setting, employees can’t access the about:flags page.
+
+ - If you disable or don’t configure this setting (default), employees can access the about:flags page.
+
+### Prevent bypassing Windows Defender SmartScreen prompts for files
+- **Supported versions:** Windows 10, Version 1511 or later
+
+- **Description:** This policy setting lets you decide whether employees can override the Windows Defender SmartScreen warnings about downloading unverified files.
+
+ - If you enable this setting, employees can’t ignore Windows Defender SmartScreen warnings and they’re blocked from downloading the unverified files.
+
+ - If you disable or don’t configure this setting (default), employees can ignore Windows Defender SmartScreen warnings and continue the download process.
+
+### Prevent bypassing Windows Defender SmartScreen prompts for sites
+- **Supported versions:** Windows 10, Version 1511 or later
+
+- **Description:** This policy setting lets you decide whether employees can override the Windows Defender SmartScreen warnings about potentially malicious websites.
+
+ - If you enable this setting, employees can’t ignore Windows Defender SmartScreen warnings and they’re blocked from continuing to the site.
+
+ - If you disable or don’t configure this setting (default), employees can ignore Windows Defender SmartScreen warnings and continue to the site.
+
+### Prevent Microsoft Edge from gathering Live Tile information when pinning a site to Start
+- **Supported versions:** Windows 10, Windows Insider Program
+
+- **Description:** This policy lets you decide whether Microsoft Edge can gather Live Tile metadata from the ieonline.microsoft.com service to provide a better experience while pinning a Live Tile to the Start menu.
+
+ - If you enable this setting, Microsoft Edge won't gather the Live Tile metadata, providing a minimal experience when a user pins a Live Tile to the Start menu.
+
+ - If you disable or don't configure this setting (default), Microsoft Edge gathers the Live Tile metadata, providing a fuller and more complete experience when a user pins a Live Tile to the Start menu.
+
+### Prevent the First Run webpage from opening on Microsoft Edge
+- **Supported versions:** Windows 10, Windows Insider Program
+
+- **Description:** This policy setting lets you decide whether employees see Microsoft's First Run webpage when opening Microsoft Edge for the first time.
+
+ - If you enable this setting, employees won't see the First Run page when opening Microsoft Edge for the first time.
+
+ - If you disable or don't configure this setting (default), employees will see the First Run page when opening Microsoft Edge for the first time.
+
+### Prevent using Localhost IP address for WebRTC
+- **Supported versions:** Windows 10, Version 1511 or later
+
+- **Description:** This policy setting lets you decide whether an employee’s Localhost IP address shows while making calls using the WebRTC protocol. By default, this setting is turned off.
+
+ - If you enable this setting, Localhost IP addresses are hidden while making calls using the WebRTC protocol.
+
+ - If you disable or don’t configure this setting (default), Localhost IP addresses are shown while making calls using the WebRTC protocol.
+
+### Send all intranet sites to Internet Explorer 11
+- **Supported versions:** Windows 10 or later
+
+- **Description:** This policy setting lets you decide whether your intranet sites should all open using Internet Explorer 11. This setting should only be used if there are known compatibility problems with Microsoft Edge.
+
+ - If you enable this setting, all intranet sites are automatically opened using Internet Explorer 11.
+
+ - If you disable or don’t configure this setting (default), all websites, including intranet sites, are automatically opened using Microsoft Edge.
+
+### Set default search engine
+- **Supported versions:** Windows 10, Windows Insider Program
+
+- **Description:** This policy setting lets you configure the default search engine for your employees. Employees can change the default search engine at any time unless you disable the "Allow search engine customization" setting, which restricts any changes.
+
+ >[!Important]
+ >This setting can only be used with domain-joined or MDM-enrolled devices. For more info, see the Microsoft browser extension policy (aka.ms/browserpolicy).
+ >If you'd like your employees to use the default Microsoft Edge settings for each market, you can set the string to EDGEDEFAULT. If you'd like your employees to use Microsoft Bing as the default search engine, you can set the string to EDGEBING.
+
+ - If you enable this setting, you can choose a default search engine for your employees. To choose the default engine, you must add a link to your OpenSearch XML file, including at least the short name and https: URL of the search engine, using this format:
+
+ https://fabrikam.com/opensearch.xml
+
+ - If you disable this setting, the policy-set default search engine is removed. If this is also the current in-use default, the engine changes to the Microsoft Edge specified engine for the market. If you don't configure this setting, the default search engine is set to the one specified in App settings.
+
+ - If you don't configure this setting (default), the default search engine is set to the one specified in App settings.
+
+### Show message when opening sites in Internet Explorer
+- **Supported versions:** Windows 10, Version 1607 and later
+
+- **Description:** This policy setting lets you decide whether employees see an additional page in Microsoft Edge, stating that a site has been opened using Internet Explorer 11.
+
+ - If you enable this setting, employees see an additional page in Microsoft Edge, stating that a site has been opened using Internet Explorer 11.
+
+ - If you disable or don’t configure this setting (default), the default app behavior occurs and no additional page appears.
+
+## Using Microsoft Intune to manage your Mobile Data Management (MDM) settings for Microsoft Edge
If you manage your policies using Intune, you'll want to use these MDM policy settings. You can see the full list of available policies, on the [Policy CSP]( https://go.microsoft.com/fwlink/p/?LinkId=722885) page.
-> **Note** **Note** If you’re already using a site list, enterprise mode continues to work during the 65 second wait; it just uses your existing site list instead of your new one. **Example:** **Note** **Example:** **Example:** If you’re already using a site list, enterprise mode continues to work during the 65 second wait; it just uses your existing site list instead of your new one.
+
+### Favorites
+- **Supported versions:** Windows 10, Version 1511 or later
+
+- **Supported devices:** Both
+
+- **Details:**
+
+ - **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/Favorites
+
+ - **Data type:** String
+
+ - **Allowed values:**
+
+ - Configure the **Favorite** URLs for your employees.
+
+ **Example:**
+
+ **Disabled:** Stops employees from using Cortana on their devices. **Note** Employees can still perform searches even with Cortana turned off. |
-|Computer Configuration\Administrative Templates\Windows Components\sync your settings\Do not sync |Whether employees can use the **Sync your Settings** options to sync their settings to and from their device. |**Enabled:** Turns off the **Sync your Settings** options and none of the **Sync your Setting** groups are synced on the device. You can use the **Allow users to turn syncing on** option to turn the feature off by default, but to let the employee change this setting. **Disabled or not configured (default):** Turns on the **Sync your Settings** area by default, letting employees pick what can sync on their device. |
-|Computer Configuration\Administrative Templates\Windows Components\sync your settings\Do not sync browser settings |Whether a browser group can use the **Sync your Settings** options to sync their info to and from their device. This includes settings and info like **History** and Favorites. |**Enabled:** Turns off the **Sync your Settings** options so that browser groups are unable to sync their settings and info. You can use the **Allow users to turn browser syncing on** option to turn the feature off by default, but to let the employee change this setting. **Disabled or not configured (default):** Turns on the **Sync your Settings** area by default, letting browser groups pick what can sync on their device. |
+### Allow Cortana
+- **Location:** Computer Configuration\Administrative Templates\Windows Components\Search\Allow Cortana
+
+- **Description:** This policy settings lets you decide whether employees can use Cortana.
+
+ - If you enable or don't configure this setting, employees can use Cortana on their devices.
+
+ - If you disable this setting, employees won't be able to use Cortana on their devices.
+
+ >[!Note]
+ >Employees can still perform searches even with Cortana turned off.
+
+### Do not sync
+- **Location:** Computer Configuration\Administrative Templates\Windows Components\sync your settings\Do not sync
+
+- **Description:** This policy settings lets you decide whether employees can use the Sync your Settings options to sync their settings to and from their device.
+
+ - If you enable this setting, the Sync your Settings options are turned off and none of the Sync your Setting groups are synced on the device. You can use the Allow users to turn syncing on option to turn the feature off by default, but to let the employee change this setting.
+
+ - If you disable or don't configure this setting (default), the Sync your Settings options are turned on, letting employees pick what can sync on their device.
+
+### Do not sync browser settings
+- **Location:** Computer Configuration\Administrative Templates\Windows Components\sync your settings\Do not sync browser settings
+
+- **Description:** This policy settings lets you decide whether a browser group can use the Sync your Settings options to sync their info to and from their device. This includes settings and info like History and Favorites.
+
+ - If you enable this setting, the Sync your Settings options are turned off so that browser groups are unable to sync their settings and info. You can use the Allow users to turn browser syncing on option to turn the feature off by default, but to let the employee change this setting.
+
+ - If you disable or don't configure this setting (default), the Sync your Settings options are turned on, letting browser groups pick what can sync on their device.
+
## Microsoft Edge and Windows 10-specific MDM policy settings
These are additional Windows 10-specific MDM policy settings that work with Microsoft Edge.
-|MDM Policy name |Supports |Details |
-|----------------|--------------|------------------- |
-|AllowCortana |Both | [Microsoft Surface Hub administrator's guide](surface-hub-administrators-guide.md) This guide covers the installation and administration of devices running Surface Hub, and is intended for use by anyone responsible for these tasks, including IT administrators and developers. The Surface Hub's uses an Active Directory or Azure AD account (called a **device account**) to access Exchange and Skype for Business services. The Surface Hub must be able to connect to your Active Directory domain controller or to your Azure AD tenant in order to validate the device account’s credentials, as well as to access information like the device account’s display name, alias, Exchange server, and Session Initiation Protocol (SIP) address. Exchange is used for enabling mail and calendar features, and also lets people who use the device send meeting requests to the Surface Hub, enabling one-touch meeting join. In order to function properly, the Surface Hub should have access to a wired or wireless network. Overall, a wired connection is preferred. **Dynamic IP:** The Surface Hub cannot be configured to use a static IP. It must use DHCP to assign an IP address. In order to function properly, the Surface Hub should have access to a wired or wireless network. Overall, a wired connection is preferred. **Dynamic IP:** The Surface Hub cannot be configured to use a static IP. It must use DHCP to assign an IP address.
-[Windows 10 editions for education customers](windows-editions-for-education-customers.md) [Compare each Windows edition](https://www.microsoft.com/en-us/WindowsForBusiness/Compare)
-[Get Windows 10 Education or Windows 10 Pro Education](https://www.microsoft.com/en-us/education/buy-license/overview-of-how-to-buy/default.aspx?tabshow=schools) [Windows 10 editions for education customers](windows-editions-for-education-customers.md) [Compare each Windows edition](https://www.microsoft.com/en-us/WindowsForBusiness/Compare) [Get Windows 10 Education or Windows 10 Pro Education](https://www.microsoft.com/en-us/education/buy-license/overview-of-how-to-buy/default.aspx?tabshow=schools)
-[Provisioning options for Windows 10](set-up-windows-10.md)
+[Provisioning options for Windows 10](set-up-windows-10.md)
[Get Minecraft Education Edition](get-minecraft-for-education.md) [Take tests in Windows 10](take-tests-in-windows-10.md) [Chromebook migration guide](chromebook-migration-guide.md) [Deployment recommendations for school IT administrators](edu-deployment-recommendations.md)
- [Deploy Windows 10 in a school](deploy-windows-10-in-a-school.md)
- [Deploy Windows 10 in a school district](deploy-windows-10-in-a-school-district.md) [Deployment recommendations for school IT administrators](edu-deployment-recommendations.md) [Deploy Windows 10 in a school](deploy-windows-10-in-a-school.md) [Deploy Windows 10 in a school district](deploy-windows-10-in-a-school-district.md) Try it out: Windows 10 deployment (for education) [Upgrade Windows 10 Pro to Pro Education from Windows Store for Business](windows-10-pro-to-pro-edu-upgrade.md) Windows 8.1 deployment planning Windows 8.1 deployment to PCs BYOD Deploying Windows RT 8.1 Virtual Desktop Infrastructure Windows Store apps Windows To Go Packaging All of the Office applications that you want to deploy to users must be in a single package. In App-V 5.0 and later, you must use the Office Deployment Tool to create packages. You cannot use the Sequencer. If you are deploying Microsoft Visio 2016 and Microsoft Project 2016 along with Office, you must include them in the same package with Office. For more information, see [Deploying Visio 2016 and Project 2016 with Office](#bkmk-deploy-visio-project). If you are deploying Microsoft Visio 2016 and Microsoft Project 2016 along with Office, you must include them in the same package with Office. For more information, see [Deploying Visio 2016 and Project 2016 with Office](#deploying-visio-2016-and-project-2016-with-office). Project Pro for Office 365 You must enable [shared computer activation](http://technet.microsoft.com/library/dn782860.aspx). You don’t use shared computer activation if you’re deploying a volume licensed product, such as: Office Professional Plus 2016 Visio Professional 2016 Project Professional 2016 Product element Specifies the application. Project 2016 and Visio 2016 must be specified here as an added product to be included in the applications. Specifies the application. Project 2016 and Visio 2016 must be specified here as an added product to be included in the applications.
+
+ For more information about the product IDs, see [Product IDs that are supported by the Office Deployment Tool for Click-to-Run](https://support.microsoft.com/kb/2842297)
+ Language element Version (attribute of Add element) Optional. Specifies a build to use for the package Defaults to latest advertised build (as defined in v32.CAB at the Office source). SourcePath (attribute of Add element) Office 2016 ProPlusVolume O365ProPlusRetail Office 2016 with Visio 2016 ProPlusVolume VisioProVolume O365ProPlusRetail VisioProRetail Office 2016 with Visio 2016 and Project 2016 ProPlusVolume VisioProVolume ProjectProVolume O365ProPlusRetail VisioProRetail ProjectProRetail ProductID Specify the type of licensing, as shown in the following examples: Subscription Licensing Specify Subscription licensing, as shown in the following example: Volume Licensing In this example, the following changes were made to create a package with Volume licensing: SourcePath is the path, which was changed to point to the Office applications that were downloaded earlier. Product ID for Office was changed to Product ID for Visio was changed to ExcludeApp (optional) Lets you specify Office programs that you don’t want included in the App-V package that the Office Deployment Tool creates. For example, you can exclude Access and InfoPath. PACKAGEGUID (optional) By default, all App-V packages created by the Office Deployment Tool share the same App-V Package ID. You can use PACKAGEGUID to specify a different package ID for each package, which allows you to publish multiple App-V packages, created by the Office Deployment Tool, and manage them by using the App-V Server. An example of when to use this parameter is if you create different packages for different users. For example, you can create a package with just Office 2016 for some users, and create another package with Office 2016 and Visio 2016 for another set of users. Even if you use unique package IDs, you can still deploy only one App-V package to a single device. /packager creates the Office 2016 App-V package with Volume Licensing as specified in the customConfig.xml file. creates the Office 2016 App-V package with the type of licensing specified in the customConfig.xml file. \\server\Office2016\Customconfig.xml How do I package and publish Visio 2016 and Project 2016 with Office? You must include Visio 2016 and Project 2016 in the same package with Office. If you aren’t deploying Office, you can create a package that contains Visio and/or Project, as long as you follow [Deploying Microsoft Office 2010 by Using App-V](../appv-v5/deploying-microsoft-office-2010-by-using-app-v.md). If you aren’t deploying Office, you can create a package that contains Visio and/or Project, as long as you follow the packaging, publishing, and deployment requirements described in this topic. How can I deploy Visio 2016 and Project 2016 to specific users? [Planning for Using App-V with Office](planning-for-using-app-v-with-office51.md#bkmk-office-vers-supp-appv) [Supported versions of Microsoft Office](planning-for-using-app-v-with-office.md#bkmk-office-vers-supp-appv) Supported versions of Office Supported deployment types (for example, desktop, personal Virtual Desktop Infrastructure (VDI), pooled VDI) [Planning for Using App-V with Office](planning-for-using-app-v-with-office51.md#bkmk-plan-coexisting) [Planning for Using App-V with coexsiting versions of Office](planning-for-using-app-v-with-office.md#bkmk-plan-coexisting) Considerations for installing different versions of Office on the same computer Packaging All of the Office applications that you want to deploy to users must be in a single package. In App-V 5.1 and later, you must use the Office Deployment Tool to create packages. You cannot use the Sequencer. If you are deploying Microsoft Visio 2016 and Microsoft Project 2016 along with Office, you must include them in the same package with Office. For more information, see [Deploying Visio 2016 and Project 2016 with Office](#bkmk-deploy-visio-project). If you are deploying Microsoft Visio 2016 and Microsoft Project 2016 along with Office, you must include them in the same package with Office. For more information, see [Deploying Visio 2016 and Project 2016 with Office](#deploying-visio-2016-and-project-2016-with-office). Project Pro for Office 365 You must enable [shared computer activation](http://technet.microsoft.com/library/dn782860.aspx). You don’t use shared computer activation if you’re deploying a volume licensed product, such as: Office Professional Plus 2016 Visio Professional 2016 Project Professional 2016 Supported operating systems 64-bit version of Windows 10 64-bit version of Windows 8 or later 64-bit version of Windows 8 or 8.1 64-bit version of Windows 7 Product element Specifies the application. Project 2016 and Visio 2016 must be specified here as an added product to be included in the applications. Specifies the application. Project 2016 and Visio 2016 must be specified here as an added product to be included in the applications.
+
+ For more information about the product IDs, see [Product IDs that are supported by the Office Deployment Tool for Click-to-Run](https://support.microsoft.com/kb/2842297)
+ Language element SourcePath (attribute of Add element) Specifies the location in which the applications will be saved to. Branch (attribute of Add element) Optional. Specifies the update branch for the product that you want to download or install. For more information about update branches, see Overview of update branches for Office 365 ProPlus. Optional. Specifies the update branch for the product that you want to download or install. For more information about update branches, see Overview of update branches for Office 365 ProPlus. Office 2016 ProPlusVolume O365ProPlusRetail Office 2016 with Visio 2016 ProPlusVolume VisioProVolume O365ProPlusRetail VisioProRetail Office 2016 with Visio 2016 and Project 2016 ProPlusVolume VisioProVolume ProjectProVolume O365ProPlusRetail VisioProRetail ProjectProRetail ProductID Specify the type of licensing, as shown in the following examples: Subscription Licensing Specify Subscription licensing, as shown in the following example: Volume Licensing In this example, the following changes were made to create a package with Volume licensing: SourcePath is the path, which was changed to point to the Office applications that were downloaded earlier. Product ID for Office was changed to Product ID for Visio was changed to ExcludeApp (optional) Lets you specify Office programs that you don’t want included in the App-V package that the Office Deployment Tool creates. For example, you can exclude Access. Lets you specify Office programs that you don’t want included in the App-V package that the Office Deployment Tool creates. For example, you can exclude Access and InfoPath. PACKAGEGUID (optional) By default, all App-V packages created by the Office Deployment Tool share the same App-V Package ID. You can use PACKAGEGUID to specify a different package ID for each package, which allows you to publish multiple App-V packages, created by the Office Deployment Tool, and manage them by using the App-V Server. An example of when to use this parameter is if you create different packages for different users. For example, you can create a package with just Office 2016 for some users, and create another package with Office 2016 and Visio 2016 for another set of users. Even if you use unique package IDs, you can still deploy only one App-V package to a single device. /packager creates the Office 2016 App-V package with Volume Licensing as specified in the customConfig.xml file. creates the Office 2016 App-V package with the type of licensing specified in the customConfig.xml file. \\server\Office2016\Customconfig.xml 64-bit Microsoft System Center 2012 R2 Configuration Manager 64-bit Microsoft System Center 2012 Configuration Manager SP1 Microsoft System Center Configuration Manager 2007 R2 or later SP1 or later 64-bit Although Configuration Manager 2007 R2 is 32 bit, you must install it and SQL Server on a 64-bit operating system in order to match the 64-bit MBAM software. Standard, Enterprise, or Datacenter SP1 64-bit Microsoft SQL Server 2014 Standard, Enterprise, or Datacenter 64-bit Microsoft SQL Server 2012 Standard, Enterprise, or Datacenter SP2 64-bit Microsoft SQL Server 2012 Standard, Enterprise, or Datacenter SP1 SP3 64-bit Microsoft SQL Server 2008 R2 Standard or Enterprise SP1, SP2, SP3 SP3 64-bit .NET Framework 4 or higher Windows 8 and Windows 8.1 Windows 8.1 Enterprise or Pro None 32-bit or 64-bit Windows PowerShell 3.0 or higher .NET Framework 4.5 Windows 10, pre-1607 verison Enterprise or Pro 32-bit or 64-bit Windows PowerShell 3.0 or higher .NET Framework 4.5 Windows Server 2016 Standard or Datacenter None 64-bit Windows PowerShell 3.0 or higher .NET Framework 4.5 .NET Framework 4.5 or higher Windows 10 Windows 10, pre-1607 version Only UE-V 2.1 SP1 supports Windows 10 Only UE-V 2.1 SP1 supports Windows 10, pre-1607 version Windows PowerShell 3.0 or higher .NET Framework 4.5 or higher Windows Server 2016 Standard or Datacenter None 64-bit Windows PowerShell 3.0 or higher .NET Framework 4.6 or higher Windows 10 for business SMB blog How to buy [Get started: Deploy and manage a full cloud IT solution for your business](cloud-mode-business-setup.md) Note: Windows 10 LTSB is not supported by Upgrade Readiness. See [Upgrade readiness requirements](upgrade-readiness-requirements.md) for more information. |
+| Windows 8.1 | [KB 2976978](http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB2976978) 32-bit versions of Windows Vista X 64-bit versions of Windows Vista X 32-bit versions of Windows 7 X X Policy description With this policy setting, you can allow TPM-only protection for newer, more secure devices, such as devices that support InstantGo or HSTI, while requiring PIN on older devices. Introduced Windows 10, version 1703 Drive type Operating system drives Policy path Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives Conflicts This setting overrides the Require startup PIN with TPM option of the [Require additional authentication at startup](#bkmk-unlockpol1) policy on compliant hardware.
+
+ When enabled Users on InstantGo and HSTI compliant devices will have the choice to turn on BitLocker without preboot authentication. When disabled or not configured The options of the [Require additional authentication at startup](#bkmk-unlockpol1) policy apply. Important: Important: Notes: Important: Important: Notes: [Cortana integration in your business or enterprise](manage-cortana-in-enterprise.md) The world’s first personal digital assistant helps users get things done, even at work. Cortana includes powerful configuration options specifically to optimize for unique small to medium-sized business and enterprise environments. [Manage corporate devices](manage-corporate-devices.md) You can use the same management tools to manage all device types running Windows 10: desktops, laptops, tablets, and phones. And your current management tools, such as Group Policy, Windows Management Instrumentation (WMI), PowerShell scripts, Orchestrator runbooks, System Center tools, and so on, will continue to work for Windows 10 on desktop editions. [Windows Store for Business](windows-store-for-business.md) Welcome to the Windows Store for Business! You can use the Store for Business, to find, acquire, distribute, and manage apps for your organization. [Windows Libraries](windows-libraries.md) Libraries are virtual containers for users’ content. A library can contain files and folders stored on the local computer or in a remote storage location. Libraries are built upon the legacy known folders (such as My Documents, My Pictures, and My Music). [Change history for Manage and update Windows 10](change-history-for-manage-and-update-windows-10.md) This topic lists new and updated topics in the Manage and update Windows 10 documentation for [Windows 10 and Windows 10 Mobile](../index.md).
+
+- Using Microsoft Mobile Device Management (MDM)
-> The **Supports** column uses these options:
-
-- **Desktop.** Supports Windows 10 Pro and Windows 10 Enterprise computers that are enrolled with Intune only.
-
-- **Mobile.** Supports Windows 10 Mobile devices only.
-
-- **Both.** Supports both desktop and mobile devices.
+> [!NOTE]
+> **Supported Devices** uses these options:
+> - **Desktop.** Supports Windows 10 Pro and Windows 10 Enterprise computers that are enrolled with Intune only.
+> - **Mobile.** Supports Windows 10 Mobile devices only.
+> - **Both.** Supports both desktop and mobile devices.
All devices must be enrolled with Intune if you want to use the Windows Custom URI Policy.
-| Policy name |Supported versions |Supported device |Details |
-|-------------|-------------------|-----------------|--------|
-|AllowAutofill|Windows 10 or later |Desktop |
-|AllowBrowser |Windows 10 or later |Mobile |
|
-|AllowCookies |Windows 10 or later |Both |
|
-|AllowDeveloperTools |Windows 10, Version 1511 or later |Desktop |
|
-|AllowDoNotTrack |Windows 10 or later |Both |
|
-|AllowExtensions |Windows 10, Version 1607 and later |Desktop |
|
-|AllowInPrivate |Windows 10, Version 1511 or later |Both |
|
-|AllowPasswordManager |Windows 10 or later |Both |
|
-|AllowPopups |Windows 10 or later |Desktop |
|
-|AllowSearchSuggestions
inAddressBar |Windows 10 or later |Both |
|
-|AllowSmartScreen |Windows 10 or later |Both |
|
-|EnterpriseModeSiteList |Windows 10 or later |Desktop |
|
-|Favorites |Windows 10, Version 1511 or later |Both |
If there’s an .xml file in the cache container, IE waits 65 seconds and then checks the local cache for a newer version of the file from the server, based on standard caching rules. If the server file has a different version number than the version in the cache container, the server file is used and stored in the cache container.
-
+
|
-|FirstRunURL |Windows 10, Version 1511 or later |Mobile |
`
`
URLs must be on separate lines and aren't shared between Microsoft Edge and Internet Explorer 11.
|
-|HomePages |Windows 10, Version 1511 or later |Desktop |
`
|
-|PreventAccessToAbout
`
FlagsInMicrosoftEdge |Windows 10, Version 1607 and later |Desktop |
|
-|PreventSmartScreen
PromptOverride |Windows 10, Version 1511 or later |Both |
|
-|PreventSmartScreen
PromptOverrideFor
Files |Windows 10, Version 1511 or later |Both |
|
-|PreventUsingLocalHost
IPAddressForWebRTC |Windows 10, Version 1511 or later |Desktop |
|
-|SendIntranetTraffic
toInternetExplorer |Windows 10 or later |Desktop |
|
-|ShowMessageWhen
OpeningInteretExplorer
Sites |Windows 10, Version 1607 and later |Desktop |
|
+### AllowAddressBarDropdown
+- **Supported versions:** Windows 10, Windows Insider Program
+
+- **Supported devices:** Desktop
+
+- **Details:**
+
+ - **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowAddressBarDropdown
+
+ - **Data type:** Integer
+
+ - **Allowed values:**
+
+ - **0.** Not allowed. Address bar drop-down is disabled, which also disables the user-defined setting, "Show search and site suggestions as I type."
+
+ - **1 (default).** Allowed. Address bar drop-down is enabled.
+
+### AllowAutofill
+- **Supported versions:** Windows 10 or later
+
+- **Supported devices:** Desktop
+
+- **Details:**
+
+ - **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowAutofill
+
+ - **Data type:** Integer
+
+ - **Allowed values:**
+
+ - **0.** Employees can’t use Autofill to complete form fields.
+
+ - **1 (default).** Employees can use Autofill to complete form fields.
+
+### AllowBrowser
+- **Supported versions:** Windows 10 or later
+
+- **Supported devices:** Mobile
+
+- **Details:**
+
+ - **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowBrowser
+
+ - **Data type:** Integer
+
+ - **Allowed values:**
+
+ - **0.** Employees can’t use Microsoft Edge.
+
+ - **1 (default).** Employees can use Microsoft Edge.
+
+### AllowCookies
+- **Supported versions:** Windows 10 or later
+
+- **Supported devices:** Both
+
+- **Details:**
+
+ - **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowCookies
+
+ - **Data type:** Integer
+
+ - **Allowed values:**
+
+ - **0 (default).** Allows all cookies from all sites.
+
+ - **1.** Blocks only cookies from 3rd party websites.
+
+ - **2.** Blocks all cookies from all sites.
+
+### AllowDeveloperTools
+- **Supported versions:** Windows 10, Version 1511 or later
+
+- **Supported devices:** Desktop
+
+- **Details:**
+
+ - **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowDeveloperTools
+
+ - **Data type:** Integer
+
+ - **Allowed values:**
+
+ - **0.** Employees can't use the F12 Developer Tools.
+
+ - **1 (default).** Employees can use the F12 Developer Tools.
+
+### AllowDoNotTrack
+- **Supported versions:** Windows 10 or later
+
+- **Supported devices:** Both
+
+- **Details:**
+
+ - **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowDoNotTrack
+
+ - **Data type:** Integer
+
+ - **Allowed values:**
+
+ - **0 (default).** Stops employees from sending Do Not Track headers to websites requesting tracking info.
+
+ - **1.** Employees can send Do Not Track headers to websites requesting tracking info.
+
+### AllowExtensions
+- **Supported versions:** Windows 10, Version 1607 and later
+
+- **Supported devices:** Desktop
+
+- **Details:**
+
+ - **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowExtensions
+
+ - **Data type:** Integer
+
+ - **Allowed values:**
+
+ - **0.** Employees can’t use Edge Extensions.
+
+ - **1 (default).** Employees can use Edge Extensions.
+
+### AllowFlash
+- **Supported versions:** Windows 10 or later
+
+- **Supported devices:** Desktop
+
+- **Details:**
+
+ - **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowFlash
+
+ - **Data type:** Integer
+
+ - **Allowed values:**
+
+ - **0.** Not allowed. Employees can’t use Adobe Flash.
+
+ - **1 (default).** Allowed. Employees can use Adobe Flash.
+
+### AllowFlashClickToRun
+- **Supported versions:** Windows 10, Windows Insider Program
+
+- **Supported devices:** Desktop|
+
+- **Details:**
+
+ - **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowFlashClickToRun
+
+ - **Data type:** Integer
+
+ - **Allowed values:**
+
+ - **0.** Adobe Flash content is automatically loaded and run by Microsoft Edge
+
+ - **1 (default).** An employee must click the content, click a Click-to-Run button, or have the site appear on an auto-allow list before Microsoft Edge loads and runs Adobe Flash content.
+
+### AllowInPrivate
+- **Supported versions:** Windows 10, Version 1511 or later
+
+- **Supported devices:** Both
+
+- **Details:**
+
+ - **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowInPrivate
+
+ - **Data type:** Integer
+
+ - **Allowed values:**
+
+ - **0.** Employees can’t use InPrivate browsing.
+
+ - **1 (default).** Employees can use InPrivate browsing.
+
+### AllowMicrosoftCompatibilityList
+- **Supported versions:** Windows 10, Windows Insider Program
+
+- **Supported devices:** Both
+
+- **Details:**
+
+ - **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowMicrosoftCompatibilityList
+
+ - **Data type:** Integer
+
+ - **Allowed values:**
+
+ - **0.** Additional search engines aren't allowed and the default can’t be changed in the Address bar.
+
+ - **1 (default).** Additional search engines are allowed and the default can be changed in the Address bar.
+
+### AllowPasswordManager
+- **Supported versions:** Windows 10 or later
+
+- **Supported devices:** Both
+
+- **Details:**
+
+ - **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowPasswordManager
+
+ - **Data type:** Integer
+
+ - **Allowed values:**
+
+ - **0 (default).** Employees can't use Password Manager to save passwords locally.
+
+ - **1.** Employees can use Password Manager to save passwords locally.
+
+### AllowPopups
+- **Supported versions:** Windows 10 or later
+
+- **Supported devices:** Desktop
+
+- **Details:**
+
+ - **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowPopups
+
+ - **Data type:** Integer
+
+ - **Allowed values:**
+
+ - **0 (default).** Turns off Pop-up Blocker, allowing pop-up windows.
+
+ - **1.** Turns on Pop-up Blocker, stopping pop-up windows.
+
+### AllowSearchEngineCustomization
+- **Supported versions:** Windows 10, Windows Insider Program
+
+- **Supported devices:** Both
+
+- **Details:**
+
+ - **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowSearchEngineCustomization
+
+ - **Data type:** Integer
+
+ - **Allowed values:**
+
+ - **0.** Additional search engines are not allowed and the default can’t be changed in the Address bar.
+
+ - **1 (default).** Additional search engines are allowed and the default can be changed in the Address bar.
+
+
+### AllowSearchSuggestionsinAddressBar
+- **Supported versions:** Windows 10 or later
+
+- **Supported devices:** Both
+
+- **Details:**
+
+ - **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowSearchSuggestionsinAddressBar
+
+ - **Data type:** Integer
+
+ - **Allowed values:**
+
+ - **0 (default).** Employees can’t see search suggestions in the Address bar of Microsoft Edge.
+
+ - **1.** Employees can see search suggestions in the Address bar of Microsoft Edge.
+
+### AllowSmartScreen
+- **Supported versions:** Windows 10 or later
+
+- **Supported devices:** Both
+
+- **Details:**
+
+ - **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowSmartScreen
+
+ - **Data type:** Integer
+
+ - **Allowed values:**
+
+ - **0 (default).** Turns off Windows Defender SmartScreen.
+
+ - **1.** Turns on Windows Defender SmartScreen, providing warning messages to your employees about potential phishing scams and malicious software.
+
+### ClearBrowsingDataOnExit
+- **Supported versions:** Windows 10, Windows Insider Program
+
+- **Supported devices:** Both
+
+- **Details:**
+
+ - **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ClearBrowsingDataOnExit
+
+ - **Data type:** Integer
+
+ - **Allowed values:**
+
+ - **0 (default).** Browsing data is not cleared on exit. The type of browsing data to clear can be configured by the employee in the Clear browsing data options under Settings.
+
+ - **1.** Browsing data is cleared on exit.
+
+### ConfigureAdditionalSearchEngines
+- **Supported versions:** Windows 10, Windows Insider Program
+
+- **Supported devices:** Both
+
+- **Details:**
+
+ - **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ConfigureAdditionalSearchEngines
+
+ - **Data type:** Integer
+
+ - **Allowed values:**
+
+ - **0 (default).** Additional search engines are not allowed.
+
+ - **1.** Additional search engines are allowed.
+
+### DisableLockdownOfStartPages
+- **Supported versions:** Windows 10, Windows Insider Program
+
+- **Supported devices:** Desktop
+
+- **Details:**
+
+ - **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/DisableLockdownOfStartPages
+
+ - **Data type:** Integer
+
+ - **Allowed values:**
+
+ - **0 (default).** Enable lockdown of the Start pages according to the settings specified in the Browser/HomePages policy. Users cannot change the Start pages.
+
+ - **1.** Disable lockdown of the Start pages and allow users to modify them.
+
+### EnterpriseModeSiteList
+- **Supported versions:** Windows 10 or later
+
+- **Supported devices:** Desktop
+
+- **Details:**
+
+ - **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/EnterpriseModeSiteList
+
+ - **Data type:** String
+
+ - **Allowed values:**
+
+ - Not configured.
+
+ - **1 (default).** Use the Enterprise Mode Site List, if configured.
+
+ - **2.** Specify the location to the site list.
+
+ >[!NOTE]
+ >If there’s an .xml file in the cache container, IE waits 65 seconds and then checks the local cache for a newer version of the file from the server, based on standard caching rules. If the server file has a different version number than the version in the cache container, the server file is used and stored in the cache container.
|
-|AllowSyncMySettings |Desktop |
|
+### AllowCortana
+- **Supported devices:** Both
+
+- **Details:**
+
+ - **URI full path:** ./Vendor/MSFT/Policy/Config/Experience/AllowCortana
+
+ - **Data type:** Integer
+
+ - **Allowed values:**
+
+ - **0.** Employees can’t use Cortana on their devices.
+
+ - **1 (default).** Employees can use Cortana on their devices.
+
+### AllowSyncMySettings
+- **Supported devices:** Desktop
+
+- **Details:**
+
+ - **URI full path:** ./Vendor/MSFT/Policy/Config/Experience/AllowSyncMySettings
+
+ - **Data type:** Integer
+
+ - **Allowed values:**
+
+ - **0.** Employees can’t sync settings between PCs.
+
+ - **1 (default).** Employees can sync between PCs.
## Related topics
* [Group Policy TechCenter](https://go.microsoft.com/fwlink/p/?LinkId=214514)
-* [Mobile Data Management (MDM) settings]( https://go.microsoft.com/fwlink/p/?LinkId=722885)
-
-
-
-
-
-
-
-
+* [Mobile Data Management (MDM) settings]( https://go.microsoft.com/fwlink/p/?LinkId=722885)
\ No newline at end of file
diff --git a/browsers/edge/change-history-for-microsoft-edge.md b/browsers/edge/change-history-for-microsoft-edge.md
index f188b5e0ee..ce750be2f7 100644
--- a/browsers/edge/change-history-for-microsoft-edge.md
+++ b/browsers/edge/change-history-for-microsoft-edge.md
@@ -12,6 +12,11 @@ This topic lists new and updated topics in the Microsoft Edge documentation for
For a detailed feature list of what's in the current Microsoft Edge releases, the Windows Insider Preview builds, and what was introduced in previous releases, see the [Microsoft Edge changelog](https://developer.microsoft.com/microsoft-edge/platform/changelog/).
+## February 2017
+|New or changed topic | Description |
+|----------------------|-------------|
+|[Available Group Policy and Mobile Data Management (MDM) settings for Microsoft Edge](available-policies.md) |Added new Group Policy and MDM settings for the Windows Insider Program. Reformatted for easier readability outside of scrolling table. |
+
## November 2016
|New or changed topic | Description |
|----------------------|-------------|
diff --git a/browsers/edge/enterprise-guidance-using-microsoft-edge-and-ie11.md b/browsers/edge/enterprise-guidance-using-microsoft-edge-and-ie11.md
index 4cabfa693f..fefb61f858 100644
--- a/browsers/edge/enterprise-guidance-using-microsoft-edge-and-ie11.md
+++ b/browsers/edge/enterprise-guidance-using-microsoft-edge-and-ie11.md
@@ -29,7 +29,7 @@ If you're having trouble deciding whether Microsoft Edge is good for your organi
[Click to enlarge](img-microsoft-edge-infographic-lg.md)
-[Click to download image](https://www.microsoft.com/en-us/download/details.aspx?id=53892)
+[Click to download image](https://www.microsoft.com/download/details.aspx?id=53892)
### Microsoft Edge
Microsoft Edge takes you beyond just browsing to actively engaging with the web through features like Web Note, Reading View, and Cortana.
@@ -50,10 +50,10 @@ IE11 offers enterprises additional security, manageability, performance, backwar
- **Administration.** IE11 can use the Internet Explorer Administration Kit (IEAK) 11 or MSIs for deployment, and includes more than 1,600 Group Policies and preferences for granular control.
## Related topics
-- [Total Economic Impact of Microsoft Edge: Infographic](https://www.microsoft.com/en-us/download/details.aspx?id=53892)
-- [Web Application Compatibility Lab Kit for Internet Explorer 11](https://technet.microsoft.com/en-us/browser/mt612809.aspx)
-- [Download Internet Explorer 11](http://windows.microsoft.com/en-US/internet-explorer/download-ie)
+- [Total Economic Impact of Microsoft Edge: Infographic](https://www.microsoft.com/download/details.aspx?id=53892)
+- [Web Application Compatibility Lab Kit for Internet Explorer 11](https://technet.microsoft.com/browser/mt612809.aspx)
+- [Download Internet Explorer 11](http://windows.microsoft.com/internet-explorer/download-ie)
- [Microsoft Edge - Deployment Guide for IT Pros](https://technet.microsoft.com/itpro/microsoft-edge/index)
- [Internet Explorer 11 - Deployment Guide for IT Pros](https://technet.microsoft.com/itpro/internet-explorer/ie11-deploy-guide/index)
-- [IEAK 11 - Internet Explorer Administration Kit 11 Users Guide](https://technet.microsoft.com/en-us/itpro/internet-explorer/ie11-ieak/index)
-- [Internet Explorer 11 - FAQ for IT Pros](https://technet.microsoft.com/en-us/itpro/internet-explorer/ie11-faq/faq-for-it-pros-ie11)
\ No newline at end of file
+- [IEAK 11 - Internet Explorer Administration Kit 11 Users Guide](https://technet.microsoft.com/itpro/internet-explorer/ie11-ieak/index)
+- [Internet Explorer 11 - FAQ for IT Pros](https://technet.microsoft.com/itpro/internet-explorer/ie11-faq/faq-for-it-pros-ie11)
\ No newline at end of file
diff --git a/devices/hololens/hololens-requirements.md b/devices/hololens/hololens-requirements.md
index c12e090778..d8a1c1b901 100644
--- a/devices/hololens/hololens-requirements.md
+++ b/devices/hololens/hololens-requirements.md
@@ -45,11 +45,11 @@ When you develop for HoloLens, there are [system requirements and tools](https:/
## Related resources
-[Getting started with Azure Active Directory Premium](https://azure.microsoft.com/en-us/documentation/articles/active-directory-get-started-premium/)
+[Getting started with Azure Active Directory Premium](https://azure.microsoft.com/documentation/articles/active-directory-get-started-premium/)
-[Get started with Intune](https://docs.microsoft.com/en-us/intune/understand-explore/get-started-with-a-30-day-trial-of-microsoft-intune)
+[Get started with Intune](https://docs.microsoft.com/intune/understand-explore/get-started-with-a-30-day-trial-of-microsoft-intune)
-[Enroll devices for management in Intune](https://docs.microsoft.com/en-us/intune/deploy-use/enroll-devices-in-microsoft-intune#supported-device-platforms)
+[Enroll devices for management in Intune](https://docs.microsoft.com/intune/deploy-use/enroll-devices-in-microsoft-intune#supported-device-platforms)
-[Azure AD editions](https://azure.microsoft.com/en-us/documentation/articles/active-directory-editions/)
+[Azure AD editions](https://azure.microsoft.com/documentation/articles/active-directory-editions/)
diff --git a/devices/surface-hub/TOC.md b/devices/surface-hub/TOC.md
index a08087ffa9..a9cde81f15 100644
--- a/devices/surface-hub/TOC.md
+++ b/devices/surface-hub/TOC.md
@@ -36,6 +36,7 @@
#### [Using a room control system](use-room-control-system-with-surface-hub.md)
### [Troubleshoot Microsoft Surface Hub](troubleshoot-surface-hub.md)
### [Appendix: PowerShell](appendix-a-powershell-scripts-for-surface-hub.md)
+## [Useful downloads for Surface Hub administrators](surface-hub-downloads.md)
## [Differences between Surface Hub and Windows 10 Enterprise](differences-between-surface-hub-and-windows-10-enterprise.md)
## [How Surface Hub addresses Wi-Fi Direct security issues](surface-hub-wifi-direct.md)
## [Change history for Surface Hub](change-history-surface-hub.md)
\ No newline at end of file
diff --git a/devices/surface-hub/change-history-surface-hub.md b/devices/surface-hub/change-history-surface-hub.md
index a58c51ec66..74ee57c2f5 100644
--- a/devices/surface-hub/change-history-surface-hub.md
+++ b/devices/surface-hub/change-history-surface-hub.md
@@ -14,6 +14,12 @@ localizationpriority: medium
This topic lists new and updated topics in the [Surface Hub Admin Guide]( surface-hub-administrators-guide.md).
+## February 2017
+
+| New or changed topic | Description |
+| --- | --- |
+| [Useful downloads for Surface Hub administrators](surface-hub-downloads.md) | New |
+
## January 2017
| New or changed topic | Description |
diff --git a/devices/surface-hub/device-reset-suface-hub.md b/devices/surface-hub/device-reset-suface-hub.md
deleted file mode 100644
index f91cbdd7b9..0000000000
--- a/devices/surface-hub/device-reset-suface-hub.md
+++ /dev/null
@@ -1,22 +0,0 @@
----
-title: Device reset (Surface Hub)
-description: You may wish to reset your Microsoft Surface Hub.
-ms.assetid: 44E82EEE-1905-464B-A758-C2A1463909FF
-redirect_url: https://technet.microsoft.com/itpro/surface-hub/device-reset-surface-hub
-keywords: reset Surface Hub
-ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
-ms.pagetype: surfacehub
-author: TrudyHa
----
-
-
-
-
-
-
-
-
-
-
diff --git a/devices/surface-hub/device-reset-surface-hub.md b/devices/surface-hub/device-reset-surface-hub.md
index dc24991701..f2cb38c5f2 100644
--- a/devices/surface-hub/device-reset-surface-hub.md
+++ b/devices/surface-hub/device-reset-surface-hub.md
@@ -31,9 +31,11 @@ Initiating a reset will return the device to the last cumulative Windows update,
- Configurations from MDM or the Settings app
> [!IMPORTANT]
-> Performing a device reset may take up to 2 hours. Do not interrupt the reset process. Interrupting the process will render the device inoperable, requiring warranty service to return to normal functionality.
+> Performing a device reset may take up to 6 hours. Do not turn off or unplug the Surface Hub until the process has completed. Interrupting the process will render the device inoperable, requiring warranty service to return to normal functionality.
-After the reset, Surface Hub restarts the [first run program](first-run-program-surface-hub.md) again.
+After the reset, Surface Hub restarts the [first run program](first-run-program-surface-hub.md) again. If the Surface Hub displays a Welcome screen, that indicates that the reset encountered a problem and rolled back to the previously existing OS image.
+
+If you see a blank screen for long periods of time during the **Reset device** process, please wait and do not take any action.
## Reset a Surface Hub from Settings
diff --git a/devices/surface-hub/first-run-program-surface-hub.md b/devices/surface-hub/first-run-program-surface-hub.md
index 43cc104e63..6ee36023cc 100644
--- a/devices/surface-hub/first-run-program-surface-hub.md
+++ b/devices/surface-hub/first-run-program-surface-hub.md
@@ -60,7 +60,8 @@ If the default values shown are correct, then you can click **Next** to go on. O
### What happens?
->**Note** Once the settings on this page are entered, you can't come back to this screen unless you reset the device (see [Device reset](device-reset-suface-hub.md)). Make sure that the settings are properly configured before proceeding.
+>[!NOTE]
+> Once the settings on this page are entered, you can't come back to this screen unless you reset the device (see [Device reset](device-reset-surface-hub.md)). Make sure that the settings are properly configured before proceeding.
diff --git a/devices/surface-hub/index.md b/devices/surface-hub/index.md
index 17f46092e4..22e94d2746 100644
--- a/devices/surface-hub/index.md
+++ b/devices/surface-hub/index.md
@@ -6,7 +6,7 @@ ms.prod: w10
ms.mktglfcycl: explore
ms.sitesec: library
ms.pagetype: surfacehub
-author: TrudyHa
+author: jdeckerMS
localizationpriority: medium
---
@@ -19,25 +19,12 @@ Documents related to deploying and managing the Microsoft Surface Hub in your or
## In this section
+| Topic | Description |
+| --- | --- |
+| [Microsoft Surface Hub administrator's guide](surface-hub-administrators-guide.md) | This guide covers the installation and administration of devices running Surface Hub, and is intended for use by anyone responsible for these tasks, including IT administrators and developers.|
+| [Differences between Surface Hub and Windows 10 Enterprise](differences-between-surface-hub-and-windows-10-enterprise.md) | This topic explains the differences between the operating system on Surface Hub and Windows 10 Enterprise. |
+| [How Surface Hub addresses Wi-Fi Direct security issues](surface-hub-wifi-direct.md) | This topic provides guidance on Wi-Fi Direct security risks, how the Surface Hub has addressed those risks, and how Surface Hub administrators can configure the device for the highest level of security. |
+| [Useful downloads for Surface Hub administrators](surface-hub-downloads.md) | This topic provides links to useful Surface Hub documents, such as product datasheets, the site readiness guide, and user's guide. |
+| [Change history for Surface Hub](change-history-surface-hub.md) | This topic lists new and updated topics in the Surface Hub documentation. |
+
-
-
diff --git a/devices/surface-hub/install-apps-on-surface-hub.md b/devices/surface-hub/install-apps-on-surface-hub.md
index 2f658f6fd8..d26712627a 100644
--- a/devices/surface-hub/install-apps-on-surface-hub.md
+++ b/devices/surface-hub/install-apps-on-surface-hub.md
@@ -16,10 +16,9 @@ localizationpriority: medium
You can install additional apps on your Surface Hub to fit your team or organization's needs. There are different methods for installing apps depending on whether you are developing and testing an app, or deploying a released app. This topic describes methods for installing apps for either scenario.
A few things to know about apps on Surface Hub:
-- Surface Hub only runs [Universal Windows Platform (UWP) apps](https://msdn.microsoft.com/windows/uwp/get-started/whats-a-uwp).
+- Surface Hub only runs [Universal Windows Platform (UWP) apps](https://msdn.microsoft.com/windows/uwp/get-started/whats-a-uwp). See a [list of apps that work with Surface Hub](https://www.microsoft.com/surface/support/surface-hub/surface-hub-apps).
- Apps must be targeted for the [Universal device family](https://msdn.microsoft.com/library/windows/apps/dn894631).
-- By default, apps must be Store-signed to be installed. During testing and development, you can also choose to run developer-signed UWP apps by placing the device in developer mode.
-- When submitting an app to the Windows Store, developers need to set Device family availability and Organizational licensing options to make sure an app will be available to run on Surface Hub.
+- By default, apps must be Store-signed to be installed. During testing and development, you can also choose to run developer-signed UWP apps by placing the device in developer mode.- When submitting an app to the Windows Store, developers need to set Device family availability and Organizational licensing options to make sure an app will be available to run on Surface Hub.
- You need admin credentials to install apps on your Surface Hub. Since the device is designed to be used in communal spaces like meeting rooms, people can't access the Windows Store to download and install apps.
diff --git a/devices/surface-hub/prepare-your-environment-for-surface-hub.md b/devices/surface-hub/prepare-your-environment-for-surface-hub.md
index ef5e99e41b..f5c342d43d 100644
--- a/devices/surface-hub/prepare-your-environment-for-surface-hub.md
+++ b/devices/surface-hub/prepare-your-environment-for-surface-hub.md
@@ -24,10 +24,10 @@ Review these dependencies to make sure Surface Hub features will work in your IT
|-------------------------------------------------------|-------------------------------------------------------|
| Active Directory or Azure Active Directory (Azure AD) |
-
-
-
-Topic
-Description
-
-
-[Differences between Surface Hub and Windows 10 Enterprise](differences-between-surface-hub-and-windows-10-enterprise.md) This topic explains the differences between the operating system on Surface Hub and Windows 10 Enterprise. [How Surface Hub addresses Wi-Fi Direct security issues](surface-hub-wifi-direct.md) This topic provides guidance on Wi-Fi Direct security risks, how the Surface Hub has addressed those risks, and how Surface Hub administrators can configure the device for the highest level of security. [Change history for Surface Hub](change-history-surface-hub.md) This topic lists new and updated topis in the Surface Hub documentation.
diff --git a/education/windows/TOC.md b/education/windows/TOC.md
index c2c0340c07..f47b4a68e2 100644
--- a/education/windows/TOC.md
+++ b/education/windows/TOC.md
@@ -12,7 +12,6 @@
## [Take tests in Windows 10 ](take-tests-in-windows-10.md)
### [Set up Take a Test on a single PC](take-a-test-single-pc.md)
### [Set up Take a Test on multiple PCs](take-a-test-multiple-pcs.md)
-### [Create tests using Microsoft Forms](create-tests-using-microsoft-forms.md)
### [Take a Test app technical reference](take-a-test-app-technical.md)
## [Deployment recommendations for school IT administrators](edu-deployment-recommendations.md)
## [Deploy Windows 10 in a school](deploy-windows-10-in-a-school.md)
diff --git a/education/windows/change-history-edu.md b/education/windows/change-history-edu.md
index 0bc2dc5bbc..e83f98b49f 100644
--- a/education/windows/change-history-edu.md
+++ b/education/windows/change-history-edu.md
@@ -5,7 +5,7 @@ ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: edu
-author: jdeckerMS
+author: CelesteDG
---
# Change history for Windows 10 for Education
diff --git a/education/windows/create-tests-using-microsoft-forms.md b/education/windows/create-tests-using-microsoft-forms.md
index 64a6208970..c2df9fb7ba 100644
--- a/education/windows/create-tests-using-microsoft-forms.md
+++ b/education/windows/create-tests-using-microsoft-forms.md
@@ -7,6 +7,7 @@ ms.mktglfcycl: plan
ms.sitesec: library
ms.pagetype: edu
author: CelesteDG
+redirect_url: https://support.microsoft.com/help/4000711/windows-10-create-tests-using-microsoft-forms
---
# Create tests using Microsoft Forms
diff --git a/education/windows/get-minecraft-for-education.md b/education/windows/get-minecraft-for-education.md
index 200b8a1ce9..91345b72c1 100644
--- a/education/windows/get-minecraft-for-education.md
+++ b/education/windows/get-minecraft-for-education.md
@@ -5,7 +5,7 @@ keywords: school
ms.prod: W10
ms.mktglfcycl: plan
ms.sitesec: library
-author: jdeckerMS
+author: trudyha
---
# Get Minecraft: Education Edition
diff --git a/education/windows/images/take_a_test_flow.png b/education/windows/images/take_a_test_flow.png
new file mode 100644
index 0000000000..261813c7f8
Binary files /dev/null and b/education/windows/images/take_a_test_flow.png differ
diff --git a/education/windows/images/take_a_test_workflow.png b/education/windows/images/take_a_test_workflow.png
new file mode 100644
index 0000000000..a4c7a84686
Binary files /dev/null and b/education/windows/images/take_a_test_workflow.png differ
diff --git a/education/windows/index.md b/education/windows/index.md
index 549abcd666..f8db1c0562 100644
--- a/education/windows/index.md
+++ b/education/windows/index.md
@@ -14,42 +14,81 @@ author: CelesteDG
# Windows 10 for Education
-##  Learn
+## Windows 10
+
+###  Learn
Command
State change
-Response
+Response(On in [Replacement PC mode](connect-and-display-with-surface-hub.md#replacement-pc-mode))
Windows 10, version 1607 introduces two editions designed for the unique needs of K-12 institutions: Windows 10 Pro Education and Windows 10 Education. These editions provide education-specific default settings for the evolving landscape in K-12 education IT environments.
Find out more about the features and functionality we support in each edition of Windows.
When you've made your decision, find out how to buy Windows for your school.
Windows 10, version 1607 introduces two editions designed for the unique needs of K-12 institutions: Windows 10 Pro Education and Windows 10 Education. These editions provide education-specific default settings for the evolving landscape in K-12 education IT environments.
Find out more about the features and functionality we support in each edition of Windows.
When you've made your decision, find out how to buy Windows for your school.
Depending on your school's device management needs, Windows offers a variety of options that you can use to set up Windows 10 on your devices.
Depending on your school's device management needs, you can use **Set up School PCs** or the *Provision school devices* option in **Windows Imaging and Configuration Designer** to quickly set up student PCs.
Minecraft Education Edition is built for learning. Learn how to get early access and add it to your Microsoft Store for Business for distribution.
Take a Test is a new app that lets you create the right environment for taking tests. Learn how to use and get it set up.
Find out how you can migrate a Chromebook-based learning environment to a Windows 10-based learning environment.
Learn how to customize the OS privacy settings, Skype, and Xbox for Windows-based devices used in schools so that you can choose what information is shared with Microsoft.
Get step-by-step guidance to help you deploy Windows 10 in a school environment.
Get step-by-step guidance on how to deploy Windows 10 to PCs and devices across a school district.
Learn how to customize the OS privacy settings, Skype, and Xbox for Windows-based devices used in schools so that you can choose what information is shared with Microsoft.
Get step-by-step guidance to help you deploy Windows 10 in a school environment.
Get step-by-step guidance on how to deploy Windows 10 to PCs and devices across a school district.
Learn how to upgrade devices running the Windows 7 operating system to Windows 10 Anniversary Update, and how to manage devices, apps, and users in Windows 10 Anniversary Update.
For the best experience, use this guide in tandem with the TechNet Virtual Lab: IT Pro Try-It-Out.
If you have an education tenant and use Windows 10 Pro in your schools now, find out how you can opt-in to a free upgrade to Windows 10 Pro Education.
Explore key considerations and questions that should be answered when planning for Windows 8.1 deployment.
Get an overview of Windows 8.1 deployment to PCs in an educational environment.
Explore Bring Your Own Device (BYOD) considerations, including device types, infrastructure, and deployment models.
Get step-by-step instructions on how to configure and deploy Windows RT devices (like Surface and other tablets) in educational environments.
Learn how to address challenges related to BYOD scenarios using Virtual Desktop Infrastructure (VDI).
Explore Windows Store app deployment strategies and considerations for educational institutions running Windows 8.1.
Learn about the benefits, limitations, and processes involved in deploying Windows To Go.
+
+
@@ -102,12 +103,7 @@ Before you deploy Office by using App-V, review the following requirements.
@@ -154,9 +150,7 @@ The following table describes the recommended methods for excluding specific Off
Complete the following steps to create an Office 2016 package for App-V 5.0 or later.
-**Important**
-In App-V 5.0 and later, you must the Office Deployment Tool to create a package. You cannot use the Sequencer to create packages.
-
+>**Important** In App-V 5.0 and later, you must use the Office Deployment Tool to create a package. You cannot use the Sequencer to create packages.
### Review prerequisites for using the Office Deployment Tool
@@ -190,13 +184,12 @@ The computer on which you are installing the Office Deployment Tool must have:
-**Note**
-In this topic, the term “Office 2016 App-V package” refers to subscription licensing and volume licensing.
+>**Note** In this topic, the term “Office 2016 App-V package” refers to subscription licensing.
### Create Office 2016 App-V Packages Using Office Deployment Tool
-You create Office 2016 App-V packages by using the Office Deployment Tool. The following instructions explain how to create an Office 2016 App-V package with Volume Licensing or Subscription Licensing.
+You create Office 2016 App-V packages by using the Office Deployment Tool. The following instructions explain how to create an Office 2016 App-V package with Subscription Licensing.
Create Office 2016 App-V packages on 64-bit Windows computers. Once created, the Office 2016 App-V package will run on 32-bit and 64-bit Windows 7, Windows 8.1, and Windows 10 computers.
@@ -206,6 +199,7 @@ Office 2016 App-V Packages are created using the Office Deployment Tool, which g
1. Download the [Office 2016 Deployment Tool for Click-to-Run](https://www.microsoft.com/download/details.aspx?id=49117).
+>**Important** You must use the Office 2016 Deployment Tool to create Office 2016 App-V Packages.
2. Run the .exe file and extract its features into the desired location. To make this process easier, you can create a shared network folder where the features will be saved.
Example: \\\\Server\\Office2016
@@ -237,8 +231,7 @@ The XML file that is included in the Office Deployment Tool specifies the produc
```
- **Note**
- The configuration XML is a sample XML file. The file includes lines that are commented out. You can “uncomment” these lines to customize additional settings with the file. To “uncomment” these lines, remove the "" from the end of the line.
+ >**Note** The configuration XML is a sample XML file. The file includes lines that are commented out. You can “uncomment” these lines to customize additional settings with the file. To “uncomment” these lines, remove the "" from the end of the line.
The above XML configuration file specifies that Office 2016 ProPlus 32-bit edition, including Visio ProPlus, will be downloaded in English to the \\\\server\\Office 2016, which is the location where Office applications will be saved to. Note that the Product ID of the applications will not affect the final licensing of Office. Office 2016 App-V packages with various licensing can be created from the same applications through specifying licensing in a later stage. The table below summarizes the customizable attributes and elements of XML file:
@@ -269,13 +262,14 @@ The XML file that is included in the Office Deployment Tool specifies the produc
-
Product ID ="O365ProPlusRetail "Product ID ="VisioProRetail"Product ID ="ProjectProRetail"Product ID ="ProPlusVolume"Product ID ="VisioProVolume"Product ID = "ProjectProVolume"
15.1.2.316.1.2.3
+
-
Product ID
-Volume Licensing
Subscription Licensing
-
<Configuration>
<Add SourcePath= "\\server\Office 2016" OfficeClientEdition="32" >
<Product ID="O365ProPlusRetail">
@@ -446,44 +432,7 @@ After you download the Office 2016 applications through the Office Deployment To
- <Configuration>
- <Add SourcePath= "\\Server\Office2016" OfficeClientEdition="32" >
- <Product ID="ProPlusVolume">
- <Language ID="en-us" />
- </Product>
- <Product ID="VisioProVolume">
- <Language ID="en-us" />
- </Product>
- </Add>
- </Configuration>
-
-
-
-
-
- ProPlusVolume.
-
-
- VisioProVolume.
+
2. Globally publish the newly created Office 2016 App-V Packages onto computers where you would like to apply the new updates. Since the new package has the same lineage of the older Office 2016 App-V Package, publishing the new package with the updates will only apply the new changes to the old package, and thus will be fast.
3. Upgrades will be applied in the same manner of any globally published App-V Packages. Because applications will probably be in use, upgrades might be delayed until the computer is rebooted.
-### Managing Office 2016 licensing upgrades
-
-If a new Office 2016 App-V Package has a different license than the Office 2016 App-V Package currently deployed. For instance, the Office 2016 package deployed is a subscription based Office 2016 and the new Office 2016 package is Volume Licensing based, the following instructions must be followed to ensure smooth licensing upgrade:
-
-**How to upgrade an Office 2016 License**
-
-1. Unpublish the already deployed Office 2016 Subscription Licensing App-V package.
-
-2. Remove the unpublished Office 2016 Subscription Licensing App-V package.
-
-3. Restart the computer.
-
-4. Add the new Office 2016 App-V Package Volume Licensing.
-
-5. Publish the added Office 2016 App-V Package with Volume Licensing.
-
-An Office 2016 App-V Package with your chosen licensing will be successfully deployed.
### Deploying Visio 2016 and Project 2016 with Office
@@ -802,7 +722,7 @@ The following table describes the requirements and options for deploying Visio 2
-
-
+
### Packaging, publishing, and deployment requirements
Before you deploy Office by using App-V, review the following requirements.
@@ -80,10 +81,11 @@ Before you deploy Office by using App-V, review the following requirements.
+
+
@@ -101,12 +103,7 @@ Before you deploy Office by using App-V, review the following requirements.
@@ -153,10 +150,7 @@ The following table describes the recommended methods for excluding specific Off
Complete the following steps to create an Office 2016 package for App-V 5.1 or later.
-**Important**
-In App-V 5.1 and later, you must the Office Deployment Tool to create a package. You cannot use the Sequencer to create packages.
-
-
+>**Important** In App-V 5.1 and later, you must use the Office Deployment Tool to create a package. You cannot use the Sequencer to create packages.
### Review prerequisites for using the Office Deployment Tool
@@ -182,23 +176,20 @@ The computer on which you are installing the Office Deployment Tool must have:
-
-
-
After editing the configuration.xml file to specify the desired product, languages, and also the location which the Office 2016 applications will be saved onto, you can save the configuration file, for example, as Customconfig.xml.
-2. **Download the applications into the specified location:** Use an elevated command prompt and a 64 bit operating system to download the Office 2016 applications that will later be converted into an App-V package. Below is an example command with description of details:
+2. **Download the applications into the specified location:** Use an elevated command prompt and a 64 bit operating system to download the Office 2016 applications that will later be converted into an App-V package. Below is an example command with a description of details:
``` syntax
\\server\Office2016\setup.exe /download \\server\Office2016\Customconfig.xml
@@ -355,41 +340,35 @@ After you download the Office 2016 applications through the Office Deployment To
- Create the Office 2016 App-V packages on 64-bit Windows computers. However, the package will run on 32-bit and 64-bit Windows 7, Windows 8 or 8.1, and Windows 10 computers.
-- Create an Office App-V package for either Subscription Licensing package or Volume Licensing by using the Office Deployment Tool, and then modify the CustomConfig.xml configuration file.
+- Create an Office App-V package for Subscription Licensing package by using the Office Deployment Tool, and then modify the CustomConfig.xml configuration file.
The following table summarizes the values you need to enter in the CustomConfig.xml file for the licensing model you’re using. The steps in the sections that follow the table will specify the exact entries you need to make.
+>**Note** You can use the Office Deployment Tool to create App-V packages for Office 365 ProPlus. Creating packages for the volume-licensed versions of Office Professional Plus or Office Standard is not supported.
+
Product ID ="O365ProPlusRetail"Product ID ="O365ProPlusRetail "Product ID ="VisioProRetail"Product ID ="ProjectProRetail"Product ID ="ProPlusVolume"Product ID ="VisioProVolume"Product ID = "ProjectProVolume"
Sourcepath = "\\Server\Office2016"Sourcepath = "\\Server\Office2016”
Branch = "Business"
-
Product ID
-Volume Licensing
Subscription Licensing
-
<Configuration>
<Add SourcePath= "\\server\Office 2016" OfficeClientEdition="32" >
<Product ID="O365ProPlusRetail">
@@ -455,59 +432,17 @@ After you download the Office 2016 applications through the Office Deployment To
- <Configuration>
- <Add SourcePath= "\\Server\Office2016" OfficeClientEdition="32" >
- <Product ID="ProPlusVolume">
- <Language ID="en-us" />
- </Product>
- <Product ID="VisioProVolume">
- <Language ID="en-us" />
- </Product>
- </Add>
- </Configuration>
-
-
-
-
-
- ProPlusVolume.
-
-
- VisioProVolume.
@@ -540,7 +475,7 @@ After you download the Office 2016 applications through the Office Deployment To
-
+
2. Globally publish the newly created Office 2016 App-V Packages onto computers where you would like to apply the new updates. Since the new package has the same lineage of the older Office 2016 App-V Package, publishing the new package with the updates will only apply the new changes to the old package, and thus will be fast.
3. Upgrades will be applied in the same manner of any globally published App-V Packages. Because applications will probably be in use, upgrades might be delayed until the computer is rebooted.
-### Managing Office 2016 licensing upgrades
-
-If a new Office 2016 App-V Package has a different license than the Office 2016 App-V Package currently deployed. For instance, the Office 2013 package deployed is a subscription based Office 2016 and the new Office 2016 package is Volume Licensing based, the following instructions must be followed to ensure smooth licensing upgrade:
-
-**How to upgrade an Office 2016 License**
-
-1. Unpublish the already deployed Office 2016 Subscription Licensing App-V package.
-
-2. Remove the unpublished Office 2016 Subscription Licensing App-V package.
-
-3. Restart the computer.
-
-4. Add the new Office 2016 App-V Package Volume Licensing.
-
-5. Publish the added Office 2016 App-V Package with Volume Licensing.
-
-An Office 2016 App-V Package with your chosen licensing will be successfully deployed.
### Deploying Visio 2016 and Project 2016 with Office
@@ -851,28 +763,21 @@ The following table describes the requirements and options for deploying Visio 2
-
## Additional resources
-**Office 2016 App-V Packages Additional Resources**
+[Deploying Microsoft Office 2013 by Using App-V](deploying-microsoft-office-2013-by-using-app-v.md)
+
+[Deploying Microsoft Office 2010 by Using App-V](deploying-microsoft-office-2010-by-using-app-v.md)
[Office 2016 Deployment Tool for Click-to-Run](https://www.microsoft.com/download/details.aspx?id=49117)
-[Supported scenarios for deploying Microsoft Office as a sequenced App-V Package](https://go.microsoft.com/fwlink/p/?LinkId=330680)
-
-**Office 2013 and Office 2010 App-V Packages**
-
-[Deploying Microsoft Office 2013 by Using App-V](deploying-microsoft-office-2013-by-using-app-v51.md)
-
-[Deploying Microsoft Office 2011 by Using App-V](deploying-microsoft-office-2010-by-using-app-v51.md)
-
**Connection Groups**
[Deploying Connection Groups in Microsoft App-V v5](https://go.microsoft.com/fwlink/p/?LinkId=330683)
-[Managing Connection Groups](managing-connection-groups51.md)
+[Managing Connection Groups](managing-connection-groups.md)
**Dynamic Configuration**
diff --git a/mdop/appv-v5/how-to-view-and-configure-applications-and-default-virtual-application-extensions-by-using-the-management-console-51.md b/mdop/appv-v5/how-to-view-and-configure-applications-and-default-virtual-application-extensions-by-using-the-management-console-51.md
index 1a49736c59..34ae20a4f8 100644
--- a/mdop/appv-v5/how-to-view-and-configure-applications-and-default-virtual-application-extensions-by-using-the-management-console-51.md
+++ b/mdop/appv-v5/how-to-view-and-configure-applications-and-default-virtual-application-extensions-by-using-the-management-console-51.md
@@ -29,7 +29,10 @@ Use the following procedure to view and configure default package extensions.
5. To edit other application extensions, modify the configuration file and click **Import and Overwrite this Configuration**. Select the modified file and click **Open**. In the dialog box, click **Overwrite** to complete the process.
- **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv).
+>**Note** If the upload fails and the size of your configuration file is above 4MB, you will need to increase the maximum file size allowed by the server. This can be done by adding the maxRequestLength attribute with a value greater than the size of your configuration file (in KB) to the httpRuntime element on line 26 of C:\Program Files\Microsoft Application Virtualization Server\ManagementService\Web.config. For example, changing'
-
-
@@ -349,29 +340,15 @@ You must install SQL Server with the **SQL\_Latin1\_General\_CP1\_CI\_AS** coll
-
-
-
-
diff --git a/mdop/uev-v2/get-started-with-ue-v-2x-new-uevv2.md b/mdop/uev-v2/get-started-with-ue-v-2x-new-uevv2.md
index 4ec1527347..e94fb17522 100644
--- a/mdop/uev-v2/get-started-with-ue-v-2x-new-uevv2.md
+++ b/mdop/uev-v2/get-started-with-ue-v-2x-new-uevv2.md
@@ -76,7 +76,7 @@ Before you proceed, make sure your environment includes these requirements for r
-
+
+
+
+
+
-
+**Note:** Starting with Windows 10, version 1607, UE-V is included with [Windows 10 for Enterprise](https://www.microsoft.com/en-us/WindowsForBusiness/windows-for-enterprise) and is no longer part of the Microsoft Desktop Optimization Pack
Also…
diff --git a/mdop/uev-v2/prepare-a-ue-v-2x-deployment-new-uevv2.md b/mdop/uev-v2/prepare-a-ue-v-2x-deployment-new-uevv2.md
index 886b343e52..c1ae38e981 100644
--- a/mdop/uev-v2/prepare-a-ue-v-2x-deployment-new-uevv2.md
+++ b/mdop/uev-v2/prepare-a-ue-v-2x-deployment-new-uevv2.md
@@ -45,7 +45,7 @@ This workflow diagram provides a high-level understanding of a UE-V deployment a
-**Planning a UE-V deployment:** First, you want to do a little bit of planning so that you can determine which UE-V components you’ll be deploying. Planning a UE-V deployment involves these things:
+**Planning a UE-V deployment:** First, you want to do a little bit of planning so that you can determine which UE-V components you’ll be deploying. Planning a UE-V deployment involves these things:
- [Decide whether to synchronize settings for custom applications](#deciding)
@@ -597,15 +597,19 @@ The UE-V settings storage location and settings template catalog support storing
- Format the storage volume with an NTFS file system.
-- The share can use Distributed File System (DFS) replication, but Distributed File System Replication (DFSR) is specifically not supported. Distributed File System Namespaces (DFSN) are supported. For detailed information, see [Microsoft’s Support Statement Around Replicated User Profile Data](https://go.microsoft.com/fwlink/p/?LinkId=313991).
+- The share can use Distributed File System (DFS) but there are restrictions.
+Specifically, Distributed File System Replication (DFS-R) single target configuration with or without a Distributed File System Namespace (DFS-N) is supported.
+Likewise, only single target configuration is supported with DFS-N.
+For detailed information, see [Microsoft’s Support Statement Around Replicated User Profile Data](https://go.microsoft.com/fwlink/p/?LinkId=313991)
+and also [Information about Microsoft support policy for a DFS-R and DFS-N deployment scenario](https://support.microsoft.com/kb/2533009).
- In addition, because SYSVOL uses DFSR for replication, SYSVOL cannot be used for UE-V data file replication.
+ In addition, because SYSVOL uses DFS-R for replication, SYSVOL cannot be used for UE-V data file replication.
- Configure the share permissions and NTFS access control lists (ACLs) as specified in [Deploying the Settings Storage Location for UE-V 2.x](http://technet.microsoft.com/library/dn458891.aspx#ssl).
- Use file server clustering along with the UE-V Agent to provide access to copies of user state data in the event of communications failures.
-- You can store the settings storage path data (user data) and settings template catalog templates on clustered shares, on DFSN shares, or on both.
+- You can store the settings storage path data (user data) and settings template catalog templates on clustered shares, on DFS-N shares, or on both.
### Synchronize computer clocks for UE-V settings synchronization
@@ -663,10 +667,10 @@ Before you proceed, make sure your environment includes these requirements for r
-
+
+
@@ -697,6 +709,9 @@ Also…
- **Administrative Credentials** for any computer on which you’ll be installing
**Note**
+
+- Starting with WIndows 10, version 1607, UE-V is included with [Windows 10 for Enterprise](https://www.microsoft.com/en-us/WindowsForBusiness/windows-for-enterprise) and is no longer part of the Microsoft Desktop Optimization Pack.
+
- The UE-V Windows PowerShell feature of the UE-V Agent requires .NET Framework 4 or higher and Windows PowerShell 3.0 or higher to be enabled. Download Windows PowerShell 3.0 [here](https://go.microsoft.com/fwlink/?LinkId=309609).
- Install .NET Framework 4 or .NET Framework 4.5 on computers that run the Windows 7 or the Windows Server 2008 R2 operating system. The Windows 8, Windows 8.1, and Windows Server 2012 operating systems come with .NET Framework 4.5 installed. The Windows 10 operating system comes with .NET Framework 4.6 installed.
diff --git a/smb/TOC.md b/smb/TOC.md
index 4c2433fafc..2b4214e907 100644
--- a/smb/TOC.md
+++ b/smb/TOC.md
@@ -1 +1,2 @@
-# [SMB](index.md)
+# [Windows 10 for SMB](index.md)
+## [Get started: Deploy and manage a full cloud IT solution for your business](cloud-mode-business-setup.md)
diff --git a/smb/cloud-mode-business-setup.md b/smb/cloud-mode-business-setup.md
new file mode 100644
index 0000000000..5c56cb0492
--- /dev/null
+++ b/smb/cloud-mode-business-setup.md
@@ -0,0 +1,578 @@
+---
+title: Deploy and manage a full cloud IT solution for your business
+description: Learn how to set up a cloud infrastructure for your business, acquire devices and apps, and configure and deploy policies to your devices.
+keywords: smb, full cloud IT solution, small to medium business, deploy, setup, manage, Windows, Intune, Office 365
+ms.prod: w10
+ms.technology: smb-windows
+ms.topic: hero-article
+ms.author: celested
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: smb
+author: CelesteDG
+---
+
+
+
+# Get started: Deploy and manage a full cloud IT solution for your business
+**Applies to:**
+
+- Office 365 Business Premium, Azure AD Premium, Intune, Windows Store for Business, Windows 10
+
+In this walkthrough, we'll show you how to deploy and manage a full cloud IT solution for your small to medium business using Office 365 Business Premium, Microsoft Azure AD, Intune, Windows Store for Business, and Windows 10. We'll show you the basics on how to:
+- Acquire an Office 365 business domain
+- Add Microsoft Intune and Azure Active Directory (AD) Premium licenses to your business tenant
+- Set up Windows Store for Business and manage app deployment and sync with Intune
+- Add users and groups in Azure AD and Intune
+- Create policies and app deployment rules
+- Log in as a user and start using your Windows device
+
+Go to the Microsoft Business site and select **Products** to learn more about pricing and purchasing options for your business.
+
+## Prerequisites
+Here's a few things to keep in mind before you get started:
+- You'll need a registered domain to successfully go through the walkthrough.
+ - If you already own a domain, you can add this during the Office 365 setup.
+ - If you don't already own a domain, you'll have the option to purchase a domain from the Office 365 admin center. We'll show how to do this as part of the walkthrough.
+- You'll need an email address to create your Office 365 tenant.
+- We recommend that you use Internet Explorer for the entire walkthrough. Right click on Internet Explorer and then choose **Start InPrivate Browsing**.
+
+## 1. Set up your cloud infrastructure
+To set up a cloud infrastructure for your organization, follow the steps in this section.
+
+### 1.1 Set up Office 365 for business
+See Set up Office 365 for business to learn more about the setup steps for businesses and nonprofits who have Office 365. You can watch video and learn how to:
+- Plan your setup
+- Create Office 365 accounts and how to add your domain.
+- Install Office
+
+To set up your Office 365 business tenant, see Get Started with Office 365 for business.
+
+If this is the first time you're setting this up, and you'd like to see how it's done, you can follow these steps to get started:
+
+1. Go to the Office 365 page in the Microsoft Business site. Select **Try now** to use the Office 365 Business Premium Trial or select **Buy now** to sign up for Office 365 Business Premium. In this walkthrough, we'll select **Try now**.
+
+ **Figure 1** - Try or buy Office 365
+
+ 
+
+2. Fill out the sign up form and provide information about you and your company.
+3. Create a user ID and password to use to sign into your account.
+
+ This step creates an onmicrosoft.com email address. You can use this email address to sign in to the various admin centers. Save your sign-in info so you can use it to sign into https://portal.office.com (the admin portal).
+
+4. Select **Create my account** and then enter the phone number you used in step 2 to verify your identity. You'll be asked to enter your verification code.
+5. Select **You're ready to go...** which will take you to the Office 365 portal.
+
+ > [!NOTE]
+ > In the Office 365 portal, icons that are greyed out are still installing.
+
+ **Figure 2** - Office 365 portal
+
+ 
+
+
+6. Select the **Admin** tile to go to the Office 365 admin center.
+7. In the admin center, click **Next** to see the highlights and welcome info for the admin center. When you're done, click **Go to setup** to complete the Office 365 setup.
+
+ This may take up to a half hour to complete.
+
+ **Figure 3** - Office 365 admin center
+
+ 
+
+
+8. Go back to the Office 365 admin center to add or buy a domain.
+ 1. Select the **Domains** option.
+
+ **Figure 4** - Option to add or buy a domain
+
+ 
+
+
+ 2. In the **Home > Domains** page, you will see the Microsoft-provided domain, such as *fabrikamdesign.onmicrosoft.com*.
+
+ **Figure 5** - Microsoft-provided domain
+
+ 
+
+ - If you already have a domain, select **+ Add domain** to add your existing domain. If you select this option, you'll be required to verify that you own the domain. Follow the steps in the wizard to verify your domain.
+ - If you don't already own a domain, select **+ Buy domain**. If you're using a trial plan, you'll be required to upgrade your trial plan in order to buy a domain. Choose the subscription plan to use for your business and provide the details to complete your order.
+
+ Once you've added your domain, you'll see it listed in addition to the Microsoft-provided onmicrosoft.com domain.
+
+ **Figure 6** - Domains
+
+ 
+
+### 1.2 Add users and assign product licenses
+Once you've set up Office and added your domain, it's time to add users so they have access to Office 365. People in your organization need an account before they can sign in and access Office 365. The easiest way to add users is to add them one at a time in the Office 365 admin center.
+
+When adding users, you can also assign admin privileges to certain users in your team. You'll also want to assign **Product licenses** to each user so that subscriptions can be assigned to the person.
+
+**To add users and assign product licenses**
+
+1. In the Office 365 admin center, select **Users > Active users**.
+
+ **Figure 7** - Add users
+
+ 
+
+2. In the **Home > Active users** page, add users individually or in bulk.
+ - To add users one at a time, select **+ Add a user**.
+
+ If you select this option, you'll see the **New user** screen and you can add details about the new user including their name, user name, role, and so on. You also have the opportunity to assign **Product licenses**. For detailed step-by-step info on adding a user account, see *Add a user account in the Office 365 admin center* in Add users individually or in bulk to Office 365 - Admin Help.
+
+ **Figure 8** - Add an individual user
+
+ 
+
+ - To add multiple users at once, select **More** and then choose **+ Import multiple users**. If you select this option, you'll need to create and upload a CSV file containing the list of users.
+
+ The **Import multiple users** screen includes a link where you can learn more about importing multiple users and also links for downloading a sample CSV file (one with headers only and another with headers and sample user information). For detailed step-by-step info on adding multiple users to Office 365, see Add several users at the same time to Office 365 - Admin Help. Once you've added all the users, don't forget to assign **Product licenses** to the new users.
+
+ **Figure 9** - Import multiple users
+
+ 
+
+3. Verify that all the users you added appear in the list of **Active users**. The **Status** should indicate the product licenses that were assigned to them.
+
+ **Figure 10** - List of active users
+
+ 
+
+### 1.3 Add Microsoft Intune
+Microsoft Intune provides mobile device management, app management, and PC management capabilities from the cloud. Using Intune, organizations can provide their employees with access to apps, data, and corporate resources from anywhere on almost any device while helping to keep corporate information secure. To learn more, see What is Intune?
+
+**To add Microsoft Intune to your tenant**
+
+1. In the Office 365 admin center, select **Billing > Purchase services**.
+2. In the **Home > Purchase services** screen, search for **Microsoft Intune**. Hover over **Microsoft Intune** to see the options to start a free 30-day trial or to buy now.
+3. Confirm your order to enable access to Microsoft Intune.
+4. In the admin center, the Intune licenses will show as available and ready to be assigned to users. Select **Users > Active users** and then edit the product licenses assigned to the users to turn on **Intune A Direct**.
+
+ **Figure 11** - Assign Intune licenses
+
+ 
+
+5. In the admin center, confirm that **Intune** shows up in the list under **Admin centers**. If it doesn't, sign out and then sign back in and then check again.
+6. Select **Intune**. This will take you to the Intune management portal.
+
+ **Figure 12** - Microsoft Intune management portal
+
+ 
+
+Intune should now be added to your tenant. We'll come back to Intune later when we [Configure Windows Store for Business for app distribution](#17-configure-windows-store-for-business-for-app-distribution).
+
+### 1.4 Add Azure AD to your domain
+Microsoft Azure is an open and flexible cloud platform that enables you to quickly build, deploy, and manage apps across a global network of Microsoft-managed datacenters. In this walkthrough, we won't be using the full power of Azure and we'll primarily use it to create groups that we then use for provisioning through Intune.
+
+**To add Azure AD to your domain**
+
+1. In the Office 365 admin center, select **Admin centers > Azure AD**.
+
+ > [!NOTE]
+ > You will need Azure AD Premium to configure automatic MDM enrollment with Intune.
+
+2. If you have not signed up for Azure AD before, you will see the following message. To proceed with the rest of the walkthrough, you need to activate an Azure subscription.
+
+ **Figure 13** - Access to Azure AD is not available
+
+ 
+
+3. From the error message, select the country/region for your business. This should match with the location you specified when you signed up for Office 365.
+4. Click **Azure subscription**. This will take you to a free trial sign up screen.
+
+ **Figure 14** - Sign up for Microsoft Azure
+
+ 
+
+5. In the **Free trial sign up** screen, fill in the required information and then click **Sign up**.
+6. After you sign up, you should see the message that your subscription is ready. Click **Start managing my service**.
+
+ **Figure 15** - Start managing your Azure subscription
+
+ 
+
+ This will take you to the Microsoft Azure portal.
+
+### 1.5 Add groups in Azure AD
+This section is the walkthrough is optional. However, we recommend that you create groups in Azure AD to manage access to corporate resources, such as apps, policies and settings, and so on. For more information, see Managing access to resources with Azure Active Directory groups.
+
+To add Azure AD group(s), we will use the classic Azure portal (https://manage.windowsazure.com). See Managing groups in Azure Active Directory for more information about managing groups.
+
+**To add groups in Azure AD**
+
+1. If this is the first time you're setting up your directory, when you navigate to the **Azure Active Directory** node in the classic Azure portal, you will see a screen informing you that your directory is ready for use.
+
+ Afterwards, you should see a list of active directories. In the following example, **Fabrikam Design** is the active directory.
+
+ **Figure 16** - Azure first sign-in screen
+
+ 
+
+2. Select the directory (such as Fabrikam Design) to go to the directory's home page.
+
+ **Figure 17** - Directory home page
+
+ 
+
+3. From the menu options on top, select **Groups**.
+
+ **Figure 18** - Azure AD groups
+
+ 
+
+4. Select **Add a group** (from the top) or **Add group** at the bottom.
+5. In the **Add Group** window, add a name, group type, and description for the group and click the checkmark to save your changes. The new group will appear on the groups list.
+
+ **Figure 19** - Newly added group in Azure AD
+
+ 
+
+6. In the **Groups** tab, select the arrow next to the group (such as **All users**), add members to the group, and then save your changes.
+
+ The members that were added to the group will appear on the list.
+
+ **Figure 20** - Members in the new group
+
+ 
+
+7. Repeat steps 2-6 to add other groups. You can add groups based on their roles in your company, based on the apps that each group can use, and so on.
+
+### 1.6 Configure automatic MDM enrollment with Intune
+Now that you have Azure AD Premium and have it properly configured, you can configure automatic MDM enrollment with Intune, which allows users to enroll their Windows devices into Intune management, join their devices directly to Azure AD, and get access to Office 365 resources after sign in.
+
+You can read this blog post to learn how you can combine login, Azure AD Join, and Intune MDM enrollment into an easy step so that you can bring your devices into a managed state that complies with the policies for your organization. We will use this blog post as our guide for this part of the walkthrough.
+
+> [!IMPORTANT]
+> We will use the classic Azure portal instead of the new portal to configure automatic MDM enrollment with Intune.
+
+**To enable automatic MDM enrollment**
+
+1. In to the classic Azure portal, click on your company's Azure Active Directory to go back to the main window. Select **Applications** from the list of directory menu options.
+
+ The list of applications for your company will appear. **Microsoft Intune** will be one of the applications on the list.
+
+ **Figure 21** - List of applications for your company
+
+ 
+
+2. Select **Microsoft Intune** to configure the application.
+3. In the Microsoft Intune configuration page, click **Configure** to start automatic MDM enrollment configuration with Intune.
+
+ **Figure 22** - Configure Microsoft Intune in Azure
+
+ 
+
+4. In the Microsoft Intune configuration page:
+ - In the **Properties** section, you should see a list of URLs for MDM discovery, MDM terms of use, and MDM compliance.
+
+ > [!NOTE]
+ > The URLs are automatically configured for your Azure AD tenant so you don't need to change them.
+
+ - In the **Manage devices for these users** section, you can specify which users' devices should be managed by Intune.
+ - **All** will enable all users' Windows 10 devices to be managed by Intune.
+ - **Groups** let you select whether only users that belong to a specific group will have their devices managed by Intune.
+
+ > [!NOTE]
+ > In this step, choose the group that contains all the users in your organization as members. This is the **All** group.
+
+5. After you've chosen how to manage devices for users, select **Save** to enable automatic MDM enrollment with Intune.
+
+ **Figure 23** - Configure Microsoft Intune
+
+ 
+
+### 1.7 Configure Windows Store for Business for app distribution
+Next, you'll need to configure Windows Store for Business to distribute apps with a management tool such as Intune.
+
+In this part of the walkthrough, we'll be working on the Microsoft Intune management portal and Windows Store for Business.
+
+**To associate your Store account with Intune and configure synchronization**
+
+1. From the Microsoft Intune management portal, select **Admin**.
+2. In the **Administration** workspace, click **Mobile Device Management**. If this is the first tiem you're using the portal, click **manage mobile devices** in the **Mobile Device Management** window. The page will refresh and you'll have new options under **Mobile Device Management**.
+
+ **Figure 24** - Mobile device management
+
+ 
+
+3. Sign into Windows Store for Business using the same tenant account that you used to sign into Intune.
+4. Accept the EULA.
+5. In the Store portal, select **Settings > Management tools** to go to the management tools page.
+6. In the **Management tools** page, find **Microsoft Intune** on the list and click **Activate** to get Intune ready to use with Windows Store for Business.
+
+ **Figure 25** - Activate Intune as the Store management tool
+
+ 
+
+7. Go back to the Intune management portal, select **Admin > Mobile Device Management**, expand **Windows**, and then choose **Store for Business**.
+8. In the **Windows Store for Business** page, select **Configure Sync** to sync your Store for Business volume-purchased apps with Intune.
+
+ **Figure 26** - Configure Store for Business sync in Intune
+
+ 
+
+9. In the **Configure Windows Store for Business app sync** dialog box, check **Enable Windows Store for Business sync**. In the **Language** dropdown list, choose the language in which you want apps from the Store to be displayed in the Intune console and then click **OK**.
+
+ **Figure 27** - Enable Windows Store for Business sync in Intune
+
+ 
+
+ The **Windows Store for Business** page will refresh and it will show the details from the sync.
+
+**To buy apps from the Store**
+
+In your Windows Store for Business portal, you can see the list of apps that you own by going to **Manage > Inventory**. You should see the following apps in your inventory:
+- Sway
+- OneNote
+- PowerPoint Mobile
+- Excel Mobile
+- Word Mobile
+
+In the Intune management portal, select **Apps > Apps > Volume-Purchased Apps** and verify that you can see the same list of apps appear on Intune.
+
+In the following example, we'll show you how to buy apps through the Windows Store for Business and then make sure the apps appear on Intune.
+
+**Example 1 - Add other apps like Reader and InstaNote**
+
+1. In the Windows Store for Business portal, click **Shop**, scroll down to the **Made by Microsoft** category, and click **Show all** to see all the Microsoft apps in the list.
+
+ **Figure 28** - Shop for Store apps
+
+ 
+
+2. Click to select an app, such as **Reader**. This opens the app page.
+3. In the app's Store page, click **Get the app**. You should see a dialog that confirms your order. Click **Close**. This will refresh the app's Store page.
+4. In the app's Store page, click **Add to private store**.
+5. Next, search for another app by name (such as **InstaNote**) or repeat steps 1-4 for the **InstaNote** app.
+6. Go to **Manage > Inventory** and verify that the apps you purchased appear in your inventory.
+
+ **Figure 29** - App inventory shows the purchased apps
+
+ 
+
+ > [!NOTE]
+ > Sync happens automatically, but it may take up to 24 hours for your organization's private store and 12 hours for Intune to sync all your purchased apps. You can force a sync to make this process happen faster. For more info, see [To sync recently purchased apps](#forceappsync).
+
+**To sync recently purchased apps**
+
+If you need to sync your most recently purchased apps and have it appear in your catalog, you can do this by forcing a sync.
+
+1. In the Intune management portal, select **Admin > Mobile Device Management > Windows > Store for Business**.
+2. In the **Windows Store for Business** page, click **Sync now** to force a sync.
+
+ **Figure 30** - Force a sync in Intune
+
+ 
+
+**To view purchased apps**
+- In the Intune management portal, select **Apps > Apps** and then choose **Volume-Purchased Apps** to see the list of available apps. Verify that the apps you purchased were imported correctly.
+
+**To add more apps**
+- If you have other apps that you want to deploy or manage, you must add it to Microsoft Intune. To deploy Win32 apps and Web links, see Add apps for enrolled devices to Intune for more info on how to do this.
+
+## 2. Set up devices
+
+### 2.1 Set up new devices
+To set up new Windows devices, go through the Windows initial device setup or first-run experience to configure your device.
+
+**To set up a device**
+1. Go through the Windows device setup experience. On a new or reset device, this starts with the **Hi there** screen on devices running Windows 10, version 1607 (Anniversary Update). The setup lets you:
+ - Fill in the details in the **Hi there** screen including your home country/region, preferred language, keyboard layout, and timezone
+ - Accept the EULA
+ - Customize the setup or use Express settings
+
+ **Figure 31** - First screen in Windows device setup
+
+ 
+
+ > [!NOTE]
+ > During setup, if you don't have a Wi-Fi network configured, make sure you connect the device to the Internet through a wired/Ethernet connection.
+
+2. In the **Who owns this PC?** screen, select **My work or school owns it** and click **Next**.
+3. In the **Choose how you'll connect** screen, select **Join Azure Active Directory** and click **Next**.
+
+ **Figure 32** - Choose how you'll connect your Windows device
+
+ 
+
+4. In the **Let's get you signed in** screen, sign in using one of the user accounts you added in section [1.2 Add users and assign product licenses](#12-add-users-and-assign-product-licenses). We suggest signing in as one of the global administrators. Later, sign in on another device using one of the non-admin accounts.
+
+ **Figure 33** - Sign in using one of the accounts you added
+
+ 
+
+5. If this is the first time you're signing in, you will be asked to update your password. Update the password and continue with sign-in and setup.
+
+ Windows will continue with setup and you may be asked to set up a PIN for Windows Hello if your organization has it enabled.
+
+### 2.2 Verify correct device setup
+Verify that the device is set up correctly and boots without any issues.
+
+**To verify that the device was set up correctly**
+1. Click on the **Start** menu and select some of the options to make sure everything launches properly.
+2. Confirm that the Store and built-in apps are working.
+
+### 2.3 Verify the device is Azure AD joined
+In the Intune management portal, verify that the device is joined to Azure AD and shows up as being managed in Microsoft Intune.
+
+**To verify if the device is joined to Azure AD**
+1. Check the device name on your PC. To do this, on your Windows PC, select **Settings > System > About** and then check **PC name**.
+
+ **Figure 34** - Check the PC name on your device
+
+ 
+
+2. Log in to the Intune management portal.
+3. Select **Groups** and then go to **Devices**.
+4. In the **All Devices** page, look at the list of devices and select the entry that matches the name of your PC.
+ - Check that the device name appears in the list. Select the device and it will also show the user that's currently logged in in the **General Information** section.
+ - Check the **Management Channel** column and confirm that it says **Managed by Microsoft Intune**.
+ - Check the **AAD Registered** column and confirm that it says **Yes**.
+
+ **Figure 35** - Check that the device appears in Intune
+
+ 
+
+## 3. Manage device settings and features
+You can use Microsoft Intune admin settings and policies to manage features on your organization's mobile devices and computers. For more info, see [Manage settings and features on your devices with Microsoft Intune policies](https://docs.microsoft.com/en-us/intune/deploy-use/manage-settings-and-features-on-your-devices-with-microsoft-intune-policies).
+
+In this section, we'll show you how to reconfigure app deployment settings and add a new policy that will disable the camera for the Intune-managed devices and turn off Windows Hello and PINs during setup.
+
+### 3.1 Reconfigure app deployment settings
+In some cases, if an app is missing from the device, you need to reconfigure the deployment settings for the app and set the app to require installation as soon as possible.
+
+**To reconfigure app deployment settings**
+1. In the Intune management portal, select **Apps** and go to **Apps > Volume-Purchased Apps**.
+2. Select the app, right-click, then select **Manage Deployment...**.
+3. Select the group(s) whose apps will be managed, and then click **Add** to add the group.
+4. Click **Next** at the bottom of the app deployment settings window or select **Deployment Action** on the left column to check the deployment settings for the app.
+5. For each group that you selected, set **Approval** to **Required Install**. This automatically sets **Deadline** to **As soon as possible**. If **Deadline** is not automatically set, set it to **As soon as possible**.
+
+ **Figure 36** - Reconfigure an app's deployment setting in Intune
+
+ 
+
+6. Click **Finish**.
+7. Repeat steps 2-6 for other apps that you want to deploy to the device(s) as soon as possible.
+6. Verify that the app shows up on the device. To do this:
+ - Make sure you're logged in to the Windows device.
+ - Click the **Start** button and check the apps that appear in the **Recently added** section. If you don't see the apps that you deployed in Intune, give it a few minutes. Only apps that aren't already deployed on the device will appear in the **Recently added** section.
+
+ **Figure 37** - Confirm that additional apps were deployed to the device
+
+ 
+
+### 3.2 Configure other settings in Intune
+
+**To disable the camera**
+1. In the Intune management portal, select **Policy > Configuration Policies**.
+2. In the **Policies** window, click **Add** to create a new policy.
+3. On the **Create a New Policy** page, click **Windows** to expand the group, select **General Configuration (Windows 10 Desktop and Mobile and later)**, choose **Create and Deploy a Custom Policy**, and then click **Create Policy**.
+4. On the **Create Policy** page, select **Device Capabilities**.
+5. In the **General** section, add a name and description for this policy. For example:
+ - **Name**: Test Policy - Disable Camera
+ - **Description**: Disables the camera
+6. Scroll down to the **Hardware** section, find **Allow camera is not configured**, toggle the button so that it changes to **Allow camera** and choose **No** from the dropdown list.
+
+ **Figure 38** - Add a configuration policy
+
+ 
+
+7. Click **Save Policy**. A confirmation window will pop up.
+8. On the **Deploy Policy** confirmation window, select **Yes** to deploy the policy now.
+9. On the **Management Deployment** window, select the user group(s) or device group(s) that you want to apply the policy to (for example, **All Users**), and then click **Add**.
+10. Click **OK** to close the window.
+
+ **Figure 39** - The new policy should appear in the **Policies** list.
+
+ 
+
+**To turn off Windows Hello and PINs during device setup**
+1. In the Intune management portal, select **Admin**.
+2. Go to **Mobile Device Management > Windows > Windows Hello for Business**.
+3. In the **Windows Hello for Business** page, select **Disable Windows Hello for Business on enrolled devices**.
+
+ **Figure 40** - Policy to disable Windows Hello for Business
+
+ 
+
+4. Click **Save**.
+
+ > [!NOTE]
+ > This policy is a tenant-wide Intune setting. It disables Windows Hello and required PINs during setup for all enrolled devices in a tenant.
+
+To test whether these policies get successfully deployed to your tenant, go through [4. Add more devices and users](#4-add-more-devices-and-users) and setup another Windows device and login as one of the users.
+
+## 4. Add more devices and users
+After your cloud infrastructure is set up and you have a device management strategy in place, you may need to add more devices or users and you want the same policies to apply to these new devices and users. In this section, we'll show you how to do this.
+
+### 4.1 Connect other devices to your cloud infrastructure
+Adding a new device to your cloud-based tenant is easy. For new devices, you can follow the steps in [2. Set up devices](#2-set-up-devices).
+
+For other devices, such as those personally-owned by employees who need to connect to the corporate network to access corporate resources (BYOD), you can follow the steps in this section to get these devices connected.
+
+ > [!NOTE]
+ > These steps enable users to get access to the organization's resources, but it also gives the organization some control over the device.
+
+**To connect a personal device to your work or school**
+1. On your Windows device, go to **Settings > Accounts**.
+2. Select **Access work or school** and then click **Connect** in the **Connect to work or school** page.
+3. In the **Set up a work or school account** window, click **Join this device to Azure Active Directory** to add an Azure AD account to the device.
+
+ **Figure 41** - Add an Azure AD account to the device
+
+ 
+
+4. In the **Let's get you signed in** window, enter the work credentials for the account and then click **Sign in** to authenticate the user.
+
+ **Figure 42** - Enter the account details
+
+ 
+
+5. You will be asked to update the password so enter a new password.
+6. Verify the details to make sure you're connecting to the right organization and then click **Join**.
+
+ **Figure 43** - Make sure this is your organization
+
+ 
+
+7. You will see a confirmation window that says the device is now connected to your organization. Click **Done**.
+
+ **Figure 44** - Confirmation that the device is now connected
+
+ 
+
+8. The **Connect to work or school** window will refresh and will now include an entry that shows you're connected to your organization's Azure AD. This means the device is now registered in Azure AD and enrolled in MDM and the account should have access to the organization's resources.
+
+ **Figure 45** - Device is now enrolled in Azure AD
+
+ 
+
+9. You can confirm that the new device and user are showing up as Intune-managed by going to the Intune management portal and following the steps in [2.3 Verify the device is Azure AD joined](#23-verify-the-device-is-azure-ad-joined). It may take several minutes before the new device shows up so check again later.
+
+### 4.2 Add a new user
+You can add new users to your tenant simply by adding them to the Office 365 groups. Adding new users to Office 365 groups automatically adds them to the corresponding groups in Microsoft Intune.
+
+See [Add users to Office 365](https://support.office.com/en-us/article/Add-users-to-Office-365-for-business-435ccec3-09dd-4587-9ebd-2f3cad6bc2bc?ui=en-US&rs=en-US&ad=US&fromAR=1) to learn more. Once you're done adding new users, go to the Intune management portal and verify that the same users were added to the Intune groups as well.
+
+## Get more info
+
+### For IT admins
+To learn more about the services and tools mentioned in this walkthrough, and learn what other tasks you can do, follow these links:
+- Set up Office 365 for business
+- Common admin tasks in Office 365 including email and OneDrive in Manage Office 365
+- More info about managing devices, apps, data, troubleshooting, and more in Intune documentation
+- Learn more about Windows 10 in Windows 10 guide for IT pros
+- Info about distributing apps to your employees, managing apps, managing settings, and more in Windows Store for Business
+
+### For information workers
+Whether it's in the classroom, getting the most out of your devices, or learning some of the cool things you can do, we've got teachers covered. Follow these links for more info:
+- Office help and training
+- Windows 10 help
+
+## Related topics
+
+- [Windows 10 and Windows 10 Mobile](https://technet.microsoft.com/itpro/windows/index)
diff --git a/smb/images/azure_ad_access_not_available.PNG b/smb/images/azure_ad_access_not_available.PNG
new file mode 100644
index 0000000000..754ff011ea
Binary files /dev/null and b/smb/images/azure_ad_access_not_available.PNG differ
diff --git a/smb/images/azure_ad_sign_up_screen.PNG b/smb/images/azure_ad_sign_up_screen.PNG
new file mode 100644
index 0000000000..3c369cfd5b
Binary files /dev/null and b/smb/images/azure_ad_sign_up_screen.PNG differ
diff --git a/smb/images/azure_ad_successful_signup.PNG b/smb/images/azure_ad_successful_signup.PNG
new file mode 100644
index 0000000000..197744f309
Binary files /dev/null and b/smb/images/azure_ad_successful_signup.PNG differ
diff --git a/smb/images/azure_portal_azure_ad_management.PNG b/smb/images/azure_portal_azure_ad_management.PNG
new file mode 100644
index 0000000000..6401aa910b
Binary files /dev/null and b/smb/images/azure_portal_azure_ad_management.PNG differ
diff --git a/smb/images/azure_portal_azure_ad_management_users_groups.png b/smb/images/azure_portal_azure_ad_management_users_groups.png
new file mode 100644
index 0000000000..5010765800
Binary files /dev/null and b/smb/images/azure_portal_azure_ad_management_users_groups.png differ
diff --git a/smb/images/azure_portal_classic.PNG b/smb/images/azure_portal_classic.PNG
new file mode 100644
index 0000000000..15132f7a07
Binary files /dev/null and b/smb/images/azure_portal_classic.PNG differ
diff --git a/smb/images/azure_portal_classic_add_group.PNG b/smb/images/azure_portal_classic_add_group.PNG
new file mode 100644
index 0000000000..417e9b8a72
Binary files /dev/null and b/smb/images/azure_portal_classic_add_group.PNG differ
diff --git a/smb/images/azure_portal_classic_all_users_group.PNG b/smb/images/azure_portal_classic_all_users_group.PNG
new file mode 100644
index 0000000000..55988d9c6c
Binary files /dev/null and b/smb/images/azure_portal_classic_all_users_group.PNG differ
diff --git a/smb/images/azure_portal_classic_applications.PNG b/smb/images/azure_portal_classic_applications.PNG
new file mode 100644
index 0000000000..9c39a28e08
Binary files /dev/null and b/smb/images/azure_portal_classic_applications.PNG differ
diff --git a/smb/images/azure_portal_classic_configure_directory.png b/smb/images/azure_portal_classic_configure_directory.png
new file mode 100644
index 0000000000..1cece3e84c
Binary files /dev/null and b/smb/images/azure_portal_classic_configure_directory.png differ
diff --git a/smb/images/azure_portal_classic_configure_intune.PNG b/smb/images/azure_portal_classic_configure_intune.PNG
new file mode 100644
index 0000000000..0daddd7e83
Binary files /dev/null and b/smb/images/azure_portal_classic_configure_intune.PNG differ
diff --git a/smb/images/azure_portal_classic_configure_intune_app.png b/smb/images/azure_portal_classic_configure_intune_app.png
new file mode 100644
index 0000000000..1110714b7c
Binary files /dev/null and b/smb/images/azure_portal_classic_configure_intune_app.png differ
diff --git a/smb/images/azure_portal_classic_configure_intune_mdm_enrollment.PNG b/smb/images/azure_portal_classic_configure_intune_mdm_enrollment.PNG
new file mode 100644
index 0000000000..a85a28dd7d
Binary files /dev/null and b/smb/images/azure_portal_classic_configure_intune_mdm_enrollment.PNG differ
diff --git a/smb/images/azure_portal_classic_directory_ready.PNG b/smb/images/azure_portal_classic_directory_ready.PNG
new file mode 100644
index 0000000000..d627036ca3
Binary files /dev/null and b/smb/images/azure_portal_classic_directory_ready.PNG differ
diff --git a/smb/images/azure_portal_classic_groups.PNG b/smb/images/azure_portal_classic_groups.PNG
new file mode 100644
index 0000000000..a746a0b21b
Binary files /dev/null and b/smb/images/azure_portal_classic_groups.PNG differ
diff --git a/smb/images/azure_portal_classic_members_added.PNG b/smb/images/azure_portal_classic_members_added.PNG
new file mode 100644
index 0000000000..5cb5864330
Binary files /dev/null and b/smb/images/azure_portal_classic_members_added.PNG differ
diff --git a/smb/images/azure_portal_home.PNG b/smb/images/azure_portal_home.PNG
new file mode 100644
index 0000000000..5f0dcf4c5d
Binary files /dev/null and b/smb/images/azure_portal_home.PNG differ
diff --git a/smb/images/azure_portal_select_azure_ad.png b/smb/images/azure_portal_select_azure_ad.png
new file mode 100644
index 0000000000..694d30cbdd
Binary files /dev/null and b/smb/images/azure_portal_select_azure_ad.png differ
diff --git a/smb/images/business-cloud-mode-graphic.png b/smb/images/business-cloud-mode-graphic.png
new file mode 100644
index 0000000000..449b7ca356
Binary files /dev/null and b/smb/images/business-cloud-mode-graphic.png differ
diff --git a/smb/images/business-cloud-mode.png b/smb/images/business-cloud-mode.png
new file mode 100644
index 0000000000..f524b42372
Binary files /dev/null and b/smb/images/business-cloud-mode.png differ
diff --git a/smb/images/deploy.png b/smb/images/deploy.png
new file mode 100644
index 0000000000..8fe505f77e
Binary files /dev/null and b/smb/images/deploy.png differ
diff --git a/smb/images/deploy_art.png b/smb/images/deploy_art.png
new file mode 100644
index 0000000000..5f2a6d0978
Binary files /dev/null and b/smb/images/deploy_art.png differ
diff --git a/smb/images/intune_admin_mdm.PNG b/smb/images/intune_admin_mdm.PNG
new file mode 100644
index 0000000000..3b334b27d5
Binary files /dev/null and b/smb/images/intune_admin_mdm.PNG differ
diff --git a/smb/images/intune_admin_mdm_configure.png b/smb/images/intune_admin_mdm_configure.png
new file mode 100644
index 0000000000..0a9cb4b99f
Binary files /dev/null and b/smb/images/intune_admin_mdm_configure.png differ
diff --git a/smb/images/intune_admin_mdm_forcesync.PNG b/smb/images/intune_admin_mdm_forcesync.PNG
new file mode 100644
index 0000000000..96d085a261
Binary files /dev/null and b/smb/images/intune_admin_mdm_forcesync.PNG differ
diff --git a/smb/images/intune_admin_mdm_store_sync.PNG b/smb/images/intune_admin_mdm_store_sync.PNG
new file mode 100644
index 0000000000..3b884371b0
Binary files /dev/null and b/smb/images/intune_admin_mdm_store_sync.PNG differ
diff --git a/smb/images/intune_apps_deploymentaction.PNG b/smb/images/intune_apps_deploymentaction.PNG
new file mode 100644
index 0000000000..0c769017d2
Binary files /dev/null and b/smb/images/intune_apps_deploymentaction.PNG differ
diff --git a/smb/images/intune_configure_store_app_sync_dialog.PNG b/smb/images/intune_configure_store_app_sync_dialog.PNG
new file mode 100644
index 0000000000..abb41318f1
Binary files /dev/null and b/smb/images/intune_configure_store_app_sync_dialog.PNG differ
diff --git a/smb/images/intune_groups_devices_list.PNG b/smb/images/intune_groups_devices_list.PNG
new file mode 100644
index 0000000000..f571847bc7
Binary files /dev/null and b/smb/images/intune_groups_devices_list.PNG differ
diff --git a/smb/images/intune_policies_newpolicy_deployed.PNG b/smb/images/intune_policies_newpolicy_deployed.PNG
new file mode 100644
index 0000000000..72cb4d5db3
Binary files /dev/null and b/smb/images/intune_policies_newpolicy_deployed.PNG differ
diff --git a/smb/images/intune_policy_disable_windowshello.PNG b/smb/images/intune_policy_disable_windowshello.PNG
new file mode 100644
index 0000000000..2b7300c9ce
Binary files /dev/null and b/smb/images/intune_policy_disable_windowshello.PNG differ
diff --git a/smb/images/intune_policy_disablecamera.PNG b/smb/images/intune_policy_disablecamera.PNG
new file mode 100644
index 0000000000..53fd969c00
Binary files /dev/null and b/smb/images/intune_policy_disablecamera.PNG differ
diff --git a/smb/images/intune_portal_home.PNG b/smb/images/intune_portal_home.PNG
new file mode 100644
index 0000000000..b63295fe42
Binary files /dev/null and b/smb/images/intune_portal_home.PNG differ
diff --git a/smb/images/learn.png b/smb/images/learn.png
new file mode 100644
index 0000000000..9e8f87f436
Binary files /dev/null and b/smb/images/learn.png differ
diff --git a/smb/images/learn_art.png b/smb/images/learn_art.png
new file mode 100644
index 0000000000..1170f9ca26
Binary files /dev/null and b/smb/images/learn_art.png differ
diff --git a/smb/images/o365_active_users.PNG b/smb/images/o365_active_users.PNG
new file mode 100644
index 0000000000..8ab381a59d
Binary files /dev/null and b/smb/images/o365_active_users.PNG differ
diff --git a/smb/images/o365_add_existing_domain.PNG b/smb/images/o365_add_existing_domain.PNG
new file mode 100644
index 0000000000..e29cdca3f9
Binary files /dev/null and b/smb/images/o365_add_existing_domain.PNG differ
diff --git a/smb/images/o365_additional_domain.PNG b/smb/images/o365_additional_domain.PNG
new file mode 100644
index 0000000000..5682fb15f7
Binary files /dev/null and b/smb/images/o365_additional_domain.PNG differ
diff --git a/smb/images/o365_admin_portal.PNG b/smb/images/o365_admin_portal.PNG
new file mode 100644
index 0000000000..cfbf696310
Binary files /dev/null and b/smb/images/o365_admin_portal.PNG differ
diff --git a/smb/images/o365_assign_intune_license.PNG b/smb/images/o365_assign_intune_license.PNG
new file mode 100644
index 0000000000..261f096a98
Binary files /dev/null and b/smb/images/o365_assign_intune_license.PNG differ
diff --git a/smb/images/o365_domains.PNG b/smb/images/o365_domains.PNG
new file mode 100644
index 0000000000..ca79f71f54
Binary files /dev/null and b/smb/images/o365_domains.PNG differ
diff --git a/smb/images/o365_microsoft_provided_domain.PNG b/smb/images/o365_microsoft_provided_domain.PNG
new file mode 100644
index 0000000000..b2a05eb5a9
Binary files /dev/null and b/smb/images/o365_microsoft_provided_domain.PNG differ
diff --git a/smb/images/o365_trynow.PNG b/smb/images/o365_trynow.PNG
new file mode 100644
index 0000000000..5810f3e0f9
Binary files /dev/null and b/smb/images/o365_trynow.PNG differ
diff --git a/smb/images/o365_users.PNG b/smb/images/o365_users.PNG
new file mode 100644
index 0000000000..e0b462a8c5
Binary files /dev/null and b/smb/images/o365_users.PNG differ
diff --git a/smb/images/office365_add_individual_user.PNG b/smb/images/office365_add_individual_user.PNG
new file mode 100644
index 0000000000..87f674fa10
Binary files /dev/null and b/smb/images/office365_add_individual_user.PNG differ
diff --git a/smb/images/office365_additional_domain.png b/smb/images/office365_additional_domain.png
new file mode 100644
index 0000000000..940a090477
Binary files /dev/null and b/smb/images/office365_additional_domain.png differ
diff --git a/smb/images/office365_admin_center.png b/smb/images/office365_admin_center.png
new file mode 100644
index 0000000000..26808fc27c
Binary files /dev/null and b/smb/images/office365_admin_center.png differ
diff --git a/smb/images/office365_admin_portal.png b/smb/images/office365_admin_portal.png
new file mode 100644
index 0000000000..fe0f81bda0
Binary files /dev/null and b/smb/images/office365_admin_portal.png differ
diff --git a/smb/images/office365_buy_domain.png b/smb/images/office365_buy_domain.png
new file mode 100644
index 0000000000..51ea9c1e6c
Binary files /dev/null and b/smb/images/office365_buy_domain.png differ
diff --git a/smb/images/office365_create_userid.png b/smb/images/office365_create_userid.png
new file mode 100644
index 0000000000..fc3d070841
Binary files /dev/null and b/smb/images/office365_create_userid.png differ
diff --git a/smb/images/office365_domains.png b/smb/images/office365_domains.png
new file mode 100644
index 0000000000..51ea9c1e6c
Binary files /dev/null and b/smb/images/office365_domains.png differ
diff --git a/smb/images/office365_import_multiple_users.PNG b/smb/images/office365_import_multiple_users.PNG
new file mode 100644
index 0000000000..c1b05fa2c9
Binary files /dev/null and b/smb/images/office365_import_multiple_users.PNG differ
diff --git a/smb/images/office365_ms_provided_domain.png b/smb/images/office365_ms_provided_domain.png
new file mode 100644
index 0000000000..18479da421
Binary files /dev/null and b/smb/images/office365_ms_provided_domain.png differ
diff --git a/smb/images/office365_plan_subscription_checkout.png b/smb/images/office365_plan_subscription_checkout.png
new file mode 100644
index 0000000000..340336c39e
Binary files /dev/null and b/smb/images/office365_plan_subscription_checkout.png differ
diff --git a/smb/images/office365_portal.png b/smb/images/office365_portal.png
new file mode 100644
index 0000000000..f3a23d4a65
Binary files /dev/null and b/smb/images/office365_portal.png differ
diff --git a/smb/images/office365_signup_page.png b/smb/images/office365_signup_page.png
new file mode 100644
index 0000000000..ce2de7f034
Binary files /dev/null and b/smb/images/office365_signup_page.png differ
diff --git a/smb/images/office365_trynow.png b/smb/images/office365_trynow.png
new file mode 100644
index 0000000000..72aaeb923a
Binary files /dev/null and b/smb/images/office365_trynow.png differ
diff --git a/smb/images/office365_tryorbuy_now.png b/smb/images/office365_tryorbuy_now.png
new file mode 100644
index 0000000000..760e3a74cc
Binary files /dev/null and b/smb/images/office365_tryorbuy_now.png differ
diff --git a/smb/images/office365_users.png b/smb/images/office365_users.png
new file mode 100644
index 0000000000..ec9231de1b
Binary files /dev/null and b/smb/images/office365_users.png differ
diff --git a/smb/images/smb_portal_banner.png b/smb/images/smb_portal_banner.png
new file mode 100644
index 0000000000..e38560ab5a
Binary files /dev/null and b/smb/images/smb_portal_banner.png differ
diff --git a/smb/images/win10_add_new_user_account_aadwork.PNG b/smb/images/win10_add_new_user_account_aadwork.PNG
new file mode 100644
index 0000000000..378339b1e9
Binary files /dev/null and b/smb/images/win10_add_new_user_account_aadwork.PNG differ
diff --git a/smb/images/win10_add_new_user_join_aad.PNG b/smb/images/win10_add_new_user_join_aad.PNG
new file mode 100644
index 0000000000..7924250993
Binary files /dev/null and b/smb/images/win10_add_new_user_join_aad.PNG differ
diff --git a/smb/images/win10_change_your_password.PNG b/smb/images/win10_change_your_password.PNG
new file mode 100644
index 0000000000..bf9f164290
Binary files /dev/null and b/smb/images/win10_change_your_password.PNG differ
diff --git a/smb/images/win10_choosehowtoconnect.PNG b/smb/images/win10_choosehowtoconnect.PNG
new file mode 100644
index 0000000000..0a561b1913
Binary files /dev/null and b/smb/images/win10_choosehowtoconnect.PNG differ
diff --git a/smb/images/win10_confirm_device_connected_to_org.PNG b/smb/images/win10_confirm_device_connected_to_org.PNG
new file mode 100644
index 0000000000..a70849ebe8
Binary files /dev/null and b/smb/images/win10_confirm_device_connected_to_org.PNG differ
diff --git a/smb/images/win10_confirm_organization_details.PNG b/smb/images/win10_confirm_organization_details.PNG
new file mode 100644
index 0000000000..54605d39fe
Binary files /dev/null and b/smb/images/win10_confirm_organization_details.PNG differ
diff --git a/smb/images/win10_deivce_enrolled_in_aad.PNG b/smb/images/win10_deivce_enrolled_in_aad.PNG
new file mode 100644
index 0000000000..a2c60c114e
Binary files /dev/null and b/smb/images/win10_deivce_enrolled_in_aad.PNG differ
diff --git a/smb/images/win10_deploy_apps_immediately.PNG b/smb/images/win10_deploy_apps_immediately.PNG
new file mode 100644
index 0000000000..1e63f77939
Binary files /dev/null and b/smb/images/win10_deploy_apps_immediately.PNG differ
diff --git a/smb/images/win10_device_enrolled_in_aad.png b/smb/images/win10_device_enrolled_in_aad.png
new file mode 100644
index 0000000000..a2c60c114e
Binary files /dev/null and b/smb/images/win10_device_enrolled_in_aad.png differ
diff --git a/smb/images/win10_device_setup_complete.PNG b/smb/images/win10_device_setup_complete.PNG
new file mode 100644
index 0000000000..454e30a441
Binary files /dev/null and b/smb/images/win10_device_setup_complete.PNG differ
diff --git a/smb/images/win10_hithere.PNG b/smb/images/win10_hithere.PNG
new file mode 100644
index 0000000000..b251b8eb7c
Binary files /dev/null and b/smb/images/win10_hithere.PNG differ
diff --git a/smb/images/win10_settings_pcname.PNG b/smb/images/win10_settings_pcname.PNG
new file mode 100644
index 0000000000..ff815b0a8a
Binary files /dev/null and b/smb/images/win10_settings_pcname.PNG differ
diff --git a/smb/images/win10_signin_admin_account.PNG b/smb/images/win10_signin_admin_account.PNG
new file mode 100644
index 0000000000..e6df613284
Binary files /dev/null and b/smb/images/win10_signin_admin_account.PNG differ
diff --git a/smb/images/wsfb_account_details.PNG b/smb/images/wsfb_account_details.PNG
new file mode 100644
index 0000000000..7a2594ec3f
Binary files /dev/null and b/smb/images/wsfb_account_details.PNG differ
diff --git a/smb/images/wsfb_account_details_2.PNG b/smb/images/wsfb_account_details_2.PNG
new file mode 100644
index 0000000000..7e38f20099
Binary files /dev/null and b/smb/images/wsfb_account_details_2.PNG differ
diff --git a/smb/images/wsfb_account_signup_saveinfo.PNG b/smb/images/wsfb_account_signup_saveinfo.PNG
new file mode 100644
index 0000000000..f29280352b
Binary files /dev/null and b/smb/images/wsfb_account_signup_saveinfo.PNG differ
diff --git a/smb/images/wsfb_manage_inventory_newapps.PNG b/smb/images/wsfb_manage_inventory_newapps.PNG
new file mode 100644
index 0000000000..070728fcad
Binary files /dev/null and b/smb/images/wsfb_manage_inventory_newapps.PNG differ
diff --git a/smb/images/wsfb_management_tools.PNG b/smb/images/wsfb_management_tools.PNG
new file mode 100644
index 0000000000..82d11a9a25
Binary files /dev/null and b/smb/images/wsfb_management_tools.PNG differ
diff --git a/smb/images/wsfb_management_tools_activate.png b/smb/images/wsfb_management_tools_activate.png
new file mode 100644
index 0000000000..bb2ffd99ad
Binary files /dev/null and b/smb/images/wsfb_management_tools_activate.png differ
diff --git a/smb/images/wsfb_shop_microsoft_apps.PNG b/smb/images/wsfb_shop_microsoft_apps.PNG
new file mode 100644
index 0000000000..562f3fd1e3
Binary files /dev/null and b/smb/images/wsfb_shop_microsoft_apps.PNG differ
diff --git a/smb/images/wsfb_signup_for_account.PNG b/smb/images/wsfb_signup_for_account.PNG
new file mode 100644
index 0000000000..d641587c5e
Binary files /dev/null and b/smb/images/wsfb_signup_for_account.PNG differ
diff --git a/smb/images/wsfb_store_portal.PNG b/smb/images/wsfb_store_portal.PNG
new file mode 100644
index 0000000000..03a4ad928e
Binary files /dev/null and b/smb/images/wsfb_store_portal.PNG differ
diff --git a/smb/index.md b/smb/index.md
index eaeb8132cd..b15093ddee 100644
--- a/smb/index.md
+++ b/smb/index.md
@@ -1,4 +1,45 @@
---
-title: SMB placeholder
-description: SMB placeholder
+title: Windows 10 for small to midsize businesses
+description: Microsoft products and devices to transform and grow your businessLearn how to use Windows 10 for your small to midsize business.
+keywords: Windows 10, SMB, small business, midsize business, business
+ms.prod: w10
+ms.technology: smb-windows
+ms.topic: article
+ms.author: celested
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: smb
+author: CelesteDG
---
+
+
+
+# Windows 10 for SMB
+
+
+##  Learn
+
+
Learn how Windows 10 and Windows devices can help your business.
Read about the latest stories, technology insights, and business strategies for SMBs.
Go here when you're ready to buy or want to learn more about Microsoft products you can use to help transform your business.
Find out how easy it is to deploy and manage a full cloud IT solution for your small to midsize business using Microsoft cloud services and tools.
-[Upgrade Analytics requirements](upgrade-analytics-requirements.md)
-[Upgrade Analytics release notes](upgrade-analytics-release-notes.md)
-[Get started with Upgrade Analytics](upgrade-analytics-get-started.md)
-[Use Upgrade Analytics to manage Windows upgrades](use-upgrade-analytics-to-manage-windows-upgrades.md)
-[Troubleshoot Upgrade Analytics](troubleshoot-upgrade-analytics.md)
diff --git a/windows/deploy/manage-windows-upgrades-with-upgrade-readiness.md b/windows/deploy/manage-windows-upgrades-with-upgrade-readiness.md
new file mode 100644
index 0000000000..de269889bf
--- /dev/null
+++ b/windows/deploy/manage-windows-upgrades-with-upgrade-readiness.md
@@ -0,0 +1,43 @@
+---
+title: Manage Windows upgrades with Upgrade Readiness (Windows 10)
+description: Provides an overview of the process of managing Windows upgrades with Upgrade Readiness.
+ms.prod: w10
+author: greg-lindsay
+---
+
+# Manage Windows upgrades with Upgrade Readiness
+
+Upgrading to new operating systems has traditionally been a challenging, complex, and slow process for many enterprises. Discovering applications and drivers and then testing them for potential compatibility issues have been among the biggest pain points.
+
+With the release of Upgrade Readiness, enterprises now have the tools to plan and manage the upgrade process end to end, allowing them to adopt new Windows releases more quickly. With new Windows versions being released multiple times a year, ensuring application and driver compatibility on an ongoing basis is key to adopting new Windows versions as they are released. Windows Upgrade Readiness not only supports upgrade management from Windows 7, Windows 8.1 to Windows 10, but also Windows 10 upgrades in the [Windows as a service](https://technet.microsoft.com/en-us/itpro/windows/manage/waas-overview) model.
+
+Microsoft developed Upgrade Readiness in response to demand from enterprise customers looking for additional direction and details about upgrading to Windows 10. Upgrade Readiness was built taking into account multiple channels of customer feedback, testing, and Microsoft’s experience upgrading millions of devices to Windows 10.
+
+With Windows telemetry enabled, Upgrade Readiness collects system, application, and driver data for analysis. We then identify compatibility issues that can block an upgrade and suggest fixes when they are known to Microsoft.
+
+Use Upgrade Readiness to get:
+
+- A visual workflow that guides you from pilot to production
+- Detailed computer and application inventory
+- Powerful computer level search and drill-downs
+- Guidance and insights into application and driver compatibility issues, with suggested fixes
+- Data driven application rationalization tools
+- Application usage information, allowing targeted validation; workflow to track validation progress and decisions
+- Data export to commonly used software deployment tools, including System Center Configuration Manager
+
+The Upgrade Readiness workflow steps you through the discovery and rationalization process until you have a list of computers that are ready to be upgraded.
+
+**Important** For system, application, and driver data to be shared with Microsoft, you must configure user computers to send data. For information about what telemetry data Microsoft collects and how that data is used and protected by Microsoft, see:
+
+- [Configure Windows telemetry in your organization](https://technet.microsoft.com/itpro/windows/manage/configure-windows-telemetry-in-your-organization)
+- [Manage connections from Windows operating system components to Microsoft services](https://technet.microsoft.com/itpro/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services)
+- [Windows 7, Windows 8, and Windows 8.1 appraiser telemetry events and fields](https://go.microsoft.com/fwlink/?LinkID=822965)
+
+##**Related topics**
+
+[Upgrade Readiness architecture](upgrade-readiness-architecture.md)
+[Upgrade Readiness requirements](upgrade-readiness-requirements.md)
+[Upgrade Readiness release notes](upgrade-readiness-release-notes.md)
+[Get started with Upgrade Readiness](upgrade-readiness-get-started.md)
+[Use Upgrade Readiness to manage Windows upgrades](use-upgrade-readiness-to-manage-windows-upgrades.md)
+[Troubleshoot Upgrade Readiness](troubleshoot-upgrade-readiness.md)
diff --git a/windows/deploy/mbr-to-gpt.md b/windows/deploy/mbr-to-gpt.md
new file mode 100644
index 0000000000..5775e4b633
--- /dev/null
+++ b/windows/deploy/mbr-to-gpt.md
@@ -0,0 +1,384 @@
+---
+title: MBR2GPT
+description: How to use the MBR2GPT tool to convert MBR partitions to GPT
+keywords: deploy, troubleshoot, windows, 10, upgrade, partition, mbr, gpt
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: deploy
+author: greg-lindsay
+localizationpriority: high
+---
+
+# MBR2GPT.EXE
+
+**Applies to**
+- Windows 10
+
+## Summary
+
+**MBR2GPT.EXE** converts a disk from Master Boot Record (MBR) to GUID Partition Table (GPT) partition style without modifying or deleting data on the disk. The tool is designed to be run from a Windows Preinstallation Environment (Windows PE) command prompt, but can also be run from the full Windows 10 operating system (OS).
+
+You can use MBR2GPT to perform the following:
+
+- \[Within the Windows PE environment\]: Convert any attached MBR-formatted disk to GPT, including the system disk.
+- \[From within the currently running OS\]: Convert any attached MBR-formatted disk to GPT, including the system disk.
+
+>MBR2GPT is available in Windows 10 version 1703, also known as Windows 10 Creator's Update, and later versions.
+>The tool is available in both the full OS environment and Windows PE.
+
+You can use MBR2GPT to convert an MBR disk with BitLocker-encrypted volumes as long as protection has been suspended. To resume BitLocker after conversion, you will need to delete the existing protectors and recreate them.
+
+The MBR2GPT tool can convert operating system disks that have earlier versions of Windows installed, such as Windows 10 versions 1507, 1511, and 1607. However, you must run the tool while booted into Windows 10 version 1703 or later, and perform an offline conversion.
+
+>[!IMPORTANT]
+>After the disk has been converted to GPT partition style, the firmware must be reconfigured to boot in UEFI mode.
Make sure that your device supports UEFI before attempting to convert the disk.
+
+## Syntax
+
+
+
+
+### Options
+
+| Option | Description |
+|----|-------------|
+|/validate| Instructs MBR2GPT.exe to perform only the disk validation steps and report whether the disk is eligible for conversion. |
+|/convert| Instructs MBR2GPT.exe to perform the disk validation and to proceed with the conversion if all validation tests pass. |
+|/disk:\MBR2GPT /validate|convert [/disk:\
[Windows 10 Enterprise system requirements](https://technet.microsoft.com/en-us/windows/dn798752.aspx)
+
[Windows 10 Specifications](https://www.microsoft.com/en-us/windows/Windows-10-specifications)
+
[Windows 10 IT pro forums](https://social.technet.microsoft.com/Forums/en-US/home?category=Windows10ITPro)
diff --git a/windows/deploy/provisioning-packages.md b/windows/deploy/provisioning-packages.md
index ebb4a064c3..557bf3e595 100644
--- a/windows/deploy/provisioning-packages.md
+++ b/windows/deploy/provisioning-packages.md
@@ -25,13 +25,13 @@ Provisioning packages are simple enough that with a short set of written instruc
The [Windows Assessment and Deployment Kit (ADK) for Windows 10](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit) includes the Imaging and Configuration Designer (ICD), a tool for configuring provisioning packages.
-## New in Windows 10, Version 1607
+## New in Windows 10, version 1607
-Windows ICD for Windows 10, Version 1607, simplifies common provisioning scenarios.
+Windows ICD for Windows 10, version 1607, simplifies common provisioning scenarios.
-Windows ICD in Windows 10, Version 1607, supports the following scenarios for IT administrators:
+Windows ICD in Windows 10, version 1607, supports the following scenarios for IT administrators:
* **Simple provisioning** – Enables IT administrators to define a desired configuration in Windows ICD and then apply that configuration on target devices. The simple provisioning wizard makes the entire process quick and easy by guiding an IT administrator through common configuration settings in a step-by-step manner.
@@ -49,7 +49,7 @@ Windows ICD in Windows 10, Version 1607, supports the following scenarios for IT
* Other MDMs (cert-based enrollment)
> [!NOTE]
-> Windows ICD in Windows 10, Version 1607, also provides a wizard to create provisioning packages for school PCs. To learn more, see [Set up students' PCs to join domain](https://technet.microsoft.com/edu/windows/index).
+> Windows ICD in Windows 10, version 1607, also provides a wizard to create provisioning packages for school PCs. To learn more, see [Set up students' PCs to join domain](https://technet.microsoft.com/edu/windows/index).
## Benefits of provisioning packages
diff --git a/windows/deploy/troubleshoot-upgrade-analytics.md b/windows/deploy/troubleshoot-upgrade-analytics.md
index 03c096cc19..dc7f8428f2 100644
--- a/windows/deploy/troubleshoot-upgrade-analytics.md
+++ b/windows/deploy/troubleshoot-upgrade-analytics.md
@@ -1,38 +1,4 @@
---
title: Troubleshoot Upgrade Analytics (Windows 10)
-description: Provides troubleshooting information for Upgrade Analytics.
-ms.prod: w10
-author: greg-lindsay
+redirect_url: troubleshoot-upgrade-readiness
---
-
-# Troubleshoot Upgrade Analytics
-
-If you’re having issues seeing data in Upgrade Analytics after running the Upgrade Analytics Deployment script, make sure it completes successfully without any errors. Check the output of the script in the command window and/or log UA_dateTime_machineName.txt to ensure all steps were completed successfully. In addition, we recommend that you wait at least 48 hours before checking OMS for data after the script first completes without reporting any error.
-
-If you still don’t see data in Upgrade Analytics, follow these steps:
-
-1. Download and extract UpgradeAnalytics.zip. Ensure the “Diagnostics” folder is included.
-
-2. Edit the script as described in [Upgrade Analytics deployment script](upgrade-analytics-deployment-script.md).
-
-3. Check that isVerboseLogging is set to $true.
-
-4. Run the script again. Log files will be saved to the directory specified in the script.
-
-5. Open a support case with Microsoft Support through your regular channel and provide this information.
-
-## Disable Upgrade Analytics
-
-If you want to stop using Upgrade Analytics and stop sending telemetry data to Microsoft, follow these steps:
-
-1. Unsubscribe from the Upgrade Analytics solution in the OMS portal. In the OMS portal, go to **Settings** > **Connected Sources** > **Windows Telemetry** and choose the **Unsubscribe** option.
-
- 
-
-2. Disable the Commercial Data Opt-in Key on computers running Windows 7 SP1 or 8.1. On computers running Windows 10, set the telemetry level to **Security**:
-
- **Windows 7 and Windows 8.1**: Delete CommercialDataOptIn registry property from *HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection*
- **Windows 10**: Follow the instructions in the [Configure Windows telemetry in your organization](https://technet.microsoft.com/itpro/windows/manage/configure-windows-telemetry-in-your-organization#enterprise-management) topic.
-
-3. If you enabled **Internet Explorer Site Discovery**, you can disable Internet Explorer data collection by setting the *IEDataOptIn* registry key to value "0". The IEDataOptIn key can be found under: *HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection*.
-4. You can also remove the “CommercialId” key from: "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection". **This is an optional step**.
diff --git a/windows/deploy/troubleshoot-upgrade-readiness.md b/windows/deploy/troubleshoot-upgrade-readiness.md
new file mode 100644
index 0000000000..700408bdd6
--- /dev/null
+++ b/windows/deploy/troubleshoot-upgrade-readiness.md
@@ -0,0 +1,38 @@
+---
+title: Troubleshoot Upgrade Readiness (Windows 10)
+description: Provides troubleshooting information for Upgrade Readiness.
+ms.prod: w10
+author: greg-lindsay
+---
+
+# Troubleshoot Upgrade Readiness
+
+If you’re having issues seeing data in Upgrade Readiness after running the Upgrade Readiness Deployment script, make sure it completes successfully without any errors. Check the output of the script in the command window and/or log UA_dateTime_machineName.txt to ensure all steps were completed successfully. In addition, we recommend that you wait at least 48 hours before checking OMS for data after the script first completes without reporting any error.
+
+If you still don’t see data in Upgrade Readiness, follow these steps:
+
+1. Download and extract UpgradeAnalytics.zip. Ensure the “Diagnostics” folder is included.
+
+2. Edit the script as described in [Upgrade Readiness deployment script](upgrade-readiness-deployment-script.md).
+
+3. Check that isVerboseLogging is set to $true.
+
+4. Run the script again. Log files will be saved to the directory specified in the script.
+
+5. Open a support case with Microsoft Support through your regular channel and provide this information.
+
+## Disable Upgrade Readiness
+
+If you want to stop using Upgrade Readiness and stop sending telemetry data to Microsoft, follow these steps:
+
+1. Unsubscribe from the Upgrade Readiness solution in the OMS portal. In the OMS portal, go to **Settings** > **Connected Sources** > **Windows Telemetry** and choose the **Unsubscribe** option.
+
+ 
+
+2. Disable the Commercial Data Opt-in Key on computers running Windows 7 SP1 or 8.1. On computers running Windows 10, set the telemetry level to **Security**:
+
+ **Windows 7 and Windows 8.1**: Delete CommercialDataOptIn registry property from *HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection*
+ **Windows 10**: Follow the instructions in the [Configure Windows telemetry in your organization](https://technet.microsoft.com/itpro/windows/manage/configure-windows-telemetry-in-your-organization#enterprise-management) topic.
+
+3. If you enabled **Internet Explorer Site Discovery**, you can disable Internet Explorer data collection by setting the *IEDataOptIn* registry key to value "0". The IEDataOptIn key can be found under: *HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection*.
+4. You can also remove the “CommercialId” key from: "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection". **This is an optional step**.
diff --git a/windows/deploy/update-windows-10-images-with-provisioning-packages.md b/windows/deploy/update-windows-10-images-with-provisioning-packages.md
index d292a6cba0..27b3025c15 100644
--- a/windows/deploy/update-windows-10-images-with-provisioning-packages.md
+++ b/windows/deploy/update-windows-10-images-with-provisioning-packages.md
@@ -8,6 +8,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: mobile
author: jdeckerMS
+redirect_url: https://technet.microsoft.com/itpro/windows/deploy/provisioning-packages
---
# Update Windows 10 images with provisioning packages
diff --git a/windows/deploy/upgrade-analytics-additional-insights.md b/windows/deploy/upgrade-analytics-additional-insights.md
index fd99d97682..3a3dd06910 100644
--- a/windows/deploy/upgrade-analytics-additional-insights.md
+++ b/windows/deploy/upgrade-analytics-additional-insights.md
@@ -1,81 +1,4 @@
---
title: Upgrade Analytics - Additional insights
-description: Explains additional features of Upgrade Analytics.
-ms.prod: w10
-author: greg-lindsay
+redirect_url: upgrade-readiness-additional-insights
---
-
-# Upgrade Analytics - Additional insights
-
-This topic provides information on additional features that are available in Upgrade Analytics to provide insights into your environment. These include:
-
-- [Site discovery](#site-discovery): An inventory of web sites that are accessed by client computers running Windows 7 or Windows 8.1 using Internet Explorer.
-- [Office add-ins](#office-add-ins): A list of the Microsoft Office add-ins that are installed on client computers.
-
-## Site discovery
-
-The site discovery feature in Upgrade Analytics provides an inventory of web sites that are accessed by client computers using Internet Explorer on Windows 8.1 and Windows 7. Site discovery does not include sites that are accessed using other Web browsers, such as Microsoft Edge. Site inventory information is provided as optional data related to upgrading to Windows 10 and Internet Explorer 11, and is meant to help prioritize compatibility testing for web applications. You can make more informed decisions about testing based on usage data.
-
-> Note: Site discovery data is disabled by default; you can find documentation on what is collected in the [Windows 7, Windows 8, and Windows 8.1 appraiser telemetry events and fields](https://go.microsoft.com/fwlink/?LinkID=822965). After you turn on this feature, data is collected on all sites visited by Internet Explorer, except during InPrivate sessions. In addition, the data collection process is silent, without notification to the employee. You are responsible for ensuring that your use of this feature complies with all applicable local laws and regulatory requirements, including any requirements to provide notice to employees.
-
-### Install prerequisite security update for Internet Explorer
-
-Ensure the following prerequisites are met before using site discovery:
-
-1. Install the latest [Windows Monthly Rollup](http://catalog.update.microsoft.com/v7/site/Search.aspx?q=security%20monthly%20quality%20rollup). This functionality has been included in Internet Explorer 11 starting with the July 2016 Cumulative Update.
-2. Install the update for customer experience and diagnostic telemetery ([KB3080149](https://support.microsoft.com/kb/3080149)).
-3. Enable Internet Explorer data collection, which is disabled by default. The best way to enable it is to modify the [Upgrade Analytics deployment script](upgrade-analytics-deployment-script.md) to allow Internet Explorer data collection before you run it.
-
- If necessary, you can also enable it by creating the following registry entry.
-
- HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\DataCollection
-
- Entry name: IEDataOptIn
-
- Data type: DWORD
-
- Values:
-
- > *IEOptInLevel = 0 Internet Explorer data collection is disabled*
- >
- > *IEOptInLevel = 1 Data collection is enabled for sites in the Local intranet + Trusted sites + Machine local zones*
- >
- > *IEOptInLevel = 2 Data collection is enabled for sites in the Internet + Restricted sites zones*
- >
- > *IEOptInLevel = 3 Data collection is enabled for all sites*
-
- For more information about Internet Explorer Security Zones, see [About URL Security Zones](https://msdn.microsoft.com/library/ms537183.aspx).
-
- 
-
-### Review most active sites
-
-This blade indicates the most visited sites by computers in your environment. Review this list to determine which web applications and sites are used most frequently. The number of visits is based on the total number of views, and not by the number of unique devices accessing a page.
-
-For each site, the fully qualified domain name will be listed. You can sort the data by domain name or by URL.
-
-
-
-Click the name of any site in the list to drill down into more details about the visits, including the time of each visit and the computer name.
-
-
-
-### Review document modes in use
-
-This blade provides information about which document modes are used in the sites that are visited in your environment. Document modes are used to provide compatibility with older versions of Internet Explorer. Sites that use older technologies may require additional testing and are less likely to be compatible with Microsoft Edge. Counts are based on total page views and not the number of unique devices. For more information about document modes, see [Deprecated document modes](https://technet.microsoft.com/itpro/internet-explorer/ie11-deploy-guide/deprecated-document-modes).
-
-
-
-### Run browser-related queries
-
-You can run predefined queries to capture more info, such as sites that have Enterprise Mode enabled, or the number of unique computers that have visited a site. For example, this query returns the most used ActiveX controls. You can modify and save the predefined queries.
-
-
-
-## Office add-ins
-
-Office add-ins provides a list of the Microsoft Office add-ins in your environment, and enumerates the computers that have these add-ins installed. This information should not affect the upgrade decision workflow, but can be helpful to an administrator.
-
-## Related topics
-
-[Upgrade Analytics release notes](upgrade-analytics-release-notes.md)
diff --git a/windows/deploy/upgrade-analytics-architecture.md b/windows/deploy/upgrade-analytics-architecture.md
index e7e639105a..d1ab6fecdb 100644
--- a/windows/deploy/upgrade-analytics-architecture.md
+++ b/windows/deploy/upgrade-analytics-architecture.md
@@ -1,30 +1,4 @@
---
title: Upgrade Analytics architecture (Windows 10)
-description: Describes Upgrade Analytics architecture.
-ms.prod: w10
-author: greg-lindsay
+redirect_url: upgrade-readiness-architecture
---
-
-# Upgrade Analytics architecture
-
-Microsoft analyzes system, application, and driver telemetry data to help you determine when computers are upgrade-ready, allowing you to simplify and accelerate Windows upgrades in your organization. The diagram below illustrates how Upgrade Analytics components work together in a typical installation.
-
-
-
-
-
-After you enable Windows telemetry on user computers and install the compatibility update KB (1), user computers send computer, application and driver telemetry data to a secure Microsoft data center through the Microsoft Data Management Service (2). After you configure Upgrade Analytics, telemetry data is analyzed by the Upgrade Analytics Service (3) and pushed to your OMS workspace (4). You can then use the Upgrade Analytics solution (5) to plan and manage Windows upgrades.
-
-For more information about what telemetry data Microsoft collects and how that data is used and protected by Microsoft, see:
-
-[Configure Windows telemetry in your organization](https://technet.microsoft.com/itpro/windows/manage/configure-windows-telemetry-in-your-organization)
-[Manage connections from Windows operating system components to Microsoft services](https://technet.microsoft.com/itpro/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services)
-[Windows 7, Windows 8, and Windows 8.1 appraiser telemetry events and fields](https://go.microsoft.com/fwlink/?LinkID=822965)
-
-##**Related topics**
-
-[Upgrade Analytics requirements](upgrade-analytics-requirements.md)
-[Upgrade Analytics release notes](upgrade-analytics-release-notes.md)
-[Get started with Upgrade Analytics](upgrade-analytics-get-started.md)
diff --git a/windows/deploy/upgrade-analytics-deploy-windows.md b/windows/deploy/upgrade-analytics-deploy-windows.md
index 57b8c26f7f..76c41c573a 100644
--- a/windows/deploy/upgrade-analytics-deploy-windows.md
+++ b/windows/deploy/upgrade-analytics-deploy-windows.md
@@ -1,97 +1,4 @@
---
title: Upgrade Analytics - Get a list of computers that are upgrade-ready (Windows 10)
-description: Describes how to get a list of computers that are ready to be upgraded in Upgrade Analytics.
-ms.prod: w10
-author: greg-lindsay
+redirect_url: upgrade-readiness-deploy-windows
---
-
-# Upgrade Analytics - Step 3: Deploy Windows
-
-All of your work up to now involved reviewing and resolving application and driver issues. Along the way, as you’ve resolved issues and decided which applications and drivers are ready to upgrade, you’ve been building a list of computers that are upgrade ready.
-The blades in the **Deploy** section are:
-
-- [Deploy eligible computers](#deploy-eligible-computers)
-- [Deploy computers by group](#computer-groups)
-
->Computers that are listed in this step are assigned an **UpgradeDecision** value, and the total count of computers in each upgrade decision category is displayed. Additionally, computers are assigned an **UpgradeAssessment** value. This value is displayed by drilling down into a specific upgrade decision category. For information about upgrade assessment values, see [Upgrade assessment](#upgrade-assessment).
-
-## Deploy eligible computers
-
-In this blade, computers grouped by upgrade decision are listed. The upgrade decision on the machines is a calculated value based on the upgrade decision status for the apps and drivers installed on the computer. This value cannot be modified directly. The upgrade decision is calculated in the following ways:
-- **Review in progress**: At least one app or driver installed on the computer is marked **Review in progress**.
-- **Ready to upgrade**: All apps and drivers installed on the computer are marked as **Ready to Upgrade**.
-- **Won’t upgrade**: At least one app or driver installed on the computer is marked as **Won’t upgrade**, or a system requirement is not met.
-
-
-
-
-
-Select **Export computers** for more details, including computer name, manufacturer and model, and Windows edition currently running on the computer. Sort or further query the data and then select **Export** to generate and save a comma-separated value (csv) list of upgrade-ready computers.
-
->**Important**
When viewing inventory items in table view, the maximum number of rows that can be viewed and exported is limited to 5,000. If you need to view or export more than 5,000 items, reduce the scope of the query so you can export fewer items at a time.
-
-## Computer groups
-
-Computer groups allow you to segment your environment by creating device groups based on OMS log search results, or by importing groups from Active Directory, WSUS or System Center Configuration Manager. Computer groups are an OMS feature. For more information, see [Computer groups in OMS](https://blogs.technet.microsoft.com/msoms/2016/04/04/computer-groups-in-oms/).
-
-Query based computer groups are recommended in the initial release of this feature. A feature known as **Configuration Manager Upgrade Analytics Connector** is anticipated in a future release that will enable synchronization of **ConfigMgr Collections** with computer groups in OMS.
-
-### Getting started with Computer Groups
-
-When you sign in to OMS, you will see a new blade entitled **Computer Groups**. See the following example:
-
-
-
-To create a computer group, open **Log Search** and create a query based on **Type=UAComputer**, for example:
-
-```
-Type=UAComputer Manufacturer=DELL
-```
-
-
-
-When you are satisfied that the query is returning the intended results, add the following text to your search:
-
-```
-| measure count() by Computer
-```
-
-This will ensure every computer only shows up once. Then, save your group by clicking **Save** and **Yes**. See the following example:
-
-
-
-Your new computer group will now be available in Upgrade Analytics. See the following example:
-
-
-
-### Using Computer Groups
-
-When you drill into a computer group, you will see that computers are categorized by **UpgradeDecision**. For computers with the status **Review in progress** or **Won’t upgrade** you can drill down to view issues that cause a computer to be in each category, or you can simply display a list of the computers in the category. For computers that are designated **Ready to upgrade**, you can go directly to the list of computers that are ready.
-
-
-
-Viewing a list of computers in a certain status is self-explanatory, Let’s look at what happens when you click the details link on **Review in progress**:
-
-
-
-Next, select if you want to see application issues (**UAApp**) or driver issues (**UADriver**). See the following example of selecting **UAApp**:
-
-
-
-A list of apps that require review so that Dell Computers are ready for upgrade to Windows 10 is displayed.
-
-### Upgrade assessment
-
-Upgrade assessment and guidance details are explained in the following table.
-
-| Upgrade assessment | Action required before or after upgrade pilot? | Issue | What it means | Guidance |
-|-----------------------|------------------------------------------------|----------|-----------------|---------------|
-| No known issues | No | None | Computers will upgrade seamlessly.
| OK to use as-is in pilot. |
-| OK to pilot, fixed during upgrade | No, for awareness only | Application or driver will not migrate to new OS | The currently installed version of an application or driver won’t migrate to the new operating system; however, a compatible version is installed with the new operating system. | OK to use as-is in pilot. |
-| OK to pilot with new driver from Windows Update | Yes | Driver will not migrate to new OS | The currently installed version of a driver won’t migrate to the new operating system; however, a newer, compatible version is available from Windows Update. | Although a compatible version of the driver is installed during upgrade, a newer version is available from Windows Update.
If the computer automatically receives updates from Windows Update, no action is required. Otherwise, replace the new in-box driver with the Windows Update version after upgrading.
|
-
-Select **Export computers** to view pilot-ready computers organized by operating system. After you select the computers you want to use in a pilot, click Export to generate and save a comma-separated value (csv) file.
-
->**Important**> When viewing inventory items in table view, the maximum number of rows that can be viewed and exported is limited to 5,000. If you need to view or export more than 5,000 items, reduce the scope of the query so you can export fewer items at a time.
\ No newline at end of file
diff --git a/windows/deploy/upgrade-analytics-deployment-script.md b/windows/deploy/upgrade-analytics-deployment-script.md
index a189c5290f..0db5694e53 100644
--- a/windows/deploy/upgrade-analytics-deployment-script.md
+++ b/windows/deploy/upgrade-analytics-deployment-script.md
@@ -1,101 +1,4 @@
---
title: Upgrade Analytics deployment script (Windows 10)
-description: Deployment script for Upgrade Analytics.
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: deploy
-author: greg-lindsay
----
-
-# Upgrade Analytics deployment script
-
-To automate the steps provided in [Get started with Upgrade Analytics](upgrade-analytics-get-started.md), and to troubleshoot data sharing issues, you can run the [Upgrade Analytics deployment script](https://go.microsoft.com/fwlink/?LinkID=822966&clcid=0x409), developed by Microsoft.
-
-For detailed information about using the upgrade analytics deployment script, also see the [Upgrade Analytics blog](https://blogs.technet.microsoft.com/upgradeanalytics/2016/09/20/new-version-of-the-upgrade-analytics-deployment-script-available/).
-
-> The following guidance applies to version 11.11.16 or later of the Upgrade Analytics deployment script. If you are using an older version, please download the latest from [Download Center](https://go.microsoft.com/fwlink/?LinkID=822966&clcid=0x409).
-
-The Upgrade Analytics deployment script does the following:
-
-1. Sets commercial ID key + CommercialDataOptIn + RequestAllAppraiserVersions keys.
-2. Verifies that user computers can send data to Microsoft.
-3. Checks whether the computer has a pending restart.
-4. Verifies that the latest version of KB package 10.0.x is installed (version 10.0.14348 or later is required, but version 10.0.14913 or later is recommended).
-5. If enabled, turns on verbose mode for troubleshooting.
-6. Initiates the collection of the telemetry data that Microsoft needs to assess your organization’s upgrade readiness.
-7. If enabled, displays the script’s progress in a cmd window, providing you immediate visibility into issues (success or fail for each step) and/or writes to log file.
-
-To run the Upgrade Analytics deployment script:
-
-1. Download the [Upgrade Analytics deployment script](https://go.microsoft.com/fwlink/?LinkID=822966&clcid=0x409) and extract UpgradeAnalytics.zip. Inside, there are two folders: Pilot and Deployment. The Pilot folder contains advanced logging that can help troubleshoot issues and is intended to be run from an elevated command prompt. The Deployment folder offers a lightweight script intended for broad deployment through ConfigMgr or other software deployment system. We recommend manually running the Pilot version of the script on 5-10 machines to verify that everything is configured correctly. Once you have confirmed that data is flowing successfully, proceed to run the Deployment version throughout your organization.
-
-2. Edit the following parameters in RunConfig.bat:
-
- 1. Provide a storage location for log information. You can store log information on a remote file share or a local directory. If the script is blocked from creating the log file for the given path, it creates the log files in the drive with the Windows directory. Example: %SystemDrive%\\UADiagnostics
-
- 2. Input your commercial ID key. This can be found in your OMS workspace under Settings -> Connected Sources -> Windows Telemetry.
-
- 3. By default, the script sends log information to both the console and the log file. To change the default behavior, use one of the following options:
-
- > *logMode = 0 log to console only*
->
- > *logMode = 1 log to file and console*
->
- > *logMode = 2 log to file only*
-
-3. To enable Internet Explorer data collection, set AllowIEData to IEDataOptIn. By default, AllowIEData is set to Disable. Then use one of the following options to determine what Internet Explorer data can be collected:
-
- > *IEOptInLevel = 0 Internet Explorer data collection is disabled*
- >
- > *IEOptInLevel = 1 Data collection is enabled for sites in the Local intranet + Trusted sites + Machine local zones*
- >
- > *IEOptInLevel = 2 Data collection is enabled for sites in the Internet + Restricted sites zones*
- >
- > *IEOptInLevel = 3 Data collection is enabled for all sites*
-
-4. After you finish editing the parameters in RunConfig.bat, you are ready to run the script. If you are using the Pilot version, run RunConfig.bat from an elevated command prompt. If you are using the Deployment version, use ConfigMgr or other software deployment service to run RunConfig.bat as system.
-
-The deployment script displays the following exit codes to let you know if it was successful, or if an error was encountered.
-
-
-
-
-Exit code Meaning Suggested fix
- 0 Success
- 1 Unexpected error occurred while executing the script The files in the deployment script are likely corrupted. Download the [latest script](https://go.microsoft.com/fwlink/?LinkID=822966&clcid=0x409) from the download center and try again.
- 2 Error when logging to console. $logMode = 0. Try changing the $logMode value to **1** and try again.
- 3 Error when logging to console and file. $logMode = 1. Verify that you have set the logPath parameter in RunConfig.bat, and that the configuration script has access to connect and write to this location.
- 4 Error when logging to file. $logMode = 2. Verify that you have set the logPath parameter in RunConfig.bat, and that the configuration script has access to connect and write to this location.
- 5 Error when logging to console and file. $logMode = unknown. Verify that you have set the logPath parameter in RunConfig.bat, and that the configuration script has access to connect and write to this location.
- 6 The commercialID parameter is set to unknown. Modify the script. Set the value for CommercialID in runconfig.bat file.
- 8 Failure to create registry key path: HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection. Verify that the configuration script has access to this location.
- 9 Error when writing CommercialId to registry. Verify that the configuration script has access to this location.
- 10 Error when writing CommercialDataOptIn to registry. Verify that the configuration script has access to this location.
- 11 Function -SetupCommercialId: Unexpected failure. Verify that the configuration script has access to this location.
- 12 Can’t connect to Microsoft – Vortex. Check your network/proxy settings. Verify that the required endpoints are whitelisted correctly.
- 13 Can’t connect to Microsoft – setting. Verify that the required endpoints are whitelisted correctly.
- 14 Can’t connect to Microsoft – compatexchange. Verify that the required endpoints are whitelisted.
- 15 Error connecting to Microsoft:Unexpected failure.
- 16 Machine requires reboot. The reboot is required to complete the installation of the compatibility update and related KBs. Reboot the machine before running the Upgrade Analytics deployment script.
- 17 Function -CheckRebootRequired: Unexpected failure. The reboot is required to complete the installation of the compatibility update and related KBs. Reboot the machine before running the Upgrade Analytics deployment script.
- 18 Outdated compatibility update KB package. Update via Windows Update/WSUS.
-The configuration script detected a version of the Compatibility update module that is older than the minimum required to correctly collect the data required by Upgrade Analytics solution. Use the latest version of the Compatibility update for Windows 7 SP1/Windows 8.1.
- 19 The compatibility update failed with unexpected exception. The files in the deployment script are likely corrupted. Download the [latest script](https://go.microsoft.com/fwlink/?LinkID=822966&clcid=0x409) from the download center and try again.
- 20 Error writing RequestAllAppraiserVersions registry key. This registry key is required for data collection to work correctly. Verify that the configuration script has access to this location.
- 21 Function – SetRequestAllAppraiserVersions: Unexpected failure. This registry key is required for data collection to work correctly. Verify that the configuration script has access to this location.
- 22 RunAppraiser failed with unexpected exception. Check %windir%\System32 directory for a file called CompatTelRunner.exe. If the file does not exist, reinstall the required compatibility updates which include this file, and check your organization group policy to make sure it does not remove this file.
- 23 Error finding system variable %WINDIR%. Make sure that this environment variable is available on the machine.
- 24 SetIEDataOptIn failed when writing IEDataOptIn to registry. Verify that the deployment script in running in a context that has access to the registry key.
- 25 SetIEDataOptIn failed with unexpected exception. The files in the deployment script are likely corrupted. Download the latest script from the [download center](https://go.microsoft.com/fwlink/?LinkID=822966&clcid=0x409) and try again.
- 26 The operating system is Server or LTSB SKU. The script does not support Server or LTSB SKUs.
- 27 The script is not running under System account. The Upgrade Analytics configuration script must be run as system.
- 28 Could not create log file at the specified logPath. Make sure the deployment script has access to the location specified in the logPath parameter.
- 29 Connectivity check failed for proxy authentication. Install the cumulative updates on the machine and enable the `DisableEnterpriseAuthProxy` authentication proxy setting. The `DisableEnterpriseAuthProxy` setting is enabled by default for Windows 7. For Windows 8.1 machines, set the `DisableEnterpriseAuthProxy` setting to **0** (not disabled). For more information on authentication proxy support, see [this blog post](https://go.microsoft.com/fwlink/?linkid=838688).
- 30 Connectivity check failed. Registry key property `DisableEnterpriseAuthProxy` is not enabled. The `DisableEnterpriseAuthProxy` setting is enabled by default for Windows 7. For Windows 8.1 machines, set the `DisableEnterpriseAuthProxy` setting to **0** (not disabled). For more information on authentication proxy support, see [this blog post](https://go.microsoft.com/fwlink/?linkid=838688).
- 31 There is more than one instance of the Upgrade Analytics data collector running at the same time on this machine. Use the Windows Task Manager to check if CompatTelRunner.exe is running, and wait until it has completed to rerun the script.
-**The Upgrade Analytics task is scheduled to run daily at 3 a.m.**
-
- - [Upgrade Analytics requirements](https://technet.microsoft.com/itpro/windows/deploy/upgrade-analytics-requirements): Provides detailed requirements to use Upgrade Analytics.
- - [Upgrade Analytics blog](https://blogs.technet.microsoft.com/UpgradeAnalytics): Contains announcements of new features and provides helpful tips for using Upgrade Analytics.
-
->If you are using System Center Configuration Manager, also check out information about how to integrate Upgrade Analytics with Configuration Manager: [Integrate Upgrade Analytics with System Center Configuration Manager](https://docs.microsoft.com/sccm/core/clients/manage/upgrade/upgrade-analytics).
-
-When you are ready to begin using Upgrade Analytics, perform the following steps:
-
-1. Review [data collection and privacy](#data-collection-and-privacy) information.
-2. [Add Upgrade Analytics to OMS](#add-upgrade-analytics-to-operations-management-suite).
-3. [Enable data sharing](#enable-data-sharing).
-4. [Deploy required updates](#deploy-the-compatibility-update-and-related-kbs) to computers, and validate using a pilot deployment.
-5. [Deploy Upgrade Analytics at scale](#deploy-upgrade-analytics-at-scale).
-
-## Data collection and privacy
-
-To enable system, application, and driver data to be shared with Microsoft, you must configure user computers to send data. For information about what telemetry data Microsoft collects and how that data is used and protected by Microsoft, see the following topics:
-
-- [Configure Windows telemetry in your organization](https://technet.microsoft.com/itpro/windows/manage/configure-windows-telemetry-in-your-organization)
-- [Manage connections from Windows operating system components to Microsoft services](https://technet.microsoft.com/itpro/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services)
-- [Windows 7, Windows 8, and Windows 8.1 appraiser telemetry events and fields](https://go.microsoft.com/fwlink/?LinkID=822965)
-
-## Add Upgrade Analytics to Operations Management Suite
-
-Upgrade Analytics is offered as a solution in the Microsoft Operations Management Suite (OMS), a collection of cloud based services for managing your on-premises and cloud environments. For more information about OMS, see [Operations Management Suite overview](http://azure.microsoft.com/documentation/articles/operations-management-suite-overview/).
-
-If you are already using OMS, you’ll find Upgrade Analytics in the Solutions Gallery. Select the **Upgrade Analytics** tile in the gallery and then click **Add** on the solution's details page. Upgrade Analytics is now visible in your workspace.
-
-If you are not using OMS:
-
-1. Go to the [Upgrade Analytics page on Microsoft.com](https://go.microsoft.com/fwlink/?LinkID=799190&clcid=0x409) and click **Sign up** to kick off the onboarding process.
-2. Sign in to Operations Management Suite (OMS). You can use either a Microsoft Account or a Work or School account to create a workspace. If your company is already using Azure Active Directory (Azure AD), use a Work or School account when you sign in to OMS. Using a Work or School account allows you to use identities from your Azure AD to manage permissions in OMS.
-3. Create a new OMS workspace. Enter a name for the workspace, select the workspace region, and provide the email address that you want associated with this workspace. Select **Create**.
-4. If your organization already has an Azure subscription, you can link it to your workspace. Note that you may need to request access from your organization’s Azure administrator.
-
- > If your organization does not have an Azure subscription, create a new one or select the default OMS Azure subscription from the list. Your workspace opens.
-
-1. To add the Upgrade Analytics solution to your workspace, go to the **Solutions Gallery**. Select the **Upgrade Analytics** tile in the gallery and then select **Add** on the solution’s details page. The solution is now visible on your workspace. Note that you may need to scroll to find Upgrade Analytics.
-
-2. Click the **Upgrade Analytics** tile to configure the solution. The **Settings Dashboard** opens.
-
-### Generate your commercial ID key
-
-Microsoft uses a unique commercial ID to map information from user computers to your OMS workspace. Generate your commercial ID key in OMS and then deploy it to user computers.
-
-1. On the Settings Dashboard, navigate to the **Windows telemetry** panel.
-
- 
-
-2. On the Windows telemetry panel, copy and save your commercial ID key. You’ll need to insert this key into the Upgrade Analytics deployment script later so it can be deployed to user computers.
-
- >**Important**
Regenerate a commercial ID key only if your original ID key can no longer be used. Regenerating a commercial ID key resets the data in your workspace for all solutions that use the ID. Additionally, you’ll need to deploy the new commercial ID key to user computers again.
-
-### Subscribe to Upgrade Analytics
-
-For Upgrade Analytics to receive and display upgrade readiness data from Microsoft, subscribe your OMS workspace to Upgrade Analytics.
-
-1. On the **Windows telemetry** panel, click **Subscribe**. The button changes to **Unsubscribe**. Unsubscribe from the Upgrade Analytics solution if you no longer want to receive upgrade-readiness information from Microsoft. Note that user computer data will continue to be shared with Microsoft for as long as the opt-in keys are set on user computers and the proxy allows the traffic.
-
-1. Click **Overview** on the Settings Dashboard to return to your OMS workspace portal. The Upgrade Analytics tile now displays summary data. Click the tile to open Upgrade Analytics.
-
-## Enable data sharing
-
-To enable data sharing, whitelist the following endpoints. Note that you may need to get approval from your security group to do this.
-
-Note: The compatibility update KB runs under the computer’s system account. If you are using user authenticated proxies, read [this blog post](https://go.microsoft.com/fwlink/?linkid=838688) to learn what you need to do to run it under the logged on user account.
-
-| **Endpoint** | **Function** |
-|---------------------------------------------------------|-----------|
-| `https://v10.vortex-win.data.microsoft.com/collect/v1`
`https://Vortex-win.data.microsoft.com/health/keepalive` | Connected User Experience and Telemetry component endpoint. User computers send data to Microsoft through this endpoint. |
-| `https://settings.data.microsoft.com/qos` | Enables the compatibility update KB to send data to Microsoft. |
-| `https://go.microsoft.com/fwlink/?LinkID=544713`
`https://compatexchange1.trafficmanager.net/CompatibilityExchangeService.svc` | This service provides driver information about whether there will be a driver available post-upgrade for the hardware on the system. |
-
-
-## Deploy the compatibility update and related KBs
-
-The compatibility update KB scans your computers and enables application usage tracking. If you don’t already have these KBs installed, you can download the applicable version from the Microsoft Update Catalog or deploy it using Windows Server Update Services (WSUS) or your software distribution solution, such as System Center Configuration Manager.
-
-| **Operating System** | **KBs** |
-|----------------------|-----------------------------------------------------------------------------|
-| Windows 8.1 | [KB 2976978](http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB2976978)
Performs diagnostics on the Windows 8.1 systems that participate in the Windows Customer Experience Improvement Program. These diagnostics help determine whether compatibility issues may be encountered when the latest Windows operating system is installed.
For more information about this KB, see
[KB 3150513](https://catalog.update.microsoft.com/v7/site/Search.aspx?q=3150513)
Provides updated configuration and definitions for compatibility diagnostics performed on the system.
For more information about this KB, see
NOTE: KB2976978 must be installed before you can download and install KB3150513. |
-| Windows 7 SP1 | [KB2952664](http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB2952664)
Performs diagnostics on the Windows 7 SP1 systems that participate in the Windows Customer Experience Improvement Program. These diagnostics help determine whether compatibility issues may be encountered when the latest Windows operating system is installed.
For more information about this KB, see
[KB 3150513](https://catalog.update.microsoft.com/v7/site/Search.aspx?q=3150513)
Provides updated configuration and definitions for compatibility diagnostics performed on the system.
For more information about this KB, see
NOTE: KB2952664 must be installed before you can download and install KB3150513. |
-
-IMPORTANT: Restart user computers after you install the compatibility update KBs for the first time.
-
-If you are planning to enable IE Site Discovery, you will need to install a few additional KBs.
-
-| **Site discovery** | **KB** |
-|----------------------|-----------------------------------------------------------------------------|
-| [Review site discovery](upgrade-analytics-review-site-discovery.md) | [KB3080149](http://www.catalog.update.microsoft.com/Search.aspx?q=3080149)
Updates the Diagnostic and Telemetry tracking service to existing devices. This update is only necessary on Windows 7 and Windows 8.1 devices.
For more information about this KB, see
Install the latest [Windows Monthly Rollup](http://catalog.update.microsoft.com/v7/site/Search.aspx?q=security%20monthly%20quality%20rollup). This functionality has been included in Internet Explorer 11 starting with the July 2016 Cumulative Update. |
-
-### Deploy the Upgrade Analytics deployment script
-
-You can use the Upgrade Analytics deployment script to automate and verify your deployment.
-
-See [Upgrade Analytics deployment script](upgrade-analytics-deployment-script.md) for information on obtaining and running the script, and for a description of the error codes that can be displayed.
-
->After data is sent from computers to Microsoft, it generally takes 48 hours for the data to populate in Upgrade Analytics. The compatibility update KB takes several minutes to run. If the KB does not get a chance to finish running or if the computers are inaccessible (turned off or sleeping for example), data will take longer to populate in Upgrade Analytics. For this reason, you can expect most your computers to be populated in OMS in about 1-2 weeks after deploying the KB and configuration to user computers.
-
-## Deploy Upgrade Analytics at scale
-
-When you have completed a pilot deployment, you are ready to automate data collection and distribute the deployment script to the remaining computers in your organization.
-
-### Automate data collection
-
-To ensure that user computers are receiving the most up to date data from Microsoft, we recommend that you establish the following data sharing and analysis processes.
-
-- Enable automatic updates for the compatibility update and related KBs. These KBs are updated frequently to include the latest application and driver issue information as we discover it during testing.
-- Schedule the Upgrade Analytics deployment script to automatically run so that you don’t have to manually initiate an inventory scan each time the compatibility update KBs are updated. Computers are re-scanned only when the compatibility KBs are updated, so if your inventory changes significantly between KB releases you won’t see the changes in Upgrade Analytics until you run the script again.
-- Schedule monthly user computer scans to view monthly active computer and usage information.
-
-### Distribute the deployment script at scale
-
-Use a software distribution system such as System Center Configuration Manager to distribute the Upgrade Analytics deployment script at scale. For more information, see the [Upgrade Analytics blog](https://blogs.technet.microsoft.com/upgradeanalytics/2016/09/20/new-version-of-the-upgrade-analytics-deployment-script-available/).
\ No newline at end of file
+redirect_url: upgrade-readiness-get-started
+---
\ No newline at end of file
diff --git a/windows/deploy/upgrade-analytics-identify-apps.md b/windows/deploy/upgrade-analytics-identify-apps.md
index cfd5df068f..6ff2df414c 100644
--- a/windows/deploy/upgrade-analytics-identify-apps.md
+++ b/windows/deploy/upgrade-analytics-identify-apps.md
@@ -1,36 +1,5 @@
---
title: Upgrade Analytics - Identify important apps (Windows 10)
-description: Describes how to prepare your environment so that you can use Upgrade Analytics to manage Windows upgrades.
-ms.prod: w10
-author: greg-lindsay
+redirect_url: upgrade-readiness-identify-apps
---
-# Upgrade Analytics - Step 1: Identify important apps
-
-This is the first step of the Upgrade Analytics workflow. In this step, applications are listed and grouped by importance level. Setting the importance level enables you to prioritize applications for upgrade.
-
-
-
-
-
-Select **Assign importance** to change an application’s importance level. By default, applications are marked **Not reviewed** or **Low install count** until you assign a different importance level to them.
-
-To change an application’s importance level:
-
-1. Select **Not reviewed** or **Low install count** on the **Prioritize applications** blade to view the list of applications with that importance level.
-2. Select the applications you want to change to a specific importance level and then select the appropriate option from the **Select importance level** list.
-3. Click **Save** when finished.
-
-Importance levels include:
-
-| Importance level | When to use it | Recommendation |
-|--------------------|------------------|------------------|
-| Low install count | We give you a head start by identifying applications that are installed on 2% or less of your total computer inventory. \[Number of computers application is installed on/total number of computers in your inventory.\]
Low install count applications are automatically marked as **Ready to upgrade** in the **UpgradeDecision** column unless they have issues that need attention.
| Be sure to review low install count applications for any business critical or important applications that are not yet upgrade-ready, despite their low installation rates. For example, payroll apps or tax accounting apps tend to be installed on a relatively small number of machines but are still considered business critical applications.
|
-| Not reviewed | Applications that are installed on more than 2% of your total computer inventory are marked not reviewed until you set their importance level.
| Once you’ve started to investigate an application to determine its importance level and upgrade readiness, change its status to **Review in progress** in both the **Importance** and **UpgradeDecision** columns. |
-| Business critical | By default, no applications are marked as business critical because only you can make that determination. If you know that an application is critical to your organization’s functioning, mark it **Business critical**.
| You may also want to change the application’s status to **Review in progress** in the **UpgradeDecision** column to let other team members know that you’re working on getting this business critical application upgrade-ready. Once you’ve fixed any issues and validated that the application will migrate successfully, change the upgrade decision to **Ready to upgrade**.
|
-| Important | By default, no applications are marked as important because only you can make that determination. If the application is important but not critical to your organization’s functioning, mark it **Important**. | You may also want to change the application’s status to **Review in progress** in the **UpgradeDecision** column to let other team members know that you’re working on getting this important application upgrade-ready. Once you’ve fixed any issues and validated that the application will migrate successfully, change the upgrade decision to **Ready to upgrade**.
|
-| Ignore | By default, no applications are marked as ignore because only you can make that determination. If the application is not important to your organization’s functioning, such as user-installed applications and games, you may not want to spend time and money validating that these applications will migrate successfully. Mark these applications **Ignore**.
| Set the application’s importance level to **Ignore** to let other team members know that it can be left as-is with no further investigation or testing. If you set the importance level to ignore, and this is an app that you are not planning on testing or validating, consider changing the upgrade decision to **Ready to upgrade**. By marking these apps ready to upgrade, you are indicating that you are comfortable upgrading with the app remaining in its current state.
|
-| Review in progress | Once you’ve started to investigate an application to determine its importance level and upgrade readiness, change its status to **Review in progress** in both the **Importance** and **UpgradeDecision** columns.
| As you learn more about the application’s importance to your organization’s functioning, change the importance level to **Business critical**, **Important**, or **Ignore**.
Until you’ve determined that priority applications will migrate successfully, leave the upgrade decision status as **Review in progress**.
|
-
diff --git a/windows/deploy/upgrade-analytics-prepare-your-environment.md b/windows/deploy/upgrade-analytics-prepare-your-environment.md
index 78eeaa078b..796b1298d8 100644
--- a/windows/deploy/upgrade-analytics-prepare-your-environment.md
+++ b/windows/deploy/upgrade-analytics-prepare-your-environment.md
@@ -1,4 +1,4 @@
---
title: Upgrade Analytics - Identify important apps (Windows 10)
-redirect_url: upgrade-analytics-identify-apps
+redirect_url: upgrade-readiness-identify-apps
---
\ No newline at end of file
diff --git a/windows/deploy/upgrade-analytics-release-notes.md b/windows/deploy/upgrade-analytics-release-notes.md
index dbf92527d7..694618d4d7 100644
--- a/windows/deploy/upgrade-analytics-release-notes.md
+++ b/windows/deploy/upgrade-analytics-release-notes.md
@@ -1,5 +1,4 @@
---
title: Upgrade Analytics release notes (Windows 10)
-description: Provides tips and limitations about Upgrade Analytics.
-redirect_url: https://technet.microsoft.com/itpro/windows/deploy/upgrade-analytics-requirements#important-information-about-this-release
+redirect_url: https://technet.microsoft.com/itpro/windows/deploy/upgrade-readiness-requirements#important-information-about-this-release
---
\ No newline at end of file
diff --git a/windows/deploy/upgrade-analytics-requirements.md b/windows/deploy/upgrade-analytics-requirements.md
index 3875acc090..1b99be1621 100644
--- a/windows/deploy/upgrade-analytics-requirements.md
+++ b/windows/deploy/upgrade-analytics-requirements.md
@@ -1,88 +1,5 @@
---
title: Upgrade Analytics requirements (Windows 10)
-description: Provides requirements for Upgrade Analytics.
-ms.prod: w10
-author: greg-lindsay
+redirect_url: upgrade-readiness-requirements
---
-# Upgrade Analytics requirements
-
-This article introduces concepts and steps needed to get up and running with Upgrade Analytics. We recommend that you review this list of requirements before getting started as you may need to collect information, such as account credentials, and get approval from internal IT groups, such as your network security group, before you can start using Upgrade Analytics.
-
-## Supported upgrade paths
-
-To perform an in-place upgrade, user computers must be running the latest version of either Windows 7 SP1 or Windows 8.1. After you enable Windows telemetry, Upgrade Analytics performs a full inventory of computers so that you can see which version of Windows is installed on each computer.
-
-The compatibility update KB that sends telemetry data from user computers to Microsoft data centers works with Windows 7 SP1 and Windows 8.1 only. Upgrade Analytics cannot evaluate Windows XP or Windows Vista for upgrade eligibility.
-
-
-
-If you need to update user computers to Windows 7 SP1 or Windows 8.1, use Windows Update or download and deploy the applicable package from the Microsoft Download Center.
-
-Note: Upgrade Analytics is designed to best support in-place upgrades. In-place upgrades do not support migrations from BIOS to UEFI or from 32-bit to 64-bit architecture. If you need to migrate computers in these scenarios, use the wipe-and-reload method. Upgrade Analytics insights are still valuable in this scenario, however, you can ignore in-place upgrade specific guidance.
-
-See [Windows 10 Specifications](http://www.microsoft.com/en-US/windows/windows-10-specifications) for additional information about computer system requirements.
-
-## Operations Management Suite
-
-Upgrade Analytics is offered as a solution in the Microsoft Operations Management Suite (OMS), a collection of cloud based services for managing on premise and cloud computing environments. For more information about OMS, see [Operations Management Suite overview](http://azure.microsoft.com/en-us/documentation/articles/operations-management-suite-overview/).
-
-If you’re already using OMS, you’ll find Upgrade Analytics in the Solutions Gallery. Click the Upgrade Analytics tile in the gallery and then click Add on the solution’s details page. Upgrade Analytics is now visible in your workspace.
-
-If you are not using OMS, go to [the Upgrade Analytics page on Microsoft.com](https://www.microsoft.com/en-us/WindowsForBusiness/upgrade-analytics) and select **Sign up** to kick off the OMS onboarding process. During the onboarding process, you’ll create an OMS workspace and add the Upgrade Analytics solution to it.
-
-Important: You can use either a Microsoft Account or a Work or School account to create a workspace. If your company is already using Azure Active Directory, use a Work or School account when you sign in to OMS. Using a Work or School account allows you to use identities from your Azure AD to manage permissions in OMS.
-
-## System Center Configuration Manager integration
-
-Upgrade Analytics can be integrated with your installation of Configuration Manager. For more information, see [Integrate Upgrade Analytics with System Center Configuration Manager](https://docs.microsoft.com/sccm/core/clients/manage/upgrade/upgrade-analytics).
-
-## Telemetry and data sharing
-
-After you’ve signed in to Operations Management Suite and added the Upgrade Analytics solution to your workspace, you’ll need to complete the following tasks to allow user computer data to be shared with and assessed by Upgrade Analytics.
-
-See [Windows 7, Windows 8, and Windows 8.1 appraiser telemetry events and fields](https://go.microsoft.com/fwlink/?LinkID=822965) for more information about what user computer data Upgrade Analytics collects and assesses. See [Configure Windows telemetry in your organization](https://technet.microsoft.com/itpro/windows/manage/configure-windows-telemetry-in-your-organization) for more information about how Microsoft uses Windows telemetry data.
-
-**Whitelist telemetry endpoints.** To enable telemetry data to be sent to Microsoft, you’ll need to whitelist the following Microsoft telemetry endpoints on your proxy server or firewall. You may need to get approval from your security group to do this.
-
-`https://v10.vortex-win.data.microsoft.com/collect/v1`
-`https://vortex-win.data.microsoft.com/health/keepalive`
-`https://settings-win.data.microsoft.com/settings`
-`https://vortex.data.microsoft.com/health/keepalive`
-`https://settings.data.microsoft.com/qos`
-`https://go.microsoft.com/fwlink/?LinkID=544713`
-`https://compatexchange1.trafficmanager.net/CompatibilityExchangeService.svc/extended`
-
->**Note** The compatibility update KB runs under the computer’s system account and does not support user authentication in this release.
-
-**Generate your commercial ID key.** Microsoft uses a unique commercial ID GUID to map data from your computers to your OMS workspace. You’ll need to generate your commercial ID key in OMS. We recommend that you save your commercial ID key as you’ll need it later.
-
-**Subscribe your OMS workspace to Upgrade Analytics.** For Upgrade Analytics to receive and display upgrade readiness data from Microsoft, you’ll need to subscribe your OMS workspace to Upgrade Analytics.
-
-**Enable telemetry and connect data sources.** To allow Upgrade Analytics to collect system, application, and driver data and assess your organization’s upgrade readiness, communication must be established between Upgrade Analytics and user computers. You’ll need to connect Upgrade Analytics to your data sources and enable telemetry to establish communication.
-
-**Deploy compatibility update and related KBs.** The compatibility update KB scans your systems and enables application usage tracking. If you don’t already have this KB installed, you can download the applicable version from the Microsoft Update Catalog or deploy it using Windows Server Update Services (WSUS) or your software distribution solution, such as System Center Configuration Manager.
-
->**Important**
The compatibility update and related KBs are updated frequently to include new compatibility issues as they become known to Microsoft. We recommend that you use a deployment system that allows for automatic updates of these KBs. The compatibility update KB collects inventory information from computers only when it is updated.
-
-**Configure and deploy Upgrade Analytics deployment script.** Configure and deploy the Upgrade Analytics deployment script to user computers to finish setting up.
-
-## Important information about this release
-
-Before you get started configuring Upgrade Anatlyics, review the following tips and limitations about this release.
-
-**User authenticated proxies are not supported in this release.** User computers communicate with Microsoft through Windows telemetry. The Windows telemetry client runs in System context and requires a connection to various Microsoft telemetry endpoints. User authenticated proxies are not supported at this time. Work with your Network Administrator to ensure that user computers can communicate with telemetry endpoints.
-
-**Upgrade Analytics does not support on-premises Windows deployments.** Upgrade Analytics is built as a cloud service, which allows Upgrade Analytics to provide you with insights based on the data from user computers and other Microsoft compatibility services. Cloud services are easy to get up and running and are cost-effective because there is no requirement to physically implement and maintain services on-premises.
-
-**In-region data storage requirements.** Windows telemetry data from user computers is encrypted, sent to, and processed at Microsoft-managed secure data centers located in the US. Our analysis of the upgrade readiness-related data is then provided to you through the Upgrade Analytics solution in the Microsoft Operations Management Suite (OMS) portal. At the time this topic is being published, only OMS workspaces created in the East US and West Europe are supported. We’re adding support for additional regions and we’ll update this information when new international regions are supported.
-
-### Tips
-
-- When viewing inventory items in table view, the maximum number of rows that can be viewed and exported is limited to 5,000. If you need to view or export more than 5,000 items, reduce the scope of the query so you can export a list with fewer items.
-
-- Sorting data by clicking a column heading may not sort your complete list of items. For information about how to sort data in OMS, see [Sorting DocumentDB data using Order By](https://azure.microsoft.com/documentation/articles/documentdb-orderby).
-
-## Get started
-
-See [Get started with Upgrade Analytics](upgrade-analytics-get-started.md) for detailed, step-by-step instructions for configuring Upgrade Analytics and getting started on your Windows upgrade project.
diff --git a/windows/deploy/upgrade-analytics-resolve-issues.md b/windows/deploy/upgrade-analytics-resolve-issues.md
index ec6f782f9e..9514c81869 100644
--- a/windows/deploy/upgrade-analytics-resolve-issues.md
+++ b/windows/deploy/upgrade-analytics-resolve-issues.md
@@ -1,145 +1,5 @@
---
title: Upgrade Analytics - Resolve application and driver issues (Windows 10)
-description: Describes how to resolve application and driver issues that can occur during an upgrade with Upgrade Analytics.
-ms.prod: w10
-author: greg-lindsay
+redirect_url: upgrade-readiness-resolve-issues
---
-# Upgrade Analytics - Step 2: Resolve app and driver issues
-
-This section of the Upgrade Analytics workflow reports application and driver inventory and shows you which applications have known issues, which applications have no known issues, and which drivers have issues. We identify applications and drivers that need attention and suggest fixes when we know about them.
-
-You can change an application’s upgrade decision and a driver’s upgrade decision from the blades in this section. To change an application’s or a driver’s importance level, select **User changes**. Select the item you want to change and then select the appropriate option from the **Select upgrade decision** list.
-
-Upgrade decisions include:
-
-| Upgrade decision | When to use it | Guidance |
-|--------------------|-------------------|-------------|
-| Not reviewed | All drivers are marked as Not reviewed by default.
Any app that has not been marked **Low install count** will also have an upgrade decision of **Not reviewed** by default.
| Apps you have not yet reviewed or are waiting to review later should be marked as **Not reviewed**. When you start to investigate an application or a driver to determine upgrade readiness, change their upgrade decision to **Review in progress**.
|
-| Review in progress | When you start to investigate an application or a driver to determine upgrade readiness, change its upgrade decision to **Review in progress**.
Until you’ve determined that applications and drivers will migrate successfully or you’ve resolved blocking issues, leave the upgrade decision status as **Review in progress**.
| Once you’ve fixed any issues and validated that the application or driver will migrate successfully, change the upgrade decision to **Ready to upgrade**.
|
-| Ready to upgrade | Mark applications and drivers **Ready to upgrade** once you’ve resolved all blocking issues and you’re confident that they will upgrade successfully, or if you’ve decided to upgrade them as-is. | Applications with no known issues and with low installation rates are marked **Ready to upgrade** by default.
In Step 1, you might have marked some of your apps as **Ignore**. These should be marked as **Ready to upgrade**. Apps with low installation rates are marked as **Ready to upgrade** by default. Be sure to review any low install count applications for any business critical or important applications that are not yet upgrade-ready, despite their low installation rates.
|
-| Won’t upgrade | By default, no applications or drivers are marked **Won’t upgrade** because only you can make that determination.
Use **Won’t upgrade** for applications and drivers that you do not work on your target operating system, or that you are unable to upgrade.
| If, during your investigation into an application or driver, you determine that they should not or cannot be upgraded, mark them **Won’t upgrade**.
|
-
-The blades in the **Resolve issues** section are:
-
-- Review applications with known issues
-- Review applications with no known issues
-- Review drivers with known issues
-
-As you review applications with known issues, you can also see ISV support statements or applications using [Ready for Windows](https://www.readyforwindows.com/).
-
-## Review applications with known issues
-
-Applications with issues known to Microsoft are listed, grouped by upgrade assessment into **Attention needed** or **Fix available**.
-
-
-
-
-
-To change an application's upgrade decision:
-
-1. Select **Decide upgrade readiness** to view applications with issues.
-2. In the table view, select an **UpgradeDecision** value.
-3. Select **Decide upgrade readiness** to change the upgrade decision for each application.
-4. Select the applications you want to change to a specific upgrade decision and then then select the appropriate option from the **Select upgrade decision** list.
-5. Click **Save** when finished.
-
-IMORTANT: Ensure that you have the most recent versions of the compatibility update and related KBs installed to get the most up-to-date compatibility information.
-
-For applications assessed as **Attention needed**, review the table below for details about known issues and for guidance about how to resolve them, when possible.
-
-| Upgrade Assessment | Action required prior to upgrade? | Issue | What it means | Guidance |
-|--------------------|-----------------------------------|-----------|-----------------|------------|
-| Attention needed | No | Application is removed during upgrade | Compatibility issues were detected and the application will not migrate to the new operating system.
| No action is required for the upgrade to proceed. |
-| Attention needed | Yes | Blocking upgrade | Blocking issues were detected and Upgrade Analytics is not able to remove the application during upgrade.
The application may work on the new operating system.
| Remove the application before upgrading, and reinstall and test on new operating system. |
-| Attention needed | No | Evaluate application on new OS | The application will migrate, but issues were detected that may impact its performance on the new operating system. | No action is required for the upgrade to proceed, but be sure to test the application on the new operating system.
|
-| Attention needed | No | Does not work with new OS, but won’t block upgrade | The application is not compatible with the new operating system, but won’t block the upgrade. | No action is required for the upgrade to proceed, however, you’ll have to install a compatible version of the application on the new operating system.
|
-| Attention needed | Yes | Does not work with new OS, and will block upgrade | The application is not compatible with the new operating system and will block the upgrade. | Remove the application before upgrading.
A compatible version of the application may be available.
|
-| Attention needed | Yes | May block upgrade, test application | Issues were detected that may interfere with the upgrade, but need to be investigated further.
| Test the application’s behavior during upgrade. If it blocks the upgrade, remove it before upgrading and reinstall and test it on the new operating system.
|
-| Attention needed | Maybe | Multiple | Multiple issues are affecting the application. See detailed view for more information.| When you see Multiple in the query detailed view, click **Query** to see details about what issues were detected with the different versions of the application. |
-
-For applications assessed as **Fix available**, review the table below for details about known issues and ways to fix them that are known to Microsoft.
-
-| Upgrade Assessment | Action required prior to upgrade? | Issue | What it means | Guidance |
-|--------------------|-----------------------------------|----------|-----------------|-------------|
-| Fix available | Yes | Blocking upgrade, update application to newest version | The existing version of the application is not compatible with the new operating system and won’t migrate. A compatible version of the application is available. | Update the application before upgrading. |
-| Fix available | No | Reinstall application after upgrading | The application is compatible with the new operating system, but must be reinstalled after upgrading. The application is removed during the upgrade process.
| No action is required for the upgrade to proceed. Reinstall application on the new operating system. |
-| Fix available | Yes | Blocking upgrade, but can be reinstalled after upgrading | The application is compatible with the new operating system, but won’t migrate. | Remove the application before upgrading and reinstall on the new operating system.
|
-| Fix available | Yes | Disk encryption blocking upgrade | The application’s encryption features are blocking the upgrade. | Disable the encryption feature before upgrading and enable it again after upgrading.
|
-
-### ISV support for applications with Ready for Windows
-
-[Ready for Windows](https://www.readyforwindows.com/) lists software solutions that are supported and in use for Windows 10. This site leverages data about application adoption from commercial Windows 10 installations and helps IT managers upgrade to Windows 10 with confidence. For more information, see [Ready for Windows Frequently Asked Questions](https://developer.microsoft.com/windows/ready-for-windows/#/faq/).
-
-Click **Review Applications With Known Issues** to see the status of applications for Ready for Windows and corresponding guidance. For example:
-
-
-
-If there are known issues with an application, the specific guidance for that known issue takes precedence over the Ready for Windows guidance.
-
-
-
-If you query with RollupLevel="NamePublisher", each version of the application can have a different status for Ready for Windows. In this case, different values appear for Ready for Windows.
-
-
-
-The following table lists possible values for **ReadyForWindows** and what they mean. For more information, see [What does the Adoption Status mean?](https://developer.microsoft.com/en-us/windows/ready-for-windows#/faq/?scrollTo=faqStatuses)
-
-| Ready for Windows Status | Query rollup level | What this means | Guidance |
-|-------------------|--------------------------|-----------------|----------|
-|Supported version available | Granular | The software provider has declared support for one or more versions of this application on Windows 10. | The ISV has declared support for a version of this application on Windows 10. |
-| Highly adopted | Granular | This version of this application has been highly adopted within the Windows 10 Enterprise ecosystem. | This application has been installed on at least 100,000 commercial Windows 10 devices. |
-| Adopted | Granular | This version of this application has been adopted within the Windows 10 Enterprise ecosystem. | This application has been installed on at least 10,000 commercial Windows 10 devices. |
-| Insufficient Data | Granular | Too few commercial Windows 10 devices are sharing information about this version of this application for Microsoft to categorize its adoption. | N/A |
-| Contact developer | Granular | There may be compatibility issues with this version of the application, so Microsoft recommends contacting the software provider to learn more. | Check [Ready for Windows](https://www.readyforwindows.com/) for additional information.|
-|Supported version available | NamePublisher | The software provider has declared support for this application on Windows 10. | The ISV has declared support for a version of this application on Windows 10.|
-|Adoption status available | NamePublisher | A Ready for Windows adoption status is available for one or more versions of this application. Please check Ready for Windows to learn more. |Check [Ready for Windows](https://www.readyforwindows.com/) for adoption information for this application.|
-| Unknown | Any | There is no Ready for Windows information available for this version of this application. Information may be available for other versions of the application at [Ready for Windows](https://www.readyforwindows.com/). | N/A |
-
-## Review applications with no known issues
-
-Applications with no issues known to Microsoft are listed, grouped by upgrade decision.
-
-
-
-Applications with no known issues that are installed on 2% or less of your total computer inventory \[number of computers application is installed on/total number of computers in your inventory\] are automatically marked **Ready to upgrade** and included in the applications reviewed count. Applications with no known issues that are installed on more than 2% of your total computer inventory are automatically marked **Not reviewed**.
-
-Be sure to review low install count applications for any business critical or important applications that may not yet be upgrade-ready, despite their low installation rates.
-
-To change an application's upgrade decision:
-
-1. Select **Decide upgrade readiness** to view applications with issues. Select **Table** to view the list in a table.
-
-2. Select **User changes** to change the upgrade decision for each application.
-
-3. Select the applications you want to change to a specific upgrade decision and then then select the appropriate option from the **Select upgrade decision** list.
-
-4. Click **Save** when finished.
-
-## Review drivers with known issues
-
-Drivers that won’t migrate to the new operating system are listed, grouped by availability.
-
-
-
-Availability categories are explained in the table below.
-
-| Driver availability | Action required before or after upgrade? | What it means | Guidance |
-|-----------------------|------------------------------------------|----------------|--------------|
-| Available in-box | No, for awareness only | The currently installed version of an application or driver won’t migrate to the new operating system; however, a compatible version is installed with the new operating system.
| No action is required for the upgrade to proceed. |
-| Import from Windows Update | Yes | The currently installed version of a driver won’t migrate to the new operating system; however, a compatible version is available from Windows Update.
| If the computer automatically receives updates from Windows Update, no action is required. Otherwise, import a new driver from Windows Update after upgrading.
|
-| Available in-box and from Windows Update | Yes | The currently installed version of a driver won’t migrate to the new operating system.
Although a new driver is installed during upgrade, a newer version is available from Windows Update.
| If the computer automatically receives updates from Windows Update, no action is required. Otherwise, import a new driver from Windows Update after upgrading.
|
-| Check with vendor | Yes | The driver won’t migrate to the new operating system and we are unable to locate a compatible version.
| Check with the independent hardware vendor (IHV) who manufactures the driver for a solution. |
-
-To change a driver’s upgrade decision:
-
-1. Select **Decide upgrade readiness** and then select the group of drivers you want to review. Select **Table** to view the list in a table.
-
-2. Select **User changes** to enable user input.
-
-3. Select the drivers you want to change to a specific upgrade decision and then select the appropriate option from the **Select upgrade decision** list.
-
-4. Click **Save** when finished.
-
diff --git a/windows/deploy/upgrade-analytics-review-site-discovery.md b/windows/deploy/upgrade-analytics-review-site-discovery.md
index e42b53e9d0..00fd0a4784 100644
--- a/windows/deploy/upgrade-analytics-review-site-discovery.md
+++ b/windows/deploy/upgrade-analytics-review-site-discovery.md
@@ -1,6 +1,6 @@
---
title: Review site discovery
-redirect_url: upgrade-analytics-additional-insights
+redirect_url: upgrade-readiness-additional-insights
---
diff --git a/windows/deploy/upgrade-analytics-upgrade-overview.md b/windows/deploy/upgrade-analytics-upgrade-overview.md
index 2de16be7f0..72c4b10125 100644
--- a/windows/deploy/upgrade-analytics-upgrade-overview.md
+++ b/windows/deploy/upgrade-analytics-upgrade-overview.md
@@ -1,47 +1,4 @@
---
title: Upgrade Analytics - Upgrade Overview (Windows 10)
-description: Displays the total count of computers sharing data and upgraded.
-ms.prod: w10
-author: greg-lindsay
+redirect_url: upgrade-readiness-upgrade-overview
---
-
-# Upgrade Analytics - Upgrade overview
-
-The first blade in the Upgrade Analytics solution is the upgrade overview blade. This blade displays the total count of computers sharing data with Microsoft, and the count of computers upgraded. As you successfully upgrade computers, the count of computers upgraded increases.
-
-The upgrade overivew blade displays data refresh status, including the date and time of the most recent data update and whether user changes are reflected. The following status changes are reflected on the upgrade overview blade:
-
-- Computers with incomplete data:
- - Less than 4% = count is displayed in green.
- - 4% - 10% = Count is displayed in amber.
- - Greater than 10% = Count is displayed in red.
-- Delay processing device inventory data = The "Last updated" banner is displayed in amber.
-- Pending user changes = User changes count displays "Data refresh pending" in amber.
-- No pending user changes = User changes count displays "Up to date" in green.
-
-
-
-If data processing is delayed, you can continue using your workspace as normal. However, any changes or additional information that is added might not be displayed. Data is typically refreshed and the display will return to normal again within 24 hours.
-
-Select **Total computers** for a list of computers and details about them, including:
-
-- Computer ID and computer name
-- Computer manufacturer
-- Computer model
-- Operating system version and build
-- Count of system requirement, application, and driver issues per computer
-- Upgrade assessment based on analysis of computer telemetry data
-- Upgrade decision status
-
-Select **Total applications** for a list of applications discovered on user computers and details about them, including:
-
-- Application vendor
-- Application version
-- Count of computers the application is installed on
-- Count of computers that opened the application at least once in the past 30 days
-- Percentage of computers in your total computer inventory that opened the application in the past 30 days
-- Issues detected, if any
-- Upgrade assessment based on analysis of application data
-- Rollup level
\ No newline at end of file
diff --git a/windows/deploy/upgrade-readiness-additional-insights.md b/windows/deploy/upgrade-readiness-additional-insights.md
new file mode 100644
index 0000000000..e7a8b7a54c
--- /dev/null
+++ b/windows/deploy/upgrade-readiness-additional-insights.md
@@ -0,0 +1,81 @@
+---
+title: Upgrade Readiness - Additional insights
+description: Explains additional features of Upgrade Readiness.
+ms.prod: w10
+author: greg-lindsay
+---
+
+# Upgrade Readiness - Additional insights
+
+This topic provides information on additional features that are available in Upgrade Readiness to provide insights into your environment. These include:
+
+- [Site discovery](#site-discovery): An inventory of web sites that are accessed by client computers running Windows 7 or Windows 8.1 using Internet Explorer.
+- [Office add-ins](#office-add-ins): A list of the Microsoft Office add-ins that are installed on client computers.
+
+## Site discovery
+
+The site discovery feature in Upgrade Readiness provides an inventory of web sites that are accessed by client computers using Internet Explorer on Windows 8.1 and Windows 7. Site discovery does not include sites that are accessed using other Web browsers, such as Microsoft Edge. Site inventory information is provided as optional data related to upgrading to Windows 10 and Internet Explorer 11, and is meant to help prioritize compatibility testing for web applications. You can make more informed decisions about testing based on usage data.
+
+> Note: Site discovery data is disabled by default; you can find documentation on what is collected in the [Windows 7, Windows 8, and Windows 8.1 appraiser telemetry events and fields](https://go.microsoft.com/fwlink/?LinkID=822965). After you turn on this feature, data is collected on all sites visited by Internet Explorer, except during InPrivate sessions. In addition, the data collection process is silent, without notification to the employee. You are responsible for ensuring that your use of this feature complies with all applicable local laws and regulatory requirements, including any requirements to provide notice to employees.
+
+### Install prerequisite security update for Internet Explorer
+
+Ensure the following prerequisites are met before using site discovery:
+
+1. Install the latest [Windows Monthly Rollup](http://catalog.update.microsoft.com/v7/site/Search.aspx?q=security%20monthly%20quality%20rollup). This functionality has been included in Internet Explorer 11 starting with the July 2016 Cumulative Update.
+2. Install the update for customer experience and diagnostic telemetery ([KB3080149](https://support.microsoft.com/kb/3080149)).
+3. Enable Internet Explorer data collection, which is disabled by default. The best way to enable it is to modify the [Upgrade Readiness deployment script](upgrade-readiness-deployment-script.md) to allow Internet Explorer data collection before you run it.
+
+ If necessary, you can also enable it by creating the following registry entry.
+
+ HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\DataCollection
+
+ Entry name: IEDataOptIn
+
+ Data type: DWORD
+
+ Values:
+
+ > *IEOptInLevel = 0 Internet Explorer data collection is disabled*
+ >
+ > *IEOptInLevel = 1 Data collection is enabled for sites in the Local intranet + Trusted sites + Machine local zones*
+ >
+ > *IEOptInLevel = 2 Data collection is enabled for sites in the Internet + Restricted sites zones*
+ >
+ > *IEOptInLevel = 3 Data collection is enabled for all sites*
+
+ For more information about Internet Explorer Security Zones, see [About URL Security Zones](https://msdn.microsoft.com/library/ms537183.aspx).
+
+ 
+
+### Review most active sites
+
+This blade indicates the most visited sites by computers in your environment. Review this list to determine which web applications and sites are used most frequently. The number of visits is based on the total number of views, and not by the number of unique devices accessing a page.
+
+For each site, the fully qualified domain name will be listed. You can sort the data by domain name or by URL.
+
+
+
+Click the name of any site in the list to drill down into more details about the visits, including the time of each visit and the computer name.
+
+
+
+### Review document modes in use
+
+This blade provides information about which document modes are used in the sites that are visited in your environment. Document modes are used to provide compatibility with older versions of Internet Explorer. Sites that use older technologies may require additional testing and are less likely to be compatible with Microsoft Edge. Counts are based on total page views and not the number of unique devices. For more information about document modes, see [Deprecated document modes](https://technet.microsoft.com/itpro/internet-explorer/ie11-deploy-guide/deprecated-document-modes).
+
+
+
+### Run browser-related queries
+
+You can run predefined queries to capture more info, such as sites that have Enterprise Mode enabled, or the number of unique computers that have visited a site. For example, this query returns the most used ActiveX controls. You can modify and save the predefined queries.
+
+
+
+## Office add-ins
+
+Office add-ins provides a list of the Microsoft Office add-ins in your environment, and enumerates the computers that have these add-ins installed. This information should not affect the upgrade decision workflow, but can be helpful to an administrator.
+
+## Related topics
+
+[Upgrade Readiness release notes](upgrade-readiness-release-notes.md)
diff --git a/windows/deploy/upgrade-readiness-architecture.md b/windows/deploy/upgrade-readiness-architecture.md
new file mode 100644
index 0000000000..c4cafc8768
--- /dev/null
+++ b/windows/deploy/upgrade-readiness-architecture.md
@@ -0,0 +1,30 @@
+---
+title: Upgrade Readiness architecture (Windows 10)
+description: Describes Upgrade Readiness architecture.
+ms.prod: w10
+author: greg-lindsay
+---
+
+# Upgrade Readiness architecture
+
+Microsoft analyzes system, application, and driver telemetry data to help you determine when computers are upgrade-ready, allowing you to simplify and accelerate Windows upgrades in your organization. The diagram below illustrates how Upgrade Readiness components work together in a typical installation.
+
+
+
+
+
+After you enable Windows telemetry on user computers and install the compatibility update KB (1), user computers send computer, application and driver telemetry data to a secure Microsoft data center through the Microsoft Data Management Service (2). After you configure Upgrade Readiness, telemetry data is analyzed by the Upgrade Readiness Service (3) and pushed to your OMS workspace (4). You can then use the Upgrade Readiness solution (5) to plan and manage Windows upgrades.
+
+For more information about what telemetry data Microsoft collects and how that data is used and protected by Microsoft, see:
+
+[Configure Windows telemetry in your organization](https://technet.microsoft.com/itpro/windows/manage/configure-windows-telemetry-in-your-organization)
+[Manage connections from Windows operating system components to Microsoft services](https://technet.microsoft.com/itpro/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services)
+[Windows 7, Windows 8, and Windows 8.1 appraiser telemetry events and fields](https://go.microsoft.com/fwlink/?LinkID=822965)
+
+##**Related topics**
+
+[Upgrade Readiness requirements](upgrade-readiness-requirements.md)
+[Upgrade Readiness release notes](upgrade-readiness-release-notes.md)
+[Get started with Upgrade Readiness](upgrade-readiness-get-started.md)
diff --git a/windows/deploy/upgrade-readiness-deploy-windows.md b/windows/deploy/upgrade-readiness-deploy-windows.md
new file mode 100644
index 0000000000..bb54670f8d
--- /dev/null
+++ b/windows/deploy/upgrade-readiness-deploy-windows.md
@@ -0,0 +1,97 @@
+---
+title: Upgrade Readiness - Get a list of computers that are upgrade-ready (Windows 10)
+description: Describes how to get a list of computers that are ready to be upgraded in Upgrade Readiness.
+ms.prod: w10
+author: greg-lindsay
+---
+
+# Upgrade Readiness - Step 3: Deploy Windows
+
+All of your work up to now involved reviewing and resolving application and driver issues. Along the way, as you’ve resolved issues and decided which applications and drivers are ready to upgrade, you’ve been building a list of computers that are upgrade ready.
+The blades in the **Deploy** section are:
+
+- [Deploy eligible computers](#deploy-eligible-computers)
+- [Deploy computers by group](#computer-groups)
+
+>Computers that are listed in this step are assigned an **UpgradeDecision** value, and the total count of computers in each upgrade decision category is displayed. Additionally, computers are assigned an **UpgradeAssessment** value. This value is displayed by drilling down into a specific upgrade decision category. For information about upgrade assessment values, see [Upgrade assessment](#upgrade-assessment).
+
+## Deploy eligible computers
+
+In this blade, computers grouped by upgrade decision are listed. The upgrade decision on the machines is a calculated value based on the upgrade decision status for the apps and drivers installed on the computer. This value cannot be modified directly. The upgrade decision is calculated in the following ways:
+- **Review in progress**: At least one app or driver installed on the computer is marked **Review in progress**.
+- **Ready to upgrade**: All apps and drivers installed on the computer are marked as **Ready to Upgrade**.
+- **Won’t upgrade**: At least one app or driver installed on the computer is marked as **Won’t upgrade**, or a system requirement is not met.
+
+
+
+
+
+Select **Export computers** for more details, including computer name, manufacturer and model, and Windows edition currently running on the computer. Sort or further query the data and then select **Export** to generate and save a comma-separated value (csv) list of upgrade-ready computers.
+
+>**Important**
When viewing inventory items in table view, the maximum number of rows that can be viewed and exported is limited to 5,000. If you need to view or export more than 5,000 items, reduce the scope of the query so you can export fewer items at a time.
+
+## Computer groups
+
+Computer groups allow you to segment your environment by creating device groups based on OMS log search results, or by importing groups from Active Directory, WSUS or System Center Configuration Manager. Computer groups are an OMS feature. For more information, see [Computer groups in OMS](https://blogs.technet.microsoft.com/msoms/2016/04/04/computer-groups-in-oms/).
+
+Query based computer groups are recommended in the initial release of this feature. A feature known as **Configuration Manager Upgrade Readiness Connector** is anticipated in a future release that will enable synchronization of **ConfigMgr Collections** with computer groups in OMS.
+
+### Getting started with Computer Groups
+
+When you sign in to OMS, you will see a new blade entitled **Computer Groups**. See the following example:
+
+
+
+To create a computer group, open **Log Search** and create a query based on **Type=UAComputer**, for example:
+
+```
+Type=UAComputer Manufacturer=DELL
+```
+
+
+
+When you are satisfied that the query is returning the intended results, add the following text to your search:
+
+```
+| measure count() by Computer
+```
+
+This will ensure every computer only shows up once. Then, save your group by clicking **Save** and **Yes**. See the following example:
+
+
+
+Your new computer group will now be available in Upgrade Readiness. See the following example:
+
+
+
+### Using Computer Groups
+
+When you drill into a computer group, you will see that computers are categorized by **UpgradeDecision**. For computers with the status **Review in progress** or **Won’t upgrade** you can drill down to view issues that cause a computer to be in each category, or you can simply display a list of the computers in the category. For computers that are designated **Ready to upgrade**, you can go directly to the list of computers that are ready.
+
+
+
+Viewing a list of computers in a certain status is self-explanatory, Let’s look at what happens when you click the details link on **Review in progress**:
+
+
+
+Next, select if you want to see application issues (**UAApp**) or driver issues (**UADriver**). See the following example of selecting **UAApp**:
+
+
+
+A list of apps that require review so that Dell Computers are ready for upgrade to Windows 10 is displayed.
+
+### Upgrade assessment
+
+Upgrade assessment and guidance details are explained in the following table.
+
+| Upgrade assessment | Action required before or after upgrade pilot? | Issue | What it means | Guidance |
+|-----------------------|------------------------------------------------|----------|-----------------|---------------|
+| No known issues | No | None | Computers will upgrade seamlessly.
| OK to use as-is in pilot. |
+| OK to pilot, fixed during upgrade | No, for awareness only | Application or driver will not migrate to new OS | The currently installed version of an application or driver won’t migrate to the new operating system; however, a compatible version is installed with the new operating system. | OK to use as-is in pilot. |
+| OK to pilot with new driver from Windows Update | Yes | Driver will not migrate to new OS | The currently installed version of a driver won’t migrate to the new operating system; however, a newer, compatible version is available from Windows Update. | Although a compatible version of the driver is installed during upgrade, a newer version is available from Windows Update.
If the computer automatically receives updates from Windows Update, no action is required. Otherwise, replace the new in-box driver with the Windows Update version after upgrading.
|
+
+Select **Export computers** to view pilot-ready computers organized by operating system. After you select the computers you want to use in a pilot, click Export to generate and save a comma-separated value (csv) file.
+
+>**Important**> When viewing inventory items in table view, the maximum number of rows that can be viewed and exported is limited to 5,000. If you need to view or export more than 5,000 items, reduce the scope of the query so you can export fewer items at a time.
\ No newline at end of file
diff --git a/windows/deploy/upgrade-readiness-deployment-script.md b/windows/deploy/upgrade-readiness-deployment-script.md
new file mode 100644
index 0000000000..e1decfb250
--- /dev/null
+++ b/windows/deploy/upgrade-readiness-deployment-script.md
@@ -0,0 +1,265 @@
+---
+title: Upgrade Readiness deployment script (Windows 10)
+description: Deployment script for Upgrade Readiness.
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: deploy
+author: greg-lindsay
+---
+
+# Upgrade Readiness deployment script
+
+To automate the steps provided in [Get started with Upgrade Readiness](upgrade-readiness-get-started.md), and to troubleshoot data sharing issues, you can run the [Upgrade Readiness deployment script](https://go.microsoft.com/fwlink/?LinkID=822966&clcid=0x409), developed by Microsoft.
+
+>[!IMPORTANT]
+>Upgrade Readiness was previously called Upgrade Analytics. References to Upgrade Analytics in any scripts or online content pertain to the Upgrade Readiness solution.
+
+For detailed information about using the Upgrade Readiness (also known as upgrade analytics) deployment script, see the [Upgrade Analytics blog](https://blogs.technet.microsoft.com/upgradeanalytics/2016/09/20/new-version-of-the-upgrade-analytics-deployment-script-available/).
+
+> The following guidance applies to version 11.11.16 or later of the Upgrade Readiness deployment script. If you are using an older version, please download the latest from the [Download Center](https://go.microsoft.com/fwlink/?LinkID=822966&clcid=0x409).
+
+The Upgrade Readiness deployment script does the following:
+
+1. Sets commercial ID key + CommercialDataOptIn + RequestAllAppraiserVersions keys.
+2. Verifies that user computers can send data to Microsoft.
+3. Checks whether the computer has a pending restart.
+4. Verifies that the latest version of KB package 10.0.x is installed (version 10.0.14348 or later is required, but version 10.0.14913 or later is recommended).
+5. If enabled, turns on verbose mode for troubleshooting.
+6. Initiates the collection of the telemetry data that Microsoft needs to assess your organization’s upgrade readiness.
+7. If enabled, displays the script’s progress in a cmd window, providing you immediate visibility into issues (success or fail for each step) and/or writes to log file.
+
+To run the Upgrade Readiness deployment script:
+
+1. Download the [Upgrade Readiness deployment script](https://go.microsoft.com/fwlink/?LinkID=822966&clcid=0x409) and extract UpgradeAnalytics.zip. Inside, there are two folders: Pilot and Deployment. The Pilot folder contains advanced logging that can help troubleshoot issues and is intended to be run from an elevated command prompt. The Deployment folder offers a lightweight script intended for broad deployment through ConfigMgr or other software deployment system. We recommend manually running the Pilot version of the script on 5-10 machines to verify that everything is configured correctly. Once you have confirmed that data is flowing successfully, proceed to run the Deployment version throughout your organization.
+
+2. Edit the following parameters in RunConfig.bat:
+
+ 1. Provide a storage location for log information. You can store log information on a remote file share or a local directory. If the script is blocked from creating the log file for the given path, it creates the log files in the drive with the Windows directory. Example: %SystemDrive%\\UADiagnostics
+
+ 2. Input your commercial ID key. This can be found in your OMS workspace under Settings -> Connected Sources -> Windows Telemetry.
+
+ 3. By default, the script sends log information to both the console and the log file. To change the default behavior, use one of the following options:
+
+ > *logMode = 0 log to console only*
+>
+ > *logMode = 1 log to file and console*
+>
+ > *logMode = 2 log to file only*
+
+3. To enable Internet Explorer data collection, set AllowIEData to IEDataOptIn. By default, AllowIEData is set to Disable. Then use one of the following options to determine what Internet Explorer data can be collected:
+
+ > *IEOptInLevel = 0 Internet Explorer data collection is disabled*
+ >
+ > *IEOptInLevel = 1 Data collection is enabled for sites in the Local intranet + Trusted sites + Machine local zones*
+ >
+ > *IEOptInLevel = 2 Data collection is enabled for sites in the Internet + Restricted sites zones*
+ >
+ > *IEOptInLevel = 3 Data collection is enabled for all sites*
+
+4. After you finish editing the parameters in RunConfig.bat, you are ready to run the script. If you are using the Pilot version, run RunConfig.bat from an elevated command prompt. If you are using the Deployment version, use ConfigMgr or other software deployment service to run RunConfig.bat as system.
+
+The deployment script displays the following exit codes to let you know if it was successful, or if an error was encountered.
+
+
+
+
+
+Exit code
+Meaning
+ Suggested fix
+
+ 0
+Success
+ N/A
+
+ 1
+Unexpected error occurred while executing the script.
+ The files in the deployment script are likely corrupted. Download the [latest script](https://go.microsoft.com/fwlink/?LinkID=822966&clcid=0x409) from the download center and try again.
+
+ 2
+Error when logging to console. $logMode = 0.
(console only)
+Try changing the $logMode value to **1** and try again.
$logMode value 1 logs to both console and file.
+
+3
+Error when logging to console and file. $logMode = 1.
+ Verify that you have set the logPath parameter in RunConfig.bat, and that the configuration script has access to connect and write to this location.
+
+ 4
+Error when logging to file. $logMode = 2.
+ Verify that you have set the logPath parameter in RunConfig.bat, and that the configuration script has access to connect and write to this location.
+
+ 5
+Error when logging to console and file. $logMode = unknown.
+ Verify that you have set the logPath parameter in RunConfig.bat, and that the configuration script has access to connect and write to this location.
+
+ 6
+The commercialID parameter is set to unknown.
Modify the runConfig.bat file to set the CommercialID value.
+The value for parameter in the runconfig.bat file should match the Commercial ID key for your workspace.
+
See [Generate your Commercial ID key](https://technet.microsoft.com/itpro/windows/deploy/upgrade-readiness-get-started#generate-your-commercial-id-key) for instructions on generating a Commercial ID key for your workspace.
+
+8
+Failure to create registry key path: The Commercial Id property is set at the following registry key path:
Verify that the context under which the script in running has access to the registry key.
+
+9
+The script failed to write Commercial Id to registry.
+
Error creating or updating registry key: **CommercialId** at Verify that the context under which the script in running has access to the registry key.
+
+ 10
+Error when writing **CommercialDataOptIn** to the registry at Verify that the deployment script is running in a context that has access to the registry key.
+
+ 11
+Function **SetupCommercialId** failed with an unexpected exception.
+ The **SetupCommercialId** function updates the Commercial Id at the registry key path:
Verify that the configuration script has access to this location.
+
+12
+Can’t connect to Microsoft - Vortex. Check your network/proxy settings.
+ **Http Get** on the end points did not return a success exit code.
+For Windows 10, connectivity is verified by connecting to https://v10.vortex-win.data.microsoft.com/health/keepalive.
+For previous operating systems, connectivity is verified by connecting to https://vortex-win.data.microsoft.com/health/keepalive.
+
If there is an error verifying connectivity, this will prevent the collected data from being sent to Upgrade Readiness. To resolve this issue, verify that the required endpoints are correctly whitelisted. For more information, see [Enable data sharing](https://technet.microsoft.com/en-us/itpro/windows/deploy/upgrade-readiness-get-started#enable-data-sharing).
+
+
+13
+Can’t connect to Microsoft - setting.
+ An error occurred connecting to https://settings.data.microsoft.com/qos. This error will prevent the collected data from being sent to Upgrade Readiness. To resolve this issue, verify that the required endpoints are correctly whitelisted. For more information, see [Enable data sharing](https://technet.microsoft.com/en-us/itpro/windows/deploy/upgrade-readiness-get-started#enable-data-sharing).
+
+
+ 14
+Can’t connect to Microsoft - compatexchange.
+ An error occurred connecting to https://compatexchange1.trafficmanager.net/CompatibilityExchangeService.svc . This error will prevent the collected data from being sent to Upgrade Readiness. To resolve this issue, verify that the required endpoints are correctly whitelisted. For more information, see [Enable data sharing](https://technet.microsoft.com/en-us/itpro/windows/deploy/upgrade-readiness-get-started#enable-data-sharing).
+
+ 15
+Function CheckVortexConnectivity failed with an unexpected exception.
+ This error will prevent the collected data from being sent to Upgrade Readiness. To resolve this issue, verify that the required endpoints are correctly whitelisted. For more information, see [Enable data sharing](https://technet.microsoft.com/en-us/itpro/windows/deploy/upgrade-readiness-get-started#enable-data-sharing). Check the logs for the exception message and the HResult.
+
+ 16
+The computer requires a reboot before running the script.
+ A reboot is required to complete the installation of the compatibility update and related KBs. Reboot the computer before running the Upgrade Readiness deployment script.
+
+ 17
+Function **CheckRebootRequired** failed with an unexpected exception.
+ A reboot is required to complete installation of the compatibility update and related KBs. Check the logs for the exception message and the HResult.
+
+ 18
+Appraiser KBs not installed or **appraiser.dll** not found.
+ Either the Appraiser KBs are not installed, or the **appraiser.dll** file was not found. For more information, see appraiser telemetry events and fields information in the [Data collection](https://technet.microsoft.com/itpro/windows/deploy/upgrade-readiness-get-started#data-collection-and-privacy) and privacy topic.
+
+ 19
+Function **CheckAppraiserKB**, which checks the compatibility update KBs, failed with unexpected exception.
+ Check the logs for the Exception message and HResult. The script will not run further if this error is not fixed.
+
+ 20
+An error occurred when creating or updating the registry key **RequestAllAppraiserVersions** at The registry key is required for data collection to work correctly. Verify that the script is running in a context that has access to the registry key.
+
+ 21
+Function **SetRequestAllAppraiserVersions** failed with an unexpected exception.
+ Check the logs for the exception message and HResult.
+
+ 22
+**RunAppraiser** failed with unexpected exception.
+ Check the logs for the exception message and HResult. Check the **%windir%\System32*8 directory for the file **CompatTelRunner.exe**. If the file does not exist, reinstall the required compatibility updates which include this file, and check your organization's Group Policy to verify it does not remove this file.
+
+ 23
+Error finding system variable **%WINDIR%**.
+ Verify that this environment variable is configured on the computer.
+
+ 24
+The script failed when writing **IEDataOptIn** to the registry. An error occurred when creating registry key **IEOptInLevel** at This is a required registry key for IE data collection to work correctly. Verify that the deployment script in running in a context that has access to the registry key. Check the logs for the exception message and HResult.
+
+ 25
+The function **SetIEDataOptIn** failed with unexpected exception.
+ Check the logs for the exception message and HResult.
+
+ 26
+The operating system is Server or LTSB SKU.
+ The script does not support Server or LTSB SKUs.
+
+ 27
+The script is not running under **System** account.
+ The Upgrade Readiness configuration script must be run as **System**.
+
+ 28
+Could not create log file at the specified **logPath**.
+ Make sure the deployment script has access to the location specified in the **logPath** parameter.
+
+ 29
+Connectivity check failed for proxy authentication.
+ Install the cumulative updates on the computer and enable the **DisableEnterpriseAuthProxy** authentication proxy setting.
+
The **DisableEnterpriseAuthProxy** setting is enabled by default for Windows 7.
+
For Windows 8.1 computers, set the **DisableEnterpriseAuthProxy** setting to **0** (not disabled).
+
For more information on authentication proxy support, see [this blog post](https://go.microsoft.com/fwlink/?linkid=838688).
+
+30
+Connectivity check failed. Registry key property **DisableEnterpriseAuthProxy** is not enabled.
+ The **DisableEnterpriseAuthProxy** setting is enabled by default for Windows 7.
+
For Windows 8.1 computers, set the **DisableEnterpriseAuthProxy** setting to **0** (not disabled).
+
For more information on authentication proxy support, see [this blog post](https://go.microsoft.com/fwlink/?linkid=838688).
+
+31
+There is more than one instance of the Upgrade Readiness data collector running at the same time on this computer.
+ Use the Windows Task Manager to check if **CompatTelRunner.exe** is running, and wait until it has completed to rerun the script. The Upgrade Readiness task is scheduled to run daily at 3 a.m.
+
+ 32
+Appraiser version on the machine is outdated.
+ The configuration script detected a version of the compatibility update module that is older than the minimum required to correctly collect the data required by Upgrade Readiness solution. Use the latest version of the [compatibility update](https://technet.microsoft.com/en-us/itpro/windows/deploy/upgrade-readiness-get-started#deploy-the-compatibility-update-and-related-kbs) for Windows 7 SP1/Windows 8.1.
+
+ 33
+**CompatTelRunner.exe** exited with an exit code
+ **CompatTelRunner.exe** runs the appraise task on the machine. If it fails, it will provide a specific exit code. The script will return exit code 33 when **CompatTelRunner.exe** itself exits with an exit code. Please check the logs for more details.
+
+ 34
+Function **CheckProxySettings** failed with an unexpected exception.
+ Check the logs for the exception message and HResult.
+
+ 35
+Function **CheckAuthProxy** failed with an unexpected exception.
+ Check the logs for the exception message and HResult.
+
+ 36
+Function **CheckAppraiserEndPointsConnectivity** failed with an unexpected exception.
+ Check the logs for the exception message and HResult.
+
+ 37
+**Diagnose_internal.cmd** failed with an unexpected exception.
+ Check the logs for the exception message and HResult.
+
+ 38
+Function **Get-SqmID** failed with an unexpected exception.
+ Check the logs for the exception message and HResult.
+
+ 39
+For Windows 10: AllowTelemetry property is not set to 1 or higher at registry key path For Windows 10 machines, the **AllowTelemetry** property should be set to 1 or greater to enable data collection. The script will throw an error if this is not true. For more information, see [Configure Windows telemetry in your organization](https://technet.microsoft.com/itpro/windows/manage/configure-windows-telemetry-in-your-organization).
+
+ 40
+Function **CheckTelemetryOptIn** failed with an unexpected exception.
+ Check the logs for the exception message and HResult.
+
+ 41
+The script failed to impersonate the currently logged on user.
+ The script mimics the UTC client to collect upgrade readiness data. When auth proxy is set, the UTC client impersonates the logged on user. The script also tries to mimic this, but the process failed.
+
+ 42
+Function **StartImpersonatingLoggedOnUser** failed with an unexpected exception.
+ Check the logs for the exception message and HResult.
+
+ 43
+Function **EndImpersonatingLoggedOnUser** failed with an unexpected exception.
+ Check the logs for the exception message and HResult.
+
+
+ - [Upgrade Readiness requirements](upgrade-readiness-requirements.md): Provides detailed requirements to use Upgrade Readiness.
+ - [Upgrade Readiness blog](https://blogs.technet.microsoft.com/UpgradeAnalytics): Contains announcements of new features and provides helpful tips for using Upgrade Readiness.
+
+>If you are using System Center Configuration Manager, also check out information about how to integrate Upgrade Readiness with Configuration Manager: [Integrate Upgrade Readiness with System Center Configuration Manager](https://docs.microsoft.com/sccm/core/clients/manage/upgrade/upgrade-analytics).
+
+When you are ready to begin using Upgrade Readiness, perform the following steps:
+
+1. Review [data collection and privacy](#data-collection-and-privacy) information.
+2. [Add Upgrade Readiness to OMS](#add-upgrade-readiness-to-operations-management-suite).
+3. [Enable data sharing](#enable-data-sharing).
+4. [Deploy required updates](#deploy-the-compatibility-update-and-related-kbs) to computers, and validate using a pilot deployment.
+5. [Deploy Upgrade Readiness at scale](#deploy-upgrade-readiness-at-scale).
+
+## Data collection and privacy
+
+To enable system, application, and driver data to be shared with Microsoft, you must configure user computers to send data. For information about what telemetry data Microsoft collects and how that data is used and protected by Microsoft, see the following topics:
+
+- [Configure Windows telemetry in your organization](https://technet.microsoft.com/itpro/windows/manage/configure-windows-telemetry-in-your-organization)
+- [Manage connections from Windows operating system components to Microsoft services](https://technet.microsoft.com/itpro/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services)
+- [Windows 7, Windows 8, and Windows 8.1 appraiser telemetry events and fields](https://go.microsoft.com/fwlink/?LinkID=822965)
+
+## Add Upgrade Readiness to Operations Management Suite
+
+Upgrade Readiness is offered as a solution in the Microsoft Operations Management Suite (OMS), a collection of cloud based services for managing your on-premises and cloud environments. For more information about OMS, see [Operations Management Suite overview](http://azure.microsoft.com/documentation/articles/operations-management-suite-overview/).
+
+If you are already using OMS, you’ll find Upgrade Readiness in the Solutions Gallery. Select the **Upgrade Readiness** tile in the gallery and then click **Add** on the solution's details page. Upgrade Readiness is now visible in your workspace.
+
+If you are not using OMS:
+
+1. Go to the [Upgrade Readiness page on Microsoft.com](https://go.microsoft.com/fwlink/?LinkID=799190&clcid=0x409) and click **Sign up** to kick off the onboarding process.
+2. Sign in to Operations Management Suite (OMS). You can use either a Microsoft Account or a Work or School account to create a workspace. If your company is already using Azure Active Directory (Azure AD), use a Work or School account when you sign in to OMS. Using a Work or School account allows you to use identities from your Azure AD to manage permissions in OMS.
+3. Create a new OMS workspace. Enter a name for the workspace, select the workspace region, and provide the email address that you want associated with this workspace. Select **Create**.
+4. If your organization already has an Azure subscription, you can link it to your workspace. Note that you may need to request access from your organization’s Azure administrator.
+
+ > If your organization does not have an Azure subscription, create a new one or select the default OMS Azure subscription from the list. Your workspace opens.
+
+1. To add the Upgrade Readiness solution to your workspace, go to the **Solutions Gallery**. Select the **Upgrade Readiness** tile in the gallery and then select **Add** on the solution’s details page. The solution is now visible on your workspace. Note that you may need to scroll to find Upgrade Readiness.
+
+2. Click the **Upgrade Readiness** tile to configure the solution. The **Settings Dashboard** opens.
+
+### Generate your commercial ID key
+
+Microsoft uses a unique commercial ID to map information from user computers to your OMS workspace. Generate your commercial ID key in OMS and then deploy it to user computers.
+
+1. On the Settings Dashboard, navigate to the **Windows telemetry** panel.
+
+ 
+
+2. On the Windows telemetry panel, copy and save your commercial ID key. You’ll need to insert this key into the Upgrade Readiness deployment script later so it can be deployed to user computers.
+
+ >**Important**
Regenerate a commercial ID key only if your original ID key can no longer be used. Regenerating a commercial ID key resets the data in your workspace for all solutions that use the ID. Additionally, you’ll need to deploy the new commercial ID key to user computers again.
+
+### Subscribe to Upgrade Readiness
+
+For Upgrade Readiness to receive and display upgrade readiness data from Microsoft, subscribe your OMS workspace to Upgrade Readiness.
+
+1. On the **Windows telemetry** panel, click **Subscribe**. The button changes to **Unsubscribe**. Unsubscribe from the Upgrade Readiness solution if you no longer want to receive upgrade-readiness information from Microsoft. Note that user computer data will continue to be shared with Microsoft for as long as the opt-in keys are set on user computers and the proxy allows the traffic.
+
+1. Click **Overview** on the Settings Dashboard to return to your OMS workspace portal. The Upgrade Readiness tile now displays summary data. Click the tile to open Upgrade Readiness.
+
+## Enable data sharing
+
+To enable data sharing, whitelist the following endpoints. Note that you may need to get approval from your security group to do this.
+
+Note: The compatibility update KB runs under the computer’s system account. If you are using user authenticated proxies, read [this blog post](https://go.microsoft.com/fwlink/?linkid=838688) to learn what you need to do to run it under the logged on user account.
+
+| **Endpoint** | **Function** |
+|---------------------------------------------------------|-----------|
+| `https://v10.vortex-win.data.microsoft.com/collect/v1`
`https://Vortex-win.data.microsoft.com/health/keepalive` | Connected User Experience and Telemetry component endpoint. User computers send data to Microsoft through this endpoint. |
+| `https://settings.data.microsoft.com/qos` | Enables the compatibility update KB to send data to Microsoft. |
+| `https://go.microsoft.com/fwlink/?LinkID=544713`
`https://compatexchange1.trafficmanager.net/CompatibilityExchangeService.svc` | This service provides driver information about whether there will be a driver available post-upgrade for the hardware on the system. |
+
+
+## Deploy the compatibility update and related KBs
+
+The compatibility update KB scans your computers and enables application usage tracking. If you don’t already have these KBs installed, you can download the applicable version from the Microsoft Update Catalog or deploy it using Windows Server Update Services (WSUS) or your software distribution solution, such as System Center Configuration Manager.
+
+| **Operating System** | **KBs** |
+|----------------------|-----------------------------------------------------------------------------|
+| Windows 10 | The latest cumulative updates must be installed on Windows 10 computers to make sure that the required compatibility KBs are installed. You can find the latest cumulative update on the [Microsoft Update Catalog](https://catalog.update.microsoft.com)
Performs diagnostics on the Windows 8.1 systems that participate in the Windows Customer Experience Improvement Program. These diagnostics help determine whether compatibility issues may be encountered when the latest Windows operating system is installed.
For more information about this KB, see
[KB 3150513](https://catalog.update.microsoft.com/v7/site/Search.aspx?q=3150513)
Provides updated configuration and definitions for compatibility diagnostics performed on the system.
For more information about this KB, see
NOTE: KB2976978 must be installed before you can download and install KB3150513. |
+| Windows 7 SP1 | [KB2952664](http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB2952664)
Performs diagnostics on the Windows 7 SP1 systems that participate in the Windows Customer Experience Improvement Program. These diagnostics help determine whether compatibility issues may be encountered when the latest Windows operating system is installed.
For more information about this KB, see
[KB 3150513](https://catalog.update.microsoft.com/v7/site/Search.aspx?q=3150513)
Provides updated configuration and definitions for compatibility diagnostics performed on the system.
For more information about this KB, see
NOTE: KB2952664 must be installed before you can download and install KB3150513. |
+
+IMPORTANT: Restart user computers after you install the compatibility update KBs for the first time.
+
+If you are planning to enable IE Site Discovery, you will need to install a few additional KBs.
+
+| **Site discovery** | **KB** |
+|----------------------|-----------------------------------------------------------------------------|
+| [Review site discovery](https://technet.microsoft.com/en-us/itpro/windows/deploy/upgrade-readiness-additional-insights#site-discovery) | [KB3080149](http://www.catalog.update.microsoft.com/Search.aspx?q=3080149)
Updates the Diagnostic and Telemetry tracking service to existing devices. This update is only necessary on Windows 7 and Windows 8.1 devices.
For more information about this KB, see
Install the latest [Windows Monthly Rollup](http://catalog.update.microsoft.com/v7/site/Search.aspx?q=security%20monthly%20quality%20rollup). This functionality has been included in Internet Explorer 11 starting with the July 2016 Cumulative Update. |
+
+### Deploy the Upgrade Readiness deployment script
+
+You can use the Upgrade Readiness deployment script to automate and verify your deployment.
+
+See [Upgrade Readiness deployment script](upgrade-readiness-deployment-script.md) for information on obtaining and running the script, and for a description of the error codes that can be displayed.
+
+>After data is sent from computers to Microsoft, it generally takes 48 hours for the data to populate in Upgrade Readiness. The compatibility update KB takes several minutes to run. If the KB does not get a chance to finish running or if the computers are inaccessible (turned off or sleeping for example), data will take longer to populate in Upgrade Readiness. For this reason, you can expect most your computers to be populated in OMS in about 1-2 weeks after deploying the KB and configuration to user computers.
+
+## Deploy Upgrade Readiness at scale
+
+When you have completed a pilot deployment, you are ready to automate data collection and distribute the deployment script to the remaining computers in your organization.
+
+### Automate data collection
+
+To ensure that user computers are receiving the most up to date data from Microsoft, we recommend that you establish the following data sharing and analysis processes.
+
+- Enable automatic updates for the compatibility update and related KBs. These KBs are updated frequently to include the latest application and driver issue information as we discover it during testing.
+- Schedule the Upgrade Readiness deployment script to automatically run so that you don’t have to manually initiate an inventory scan each time the compatibility update KBs are updated.
+- Schedule monthly user computer scans to view monthly active computer and usage information.
+
+>When you run the deployment script, it initiates a full scan. The daily scheduled task to capture the deltas are created when the update package is installed. A full scan averages to about 2 MB, but the delta scans are very small. For Windows 10 devices, its already part of the OS. This is the **Windows Compat Appraiser** task. Deltas are invoked via the nightly scheduled task. It attempts to run around 3AM, but if system is off at that time, the task will run when the system is turned on.
+
+### Distribute the deployment script at scale
+
+Use a software distribution system such as System Center Configuration Manager to distribute the Upgrade Readiness deployment script at scale. For more information, see the [Upgrade Readiness blog](https://blogs.technet.microsoft.com/upgradeanalytics/2016/09/20/new-version-of-the-upgrade-analytics-deployment-script-available/).
\ No newline at end of file
diff --git a/windows/deploy/upgrade-readiness-identify-apps.md b/windows/deploy/upgrade-readiness-identify-apps.md
new file mode 100644
index 0000000000..33b5d248c5
--- /dev/null
+++ b/windows/deploy/upgrade-readiness-identify-apps.md
@@ -0,0 +1,36 @@
+---
+title: Upgrade Readiness - Identify important apps (Windows 10)
+description: Describes how to prepare your environment so that you can use Upgrade Readiness to manage Windows upgrades.
+ms.prod: w10
+author: greg-lindsay
+---
+
+# Upgrade Readiness - Step 1: Identify important apps
+
+This is the first step of the Upgrade Readiness workflow. In this step, applications are listed and grouped by importance level. Setting the importance level enables you to prioritize applications for upgrade.
+
+
+
+
+
+Select **Assign importance** to change an application’s importance level. By default, applications are marked **Not reviewed** or **Low install count** until you assign a different importance level to them.
+
+To change an application’s importance level:
+
+1. Select **Not reviewed** or **Low install count** on the **Prioritize applications** blade to view the list of applications with that importance level.
+2. Select the applications you want to change to a specific importance level and then select the appropriate option from the **Select importance level** list.
+3. Click **Save** when finished.
+
+Importance levels include:
+
+| Importance level | When to use it | Recommendation |
+|--------------------|------------------|------------------|
+| Low install count | We give you a head start by identifying applications that are installed on 2% or less of your total computer inventory. \[Number of computers application is installed on/total number of computers in your inventory.\]
Low install count applications are automatically marked as **Ready to upgrade** in the **UpgradeDecision** column unless they have issues that need attention.
| Be sure to review low install count applications for any business critical or important applications that are not yet upgrade-ready, despite their low installation rates. For example, payroll apps or tax accounting apps tend to be installed on a relatively small number of machines but are still considered business critical applications.
|
+| Not reviewed | Applications that are installed on more than 2% of your total computer inventory are marked not reviewed until you set their importance level.
| Once you’ve started to investigate an application to determine its importance level and upgrade readiness, change its status to **Review in progress** in both the **Importance** and **UpgradeDecision** columns. |
+| Business critical | By default, no applications are marked as business critical because only you can make that determination. If you know that an application is critical to your organization’s functioning, mark it **Business critical**.
| You may also want to change the application’s status to **Review in progress** in the **UpgradeDecision** column to let other team members know that you’re working on getting this business critical application upgrade-ready. Once you’ve fixed any issues and validated that the application will migrate successfully, change the upgrade decision to **Ready to upgrade**.
|
+| Important | By default, no applications are marked as important because only you can make that determination. If the application is important but not critical to your organization’s functioning, mark it **Important**. | You may also want to change the application’s status to **Review in progress** in the **UpgradeDecision** column to let other team members know that you’re working on getting this important application upgrade-ready. Once you’ve fixed any issues and validated that the application will migrate successfully, change the upgrade decision to **Ready to upgrade**.
|
+| Ignore | By default, no applications are marked as ignore because only you can make that determination. If the application is not important to your organization’s functioning, such as user-installed applications and games, you may not want to spend time and money validating that these applications will migrate successfully. Mark these applications **Ignore**.
| Set the application’s importance level to **Ignore** to let other team members know that it can be left as-is with no further investigation or testing. If you set the importance level to ignore, and this is an app that you are not planning on testing or validating, consider changing the upgrade decision to **Ready to upgrade**. By marking these apps ready to upgrade, you are indicating that you are comfortable upgrading with the app remaining in its current state.
|
+| Review in progress | Once you’ve started to investigate an application to determine its importance level and upgrade readiness, change its status to **Review in progress** in both the **Importance** and **UpgradeDecision** columns.
| As you learn more about the application’s importance to your organization’s functioning, change the importance level to **Business critical**, **Important**, or **Ignore**.
Until you’ve determined that priority applications will migrate successfully, leave the upgrade decision status as **Review in progress**.
|
+
diff --git a/windows/deploy/upgrade-readiness-release-notes.md b/windows/deploy/upgrade-readiness-release-notes.md
new file mode 100644
index 0000000000..e023406035
--- /dev/null
+++ b/windows/deploy/upgrade-readiness-release-notes.md
@@ -0,0 +1,5 @@
+---
+title: Upgrade Readiness release notes (Windows 10)
+description: Provides tips and limitations about Upgrade Readiness.
+redirect_url: https://technet.microsoft.com/itpro/windows/deploy/upgrade-readiness-requirements#important-information-about-this-release
+---
\ No newline at end of file
diff --git a/windows/deploy/upgrade-readiness-requirements.md b/windows/deploy/upgrade-readiness-requirements.md
new file mode 100644
index 0000000000..5f706bab59
--- /dev/null
+++ b/windows/deploy/upgrade-readiness-requirements.md
@@ -0,0 +1,95 @@
+---
+title: Upgrade Readiness requirements (Windows 10)
+description: Provides requirements for Upgrade Readiness.
+ms.prod: w10
+author: greg-lindsay
+---
+
+# Upgrade Readiness requirements
+
+This article introduces concepts and steps needed to get up and running with Upgrade Readiness. We recommend that you review this list of requirements before getting started as you may need to collect information, such as account credentials, and get approval from internal IT groups, such as your network security group, before you can start using Upgrade Readiness.
+
+## Supported upgrade paths
+
+### Windows 7 and Windows 8.1
+
+To perform an in-place upgrade, user computers must be running the latest version of either Windows 7 SP1 or Windows 8.1. After you enable Windows telemetry, Upgrade Readiness performs a full inventory of computers so that you can see which version of Windows is installed on each computer.
+
+The compatibility update KB that sends telemetry data from user computers to Microsoft data centers works with Windows 7 SP1 and Windows 8.1 only. Upgrade Readiness cannot evaluate Windows XP or Windows Vista for upgrade eligibility.
+
+
+
+If you need to update user computers to Windows 7 SP1 or Windows 8.1, use Windows Update or download and deploy the applicable package from the Microsoft Download Center.
+
+Note: Upgrade Readiness is designed to best support in-place upgrades. In-place upgrades do not support migrations from BIOS to UEFI or from 32-bit to 64-bit architecture. If you need to migrate computers in these scenarios, use the wipe-and-reload method. Upgrade Readiness insights are still valuable in this scenario, however, you can ignore in-place upgrade specific guidance.
+
+See [Windows 10 Specifications](http://www.microsoft.com/en-US/windows/windows-10-specifications) for additional information about computer system requirements.
+
+### Windows 10
+
+Keeping Windows 10 up to date involves deploying a feature update, and Upgrade Readiness tools help you prepare and plan for these Windows updates.
+The latest cumulative updates must be installed on Windows 10 computers to make sure that the required compatibility KBs are installed. You can find the latest cumulative update on the [Microsoft Update Catalog](https://catalog.update.microsoft.com).
+
+Windows 10 LTSB is not supported by Upgrade Readiness. The LTSB (long term servicing branch) of Windows 10 is not intended for general deployment, and does not receive feature updates, therefore it is not compatible with Upgrade Readiness. See [Windows as a service overview](https://technet.microsoft.com/en-us/itpro/windows/manage/waas-overview#long-term-servicing-branch) to understand more about LTSB.
+
+## Operations Management Suite
+
+Upgrade Readiness is offered as a solution in the Microsoft Operations Management Suite (OMS), a collection of cloud based services for managing on premise and cloud computing environments. For more information about OMS, see [Operations Management Suite overview](http://azure.microsoft.com/en-us/documentation/articles/operations-management-suite-overview/).
+
+If you’re already using OMS, you’ll find Upgrade Readiness in the Solutions Gallery. Click the Upgrade Readiness tile in the gallery and then click Add on the solution’s details page. Upgrade Readiness is now visible in your workspace.
+
+If you are not using OMS, go to the [Upgrade Readiness page](https://www.microsoft.com/en-us/WindowsForBusiness/upgrade-analytics) on Microsoft.com and select **Sign up** to kick off the OMS onboarding process. During the onboarding process, you’ll create an OMS workspace and add the Upgrade Readiness solution to it.
+
+Important: You can use either a Microsoft Account or a Work or School account to create a workspace. If your company is already using Azure Active Directory, use a Work or School account when you sign in to OMS. Using a Work or School account allows you to use identities from your Azure AD to manage permissions in OMS. You also need an Azure subscription to link to your OMS workspace. The account you used to create the workspace must have administrator permissions on the Azure subscription in order to link the workspace to the Azure account. Once the link has been established, you can revoke the administrator permissions.
+
+## System Center Configuration Manager integration
+
+Upgrade Readiness can be integrated with your installation of Configuration Manager. For more information, see [Integrate Upgrade Readiness with System Center Configuration Manager](https://docs.microsoft.com/sccm/core/clients/manage/upgrade/upgrade-analytics).
+
+## Telemetry and data sharing
+
+After you’ve signed in to Operations Management Suite and added the Upgrade Readiness solution to your workspace, you’ll need to complete the following tasks to allow user computer data to be shared with and assessed by Upgrade Readiness.
+
+See [Windows 7, Windows 8, and Windows 8.1 appraiser telemetry events and fields](https://go.microsoft.com/fwlink/?LinkID=822965) for more information about what user computer data Upgrade Readiness collects and assesses. See [Configure Windows telemetry in your organization](https://technet.microsoft.com/itpro/windows/manage/configure-windows-telemetry-in-your-organization) for more information about how Microsoft uses Windows telemetry data.
+
+**Whitelist telemetry endpoints.** To enable telemetry data to be sent to Microsoft, you’ll need to whitelist the following Microsoft telemetry endpoints on your proxy server or firewall. You may need to get approval from your security group to do this.
+
+`https://v10.vortex-win.data.microsoft.com/collect/v1`
+`https://vortex-win.data.microsoft.com/health/keepalive`
+`https://settings.data.microsoft.com/qos`
+`https://go.microsoft.com/fwlink/?LinkID=544713`
+`https://compatexchange1.trafficmanager.net/CompatibilityExchangeService.svc`
+
+>**Note** The compatibility update KB runs under the computer’s system account and does not support user authentication in this release.
+
+**Generate your commercial ID key.** Microsoft uses a unique commercial ID GUID to map data from your computers to your OMS workspace. You’ll need to generate your commercial ID key in OMS. We recommend that you save your commercial ID key as you’ll need it later.
+
+**Subscribe your OMS workspace to Upgrade Readiness.** For Upgrade Readiness to receive and display upgrade readiness data from Microsoft, you’ll need to subscribe your OMS workspace to Upgrade Readiness.
+
+**Enable telemetry and connect data sources.** To allow Upgrade Readiness to collect system, application, and driver data and assess your organization’s upgrade readiness, communication must be established between Upgrade Readiness and user computers. You’ll need to connect Upgrade Readiness to your data sources and enable telemetry to establish communication.
+
+**Deploy compatibility update and related KBs.** The compatibility update KB scans your systems and enables application usage tracking. If you don’t already have this KB installed, you can download the applicable version from the Microsoft Update Catalog or deploy it using Windows Server Update Services (WSUS) or your software distribution solution, such as System Center Configuration Manager.
+
+>**Important**
The compatibility update and related KBs are updated frequently to include new compatibility issues as they become known to Microsoft. We recommend that you use a deployment system that allows for automatic updates of these KBs. The compatibility update KB collects inventory information from computers only when it is updated.
+
+**Configure and deploy Upgrade Readiness deployment script.** Configure and deploy the Upgrade Readiness deployment script to user computers to finish setting up.
+
+## Important information about this release
+
+Before you get started configuring Upgrade Anatlyics, review the following tips and limitations about this release.
+
+**User authenticated proxies are not supported in this release.** User computers communicate with Microsoft through Windows telemetry. The Windows telemetry client runs in System context and requires a connection to various Microsoft telemetry endpoints. User authenticated proxies are not supported at this time. Work with your Network Administrator to ensure that user computers can communicate with telemetry endpoints.
+
+**Upgrade Readiness does not support on-premises Windows deployments.** Upgrade Readiness is built as a cloud service, which allows Upgrade Readiness to provide you with insights based on the data from user computers and other Microsoft compatibility services. Cloud services are easy to get up and running and are cost-effective because there is no requirement to physically implement and maintain services on-premises.
+
+**In-region data storage requirements.** Windows telemetry data from user computers is encrypted, sent to, and processed at Microsoft-managed secure data centers located in the US. Our analysis of the upgrade readiness-related data is then provided to you through the Upgrade Readiness solution in the Microsoft Operations Management Suite (OMS) portal. At the time this topic is being published, only OMS workspaces created in the East US and West Europe are supported. We’re adding support for additional regions and we’ll update this information when new international regions are supported.
+
+### Tips
+
+- When viewing inventory items in table view, the maximum number of rows that can be viewed and exported is limited to 5,000. If you need to view or export more than 5,000 items, reduce the scope of the query so you can export a list with fewer items.
+
+- Sorting data by clicking a column heading may not sort your complete list of items. For information about how to sort data in OMS, see [Sorting DocumentDB data using Order By](https://azure.microsoft.com/documentation/articles/documentdb-orderby).
+
+## Get started
+
+See [Get started with Upgrade Readiness](upgrade-readiness-get-started.md) for detailed, step-by-step instructions for configuring Upgrade Readiness and getting started on your Windows upgrade project.
diff --git a/windows/deploy/upgrade-readiness-resolve-issues.md b/windows/deploy/upgrade-readiness-resolve-issues.md
new file mode 100644
index 0000000000..7436b86607
--- /dev/null
+++ b/windows/deploy/upgrade-readiness-resolve-issues.md
@@ -0,0 +1,152 @@
+---
+title: Upgrade Readiness - Resolve application and driver issues (Windows 10)
+description: Describes how to resolve application and driver issues that can occur during an upgrade with Upgrade Readiness.
+ms.prod: w10
+author: greg-lindsay
+---
+
+# Upgrade Readiness - Step 2: Resolve app and driver issues
+
+This section of the Upgrade Readiness workflow reports application and driver inventory and shows you which applications have known issues, which applications have no known issues, and which drivers have issues. We identify applications and drivers that need attention and suggest fixes when we know about them.
+
+You can change an application’s upgrade decision and a driver’s upgrade decision from the blades in this section. To change an application’s or a driver’s importance level, select **User changes**. Select the item you want to change and then select the appropriate option from the **Select upgrade decision** list.
+
+Upgrade decisions include:
+
+| Upgrade decision | When to use it | Guidance |
+|--------------------|-------------------|-------------|
+| Not reviewed | All drivers are marked as Not reviewed by default.
Any app that has not been marked **Low install count** will also have an upgrade decision of **Not reviewed** by default.
| Apps you have not yet reviewed or are waiting to review later should be marked as **Not reviewed**. When you start to investigate an application or a driver to determine upgrade readiness, change their upgrade decision to **Review in progress**.
|
+| Review in progress | When you start to investigate an application or a driver to determine upgrade readiness, change its upgrade decision to **Review in progress**.
Until you’ve determined that applications and drivers will migrate successfully or you’ve resolved blocking issues, leave the upgrade decision status as **Review in progress**.
| Once you’ve fixed any issues and validated that the application or driver will migrate successfully, change the upgrade decision to **Ready to upgrade**.
|
+| Ready to upgrade | Mark applications and drivers **Ready to upgrade** once you’ve resolved all blocking issues and you’re confident that they will upgrade successfully, or if you’ve decided to upgrade them as-is. | Applications with no known issues and with low installation rates are marked **Ready to upgrade** by default.
In Step 1, you might have marked some of your apps as **Ignore**. These should be marked as **Ready to upgrade**. Apps with low installation rates are marked as **Ready to upgrade** by default. Be sure to review any low install count applications for any business critical or important applications that are not yet upgrade-ready, despite their low installation rates.
|
+| Won’t upgrade | By default, no applications or drivers are marked **Won’t upgrade** because only you can make that determination.
Use **Won’t upgrade** for applications and drivers that you do not work on your target operating system, or that you are unable to upgrade.
| If, during your investigation into an application or driver, you determine that they should not or cannot be upgraded, mark them **Won’t upgrade**.
|
+
+The blades in the **Resolve issues** section are:
+
+- Review applications with known issues
+- Review applications with no known issues
+- Review drivers with known issues
+
+As you review applications with known issues, you can also see ISV support statements or applications using [Ready for Windows](https://www.readyforwindows.com/).
+
+## Review applications with known issues
+
+Applications with issues known to Microsoft are listed, grouped by upgrade assessment into **Attention needed** or **Fix available**.
+
+
+
+
+
+To change an application's upgrade decision:
+
+1. Select **Decide upgrade readiness** to view applications with issues.
+2. In the table view, select an **UpgradeDecision** value.
+3. Select **Decide upgrade readiness** to change the upgrade decision for each application.
+4. Select the applications you want to change to a specific upgrade decision and then then select the appropriate option from the **Select upgrade decision** list.
+5. Click **Save** when finished.
+
+IMORTANT: Ensure that you have the most recent versions of the compatibility update and related KBs installed to get the most up-to-date compatibility information.
+
+For applications assessed as **Attention needed**, review the table below for details about known issues and for guidance about how to resolve them, when possible.
+
+| Upgrade Assessment | Action required prior to upgrade? | Issue | What it means | Guidance |
+|--------------------|-----------------------------------|-----------|-----------------|------------|
+| Attention needed | No | Application is removed during upgrade | Compatibility issues were detected and the application will not migrate to the new operating system.
| No action is required for the upgrade to proceed. |
+| Attention needed | Yes | Blocking upgrade | Blocking issues were detected and Upgrade Analytics is not able to remove the application during upgrade.
The application may work on the new operating system.
| Remove the application before upgrading, and reinstall and test on new operating system. |
+| Attention needed | No | Evaluate application on new OS | The application will migrate, but issues were detected that may impact its performance on the new operating system. | No action is required for the upgrade to proceed, but be sure to test the application on the new operating system.
|
+| Attention needed | No | Does not work with new OS, but won’t block upgrade | The application is not compatible with the new operating system, but won’t block the upgrade. | No action is required for the upgrade to proceed, however, you’ll have to install a compatible version of the application on the new operating system.
|
+| Attention needed | Yes | Does not work with new OS, and will block upgrade | The application is not compatible with the new operating system and will block the upgrade. | Remove the application before upgrading.
A compatible version of the application may be available.
|
+| Attention needed | Yes | May block upgrade, test application | Issues were detected that may interfere with the upgrade, but need to be investigated further.
| Test the application’s behavior during upgrade. If it blocks the upgrade, remove it before upgrading and reinstall and test it on the new operating system.
|
+| Attention needed | Maybe | Multiple | Multiple issues are affecting the application. See detailed view for more information.| When you see Multiple in the query detailed view, click **Query** to see details about what issues were detected with the different versions of the application. |
+
+For applications assessed as **Fix available**, review the table below for details about known issues and ways to fix them that are known to Microsoft.
+
+| Upgrade Assessment | Action required prior to upgrade? | Issue | What it means | Guidance |
+|--------------------|-----------------------------------|----------|-----------------|-------------|
+| Fix available | Yes | Blocking upgrade, update application to newest version | The existing version of the application is not compatible with the new operating system and won’t migrate. A compatible version of the application is available. | Update the application before upgrading. |
+| Fix available | No | Reinstall application after upgrading | The application is compatible with the new operating system, but must be reinstalled after upgrading. The application is removed during the upgrade process.
| No action is required for the upgrade to proceed. Reinstall application on the new operating system. |
+| Fix available | Yes | Blocking upgrade, but can be reinstalled after upgrading | The application is compatible with the new operating system, but won’t migrate. | Remove the application before upgrading and reinstall on the new operating system.
|
+| Fix available | Yes | Disk encryption blocking upgrade | The application’s encryption features are blocking the upgrade. | Disable the encryption feature before upgrading and enable it again after upgrading.
|
+
+### ISV support for applications with Ready for Windows
+
+[Ready for Windows](https://www.readyforwindows.com/) lists software solutions that are supported and in use for Windows 10. This site leverages data about application adoption from commercial Windows 10 installations and helps IT managers upgrade to Windows 10 with confidence. For more information, see [Ready for Windows Frequently Asked Questions](https://developer.microsoft.com/windows/ready-for-windows/#/faq/).
+
+Click **Review Applications With Known Issues** to see the status of applications for Ready for Windows and corresponding guidance. For example:
+
+
+
+If there are known issues with an application, the specific guidance for that known issue takes precedence over the Ready for Windows guidance.
+
+
+
+If you query with RollupLevel="NamePublisher", each version of the application can have a different status for Ready for Windows. In this case, different values appear for Ready for Windows.
+
+
+
+>[!TIP]
+>Within the Upgrade Readiness data model, an object of Type **UAApp** refers to a particular application installed on a specific computer.
+
+>To support dynamic aggregation and summation of data the Upgrade Readiness solution "rolls up" (aggregates) data in preprocessing. Rolling up to the **Granular** level enables display of the **App** level. In Upgrade Readiness terminology, an **App** is a unique combination of: app name, app vendor, app version, and app language. Thus, at the Granular level, you can see attributes such as **total install count**, which is the number of machines with a specific **App** installed.
+
+>Upgrade Readiness also has a roll up level of **NamePublisher**, This level enables you to ignore different app versions within your organization for a particular app. In other words, **NamePublisher** displays statistics about a given app, aggregated across all versions.
+
+The following table lists possible values for **ReadyForWindows** and what they mean. For more information, see [What does the Adoption Status mean?](https://developer.microsoft.com/en-us/windows/ready-for-windows#/faq/?scrollTo=faqStatuses)
+
+| Ready for Windows Status | Query rollup level | What this means | Guidance |
+|-------------------|--------------------------|-----------------|----------|
+|Supported version available | Granular | The software provider has declared support for one or more versions of this application on Windows 10. | The ISV has declared support for a version of this application on Windows 10. |
+| Highly adopted | Granular | This version of this application has been highly adopted within the Windows 10 Enterprise ecosystem. | This application has been installed on at least 100,000 commercial Windows 10 devices. |
+| Adopted | Granular | This version of this application has been adopted within the Windows 10 Enterprise ecosystem. | This application has been installed on at least 10,000 commercial Windows 10 devices. |
+| Insufficient Data | Granular | Too few commercial Windows 10 devices are sharing information about this version of this application for Microsoft to categorize its adoption. | N/A |
+| Contact developer | Granular | There may be compatibility issues with this version of the application, so Microsoft recommends contacting the software provider to learn more. | Check [Ready for Windows](https://www.readyforwindows.com/) for additional information.|
+|Supported version available | NamePublisher | The software provider has declared support for this application on Windows 10. | The ISV has declared support for a version of this application on Windows 10.|
+|Adoption status available | NamePublisher | A Ready for Windows adoption status is available for one or more versions of this application. Please check Ready for Windows to learn more. |Check [Ready for Windows](https://www.readyforwindows.com/) for adoption information for this application.|
+| Unknown | Any | There is no Ready for Windows information available for this version of this application. Information may be available for other versions of the application at [Ready for Windows](https://www.readyforwindows.com/). | N/A |
+
+## Review applications with no known issues
+
+Applications with no issues known to Microsoft are listed, grouped by upgrade decision.
+
+
+
+Applications with no known issues that are installed on 2% or less of your total computer inventory \[number of computers application is installed on/total number of computers in your inventory\] are automatically marked **Ready to upgrade** and included in the applications reviewed count. Applications with no known issues that are installed on more than 2% of your total computer inventory are automatically marked **Not reviewed**.
+
+Be sure to review low install count applications for any business critical or important applications that may not yet be upgrade-ready, despite their low installation rates.
+
+To change an application's upgrade decision:
+
+1. Select **Decide upgrade readiness** to view applications with issues. Select **Table** to view the list in a table.
+
+2. Select **User changes** to change the upgrade decision for each application.
+
+3. Select the applications you want to change to a specific upgrade decision and then then select the appropriate option from the **Select upgrade decision** list.
+
+4. Click **Save** when finished.
+
+## Review drivers with known issues
+
+Drivers that won’t migrate to the new operating system are listed, grouped by availability.
+
+
+
+Availability categories are explained in the table below.
+
+| Driver availability | Action required before or after upgrade? | What it means | Guidance |
+|-----------------------|------------------------------------------|----------------|--------------|
+| Available in-box | No, for awareness only | The currently installed version of an application or driver won’t migrate to the new operating system; however, a compatible version is installed with the new operating system.
| No action is required for the upgrade to proceed. |
+| Import from Windows Update | Yes | The currently installed version of a driver won’t migrate to the new operating system; however, a compatible version is available from Windows Update.
| If the computer automatically receives updates from Windows Update, no action is required. Otherwise, import a new driver from Windows Update after upgrading.
|
+| Available in-box and from Windows Update | Yes | The currently installed version of a driver won’t migrate to the new operating system.
Although a new driver is installed during upgrade, a newer version is available from Windows Update.
| If the computer automatically receives updates from Windows Update, no action is required. Otherwise, import a new driver from Windows Update after upgrading.
|
+| Check with vendor | Yes | The driver won’t migrate to the new operating system and we are unable to locate a compatible version.
| Check with the independent hardware vendor (IHV) who manufactures the driver for a solution. |
+
+To change a driver’s upgrade decision:
+
+1. Select **Decide upgrade readiness** and then select the group of drivers you want to review. Select **Table** to view the list in a table.
+
+2. Select **User changes** to enable user input.
+
+3. Select the drivers you want to change to a specific upgrade decision and then select the appropriate option from the **Select upgrade decision** list.
+
+4. Click **Save** when finished.
+
diff --git a/windows/deploy/upgrade-readiness-upgrade-overview.md b/windows/deploy/upgrade-readiness-upgrade-overview.md
new file mode 100644
index 0000000000..29777cad6f
--- /dev/null
+++ b/windows/deploy/upgrade-readiness-upgrade-overview.md
@@ -0,0 +1,62 @@
+---
+title: Upgrade Readiness - Upgrade Overview (Windows 10)
+description: Displays the total count of computers sharing data and upgraded.
+ms.prod: w10
+author: greg-lindsay
+---
+
+# Upgrade Readiness - Upgrade overview
+
+The first blade in the Upgrade Readiness solution is the upgrade overview blade. This blade displays the total count of computers sharing data with Microsoft, and the count of computers upgraded. As you successfully upgrade computers, the count of computers upgraded increases.
+
+The upgrade overivew blade displays data refresh status, including the date and time of the most recent data update and whether user changes are reflected. The upgrade overview blade also displays the current target OS version. For more information about the target OS version, see [target version](use-upgrade-readiness-to-manage-windows-upgrades.md).
+
+The following color-coded status changes are reflected on the upgrade overview blade:
+
+- The "Last updated" banner:
+ - No delay in processing device inventory data = "Last updated" banner is displayed in green.
+ - Delay processing device inventory data = "Last updated" banner is displayed in amber.
+- Computers with incomplete data:
+ - Less than 4% = Count is displayed in black.
+ - 4% - 10% = Count is displayed in amber.
+ - Greater than 10% = Count is displayed in red.
+- User changes:
+ - Pending user changes = User changes count displays "Data refresh pending" in amber.
+ - No pending user changes = User changes count displays "Up to date" in green.
+- Target version:
+ - If the current value matches the recommended value, the version is displayed in green.
+ - If the current value is an older OS version than the recommended value, but not deprecated, the version is displayed in amber.
+ - If the current value is a deprecated OS version, the version is displayed in red.
+
+In the following example, there is no delay in data processing, less than 4% of computers (6k\294k) have incomplete data, there are no pending user changes, and the currently selected target OS version is the same as the recommended version:
+
+
+
+
+
+If data processing is delayed, you can continue using your workspace as normal. However, any changes or additional information that is added might not be displayed. Data is typically refreshed and the display will return to normal again within 24 hours.
+
+If there are computers with incomplete data, verify that you have installed the latest compatibilty update and run the most recent [Update Readiness deployment script](https://go.microsoft.com/fwlink/?LinkID=822966&clcid=0x409) from the Microsoft download center.
+
+Select **Total computers** for a list of computers and details about them, including:
+
+- Computer ID and computer name
+- Computer manufacturer
+- Computer model
+- Operating system version and build
+- Count of system requirement, application, and driver issues per computer
+- Upgrade assessment based on analysis of computer telemetry data
+- Upgrade decision status
+
+Select **Total applications** for a list of applications discovered on user computers and details about them, including:
+
+- Application vendor
+- Application version
+- Count of computers the application is installed on
+- Count of computers that opened the application at least once in the past 30 days
+- Percentage of computers in your total computer inventory that opened the application in the past 30 days
+- Issues detected, if any
+- Upgrade assessment based on analysis of application data
+- Rollup level
\ No newline at end of file
diff --git a/windows/deploy/use-upgrade-analytics-to-manage-windows-upgrades.md b/windows/deploy/use-upgrade-analytics-to-manage-windows-upgrades.md
index 3b686e8dae..3d23267aa8 100644
--- a/windows/deploy/use-upgrade-analytics-to-manage-windows-upgrades.md
+++ b/windows/deploy/use-upgrade-analytics-to-manage-windows-upgrades.md
@@ -1,52 +1,4 @@
---
title: Use Upgrade Analytics to manage Windows upgrades (Windows 10)
-description: Describes how to use Upgrade Analytics to manage Windows upgrades.
-ms.prod: w10
-author: greg-lindsay
+redirect_url: use-upgrade-readiness-to-manage-windows-upgrades
---
-
-# Use Upgrade Analytics to manage Windows upgrades
-
-You can use Upgrade Analytics to prioritize and work through application and driver issues, assign and track issue resolution status, and identify computers that are ready to upgrade. Upgrade Analytics enables you to deploy Windows with confidence, knowing that you’ve addressed potential blocking issues.
-
-- Based on telemetry data from user computers, Upgrade Analytics identifies application and driver compatibility issues that may block Windows upgrades, allowing you to make data-driven decisions about your organization’s upgrade readiness.
-- Information is refreshed daily so you can monitor upgrade progress. Any changes your team makes, such as assigning application importance and marking applications as ready to upgrade, are reflected 24 hours after you make them.
-
-When you are ready to begin the upgrade process, a workflow is provided to guide you through critical high-level tasks.
-
-
-
-Each step in the workflow is enumerated using blue tiles. Helpful data is provided on white tiles to help you get started, to monitor your progress, and to complete each step.
-
->**Important**: You can use the [Target OS](#target-os) setting to evaluate computers that are runnign a specified version of Windows before starting the Upgrade Analytics workflow. By default, the Target OS is configured to the released version of Windows 10 for the Current Branch for Business (CBB).
-
-The following information and workflow is provided:
-
-- [Upgrade overview](upgrade-analytics-upgrade-overview.md): Review compatibility and usage information about computers, applications, and drivers.
-- [Step 1: Identify important apps](upgrade-analytics-identify-apps.md): Assign importance levels to prioritize your applications.
-- [Step 2: Resolve issues](upgrade-analytics-resolve-issues.md): Identify and resolve problems with applications.
-- [Step 3: Deploy](upgrade-analytics-deploy-windows.md): Start the upgrade process.
-
-Also see the following topic for information about additional items that can be affected by the upgrade process:
-
-- [Additional insights](upgrade-analytics-additional-insights.md): Find out which MS Office add-ins are installed, and review web site activity.
-
-## Target OS
-
-The target OS setting is used to evaluate the number of computers that are already running the default version of Windows 10, or a later version.
-
-As mentioned previously, the default target OS in Upgrade Analytics is set to the released version of the Current Branch for Business (CBB). CBB can be determined by reviewing [Windows 10 release information](https://technet.microsoft.com/windows/release-info.aspx). The target OS setting is used to evaluate the number of computers that are already running this version of Windows, or a later version.
-
-The number displayed under **Computers upgraded** in the Upgrade Overview blade is the total number of computers that are already running the same or a later version of Windows compared to the target OS. It also is used in the evaluation of apps and drivers: Known issues and guidance for the apps and drivers in Upgrade Analytics is based on the target OS version.
-
-You now have the ability to change the Windows 10 version you wish to target. The available options currently are: Windows 10 version 1507, Windows 10 version 1511, and Windows version 1610.
-
-To change the target OS setting, click on **Solutions Settings**, which appears at the top when you open you Upgrade Analytics solution:
-
-
-
->You must be signed in to Upgrade Analytics as an administrator to view settings.
-
-On the **Upgrade Analytics Settings** page, choose one of the options in the drop down box and click **Save**. The changes in the target OS setting are reflected in evaluations when a new snapshot is uploaded to your workspace.
-
-
diff --git a/windows/deploy/use-upgrade-readiness-to-manage-windows-upgrades.md b/windows/deploy/use-upgrade-readiness-to-manage-windows-upgrades.md
new file mode 100644
index 0000000000..cd081245c1
--- /dev/null
+++ b/windows/deploy/use-upgrade-readiness-to-manage-windows-upgrades.md
@@ -0,0 +1,54 @@
+---
+title: Use Upgrade Readiness to manage Windows upgrades (Windows 10)
+description: Describes how to use Upgrade Readiness to manage Windows upgrades.
+ms.prod: w10
+author: greg-lindsay
+---
+
+# Use Upgrade Readiness to manage Windows upgrades
+
+You can use Upgrade Readiness to prioritize and work through application and driver issues, assign and track issue resolution status, and identify computers that are ready to upgrade. Upgrade Readiness enables you to deploy Windows with confidence, knowing that you’ve addressed potential blocking issues.
+
+- Based on telemetry data from user computers, Upgrade Readiness identifies application and driver compatibility issues that may block Windows upgrades, allowing you to make data-driven decisions about your organization’s upgrade readiness.
+- Information is refreshed daily so you can monitor upgrade progress. Any changes your team makes, such as assigning application importance and marking applications as ready to upgrade, are reflected 24 hours after you make them.
+
+When you are ready to begin the upgrade process, a workflow is provided to guide you through critical high-level tasks.
+
+
+
+Each step in the workflow is enumerated using blue tiles. Helpful data is provided on white tiles to help you get started, to monitor your progress, and to complete each step.
+
+>**Important**: You can use the [Target version](#target-version) setting to evaluate computers that are runnign a specified version of Windows before starting the Upgrade Readiness workflow. By default, the Target version is configured to the released version of Windows 10 for the Current Branch for Business (CBB).
+
+The following information and workflow is provided:
+
+- [Upgrade overview](upgrade-readiness-upgrade-overview.md): Review compatibility and usage information about computers, applications, and drivers.
+- [Step 1: Identify important apps](upgrade-readiness-identify-apps.md): Assign importance levels to prioritize your applications.
+- [Step 2: Resolve issues](upgrade-readiness-resolve-issues.md): Identify and resolve problems with applications.
+- [Step 3: Deploy](upgrade-readiness-deploy-windows.md): Start the upgrade process.
+
+Also see the following topic for information about additional items that can be affected by the upgrade process:
+
+- [Additional insights](upgrade-readiness-additional-insights.md): Find out which MS Office add-ins are installed, and review web site activity.
+
+## Target version
+
+The target version setting is used to evaluate the number of computers that are already running the default version of Windows 10, or a later version. The target version of Windows 10 is displayed on the upgrade overview tile. See the following example:
+
+
+
+As mentioned previously, the default target version in Upgrade Readiness is set to the released version of the Current Branch for Business (CBB). CBB can be determined by reviewing [Windows 10 release information](https://technet.microsoft.com/windows/release-info.aspx). The target version setting is used to evaluate the number of computers that are already running this version of Windows, or a later version.
+
+The number displayed under **Computers upgraded** in the Upgrade Overview blade is the total number of computers that are already running the same or a later version of Windows compared to the target version. It also is used in the evaluation of apps and drivers: Known issues and guidance for the apps and drivers in Upgrade Readiness is based on the target operating system version.
+
+You now have the ability to change the Windows 10 version you wish to target. The available options currently are: Windows 10 version 1507, Windows 10 version 1511, and Windows version 1610.
+
+To change the target version setting, click on **Solutions Settings**, which appears at the top when you open you Upgrade Readiness solution:
+
+
+
+>You must be signed in to Upgrade Readiness as an administrator to view settings.
+
+On the **Upgrade Readiness Settings** page, choose one of the options in the drop down box and click **Save**. The changes in the target version setting are reflected in evaluations when a new snapshot is uploaded to your workspace.
+
+
diff --git a/windows/deploy/usmt-requirements.md b/windows/deploy/usmt-requirements.md
index c8632b0b4a..525f3c872b 100644
--- a/windows/deploy/usmt-requirements.md
+++ b/windows/deploy/usmt-requirements.md
@@ -15,11 +15,11 @@ author: greg-lindsay
- [Supported Operating Systems](#bkmk-1)
-
-- [Software Requirements](#bkmk-2)
-
+- [Windows PE](#windows-pe)
+- [Credentials](#credentials)
+- [Config.xml](#config-xml)
+- [LoadState](#loadstate)
- [Hard Disk Requirements](#bkmk-3)
-
- [User Prerequisites](#bkmk-userprereqs)
## Supported Operating Systems
@@ -44,16 +44,6 @@ The following table lists the operating systems supported in USMT.
-
-
-
-
-
-
diff --git a/windows/keep-secure/hello-prepare-people-to-use.md b/windows/keep-secure/hello-prepare-people-to-use.md
index e1c079e7ab..41c323ada1 100644
--- a/windows/keep-secure/hello-prepare-people-to-use.md
+++ b/windows/keep-secure/hello-prepare-people-to-use.md
@@ -7,7 +7,7 @@ ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
-author: jdeckerMS
+author: DaniHalfin
localizationpriority: high
---
diff --git a/windows/keep-secure/hello-why-pin-is-better-than-password.md b/windows/keep-secure/hello-why-pin-is-better-than-password.md
index a7606f0264..e79b6e5348 100644
--- a/windows/keep-secure/hello-why-pin-is-better-than-password.md
+++ b/windows/keep-secure/hello-why-pin-is-better-than-password.md
@@ -7,7 +7,7 @@ ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
-author: jdeckerMS
+author: DaniHalfin
localizationpriority: high
---
@@ -32,7 +32,7 @@ A password is transmitted to the server -- it can be intercepted in transmission
When the PIN is created, it establishes a trusted relationship with the identity provider and creates an asymmetric key pair that is used for authentication. When you enter your PIN, it unlocks the authentication key and uses the key to sign the request that is sent to the authenticating server.
>[!NOTE]
->For details on how Hello uses asymetric key pairs for authentication, see [Microsoft Passport guide](https://go.microsoft.com/fwlink/p/?LinkId=691928).
+>For details on how Hello uses asymetric key pairs for authentication, see [Windows Hello for Business](hello-identity-verification.md#benefits-of-windows-hello).
## PIN is backed by hardware
diff --git a/windows/keep-secure/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md b/windows/keep-secure/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md
index c3595ae774..cbe59766be 100644
--- a/windows/keep-secure/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md
+++ b/windows/keep-secure/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md
@@ -61,7 +61,7 @@ For VPN, the following types of credentials will be added to credential manager
- TPM KSP Certificate
- Software KSP Certificates
- Smart Card Certificate
- - Passport for Work Certificate
+ - Windows Hello for Business Certificate
The username should also include a domain that can be reached over the connection (VPN or WiFi).
diff --git a/windows/keep-secure/images/alert-details.png b/windows/keep-secure/images/alert-details.png
index e2f5a387b0..ad520f97ee 100644
Binary files a/windows/keep-secure/images/alert-details.png and b/windows/keep-secure/images/alert-details.png differ
diff --git a/windows/keep-secure/images/alerts-q-bulk.png b/windows/keep-secure/images/alerts-q-bulk.png
new file mode 100644
index 0000000000..9aad1b64aa
Binary files /dev/null and b/windows/keep-secure/images/alerts-q-bulk.png differ
diff --git a/windows/keep-secure/images/alerts-queue-numbered.png b/windows/keep-secure/images/alerts-queue-numbered.png
new file mode 100644
index 0000000000..39c6a467aa
Binary files /dev/null and b/windows/keep-secure/images/alerts-queue-numbered.png differ
diff --git a/windows/keep-secure/images/atp-action-center-with-info.png b/windows/keep-secure/images/atp-action-center-with-info.png
new file mode 100644
index 0000000000..ff3c828a38
Binary files /dev/null and b/windows/keep-secure/images/atp-action-center-with-info.png differ
diff --git a/windows/keep-secure/images/atp-actor-report.png b/windows/keep-secure/images/atp-actor-report.png
new file mode 100644
index 0000000000..c7c4d60928
Binary files /dev/null and b/windows/keep-secure/images/atp-actor-report.png differ
diff --git a/windows/keep-secure/images/atp-add-intune-policy.png b/windows/keep-secure/images/atp-add-intune-policy.png
index 61a47e9f37..e8c914746a 100644
Binary files a/windows/keep-secure/images/atp-add-intune-policy.png and b/windows/keep-secure/images/atp-add-intune-policy.png differ
diff --git a/windows/keep-secure/images/atp-alert-process-tree.png b/windows/keep-secure/images/atp-alert-process-tree.png
new file mode 100644
index 0000000000..06daaa6ea7
Binary files /dev/null and b/windows/keep-secure/images/atp-alert-process-tree.png differ
diff --git a/windows/keep-secure/images/atp-alert-status.png b/windows/keep-secure/images/atp-alert-status.png
new file mode 100644
index 0000000000..b2380e0236
Binary files /dev/null and b/windows/keep-secure/images/atp-alert-status.png differ
diff --git a/windows/keep-secure/images/atp-alert-timeline.png b/windows/keep-secure/images/atp-alert-timeline.png
new file mode 100644
index 0000000000..467c7a321e
Binary files /dev/null and b/windows/keep-secure/images/atp-alert-timeline.png differ
diff --git a/windows/keep-secure/images/atp-alerts-group.png b/windows/keep-secure/images/atp-alerts-group.png
new file mode 100644
index 0000000000..e3bf3d41f0
Binary files /dev/null and b/windows/keep-secure/images/atp-alerts-group.png differ
diff --git a/windows/keep-secure/images/atp-alerts-q.png b/windows/keep-secure/images/atp-alerts-q.png
new file mode 100644
index 0000000000..1131ead044
Binary files /dev/null and b/windows/keep-secure/images/atp-alerts-q.png differ
diff --git a/windows/keep-secure/images/atp-alerts-related-to-file.png b/windows/keep-secure/images/atp-alerts-related-to-file.png
new file mode 100644
index 0000000000..ecfb56f1a8
Binary files /dev/null and b/windows/keep-secure/images/atp-alerts-related-to-file.png differ
diff --git a/windows/keep-secure/images/atp-blockfile.png b/windows/keep-secure/images/atp-blockfile.png
new file mode 100644
index 0000000000..9b446a53cc
Binary files /dev/null and b/windows/keep-secure/images/atp-blockfile.png differ
diff --git a/windows/keep-secure/images/atp-custom-ti-mapping.png b/windows/keep-secure/images/atp-custom-ti-mapping.png
new file mode 100644
index 0000000000..251c387646
Binary files /dev/null and b/windows/keep-secure/images/atp-custom-ti-mapping.png differ
diff --git a/windows/keep-secure/images/atp-export-machine-timeline-events.png b/windows/keep-secure/images/atp-export-machine-timeline-events.png
new file mode 100644
index 0000000000..99f214b11e
Binary files /dev/null and b/windows/keep-secure/images/atp-export-machine-timeline-events.png differ
diff --git a/windows/keep-secure/images/atp-file-action.png b/windows/keep-secure/images/atp-file-action.png
new file mode 100644
index 0000000000..106329f89e
Binary files /dev/null and b/windows/keep-secure/images/atp-file-action.png differ
diff --git a/windows/keep-secure/images/atp-file-in-org.png b/windows/keep-secure/images/atp-file-in-org.png
new file mode 100644
index 0000000000..12f980de0a
Binary files /dev/null and b/windows/keep-secure/images/atp-file-in-org.png differ
diff --git a/windows/keep-secure/images/atp-file-information.png b/windows/keep-secure/images/atp-file-information.png
new file mode 100644
index 0000000000..ea5619c545
Binary files /dev/null and b/windows/keep-secure/images/atp-file-information.png differ
diff --git a/windows/keep-secure/images/atp-incident-graph.png b/windows/keep-secure/images/atp-incident-graph.png
new file mode 100644
index 0000000000..2968bc4cbb
Binary files /dev/null and b/windows/keep-secure/images/atp-incident-graph.png differ
diff --git a/windows/keep-secure/images/atp-investigation-package-action-center.png b/windows/keep-secure/images/atp-investigation-package-action-center.png
new file mode 100644
index 0000000000..1f9129f05e
Binary files /dev/null and b/windows/keep-secure/images/atp-investigation-package-action-center.png differ
diff --git a/windows/keep-secure/images/atp-isolate-machine.png b/windows/keep-secure/images/atp-isolate-machine.png
new file mode 100644
index 0000000000..4905b60304
Binary files /dev/null and b/windows/keep-secure/images/atp-isolate-machine.png differ
diff --git a/windows/keep-secure/images/atp-machine-details-view.png b/windows/keep-secure/images/atp-machine-details-view.png
new file mode 100644
index 0000000000..e91eb539fa
Binary files /dev/null and b/windows/keep-secure/images/atp-machine-details-view.png differ
diff --git a/windows/keep-secure/images/atp-machine-details-view.png.pdf b/windows/keep-secure/images/atp-machine-details-view.png.pdf
new file mode 100644
index 0000000000..6f018827bb
Binary files /dev/null and b/windows/keep-secure/images/atp-machine-details-view.png.pdf differ
diff --git a/windows/keep-secure/images/atp-machine-health-details.png b/windows/keep-secure/images/atp-machine-health-details.png
new file mode 100644
index 0000000000..63431efa68
Binary files /dev/null and b/windows/keep-secure/images/atp-machine-health-details.png differ
diff --git a/windows/keep-secure/images/atp-machine-health.png b/windows/keep-secure/images/atp-machine-health.png
new file mode 100644
index 0000000000..ded3475bea
Binary files /dev/null and b/windows/keep-secure/images/atp-machine-health.png differ
diff --git a/windows/keep-secure/images/atp-machine-investigation-package.png b/windows/keep-secure/images/atp-machine-investigation-package.png
new file mode 100644
index 0000000000..2c32d9780d
Binary files /dev/null and b/windows/keep-secure/images/atp-machine-investigation-package.png differ
diff --git a/windows/keep-secure/images/atp-machine-isolation.png b/windows/keep-secure/images/atp-machine-isolation.png
new file mode 100644
index 0000000000..10b778ae73
Binary files /dev/null and b/windows/keep-secure/images/atp-machine-isolation.png differ
diff --git a/windows/keep-secure/images/atp-machine-timeline-details-panel.png b/windows/keep-secure/images/atp-machine-timeline-details-panel.png
new file mode 100644
index 0000000000..fbb2de4176
Binary files /dev/null and b/windows/keep-secure/images/atp-machine-timeline-details-panel.png differ
diff --git a/windows/keep-secure/images/atp-machine-timeline.png b/windows/keep-secure/images/atp-machine-timeline.png
new file mode 100644
index 0000000000..9ad30bceec
Binary files /dev/null and b/windows/keep-secure/images/atp-machine-timeline.png differ
diff --git a/windows/keep-secure/images/atp-machines-at-risk.png b/windows/keep-secure/images/atp-machines-at-risk.png
new file mode 100644
index 0000000000..e733606c0c
Binary files /dev/null and b/windows/keep-secure/images/atp-machines-at-risk.png differ
diff --git a/windows/keep-secure/images/atp-machines-view-list.png b/windows/keep-secure/images/atp-machines-view-list.png
new file mode 100644
index 0000000000..ac38039f3a
Binary files /dev/null and b/windows/keep-secure/images/atp-machines-view-list.png differ
diff --git a/windows/keep-secure/images/atp-main-portal.png b/windows/keep-secure/images/atp-main-portal.png
new file mode 100644
index 0000000000..2aa75b7dca
Binary files /dev/null and b/windows/keep-secure/images/atp-main-portal.png differ
diff --git a/windows/keep-secure/images/atp-mdm-onboarding-package.png b/windows/keep-secure/images/atp-mdm-onboarding-package.png
index 23b9c49490..6be87715e9 100644
Binary files a/windows/keep-secure/images/atp-mdm-onboarding-package.png and b/windows/keep-secure/images/atp-mdm-onboarding-package.png differ
diff --git a/windows/keep-secure/images/atp-no-network-connection.png b/windows/keep-secure/images/atp-no-network-connection.png
new file mode 100644
index 0000000000..ac6eb4b4f8
Binary files /dev/null and b/windows/keep-secure/images/atp-no-network-connection.png differ
diff --git a/windows/keep-secure/images/atp-notification-file.png b/windows/keep-secure/images/atp-notification-file.png
new file mode 100644
index 0000000000..703719d8a3
Binary files /dev/null and b/windows/keep-secure/images/atp-notification-file.png differ
diff --git a/windows/keep-secure/images/atp-notification-isolate.png b/windows/keep-secure/images/atp-notification-isolate.png
new file mode 100644
index 0000000000..e81dd276a4
Binary files /dev/null and b/windows/keep-secure/images/atp-notification-isolate.png differ
diff --git a/windows/keep-secure/images/atp-observed-in-organization.png b/windows/keep-secure/images/atp-observed-in-organization.png
new file mode 100644
index 0000000000..508822a2ad
Binary files /dev/null and b/windows/keep-secure/images/atp-observed-in-organization.png differ
diff --git a/windows/keep-secure/images/atp-observed-machines.png b/windows/keep-secure/images/atp-observed-machines.png
new file mode 100644
index 0000000000..845b97a82a
Binary files /dev/null and b/windows/keep-secure/images/atp-observed-machines.png differ
diff --git a/windows/keep-secure/images/atp-preferences-setup.png b/windows/keep-secure/images/atp-preferences-setup.png
new file mode 100644
index 0000000000..bf67591f66
Binary files /dev/null and b/windows/keep-secure/images/atp-preferences-setup.png differ
diff --git a/windows/keep-secure/images/atp-remove-blocked-file.png b/windows/keep-secure/images/atp-remove-blocked-file.png
new file mode 100644
index 0000000000..deed34e291
Binary files /dev/null and b/windows/keep-secure/images/atp-remove-blocked-file.png differ
diff --git a/windows/keep-secure/images/atp-sensor-filter.png b/windows/keep-secure/images/atp-sensor-filter.png
new file mode 100644
index 0000000000..76267fb27f
Binary files /dev/null and b/windows/keep-secure/images/atp-sensor-filter.png differ
diff --git a/windows/keep-secure/images/atp-sensor-health-filter-resized.png b/windows/keep-secure/images/atp-sensor-health-filter-resized.png
new file mode 100644
index 0000000000..0c0f7d0eec
Binary files /dev/null and b/windows/keep-secure/images/atp-sensor-health-filter-resized.png differ
diff --git a/windows/keep-secure/images/atp-sensor-health-filter-tile.png b/windows/keep-secure/images/atp-sensor-health-filter-tile.png
new file mode 100644
index 0000000000..8e2da99e51
Binary files /dev/null and b/windows/keep-secure/images/atp-sensor-health-filter-tile.png differ
diff --git a/windows/keep-secure/images/atp-sensor-health-filter.png b/windows/keep-secure/images/atp-sensor-health-filter.png
new file mode 100644
index 0000000000..b82d66a85a
Binary files /dev/null and b/windows/keep-secure/images/atp-sensor-health-filter.png differ
diff --git a/windows/keep-secure/images/atp-sensor-health-nonav.png b/windows/keep-secure/images/atp-sensor-health-nonav.png
new file mode 100644
index 0000000000..922f8c681b
Binary files /dev/null and b/windows/keep-secure/images/atp-sensor-health-nonav.png differ
diff --git a/windows/keep-secure/images/atp-sensor-health-tile.png b/windows/keep-secure/images/atp-sensor-health-tile.png
new file mode 100644
index 0000000000..067d26d957
Binary files /dev/null and b/windows/keep-secure/images/atp-sensor-health-tile.png differ
diff --git a/windows/keep-secure/images/atp-stop-quarantine-file.png b/windows/keep-secure/images/atp-stop-quarantine-file.png
new file mode 100644
index 0000000000..cb58fad705
Binary files /dev/null and b/windows/keep-secure/images/atp-stop-quarantine-file.png differ
diff --git a/windows/keep-secure/images/atp-stopnquarantine-file.png b/windows/keep-secure/images/atp-stopnquarantine-file.png
new file mode 100644
index 0000000000..a66341935b
Binary files /dev/null and b/windows/keep-secure/images/atp-stopnquarantine-file.png differ
diff --git a/windows/keep-secure/images/atp-suppression-rules.png b/windows/keep-secure/images/atp-suppression-rules.png
new file mode 100644
index 0000000000..4ee5270fd0
Binary files /dev/null and b/windows/keep-secure/images/atp-suppression-rules.png differ
diff --git a/windows/keep-secure/images/atp-thunderbolt-icon.png b/windows/keep-secure/images/atp-thunderbolt-icon.png
new file mode 100644
index 0000000000..d2c31bfab3
Binary files /dev/null and b/windows/keep-secure/images/atp-thunderbolt-icon.png differ
diff --git a/windows/keep-secure/images/atp-tile-sensor-health.png b/windows/keep-secure/images/atp-tile-sensor-health.png
new file mode 100644
index 0000000000..3aa0b451bc
Binary files /dev/null and b/windows/keep-secure/images/atp-tile-sensor-health.png differ
diff --git a/windows/keep-secure/images/atp-undo-isolation.png b/windows/keep-secure/images/atp-undo-isolation.png
new file mode 100644
index 0000000000..ea42abd060
Binary files /dev/null and b/windows/keep-secure/images/atp-undo-isolation.png differ
diff --git a/windows/keep-secure/images/atp-user-details-pane.png b/windows/keep-secure/images/atp-user-details-pane.png
new file mode 100644
index 0000000000..200437ab22
Binary files /dev/null and b/windows/keep-secure/images/atp-user-details-pane.png differ
diff --git a/windows/keep-secure/images/atp-user-details-view.png b/windows/keep-secure/images/atp-user-details-view.png
new file mode 100644
index 0000000000..b0732653d6
Binary files /dev/null and b/windows/keep-secure/images/atp-user-details-view.png differ
diff --git a/windows/keep-secure/images/atp-users-at-risk.png b/windows/keep-secure/images/atp-users-at-risk.png
new file mode 100644
index 0000000000..4e86dbb2f5
Binary files /dev/null and b/windows/keep-secure/images/atp-users-at-risk.png differ
diff --git a/windows/keep-secure/images/device-guard-gp.png b/windows/keep-secure/images/device-guard-gp.png
index 169d2f245b..6d265509ea 100644
Binary files a/windows/keep-secure/images/device-guard-gp.png and b/windows/keep-secure/images/device-guard-gp.png differ
diff --git a/windows/keep-secure/images/dg-fig7-enablevbsofkmci.png b/windows/keep-secure/images/dg-fig7-enablevbsofkmci.png
index ddc2158a8a..34c1565f67 100644
Binary files a/windows/keep-secure/images/dg-fig7-enablevbsofkmci.png and b/windows/keep-secure/images/dg-fig7-enablevbsofkmci.png differ
diff --git a/windows/keep-secure/images/machines-active-threats-tile.png b/windows/keep-secure/images/machines-active-threats-tile.png
index 9f347dcf68..9825e05317 100644
Binary files a/windows/keep-secure/images/machines-active-threats-tile.png and b/windows/keep-secure/images/machines-active-threats-tile.png differ
diff --git a/windows/keep-secure/images/machines-reporting-tile.png b/windows/keep-secure/images/machines-reporting-tile.png
index 96989bd0cf..9825e05317 100644
Binary files a/windows/keep-secure/images/machines-reporting-tile.png and b/windows/keep-secure/images/machines-reporting-tile.png differ
diff --git a/windows/keep-secure/images/rules-legend.png b/windows/keep-secure/images/rules-legend.png
index a044d20621..dea7d1dc70 100644
Binary files a/windows/keep-secure/images/rules-legend.png and b/windows/keep-secure/images/rules-legend.png differ
diff --git a/windows/keep-secure/images/status-tile.png b/windows/keep-secure/images/status-tile.png
index 2ab17ccff1..78812e3248 100644
Binary files a/windows/keep-secure/images/status-tile.png and b/windows/keep-secure/images/status-tile.png differ
diff --git a/windows/keep-secure/images/submit-file.png b/windows/keep-secure/images/submit-file.png
index 63c350c9a9..9240eccabf 100644
Binary files a/windows/keep-secure/images/submit-file.png and b/windows/keep-secure/images/submit-file.png differ
diff --git a/windows/keep-secure/investigate-alerts-windows-defender-advanced-threat-protection.md b/windows/keep-secure/investigate-alerts-windows-defender-advanced-threat-protection.md
index ef95089b35..58805fa39c 100644
--- a/windows/keep-secure/investigate-alerts-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/investigate-alerts-windows-defender-advanced-threat-protection.md
@@ -21,68 +21,66 @@ localizationpriority: high
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-Alerts in Windows Defender ATP indicate possible security breaches on endpoints in your organization.
+You can click an alert in any of the [alert queues](alerts-queue-windows-defender-advanced-threat-protection.md) to begin an investigation. Selecting an alert brings up the **Alert management pane**, while clicking an alert brings you the alert details view where general information about the alert, some recommended actions, an alert process tree, an incident graph, and an alert timeline is shown.
-There are three alert severity levels, described in the following table.
+You can click on the machine link from the alert view to navigate to the machine. The alert will be highlighted automatically, and the timeline will display the appearance of the alert and its evidence in the **Machine timeline**. If the alert appeared more than once on the machine, the latest occurrence will be displayed in the **Machine timeline**.
-Alert severity | Description
-:---|:---
-High (Red) | Threats often associated with advanced persistent threats (APT). These alerts indicate a high risk due to the severity of damage they can inflict on endpoints.
-Medium (Orange) | Threats rarely observed in the organization, such as anomalous registry change, execution of suspicious files, and observed behaviors typical of attack stages.
-Low (Yellow) | Threats associated with prevalent malware and hack-tools that do not appear to indicate an advanced threat targeting the organization.
-
-Reviewing the various alerts and their severity can help you decide on the appropriate action to protect your organization's endpoints.
-
-Alerts are organized in three queues, by their workflow status:
-
-- **New**
-- **In progress**
-- **Resolved**
-
-To begin investigating, click on an alert in [any of the alert queues](alerts-queue-windows-defender-advanced-threat-protection.md).
-
-Details displayed about the alert include:
-- When the alert was last observed
-- Alert description
-- Recommended actions
-- The incident graph
-- The indicators that triggered the alert
-
-Alerts attributed to an adversary or actor display a colored tile with the actor name.
-
-Click on the actor's name to see a threat intelligence profile of the actor, including a brief overview of the actor, their interests or targets, tools, tactics, and processes (TTPs) as well as areas where it's active worldwide. You will also see a set of recommended actions to take.
-
-Some actor profiles include a link to download a more comprehensive threat intelligence report.
+Alerts attributed to an adversary or actor display a colored tile with the actor's name.
+Click on the actor's name to see the threat intelligence profile of the actor, including a brief overview of the actor, their interests or targets, their tools, tactics, and processes (TTPs) and areas where they've been observed worldwide. You will also see a set of recommended actions to take.
+
+Some actor profiles include a link to download a more comprehensive threat intelligence report.
+
+
+
+The detailed alert profile helps you understand who the attackers are, who they target, what techniques, tools, and procedures (TTPs) they use, which geolocations they are active in, and finally, what recommended actions you may take. In many cases, you can download a more detailed Threat Intelligence report about this attacker or campaign for offline reading.
+
+## Alert process tree
+The **Alert process tree** takes alert triage and investigation to the next level, displaying the alert and related evidence and other events that occurred within the same execution context and time. This rich triage context of the alert and surrounding events is available on the alert page.
+
+
+
+The **Alert process tree** expands to display the execution path of the alert, its evidence, and related events that occurred in the minutes - before and after - the alert.
+
+The alert and related events or evidence have circles with thunderbolt icons inside them.
+
+>[!NOTE]
+>The alert process tree might not be available in some alerts.
+
+Clicking in the circle immediately to the left of the indicator displays the **Alert details** pane where you can take a deeper look at the details about the alert. It displays rich information about the selected process, file, IP address, and other details taken from the entity's page – while remaining on the alert page, so you never leave the current context of your investigation.
+
+
+
## Incident graph
-The incident graph provides a visual representation of where an alert was seen, events that triggered the alert, and which other machines are affected by the event. It provides an illustrated alert footprint on the original machine and expands to show the footprint of each alert event on other machines.
+The **Incident Graph** provides a visual representation of the organizational footprint of the alert and its evidence: where the evidence that triggered the alert was observed on other machines. It provides a graphical mapping from the original machine and evidence expanding to show other machines in the organization where the triggering evidence was also observed.
-You can click the circles on the incident graph to expand the nodes and view the associated events or files related to the alert.
+
-## Alert spotlight
-The alert spotlight feature helps ease investigations by highlighting alerts related to a specific machine and events. You can highlight an alert and its related events in the machine timeline to increase your focus during an investigation.
+The **Incident Graph** previously supported expansion by File and Process, and now supports expansion by additional criteria: known processes and Destination IP Address.
-You can click on the machine link from the alert view to see the alerts related to the machine.
+The Windows Defender ATP service keeps track of "known processes". Alerts related to known processes mostly include specific command lines, that combined are the basis for the alert. The **Incident Graph** supports expanding known processes with their command line to display other machines where the known process and the same command line were observed.
+The **Incident Graph** expansion by destination IP Address, shows the organizational footprint of communications with this IP Address without having to change context by navigating to the IP Address page.
- > [!NOTE]
- > This shortcut is not available from the Incident graph machine links.
+You can click the full circles on the incident graph to expand the nodes and view the expansion to other machines where the matching criteria were observed.
-Alerts related to the machine are displayed under the **Alerts related to this machine** section.
-Clicking on an alert row takes you the to the date in which the alert was flagged on **Machine timeline**. This eliminates the need to manually filter and drag the machine timeline marker to when the alert was seen on that machine.
+## Alert timeline
+The **Alert timeline** feature provides an addition view of the evidence that triggered the alert on the machine, and shows the date and time the evidence triggering the alert was observed, as well as the first time it was observed on the machine. This can help in understanding if the evidence was first observed at the time of the alert, or whether it was observed on the machine earlier - without triggering an alert.
-You can also choose to highlight an alert from the **Alerts related to this machine** or from the **Machine timeline** section to see the correlation between the alert and other events that occurred on the machine. Right-click on any alert from either section and select **Mark related events**. This highlights alerts and events that are related and helps differentiate between the other alerts listed in the timeline. Highlighted events are displayed in all filtering modes whether you choose to view the timeline by **Detections**, **Behaviours**, or **Verbose**.
+
-You can also remove the highlight by right-clicking a highlighted alert and selecting **Unmark related events**.
+Selecting an alert detail brings up the **Details pane** where you'll be able to see more information about the alert such as file details, detections, instances of it observed worldwide, and in the organization.
-
-### Related topics
+## Related topics
- [View the Windows Defender Advanced Threat Protection Dashboard](dashboard-windows-defender-advanced-threat-protection.md)
-- [View and organize the Windows Defender Advanced Threat Protection Alerts queue](alerts-queue-windows-defender-advanced-threat-protection.md)
-- [Investigate machines in the Windows Defender ATP Machines view](investigate-machines-windows-defender-advanced-threat-protection.md)
+- [View and organize the Windows Defender Advanced Threat Protection Alerts queue ](alerts-queue-windows-defender-advanced-threat-protection.md)
- [Investigate a file associated with a Windows Defender ATP alert](investigate-files-windows-defender-advanced-threat-protection.md)
- [Investigate an IP address associated with a Windows Defender ATP alert](investigate-ip-windows-defender-advanced-threat-protection.md)
- [Investigate a domain associated with a Windows Defender ATP alert](investigate-domain-windows-defender-advanced-threat-protection.md)
+- [View and organize the Windows Defender ATP Machines view](machines-view-overview-windows-defender-advanced-threat-protection.md)
+- [Investigate machines in the Windows Defender ATP Machines view](investigate-machines-windows-defender-advanced-threat-protection.md)
+- [Investigate a user account in Windows Defender ATP](investigate-user-windows-defender-advanced-threat-protection.md)
- [Manage Windows Defender Advanced Threat Protection alerts](manage-alerts-windows-defender-advanced-threat-protection.md)
+- [Take response actions in Windows Defender ATP](response-actions-windows-defender-advanced-threat-protection.md)
diff --git a/windows/keep-secure/investigate-domain-windows-defender-advanced-threat-protection.md b/windows/keep-secure/investigate-domain-windows-defender-advanced-threat-protection.md
index 4e52c15a2e..d0e04eabe5 100644
--- a/windows/keep-secure/investigate-domain-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/investigate-domain-windows-defender-advanced-threat-protection.md
@@ -45,9 +45,12 @@ The **Communication with URL in organization** section provides a chronological
## Related topics
- [View the Windows Defender Advanced Threat Protection Dashboard](dashboard-windows-defender-advanced-threat-protection.md)
-- [View and organize the Windows Defender Advanced Threat Protection Alerts queue](alerts-queue-windows-defender-advanced-threat-protection.md)
+- [View and organize the Windows Defender Advanced Threat Protection Alerts queue ](alerts-queue-windows-defender-advanced-threat-protection.md)
- [Investigate Windows Defender Advanced Threat Protection alerts](investigate-alerts-windows-defender-advanced-threat-protection.md)
-- [Investigate machines in the Windows Defender ATP Machines view](investigate-machines-windows-defender-advanced-threat-protection.md)
- [Investigate a file associated with a Windows Defender ATP alert](investigate-files-windows-defender-advanced-threat-protection.md)
- [Investigate an IP address associated with a Windows Defender ATP alert](investigate-ip-windows-defender-advanced-threat-protection.md)
+- [View and organize the Windows Defender ATP Machines view](machines-view-overview-windows-defender-advanced-threat-protection.md)
+- [Investigate machines in the Windows Defender ATP Machines view](investigate-machines-windows-defender-advanced-threat-protection.md)
+- [Investigate a user account in Windows Defender ATP](investigate-user-windows-defender-advanced-threat-protection.md)
- [Manage Windows Defender Advanced Threat Protection alerts](manage-alerts-windows-defender-advanced-threat-protection.md)
+- [Take response actions in Windows Defender ATP](response-actions-windows-defender-advanced-threat-protection.md)
diff --git a/windows/keep-secure/investigate-files-windows-defender-advanced-threat-protection.md b/windows/keep-secure/investigate-files-windows-defender-advanced-threat-protection.md
index 5d547bd269..e45a3d17d3 100644
--- a/windows/keep-secure/investigate-files-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/investigate-files-windows-defender-advanced-threat-protection.md
@@ -24,119 +24,41 @@ Investigate the details of a file associated with a specific alert, behavior, or
You can get information from the following sections in the file view:
-- File details
-- Deep analysis
-- File in organization
-- Observed in organization
+- File details, Malware detection, Prevalence worldwide
+- Deep analysis
+- Alerts related to this file
+- File in organization
+- Most recent observed machines with file
-The file details section shows attributes of the file such as its MD5 hash or number and its prevalence worldwide.
-The **Deep analysis** section provides the option of submitting a file for deep analysis to gain detailed visibility on observed suspicious behaviors, and associated artifacts. For more information on submitting files for deep analysis, see the **Deep analysis** topic.
+The file details, malware detection, and prevalence worldwide sections display various attributes about the file. You’ll see actions you can take on the file. For more information on how to take action on a file, see [Take response action on a file](respond-file-alerts-windows-defender-advanced-threat-protection.md).
-The **File in organization** section provides details on the prevalence of the file and the name observed in the organization.
+You'll also see details such as the file’s MD5, the VirusTotal detection ratio and Windows Defender AV detection if available, and the file’s prevalence worldwide. You'll also be able to [submit a file for deep analysis](respond-file-alerts-windows-defender-advanced-threat-protection.md#deep-analysis).
-The **Observed in organization** section provides a chronological view on the events and associated alerts that were observed on the file.
+
-You'll see a list of machines associated with the file and a description of the action taken by the file.
+The **Alerts related to this file** section provides a list of alerts that are associated with the file. This list is a simplified version of the Alerts queue, and shows the date when the last activity was detected, a short description of the alert, the user associated with the alert, the alert's severity, the alert's status in the queue, and who is addressing the alert.
-**Investigate a file**
+
-1. Select the file you want to investigate. You can select a file from any of the following views or use the Search box:
- - Alerts - click the file links from the **Description** or **Details** in the Alert timeline
- - Machines view - click the file links in the **Description** or **Details** columns in the **Observed on machine** section
- - Search box - select **File** from the drop-down menu and enter the file name
-2. View the file details.
-3. Use the search filters to define the search criteria. You can also use the timeline search box to further filter displayed search results.
+The **File in organization** section provides details on the prevalence of the file, prevalence in email inboxes and the name observed in the organization.
-##Deep analysis
-Cyber security investigations are typically triggered by an alert. Alerts are related to one or more observed files that are often new or unknown. Clicking a file takes you to the file view where you can see the file's metadata. To enrich the data related to the file, you can submit the file for deep analysis.
+
-The deep analysis feature executes a file in a secure, fully instrumented cloud environment. Deep analysis results show the file's activities, observed behaviors, and associated artifacts, such as dropped files, registry modifications, and communication with IPs.
-Deep analysis currently supports extensive analysis of PE (portable executable) files (including _.exe_ and _.dll_ files).
+The **Most recent observed machines with the file** section allows you to specify a date range to see which machines have been observed with the file.
-Deep analysis of a file takes several minutes. When the file analysis is complete, results are made available in the File view page, under a new **Deep analysis summary** section. The summary includes a list of observed *behaviors*, some of which can indicate malicious activity, and *observables*, including contacted IPs and files created on the disk.
+
-Results of deep analysis are matched against threat intelligence and any matches will generate appropriate alerts.
+This allows for greater accuracy in defining entities to display such as if and when an entity was observed in the organization. For example, if you’re trying to identify the origin of a network communication to a certain IP Address within a 10-minute period on a given date, you can specify that exact time interval, and see only files that communicated with that IP Address at that time, drastically reducing unnecessary scrolling and searching.
-## Submit files for analysis
-
-Use the deep analysis feature to investigate the details of any file, usually during an investigation of an alert or for any other reason where you suspect malicious behavior. This feature is available in the context of the file view.
-
-In the file's page, **Submit for deep analysis** is enabled when the file is available in the Windows Defender ATP backend sample collection or if it was observed on a Windows 10 machine that supports submitting to deep analysis.
-
-> [!NOTE]
-> Only files from Windows 10 can be automatically collected.
-
-You can also manually submit a sample through the [Malware Protection Center Portal](https://www.microsoft.com/security/portal/submission/submit.aspx) if the file was not observed on a Windows 10 machine, and wait for **Submit for deep analysis** button to become available.
-
-> [!NOTE]
-> Due to backend processing flows in the Malware Protection Center Portal, there could be up to 10 minutes of latency between file submission and availability of the deep analysis feature in Windows Defender ATP.
-
-When the sample is collected, Windows Defender ATP runs the file in is a secure environment and creates a detailed report of observed behaviors and associated artifacts, such as files dropped on machines, communication to IPs, and registry modifications.
-
-**Submit files for deep analysis:**
-
-1. Select the file that you want to submit for deep analysis. You can select or search a file from any of the following views:
- - Alerts - click the file links from the **Description** or **Details** in the Alert timeline
- - **Machines View** - click the file links from the **Description** or **Details** in the **Machine in organization** section
- - Search box - select **File** from the drop-down menu and enter the file name
-2. In the **Deep analysis** section of the file view, click **Submit**.
-
-
-
->**Note** Only portable executable (PE) files are supported, including _.exe_ and _.dll_ files
-
-A progress bar is displayed and provides information on the different stages of the analysis. You can then view the report when the analysis is done.
-
-> [!NOTE]
-> Depending on machine availability, sample collection time can vary. There is a 3-hour timeout for sample collection. The collection will fail and the operation will abort if there is no online Windows 10 machine reporting at that time. You can re-submit files for deep analysis to get fresh data on the file.
-
-## View deep analysis report
-
-View the deep analysis report that Windows Defender ATP provides to see the details of the deep analysis that was conducted on the file you submitted. This feature is available in the file view context.
-
-You can view the comprehensive report that provides details on:
-
-- Observed behaviors
-- Associated artifacts
-
-The details provided can help you investigate if there are indications of a potential attack.
-
-**View deep analysis reports:**
-
-1. Select the file you submitted for deep analysis.
-2. Click **See the report below**. Information on the analysis is displayed.
-
-
-
-## Troubleshooting deep analysis
-
-If you encounter a problem when trying to submit a file, try each of the following troubleshooting steps.
-
-**Troubleshoot deep analysis:**
-
-1. Ensure the file is a PE. PE files typically have _.exe_ or _.dll_ extensions (executable programs or applications).
-2. Ensure the service has access to the file, that it still exists, and has not been corrupted or modified.
-3. You can wait a short while and try to submit the file again, in case the queue is full or there was a temporary connection or communication error.
-4. Verify the policy setting enables sample collection and try to submit the file again.
-
- a. Change the following registry entry and values to change the policy on specific endpoints:
- ```
-HKLM\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection
- Value = 0 - block sample collection
- Value = 1 - allow sample collection
-```
-5. Change the organizational unit through the Group Policy. For more information, see [Configure with Group Policy](configure-endpoints-gp-windows-defender-advanced-threat-protection.md).
-6. If these steps do not resolve the issue, contact [winatp@microsoft.com](mailto:winatp@microsoft.com).
-
-> [!NOTE]
-> If the value *AllowSampleCollection* is not available, the client will allow sample collection by default.
-
-### Related topics
+## Related topics
- [View the Windows Defender Advanced Threat Protection Dashboard](dashboard-windows-defender-advanced-threat-protection.md)
-- [View and organize the Windows Defender Advanced Threat Protection Alerts queue](alerts-queue-windows-defender-advanced-threat-protection.md)
+- [View and organize the Windows Defender Advanced Threat Protection Alerts queue ](alerts-queue-windows-defender-advanced-threat-protection.md)
- [Investigate Windows Defender Advanced Threat Protection alerts](investigate-alerts-windows-defender-advanced-threat-protection.md)
-- [Investigate machines in the Windows Defender ATP Machines view](investigate-machines-windows-defender-advanced-threat-protection.md)
- [Investigate an IP address associated with a Windows Defender ATP alert](investigate-ip-windows-defender-advanced-threat-protection.md)
- [Investigate a domain associated with a Windows Defender ATP alert](investigate-domain-windows-defender-advanced-threat-protection.md)
+- [View and organize the Windows Defender ATP Machines view](machines-view-overview-windows-defender-advanced-threat-protection.md)
+- [Investigate machines in the Windows Defender ATP Machines view](investigate-machines-windows-defender-advanced-threat-protection.md)
+- [Investigate a user account in Windows Defender ATP](investigate-user-windows-defender-advanced-threat-protection.md)
- [Manage Windows Defender Advanced Threat Protection alerts](manage-alerts-windows-defender-advanced-threat-protection.md)
+- [Take response actions in Windows Defender ATP](response-actions-windows-defender-advanced-threat-protection.md)
diff --git a/windows/keep-secure/investigate-ip-windows-defender-advanced-threat-protection.md b/windows/keep-secure/investigate-ip-windows-defender-advanced-threat-protection.md
index 381ee7be12..1b792ae89e 100644
--- a/windows/keep-secure/investigate-ip-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/investigate-ip-windows-defender-advanced-threat-protection.md
@@ -1,5 +1,5 @@
---
-title: Investigate Windows Defender Advanced Threat Protection IP address
+title: Investigate an IP address associated with an alert
description: Use the investigation options to examine possible communication between machines and external IP addresses.
keywords: investigate, investigation, IP address, alert, windows defender atp, external IP
search.product: eADQiWindows 10XVcnh
@@ -24,7 +24,7 @@ Examine possible communication between your machines and external internet proto
Identifying all machines in the organization that communicated with a suspected or known malicious IP address, such as Command and Control (C2) servers, helps determine the potential scope of breach, associated files, and infected machines.
-You can information from the following sections in the IP address view:
+You can find information from the following sections in the IP address view:
- IP address details
- IP in organization
@@ -53,9 +53,12 @@ Clicking any of the machine names will take you to that machine's view, where yo
## Related topics
- [View the Windows Defender Advanced Threat Protection Dashboard](dashboard-windows-defender-advanced-threat-protection.md)
-- [View and organize the Windows Defender Advanced Threat Protection Alerts queue](alerts-queue-windows-defender-advanced-threat-protection.md)
+- [View and organize the Windows Defender Advanced Threat Protection Alerts queue ](alerts-queue-windows-defender-advanced-threat-protection.md)
- [Investigate Windows Defender Advanced Threat Protection alerts](investigate-alerts-windows-defender-advanced-threat-protection.md)
-- [Investigate machines in the Windows Defender ATP Machines view](investigate-machines-windows-defender-advanced-threat-protection.md)
- [Investigate a file associated with a Windows Defender ATP alert](investigate-files-windows-defender-advanced-threat-protection.md)
- [Investigate a domain associated with a Windows Defender ATP alert](investigate-domain-windows-defender-advanced-threat-protection.md)
+- [View and organize the Windows Defender ATP Machines view](machines-view-overview-windows-defender-advanced-threat-protection.md)
+- [Investigate machines in the Windows Defender ATP Machines view](investigate-machines-windows-defender-advanced-threat-protection.md)
+- [Investigate a user account in Windows Defender ATP](investigate-user-windows-defender-advanced-threat-protection.md)
- [Manage Windows Defender Advanced Threat Protection alerts](manage-alerts-windows-defender-advanced-threat-protection.md)
+- [Take response actions in Windows Defender ATP](response-actions-windows-defender-advanced-threat-protection.md)
diff --git a/windows/keep-secure/investigate-machines-windows-defender-advanced-threat-protection.md b/windows/keep-secure/investigate-machines-windows-defender-advanced-threat-protection.md
index bc3e8df73d..640b0a524c 100644
--- a/windows/keep-secure/investigate-machines-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/investigate-machines-windows-defender-advanced-threat-protection.md
@@ -21,62 +21,7 @@ localizationpriority: high
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-The **Machines view** shows a list of the machines in your network, the corresponding number of active alerts for each machine categorized by alert severity levels, and the number of active malware detections. This view allows you to identify machines with the highest risk at a glance, and keep track of all the machines that are reporting sensor data in your network.
-
-Use the Machines view in these two main scenarios:
-
-- **During onboarding**
- - During the onboarding process, the Machines view gradually gets populated with endpoints as they begin to report sensor data. Use this view to track your onboarded endpoints as they appear. Use the available features to sort and filer to see which endpoints have most recently reported sensor data, or download the complete endpoint list as a CSV file for offline analysis.
-- **Day-to-day work**
- - The **Machines view** enables you to identify machines that are most at risk in a glance. High-risk machines are those with the greatest number and highest-severity alerts. By sorting the machines by risk, you'll be able to identify the most vulnerable machines and take action on them.
-
-The Machines view contains the following columns:
-
-- **Machine name** - the name or GUID of the machine
-- **Domain** - the domain the machine belongs to
-- **Last seen** - when the machine last reported sensor data
-- **Internal IP** - the local internal Internet Protocol (IP) address of the machine
-- **Active Alerts** - the number of alerts reported by the machine by severity
-- **Active malware detections** - the number of active malware detections reported by the machine
-
-> [!NOTE]
-> The **Active alerts** and **Active malware detections** filter column will only appear if your endpoints are using [Windows Defender](https://technet.microsoft.com/library/mt622091(v=vs.85).aspx) as the default real-time protection antimalware product.
-
-Click any column header to sort the view in ascending or descending order.
-
-
-
-You can sort the **Machines view** by **Machine name**, **Last seen**, **IP**, **Active Alerts**, and **Active malware detections**. Scroll down the **Machines view** to see additional machines.
-
-The view contains two filters: time and threat category.
-
-You can filter the view by the following time periods:
-
-- 1 day
-- 3 days
-- 7 days
-- 30 days
-- 6 months
-
-> [!NOTE]
-> When you select a time period, the list will only display machines that reported within the selected time period. For example, selecting 1 day will only display a list of machines that reported sensor data within the last 24-hour period.
-
-The threat category filter lets you filter the view by the following categories:
-
-- Password stealer
-- Ransomware
-- Exploit
-- Threat
-- Low severity
-
-For more information on the description of each category see, [Investigate machines with active alerts](dashboard-windows-defender-advanced-threat-protection.md#machines-with-active-malware-detections).
-
-You can also download a full list of all the machines in your organization, in CSV format. Click the **Manage Alert** menu icon  to download the entire list as a CSV file.
-
- **Note**: Exporting the list depends on the number of machines in your organization. It can take a significant amount of time to download, depending on how large your organization is.
-Exporting the list in CSV format displays the data in an unfiltered manner. The CSV file will include all machines in the organization, regardless of any filtering applied in the view itself.
-
-## Investigate a machine
+## Investigate machines
Investigate the details of an alert raised on a specific machine to identify other behaviors or events that might be related to the alert or the potential scope of breach.
You can click on affected machines whenever you see them in the portal to open a detailed report about that machine. Affected machines are identified in the following areas:
@@ -89,70 +34,90 @@ You can click on affected machines whenever you see them in the portal to open a
- Any IP address or domain details view
When you investigate a specific machine, you'll see:
+- Machine details, Logged on user, and Machine Reporting
+- Alerts related to this machine
+- Machine timeline
-- **Machine details**, **Machine IP Addresses**, and **Machine Reporting**
-- **Alerts related to this machine**
-- **Machine timeline**
+
-The machine details, IP, and reporting sections display some attributes of the machine such as its name, domain, OS, IP address, and how long it's been reporting sensor data to the Windows Defender ATP service.
+The machine details, total logged on users and machine reporting sections display various attributes about the machine. You’ll see details such as machine name, health state, actions you can take on the machine. For more information on how to take action on a machine, see [Take response action on a machine](respond-machine-alerts-windows-defender-advanced-threat-protection.md).
-The **Alerts related to this machine** section provides a list of alerts that are associated with the machine. This list is a simplified version of the [Alerts queue](alerts-queue-windows-defender-advanced-threat-protection.md), and shows the date that the alert was detected, a short description of the alert, the alert's severity, the alert's threat category, and the alert's status in the queue.
+You'll also see other information such as domain, operating system (OS), total logged on users and who frequently and less frequently logged on, IP address, and how long it's been reporting sensor data to the Windows Defender ATP service.
+
+Clicking on the number of total logged on users in the Logged on user tile opens the Users Details pane that displays the following information for logged on users in the past 30 days:
+
+- Interactive and remote interactive logins
+- Network, batch, and system logins
+
+
+
+You'll also see details such as logon types for each user account, the user group, and when the account was logged in.
+
+ For more information, see [Investigate user entities](investigate-user-windows-defender-advanced-threat-protection.md).
+
+The **Alerts related to this machine** section provides a list of alerts that are associated with the machine. This list is a simplified version of the [Alerts queue](alerts-queue-windows-defender-advanced-threat-protection.md), and shows the date when the last activity was detected, a short description of the alert, the user associated with the alert, the alert's severity, the alert's status in the queue, and who is addressing the alert.
+
+You can also choose to highlight an alert from the **Alerts related to this machine** or from the **Machine timeline** section to see the correlation between the alert and other events that occurred on the machine by right-clicking on the alert and selecting **Select and mark events**. This highlights alerts and related events and helps distinguish from other alerts and events appearing in the timeline. Highlighted events are displayed in all filtering modes whether you choose to view the timeline by **Detections**, **Behaviors**, or **Verbose**.
The **Machine timeline** section provides a chronological view of the events and associated alerts that have been observed on the machine.
-You'll see an aggregated view of alerts, a short description of the alert, details on the action taken, and which user ran the action. This helps you see significant activities or behaviors that occurred on a machine within your network in relation to a specific time frame. Several icons are used to identify various detections and their current state. For more information, see [Windows Defender ATP icons](portal-overview-windows-defender-advanced-threat-protection.md#windows-defender-atp-icons).
+This feature also enables you to selectively drill down into events that occurred within a given time period. You can view the temporal sequence of events that occurred on a machine over a specified time period.
-This feature also enables you to selectively drill down into a behavior or event that occurred within a given time period. You can view the temporal sequence of events that occurred on a machine over a specified time period.
+
-You can also use the [Alerts spotlight](investigate-alerts-windows-defender-advanced-threat-protection.md#alert-spotlight) feature to see the correlation between alerts and events on a specific machine.
+Windows Defender ATP monitors and captures questionable behavior on Windows 10 machines and displays the process tree flow in the **Machine timeline**. This gives you better context of the behavior which can contribute to understanding the correlation between events, files, and IP addresses in relation to the machine.
-
+### Search for specific alerts
+Use the search bar to look for specific alerts or files associated with the machine:
-Use the search bar to look for specific alerts or files associated with the machine.
+- **Value** – Type in any search keyword to filter the timeline with the attribute you’re searching for.
+- **Informational level** – Click the drop-down button to filter by the following levels:
+ - **Detections mode**: displays Windows ATP Alerts and detections
+ - **Behaviors mode**: displays "detections" and selected events of interest
+ - **Verbose mode**: displays "behaviors" (including "detections"), and all reported events
+- **User** – Click the drop-down button to filter the machine timeline by the following user associated events:
+ - Logon users
+ - System
+ - Network
+ - Local service
-You can also filter by:
-
-- Detections mode: displays Windows ATP Alerts and detections
-- Behaviors mode: displays "detections" and selected events of interest
-- Verbose mode: displays "behaviors" (including "detections"), and all reported events
-- Logged on users, System, Network, or Local service
+### Filter events from a specific date
Use the time-based slider to filter events from a specific date. By default, the machine timeline is set to display the events of the current day.
Using the slider updates the listed alerts to the date that you select. Displayed events are filtered from that date and older.
The slider is helpful when you're investigating a particular alert on a machine. You can navigate from the **Alerts view** and click on the machine associated with the alert to jump to the specific date when the alert was observed, enabling you to investigate the events that took place around the alert.
-From the **Machine view**, you can also navigate to the file, IP, or URL view and the timeline associated with an alert is retained, helping you view the investigation from different angles and retain the context of the event time line.
+### Export machine timeline events
+You can also export detailed event data from the machine timeline to conduct offline analysis. You can choose to export the machine timeline for the current date or specify a date range. You can export up to seven days of data and specify the specific time between the two dates.
+
+
+
+### Navigate between pages
+Use the events per page drop-down to choose the number of alerts you’d like to see on the page. You can choose to display 20, 50, or 100 events per page. You can also move between pages by clicking **Older** or **Newer**.
+
+From the **Machines view**, you can also navigate to the file, IP, or URL view and the timeline associated with an alert is retained, helping you view the investigation from different angles and retain the context of the event time line.
From the list of events that are displayed in the timeline, you can examine the behaviors or events in to help identify indicators of interests such as files and IP addresses to help determine the scope of a breach. You can then use the information to respond to events and keep your system secure.
-Windows Defender ATP monitors and captures questionable behavior on Windows 10 machines and displays the process tree flow in the **Machine timeline**. This gives you better context of the behavior which can contribute to understanding the correlation between events, files, and IP addresses in relation to the machine.
-
-
-
-**Investigate a machine:**
-
-1. Select the machine that you want to investigate. You can select or search a machine from any of the following views:
- - **Dashboard** - click the machine name from the **Top machines with active alerts** section
- - **Alerts queue** - click the machine name beside the machine icon
- - **Machines view** - click the heading of the machine name
- - **Search box** - select **Machine** from the drop-down menu and enter the machine name
-2. Information about the specific machine is displayed.
+
-**Use the machine timeline**
+You can also use the [Alerts spotlight](investigate-alerts-windows-defender-advanced-threat-protection.md#alert-timeline) feature to see the correlation between alerts and events on a specific machine.
-1. Use the sort and filter feature to narrow down the search results.
-2. Use the timeline search box to filter specific indicators that appear in the machine timeline.
-3. Click the expand icon  in the timeline row or click anywhere on the row to see additional information about the alert, behavior, or event.
+Expand an event to view associated processes related to the event. Click on the circle next to any process or IP address in the process tree to investigating further into the identified processes. This action brings up the **Details pane** which includes execution context of processes, network communications and a summary of metadata on the file or IP address.
+This enhances the ‘in-context’ information across investigation and exploration activities, reducing the need to switch between contexts. It lets you focus on the task of tracing associations between attributes without leaving the current context.
-### Related topics
+## Related topics
- [View the Windows Defender Advanced Threat Protection Dashboard](dashboard-windows-defender-advanced-threat-protection.md)
-- [View and organize the Windows Defender Advanced Threat Protection Alerts queue](alerts-queue-windows-defender-advanced-threat-protection.md)
+- [View and organize the Windows Defender Advanced Threat Protection Alerts queue ](alerts-queue-windows-defender-advanced-threat-protection.md)
- [Investigate Windows Defender Advanced Threat Protection alerts](investigate-alerts-windows-defender-advanced-threat-protection.md)
- [Investigate a file associated with a Windows Defender ATP alert](investigate-files-windows-defender-advanced-threat-protection.md)
- [Investigate an IP address associated with a Windows Defender ATP alert](investigate-ip-windows-defender-advanced-threat-protection.md)
- [Investigate a domain associated with a Windows Defender ATP alert](investigate-domain-windows-defender-advanced-threat-protection.md)
+- [View and organize the Windows Defender ATP Machines view](machines-view-overview-windows-defender-advanced-threat-protection.md)
+- [Investigate a user account in Windows Defender ATP](investigate-user-windows-defender-advanced-threat-protection.md)
- [Manage Windows Defender Advanced Threat Protection alerts](manage-alerts-windows-defender-advanced-threat-protection.md)
+- [Take response actions in Windows Defender ATP](response-actions-windows-defender-advanced-threat-protection.md)
diff --git a/windows/keep-secure/investigate-user-windows-defender-advanced-threat-protection.md b/windows/keep-secure/investigate-user-windows-defender-advanced-threat-protection.md
new file mode 100644
index 0000000000..276cb49632
--- /dev/null
+++ b/windows/keep-secure/investigate-user-windows-defender-advanced-threat-protection.md
@@ -0,0 +1,75 @@
+---
+title: Investigate user account in Windows Defender Advanced Threat Protection
+description: Investigate a user account in Windows Defender Advanced Threat Protection for potential compromised credentials or pivot on the associated user account during an investigation.
+keywords: investigate, account, user, user entity, alert, windows defender atp
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+author: mjcaparas
+localizationpriority: high
+---
+# Investigate a user account in Windows Defender ATP
+
+**Applies to:**
+
+- Windows 10 Enterprise
+- Windows 10 Education
+- Windows 10 Pro
+- Windows 10 Pro Education
+- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+
+## Investigate user account entities
+Identify user accounts with the most active alerts (displayed on dashboard as "Users at risk") and investigate cases of potential compromised credentials, or pivot on the associated user account when investigating an alert or machine to identify possible lateral movement between machines with that user account.
+
+You can find user account information in the following views:
+- Dashboard
+- Alert queue
+- Machine details page
+
+A clickable user account link is available in these views, that will take you to the user account details page where more details about the user account are shown.
+
+When you investigate a user account entity, you'll see:
+- User account details and Logged on machines
+- Alerts related to this user
+- Observed in organization (machines logged on to)
+
+
+
+The user account entity details and logged on machines section display various attributes about the user account. You'll see details such as when the user was first and last seen and the total number of machines the user logged on to. You'll also see a list of the machines that the user logged on to, and can expand these to see details of the logon events on each machine.
+
+The **Alerts related to this user** section provides a list of alerts that are associated with the user account. This list is a filtered view of the [Alert queue](alerts-queue-windows-defender-advanced-threat-protection.md), and shows alerts where the user context is the selected user account, the date when the last activity was detected, a short description of the alert, the machine associated with the alert, the alert's severity, the alert's status in the queue, and who is assigned the alert.
+
+The **Observed in organization** section allows you to specify a date range to see a list of machines where this user was observed logged on to, and the most frequent and least frequent logged on user account on each of these machines.
+
+The machine health state is displayed in the machine icon and color as well as in a description text. Clicking on the icon displays additional details regarding machine health.
+
+
+
+## Search for specific user accounts
+
+1. Select **User** from the **Search bar** drop-down menu.
+2. Enter the user account in the **Search** field.
+3. Click the search icon or press **Enter**.
+
+A list of users matching the query text is displayed. You'll see the user account's domain and name, when the user account was last seen, and the total number of machines it was observed logged on to in the last 30 days.
+
+You can filter the results by the following time periods:
+- 1 day
+- 3 days
+- 7 days
+- 30 days
+- 6 months
+
+## Related topics
+- [View the Windows Defender Advanced Threat Protection Dashboard](dashboard-windows-defender-advanced-threat-protection.md)
+- [View and organize the Windows Defender Advanced Threat Protection Alerts queue ](alerts-queue-windows-defender-advanced-threat-protection.md)
+- [Investigate Windows Defender Advanced Threat Protection alerts](investigate-alerts-windows-defender-advanced-threat-protection.md)
+- [Investigate a file associated with a Windows Defender ATP alert](investigate-files-windows-defender-advanced-threat-protection.md)
+- [Investigate an IP address associated with a Windows Defender ATP alert](investigate-ip-windows-defender-advanced-threat-protection.md)
+- [Investigate a domain associated with a Windows Defender ATP alert](investigate-domain-windows-defender-advanced-threat-protection.md)
+- [View and organize the Windows Defender ATP Machines view](machines-view-overview-windows-defender-advanced-threat-protection.md)
+- [Investigate machines in the Windows Defender ATP Machines view](investigate-machines-windows-defender-advanced-threat-protection.md)
+- [Manage Windows Defender Advanced Threat Protection alerts](manage-alerts-windows-defender-advanced-threat-protection.md)
+- [Take response actions in Windows Defender ATP](response-actions-windows-defender-advanced-threat-protection.md)
diff --git a/windows/keep-secure/machines-view-overview-windows-defender-advanced-threat-protection.md b/windows/keep-secure/machines-view-overview-windows-defender-advanced-threat-protection.md
new file mode 100644
index 0000000000..76dd0c900d
--- /dev/null
+++ b/windows/keep-secure/machines-view-overview-windows-defender-advanced-threat-protection.md
@@ -0,0 +1,97 @@
+---
+title: View and organize the Windows Defender ATP machines view
+description: Learn about the available features that you can use from the Machines view such as sorting, filtering, and exporting the machine list which can enhance investigations.
+keywords: sort, filter, export, csv, machine name, domain, last seen, internal IP, health state, active alerts, active malware detections, threat category, review alerts, network, connection, malware, type, password stealer, ransomware, exploit, threat, general malware, unwanted software
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+author: mjcaparas
+localizationpriority: high
+---
+
+# View and organize the Windows Defender ATP Machines view
+
+**Applies to:**
+
+- Windows 10 Enterprise
+- Windows 10 Education
+- Windows 10 Pro
+- Windows 10 Pro Education
+- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+
+The **Machines view** shows a list of the machines in your network, the domain of each machine, when it last reported and the local IP Address it reported on, its **Health state**, the number of active alerts on each machine categorized by alert severity level, and the number of active malware detections. This view allows viewing machines ranked by risk or sensor health state, and keeping track of all machines that are reporting sensor data in your network.
+
+Use the Machines view in these main scenarios:
+
+- **During onboarding**
+ During the onboarding process, the **Machines view** is gradually populated with endpoints as they begin to report sensor data. Use this view to track your onboarded endpoints as they come online. Sort and filter by time of last report, **Active malware category**, or **Sensor health state**, or download the complete endpoint list as a CSV file for offline analysis.
+- **Day-to-day work**
+ The **Machines view** enables easy identification of machines most at risk in a glance. High-risk machines have the greatest number and highest-severity alerts; **Sensor health state** provides another dimension to rank machines. Sorting machines by **Active alerts**, and then by **Sensor health state** helps identify the most vulnerable machines and take action on them.
+
+## Sort, filter, and download the list of machines from the Machines view
+You can sort the **Machines view** by clicking on any column header to sort the view in ascending or descending order.
+
+Filter the **Machines view** by time period, **Active malware categories**, or **Sensor health state** to focus on certain sets of machines, according to the desired criteria.
+
+You can also download the entire list in CSV format using the **Export to CSV** feature.
+
+
+
+You can use the following filters to limit the list of machines displayed during an investigation:
+
+**Time period**
+- 1 day
+- 3 days
+- 7 days
+- 30 days
+- 6 months
+
+**Malware category**
+Filter the list to view specific machines grouped together by the following malware categories:
+ - **Ransomware** – Ransomware use common methods to encrypt files using keys that are known only to attackers. As a result, victims are unable to access the contents of the encrypted files. Most ransomware display or drop a ransom note—an image or an HTML file that contains information about how to obtain the attacker-supplied decryption tool for a fee.
+ - **Credential theft** – Spying tools, whether commercially available or solely used for unauthorized purposes, include general purpose spyware, monitoring software, hacking programs, and password stealers.
+ These tools collect credentials and other information from browser records, key presses, email and instant messages, voice and video conversations, and screenshots. They are used in cyberattacks to establish control and steal information.
+ - **Exploit** – Exploits take advantage of unsecure code in operating system components and applications. Exploits allow attackers to run arbitrary code, elevate privileges, and perform other actions that increase their ability to compromise a targeted machine. Exploits are found in both commodity malware and malware used in targeted attacks.
+ - **General malware** – Malware are malicious programs that perform unwanted actions, including actions that can disrupt, cause direct damage, and facilitate intrusion and data theft. Some malware can replicate and spread from one machine to another. Others are able to receive commands from remote attackers and perform activities associated with cyberattacks.
+ - **Unwanted software** – Unwanted software is a category of applications that install and perform undesirable activity without adequate user consent. These applications are not necessarily malicious, but their behaviors often negatively impact the computing experience, even appearing to invade user privacy. Many of these applications display advertising, modify browser settings, and install bundled software.
+
+**Sensor health state**
+Filter the list to view specific machines grouped together by the following machine health states:
+
+- **Active** – Machines that are actively reporting sensor data to the service.
+- **Misconfigured** – Machines that have impaired communication with service or are unable to send sensor data. For more information on how to address issues on misconfigured machines see, [Fix unhealthy sensors](fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md).
+- **Inactive** – Machines that have completely stopped sending signals for more than 7 days.
+
+## Export machine list to CSV
+You can download a full list of all the machines in your organization, in CSV format. Click the **Manage** menu icon  to download the entire list as a CSV file.
+
+**Note**: Exporting the list depends on the number of machines in your organization. It might take a significant amount of time to download, depending on how large your organization is.
+Exporting the list in CSV format displays the data in an unfiltered manner. The CSV file will include all machines in the organization, regardless of any filtering applied in the view itself.
+
+## Sort the Machines view
+You can sort the **Machines view** by the following columns:
+
+- **Machine name** - Name or GUID of the machine
+- **Last seen** - Date and time when the machine last reported sensor data
+- **Internal IP** - Local internal Internet Protocol (IP) address of the machine
+- **Health State** – Indicates if the machine is misconfigured or is not sending sensor data
+- **Active Alerts** - Number of alerts reported by the machine by severity
+- **Active malware detections** - Number of active malware detections reported by the machine
+
+> [!NOTE]
+> The **Active malware detections** filter column will only appear if your endpoints are using [Windows Defender](windows-defender-in-windows-10.md) as the active real-time protection antimalware product.
+
+
+## Related topics
+- [View the Windows Defender Advanced Threat Protection Dashboard](dashboard-windows-defender-advanced-threat-protection.md)
+- [View and organize the Windows Defender Advanced Threat Protection Alerts queue ](alerts-queue-windows-defender-advanced-threat-protection.md)
+- [Investigate Windows Defender Advanced Threat Protection alerts](investigate-alerts-windows-defender-advanced-threat-protection.md)
+- [Investigate a file associated with a Windows Defender ATP alert](investigate-files-windows-defender-advanced-threat-protection.md)
+- [Investigate an IP address associated with a Windows Defender ATP alert](investigate-ip-windows-defender-advanced-threat-protection.md)
+- [Investigate a domain associated with a Windows Defender ATP alert](investigate-domain-windows-defender-advanced-threat-protection.md)
+- [Investigate machines in the Windows Defender ATP Machines view](investigate-machines-windows-defender-advanced-threat-protection.md)
+- [Investigate a user account in Windows Defender ATP](investigate-user-windows-defender-advanced-threat-protection.md)
+- [Manage Windows Defender Advanced Threat Protection alerts](manage-alerts-windows-defender-advanced-threat-protection.md)
+- [Take response actions in Windows Defender ATP](response-actions-windows-defender-advanced-threat-protection.md)
diff --git a/windows/keep-secure/manage-alerts-windows-defender-advanced-threat-protection.md b/windows/keep-secure/manage-alerts-windows-defender-advanced-threat-protection.md
index d707f81431..4f1523a324 100644
--- a/windows/keep-secure/manage-alerts-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/manage-alerts-windows-defender-advanced-threat-protection.md
@@ -21,22 +21,13 @@ localizationpriority: high
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-Windows Defender ATP notifies you of detected, possible attacks or breaches through alerts. A summary of new alerts is displayed in the **Dashboard**, and you can access all alerts in the **Alerts queue** menu.
+Windows Defender ATP notifies you of possible malicious events, attributes, and contextual information through alerts. A summary of new alerts is displayed in the **Dashboard**, and you can access all alerts in the **Alerts queue** menu.
-For more information on how to investigate alerts see, [Investigate Windows Defender ATP alerts](investigate-alerts-windows-defender-advanced-threat-protection.md#investigate-windows-defender-advanced-threat-protection-alerts).
+You can manage alerts by selecting an alert in the **Alerts queue** or the **Alerts related to this machine** section of the machine details view.
-Click the **Manage Alert** menu icon  on the top of the alert to access the Manage Alert menu and manage alerts.
+Selecting an alert in either of those places brings up the **Alert management pane**.
-
-
-The **Manage alert** icon appears on the alert's heading in the **New**, **In Progress**, or **Resolved** queues, and on the details page for individual alerts.
-
-You can use the **Manage Alert** menu to:
-
-- Change the status of an alert
-- Resolve an alert
-- Suppress alerts so they won't show up in the **Alerts queue** from this point onwards
-- View the history and comments of an alert
+
## Change the status of an alert
@@ -46,21 +37,18 @@ For example, a team leader can review all **New** alerts, and decide to assign t
Alternatively, the team leader might assign the alert to the **Resolved** queue if they know the alert is benign, coming from a machine that is irrelevant (such as one belonging to a security administrator), or is being dealt with through an earlier alert.
-**Change an alert's status:**
+## Alert classification
+You can specify if an alert is a true alert or a false alert.
-1. Click the **Manage Alert** menu icon  on the heading of the alert.
-2. Choose the new status for the alert (the current status is highlighted in bold and appears on the alert).
+## Assign alerts
+If an alert is no yet assigned, you can select **Assign to me** to assign the alert to yourself.
-## Resolve an alert
+## Add comments and view the history of an alert
+You can add comments and view historical events about an alert to see previous changes made to the alert.
-You can resolve an alert by changing the status of the alert to **Resolved**. This causes the **Resolve conclusion** window to appear, where you can indicate why the alert was resolved and enter any additional comments.
-
-
-
-The comments and change of status are recorded in the Comments and history window.
-
-
+Whenever a change or comment is made to an alert, it is recorded in the **Comments and history** section.
+Added comments instantly appear on the pane.
## Suppress alerts
@@ -85,8 +73,9 @@ The context of the rule lets you tailor the queue to ensure that only alerts you
**Suppress an alert and create a suppression rule:**
-1. Click the **Manage Alert** menu icon  on the heading of an existing alert.
-2. Choose the context for suppressing the alert.
+1. Select the alert you'd like to suppress. This brings up the **Alert management** pane.
+2. Scroll down to the **Supression rules** section.
+3. Choose the context for suppressing the alert.
> [!NOTE]
> You cannot create a custom or blank suppression rule. You must start from an existing alert.
@@ -96,12 +85,11 @@ The context of the rule lets you tailor the queue to ensure that only alerts you
1. Click the settings icon  on the main menu bar at the top of the Windows Defender ATP screen.
2. Click **Suppression rules**.
- 
-
-> [!NOTE]
-> You can also click **See rules** in the confirmation window that appears when you suppress an alert.
+ 
The list of suppression rules shows all the rules that users in your organization have created.
+
+
Each rule shows:
- (1) The title of the alert that is suppressed
@@ -109,39 +97,15 @@ Each rule shows:
- (3) The date when the alert was suppressed
- (4) An option to delete the suppression rule, which will cause alerts with this title to be displayed in the queue from this point onwards.
-
-## View the history and comments of an alert
-You can use the **Manage Alert** menu icon  to see a list of previous changes and comments made to the alert and to add new comments. You can also use the menu to open multiple alerts in different tabs so you can compare several alerts at the same time.
-
-Whenever a change or comment is made to an alert, it is recorded in the **Comments and history** window.
-
-**See the history of an alert and its comments:**
-
-1. Click the **Manage Alert** menu icon  on the heading of the alert.
-2. Click **Comments and history** to view related comments and history on the alert.
-
-Comments are indicated by a message box icon () and include the username of the commenter and the time the comment was made.
-
-**Add a new comment:**
-
-1. Type your comment into the field.
-2. Click **Post Comment**.
-
-The comment will appear instantly.
-
-You will also be prompted to enter a comment if you change the status of an alert to **Resolved**.
-
-Changes are indicated by a clock icon (), and are automatically recorded when:
-
-- The alert is created
-- The status of the alert is changed
-
-### Related topics
+## Related topics
- [View the Windows Defender Advanced Threat Protection Dashboard](dashboard-windows-defender-advanced-threat-protection.md)
-- [View and organize the Windows Defender Advanced Threat Protection Alerts queue](alerts-queue-windows-defender-advanced-threat-protection.md)
+- [View and organize the Windows Defender Advanced Threat Protection Alerts queue ](alerts-queue-windows-defender-advanced-threat-protection.md)
- [Investigate Windows Defender Advanced Threat Protection alerts](investigate-alerts-windows-defender-advanced-threat-protection.md)
-- [Investigate machines in the Windows Defender ATP Machines view](investigate-machines-windows-defender-advanced-threat-protection.md)
- [Investigate a file associated with a Windows Defender ATP alert](investigate-files-windows-defender-advanced-threat-protection.md)
- [Investigate an IP address associated with a Windows Defender ATP alert](investigate-ip-windows-defender-advanced-threat-protection.md)
- [Investigate a domain associated with a Windows Defender ATP alert](investigate-domain-windows-defender-advanced-threat-protection.md)
+- [View and organize the Windows Defender ATP Machines view](machines-view-overview-windows-defender-advanced-threat-protection.md)
+- [Investigate machines in the Windows Defender ATP Machines view](investigate-machines-windows-defender-advanced-threat-protection.md)
+- [Investigate a user account in Windows Defender ATP](investigate-user-windows-defender-advanced-threat-protection.md)
+- [Take response actions in Windows Defender ATP](response-actions-windows-defender-advanced-threat-protection.md)
diff --git a/windows/keep-secure/minimum-requirements-windows-defender-advanced-threat-protection.md b/windows/keep-secure/minimum-requirements-windows-defender-advanced-threat-protection.md
index 7125de6f76..b8c5694f12 100644
--- a/windows/keep-secure/minimum-requirements-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/minimum-requirements-windows-defender-advanced-threat-protection.md
@@ -1,5 +1,5 @@
---
-title: Minimum requirements for Windows Defender Advanced Threat Protection
+title: Minimum requirements for Windows Defender ATP
description: Minimum network and data storage configuration, endpoint hardware and software requirements, and deployment channel requirements for Windows Defender ATP.
keywords: minimum requirements, Windows Defender Advanced Threat Protection minimum requirements, network and data storage, endpoint, endpoint configuration, deployment channel
search.product: eADQiWindows 10XVcnh
diff --git a/windows/keep-secure/portal-overview-windows-defender-advanced-threat-protection.md b/windows/keep-secure/portal-overview-windows-defender-advanced-threat-protection.md
index 8c9f2086ff..ac785c854a 100644
--- a/windows/keep-secure/portal-overview-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/portal-overview-windows-defender-advanced-threat-protection.md
@@ -30,13 +30,12 @@ You can use the [Windows Defender ATP portal](https://securitycenter.windows.com
## Windows Defender ATP portal
When you open the portal, you’ll see the main areas of the application:
-- (1) Settings
+
+ 
+
+- (1) Search, Feedback, Settings, Help and support
- (2) Navigation pane
- (3) Main portal
-- (4) Search bar
-
-
- 
> [!NOTE]
> Malware related detections will only appear if your endpoints are using [Windows Defender](https://technet.microsoft.com/library/mt622091(v=vs.85).aspx) as the default real-time protection antimalware product.
@@ -45,15 +44,15 @@ You can navigate through the portal using the menu options available in all sect
Area | Description
:---|:---
-(1) Settings | Provides access to configuration settings such as time zone, alert suppression rules, and license information.
-(2) Navigation pane | Use the navigation pane to move between the **Dashboard**, **Alerts queue**, **Machines view**, **Preferences setup**, and **Enpoint Management**.
+(1) Search bar, Feedback, Settings, Help and support | **Search** - Provides access to the search bar where you can search for file, IP, machine, URL, and user. Displays the Search box: the drop-down list allows you to select the entity type and then enter the search query text. **Feedback** -Access the feedback button to provide comments about the portal. **Settings** - Gives you access to the configuration settings where you can set time zones, alert suppression rules, and license information. **Help and support** - Gives you access to the Windows Defender ATP guide, Microsoft support, and Premier support.
+(2) Navigation pane | Use the navigation pane to move between the **Dashboard**, **Alerts queue**, **Machines view**, **Service health**, **Preferences setup**, and **Enpoint Management**.
**Dashboard** | Provides clickable tiles that open detailed information on various alerts that have been detected in your organization.
**Alerts queue** | Enables you to view separate queues of new, in progress, and resolved alerts.
**Machines view**| Displays the list of machines that are onboarded to Windows Defender ATP, some information about them, and the corresponding number of alerts.
-**Preferences setup**| Shows the settings you selected and lets you update your industry preferences and retention policy period.
-**Enpoint Management**| Allows you to download the onboarding configuration package.
+**Service health** | Provides information on the current status of the Window Defender ATP service. You'll be able to verify that the service status is healthy or if there are current issues.
+**Preferences setup**| Shows the settings you selected during onboarding and lets you update your industry preferences and retention policy period. You can also set email notifications, activate the preview experience, and enable or turn off advanced features.
+**Endpoint Management**| Allows you to download the onboarding configuration package. It provides access to endpoint offboarding.
(3) Main portal| Main area where you will see the different views such as the Dashboard, Alerts queue, and Machines view.
-(4) Search | Search for machines, files, external IP Addresses, or domains across endpoints. The drop-down combo box allows you to select the entity type.
## Windows Defender ATP icons
The following table provides information on the icons used all throughout the portal:
@@ -65,7 +64,8 @@ Icon | Description
| Active threat – Threats actively executing at the time of detection.
| Remediated – Threat removed from the machine
| Not remediated – Threat not removed from the machine.
+ | Indicates events that triggered an alert in the **Alert process tree**.
-### Related topic
+## Related topic
[Use the Windows Defender Advanced Threat Protection portal](use-windows-defender-advanced-threat-protection.md)
diff --git a/windows/keep-secure/powershell-example-code-windows-defender-advanced-threat-protection.md b/windows/keep-secure/powershell-example-code-windows-defender-advanced-threat-protection.md
new file mode 100644
index 0000000000..5574319409
--- /dev/null
+++ b/windows/keep-secure/powershell-example-code-windows-defender-advanced-threat-protection.md
@@ -0,0 +1,79 @@
+---
+title: PowerShell code examples for the custom threat intelligence API
+description: Use PowerShell code to create custom threat intelligence using REST API.
+keywords: powershell, code examples, threat intelligence, custom threat intelligence, rest api, api
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+author: mjcaparas
+localizationpriority: high
+---
+
+# PowerShell code examples for the custom threat intelligence API
+
+**Applies to:**
+
+- Windows 10 Enterprise
+- Windows 10 Education
+- Windows 10 Pro
+- Windows 10 Pro Education
+- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+
+[Some information relates to pre-released product, which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]
+
+This article provides PowerShell code examples for using the custom threat intelligence API.
+
+These code examples demonstrate the following tasks:
+- [Obtain an Azure AD access token](#token)
+- [Create headers](#headers)
+- [Create calls to the custom threat intelligence API](#calls)
+- [Create a new alert definition](#alert-definition)
+- [Create a new indicator of compromise](#ioc)
+
+
+## Step 1: Obtain an Azure AD access token
+The following example demonstrates how to obtain an Azure AD access token that you can use to call methods in the custom threat intelligence API. After you obtain a token, you have 60 minutes to use this token in calls to the custom threat intelligence API before the token expires. After the token expires, you can generate a new token.
+
+Replace the *tenantid*, *clientid*, and *clientSecret* values with the ones you got from **Preferences settings** page in the portal:
+
+[!code[CustomTIAPI](./code/example.ps1#L1-L14)]
+
+
+## Step 2: Create headers used for the requests with the API
+Use the following code to create the headers used for the requests with the API:
+
+[!code[CustomTIAPI](./code/example.ps1#L16-L19)]
+
+
+## Step 3: Create calls to the custom threat intelligence API
+After creating the headers, you can now create calls to the API. The following example demonstrates how you can view all the alert definition entities:
+
+[!code[CustomTIAPI](./code/example.ps1#L21-L24)]
+
+The response is empty on initial use of the API.
+
+
+## Step 4: Create a new alert definition
+The following example demonstrates how you to create a new alert definition.
+
+[!code[CustomTIAPI](./code/example.ps1#L26-L39)]
+
+
+## Step 5: Create a new indicator of compromise
+You can now use the alert ID obtained from creating a new alert definition to create a new indicator of compromise.
+
+[!code[CustomTIAPI](./code/example.ps1#L43-L53)]
+
+## Complete code
+You can use the complete code to create calls to the API.
+
+[!code[CustomTIAPI](./code/example.ps1#L1-L53)]
+
+## Related topics
+- [Understand threat intelligence concepts](threat-indicator-concepts-windows-defender-advanced-threat-protection.md)
+- [Enable the custom threat intelligence application](enable-custom-ti-windows-defender-advanced-threat-protection.md)
+- [Create custom threat intelligence alerts](custom-ti-api-windows-defender-advanced-threat-protection.md)
+- [Python code examples](python-example-code-windows-defender-advanced-threat-protection.md)
+- [Troubleshoot custom threat intelligence issues](troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md)
diff --git a/windows/keep-secure/preferences-setup-windows-defender-advanced-threat-protection.md b/windows/keep-secure/preferences-setup-windows-defender-advanced-threat-protection.md
new file mode 100644
index 0000000000..5d51de963a
--- /dev/null
+++ b/windows/keep-secure/preferences-setup-windows-defender-advanced-threat-protection.md
@@ -0,0 +1,32 @@
+---
+title: Configure Windows Defender Advanced Threat Protection preferences settings
+description: Use the preferences setup to configure and update your preferences settings such as enabling advanced features, preview experience, email notifications, or custom threat intelligence.
+keywords: preferences settings, settings, advanced features, preview experience, email notifications, custom threat intelligence
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+author: mjcaparas
+localizationpriority: high
+---
+# Configure Windows Defender ATP preferences settings
+
+**Applies to:**
+
+- Windows 10 Enterprise
+- Windows 10 Education
+- Windows 10 Pro
+- Windows 10 Pro Education
+- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+
+Use the **Preferences setup** menu to modify general settings, advanced features, enable the preview experience, email notifications, and the custom threat intelligence feature.
+
+## In this section
+
+Topic | Description
+:---|:---
+[Update general settings](general-settings-windows-defender-advanced-threat-protection.md) | Modify your general settings that were previously defined as part of the onboarding process.
+[Enable advanced features](advanced-features-windows-defender-advacned-threat-protection.md)| Enable features such as **Block file** and other features that require integration with other products.
+[Enable the preview experience](preview-settings-windows-defender-advanced-threat-protection.md) | Allows you to turn on preview features so you can try upcoming features.
+[Configure email notifications](configure-email-notifications-windows-defender-advanced-threat-protection.md) | Enables you to configure and identify a group of individuals who will immediately be informed of new alerts through email notifications.
diff --git a/windows/keep-secure/preview-settings-windows-defender-advanced-threat-protection.md b/windows/keep-secure/preview-settings-windows-defender-advanced-threat-protection.md
new file mode 100644
index 0000000000..9304e0ab7e
--- /dev/null
+++ b/windows/keep-secure/preview-settings-windows-defender-advanced-threat-protection.md
@@ -0,0 +1,31 @@
+---
+title: Turn on the preview experience in Windows Defender Advanced Threat Protection
+description: Turn on the preview experience in Windows Defender Advanced Threat Protection to try upcoming features.
+keywords: advanced features, preferences setup, block file
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+author: mjcaparas
+localizationpriority: high
+---
+# Turn on the preview experience in Windows Defender ATP
+
+**Applies to:**
+
+- Windows 10 Enterprise
+- Windows 10 Education
+- Windows 10 Pro
+- Windows 10 Pro Education
+- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+
+Turn on the preview experience setting to be among the first to try upcoming features.
+
+1. In the navigation pane, select **Preferences setup** > **Preview experience**.
+2. Toggle the setting between **On** and **Off** and select **Save preferences**.
+
+## Related topics
+- [Update general settings in Windows Defender ATP](general-settings-windows-defender-advanced-threat-protection.md)
+- [Turn on advanced features in Windows Defender ATP](advanced-features-windows-defender-advacned-threat-protection.md)
+- [Configure email notifications in Windows Defender ATP](configure-email-notifications-windows-defender-advanced-threat-protection.md)
diff --git a/windows/keep-secure/preview-windows-defender-advanced-threat-protection.md b/windows/keep-secure/preview-windows-defender-advanced-threat-protection.md
new file mode 100644
index 0000000000..3a89c15e0b
--- /dev/null
+++ b/windows/keep-secure/preview-windows-defender-advanced-threat-protection.md
@@ -0,0 +1,53 @@
+---
+title: Windows Defender ATP preview features
+description: Learn how to access Windows Defender Advanced Threat Protection preview features.
+keywords: preview, preview experience, Windows Defender Advanced Threat Protection, features, updates
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+author: mjcaparas
+localizationpriority: high
+---
+
+# Windows Defender ATP preview features
+
+**Applies to:**
+
+- Windows 10 Enterprise
+- Windows 10 Education
+- Windows 10 Pro
+- Windows 10 Pro Education
+- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+
+[Some information relates to pre-released product, which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]
+
+The Windows Defender ATP service is constantly being updated to include new feature enhancements and capabilities.
+
+Learn about new features in the Windows Defender ATP preview release and be among the first to try upcoming features by turning on the preview experience.
+
+You'll have access to upcoming features which you can provide feedback on to help improve the overall experience before features are generally available.
+
+For more information, see [Turn on the preview experience](preview-settings-windows-defender-advanced-threat-protection.md).
+
+## Preview features
+The following features are included in the preview release:
+
+- [Take response actions on a machine](respond-machine-alerts-windows-defender-advanced-threat-protection.md) - Quickly respond to detected attacks by isolating machines or collecting an investigation package.
+ - [Isolate machines from the network](respond-machine-alerts-windows-defender-advanced-threat-protection.md#isolate-machines-from-the-network)
+ - [Undo machine isolation](respond-machine-alerts-windows-defender-advanced-threat-protection.md#undo-machine-isolation)
+ - [Collect investigation package](respond-machine-alerts-windows-defender-advanced-threat-protection.md#collect-investigation-package-from-machines)
+
+- [Take response actions on a file](respond-file-alerts-windows-defender-advanced-threat-protection.md) - Quickly respond to detected attacks by stopping and quarantining files or blocking a file.
+ - [Stop and quarantine files in your network](respond-file-alerts-windows-defender-advanced-threat-protection.md#stop-and-quarantine-files-in-your-network)
+ - [Remove file from quarantine](respond-file-alerts-windows-defender-advanced-threat-protection.md#remove-file-from-quarantine)
+ - [Block files in your network](respond-file-alerts-windows-defender-advanced-threat-protection.md#block-files-in-your-network)
+
+- [Check sensor health state](check-sensor-status-windows-defender-advanced-threat-protection.md) - Check an endpoint's ability to provide sensor data and communicate with the Windows Defender ATP service and fix known issues.
+ - [Fix unhealthy sensors](fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md)
+
+- [Use the threat intelligence API to create custom alerts](use-custom-ti-windows-defender-advanced-threat-protection.md) - Create custom threat intelligence alerts using the threat intelligence API to generate alerts that are applicable to your organization.
+
+>[!NOTE]
+> All response actions require machines to be on the latest Windows 10 Insider Preview build.
diff --git a/windows/keep-secure/python-example-code-windows-defender-advanced-threat-protection.md b/windows/keep-secure/python-example-code-windows-defender-advanced-threat-protection.md
new file mode 100644
index 0000000000..6e63d9f1b5
--- /dev/null
+++ b/windows/keep-secure/python-example-code-windows-defender-advanced-threat-protection.md
@@ -0,0 +1,81 @@
+---
+title: Python code examples for the custom threat intelligence API
+description: Use Python code to create custom threat intelligence using REST API.
+keywords: python, code examples, threat intelligence, custom threat intelligence, rest api, api
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+author: mjcaparas
+localizationpriority: high
+---
+
+# Python code examples for the custom threat intelligence API
+
+**Applies to:**
+
+- Windows 10 Enterprise
+- Windows 10 Education
+- Windows 10 Pro
+- Windows 10 Pro Education
+- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+
+[Some information relates to pre-released product, which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]
+
+## Before you begin
+You must [install](http://docs.python-requests.org/en/master/user/install/#install) the "[requests](http://docs.python-requests.org/en/master/)" python library.
+
+These code examples demonstrate the following tasks:
+- [Obtain an Azure AD access token](#token)
+- [Create request session object](#session-object)
+- [Create calls to the custom threat intelligence API](#calls)
+- [Create a new alert definition](#alert-definition)
+- [Create a new indicator of compromise](#ioc)
+
+
+## Step 1: Obtain an Azure AD access token
+The following example demonstrates how to obtain an Azure AD access token that you can use to call methods in the custom threat intelligence API. After you obtain a token, you have 60 minutes to use this token in calls to the custom threat intelligence API before the token expires. After the token expires, you can generate a new token.
+
+Replace the *tenant\_id*, *client_id*, and *client_secret* values with the ones you got from **Preferences settings** page in the portal:
+
+[!code[CustomTIAPI](./code/example.py#L1-L17)]
+
+
+
+## Step 2: Create request session object
+Add HTTP headers to the session object, including the Authorization header with the token that was obtained.
+
+[!code[CustomTIAPI](./code/example.py#L19-L23)]
+
+
+## Step 3: Create calls to the custom threat intelligence API
+After adding HTTP headers to the session object, you can now create calls to the API. The following example demonstrates how you can view all the alert definition entities:
+
+[!code[CustomTIAPI](./code/example.py#L25-L26)]
+
+The response is empty on initial use of the API.
+
+
+## Step 4: Create a new alert definition
+The following example demonstrates how you to create a new alert definition.
+
+[!code[CustomTIAPI](./code/example.py#L28-L39)]
+
+
+## Step 5: Create a new indicator of compromise
+You can now use the alert ID obtained from creating a new alert definition to create a new indicator of compromise.
+
+[!code[CustomTIAPI](./code/example.py#L41-L51)]
+
+## Complete code
+You can use the complete code to create calls to the API.
+
+[!code[CustomTIAPI](./code/example.py#L1-L53)]
+
+## Related topics
+- [Understand threat intelligence](threat-indicator-concepts-windows-defender-advanced-threat-protection.md)
+- [Create custom threat intelligence alerts](custom-ti-api-windows-defender-advanced-threat-protection.md)
+- [Enable the custom threat intelligence application](enable-custom-ti-windows-defender-advanced-threat-protection.md)
+- [PowerShell code examples](powershell-example-code-windows-defender-advanced-threat-protection.md)
+- [Troubleshoot custom threat intelligence issues](troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md)
diff --git a/windows/keep-secure/requirements-and-deployment-planning-guidelines-for-device-guard.md b/windows/keep-secure/requirements-and-deployment-planning-guidelines-for-device-guard.md
index fad266b5ee..0bba05e0b7 100644
--- a/windows/keep-secure/requirements-and-deployment-planning-guidelines-for-device-guard.md
+++ b/windows/keep-secure/requirements-and-deployment-planning-guidelines-for-device-guard.md
@@ -39,22 +39,22 @@ You can deploy Device Guard in phases, and plan these phases in relation to the
> [!WARNING]
> Virtualization-based protection of code integrity may be incompatible with some devices and applications. We strongly recommend testing this configuration in your lab before enabling virtualization-based protection of code integrity on production systems. Failure to do so may result in unexpected failures up to and including data loss or a blue screen error (also called a stop error).
-The following tables provide more information about the hardware, firmware, and software required for deployment of various Device Guard features. The tables describe baseline protections, plus protections for improved security that are associated with hardware and firmware options available in 2015, available in 2016, and announced as options for 2017.
+The following tables provide more information about the hardware, firmware, and software required for deployment of various Device Guard features. The tables describe baseline protections, plus protections for improved security that are associated with hardware and firmware options available in 2015, 2016, and 2017.
-> **Notes**
-> - To understand the requirements in the following tables, you will need to be familiar with the main features in Device Guard: configurable code integrity policies, virtualization-based security (VBS), and Universal Extensible Firmware Interface (UEFI) Secure Boot. For information about these features, see [How Device Guard features help protect against threats](introduction-to-device-guard-virtualization-based-security-and-code-integrity-policies.md#how-device-guard-features-help-protect-against-threats).
-> - For new computers running Windows 10, Trusted Platform Module (TPM 2.0) must be enabled by default. This requirement is not restated in the tables that follow.
+> **Notes**
+You must run USMT using an account with full administrative permissions, including the following privileges:
- 4. Right-click **Command Prompt**.
+- SeBackupPrivilege (Back up files and directories)
+- SeDebugPrivilege (Debug programs)
+- SeRestorePrivilege (Restore files and directories)
+- SeSecurityPrivilege (Manage auditing and security log)
+- SeTakeOwnership Privilege (Take ownership of files or other objects)
- 5. Click **Run as administrator**.
- 6. At the command prompt, type the `ScanState` or `LoadState` command.
+## Config.xml
- **Important**
- You must run USMT in Administrator mode from an account with full administrative permissions, including the following privileges:
+- **Specify the /c option and <ErrorControl> settings in the Config.xml file.**
+ USMT will fail if it cannot migrate a file or setting, unless you specify the **/c** option. When you specify the **/c** option, USMT logs an error each time it encounters a file that is in use that did not migrate, but the migration will not be interrupted. In USMT, you can specify in the Config.xml file which types of errors should allow the migration to continue, and which should cause the migration to fail. For more information about error reporting, and the **<ErrorControl>** element, see [Config.xml File](usmt-configxml-file.md), [Log Files](usmt-log-files.md), and [XML Elements Library](usmt-xml-elements-library.md).
- - SeBackupPrivilege (Back up files and directories)
+## LoadState
- - SeDebugPrivilege (Debug programs)
-
- - SeRestorePrivilege (Restore files and directories)
-
- - SeSecurityPrivilege (Manage auditing and security log)
-
- - SeTakeOwnership Privilege (Take ownership of files or other objects)
-
-
-
-- **Specify the /c option and <ErrorControl> settings in the Config.xml file.** USMT will fail if it cannot migrate a file or setting, unless you specify the **/c** option. When you specify the **/c** option, USMT logs an error each time it encounters a file that is in use that did not migrate, but the migration will not be interrupted. In USMT, you can specify in the Config.xml file which types of errors should allow the migration to continue, and which should cause the migration to fail. For more information about error reporting, and the **<ErrorControl>** element, see [Config.xml File](usmt-configxml-file.md), [Log Files](usmt-log-files.md), and [XML Elements Library](usmt-xml-elements-library.md).
-
-- **Install applications before running the LoadState command.** Install all applications on the destination computer before restoring the user state. This ensures that migrated settings are preserved.
+- **Install applications before running the LoadState command.**
+ Install all applications on the destination computer before restoring the user state. This ensures that migrated settings are preserved.
## Hard-Disk Requirements
@@ -146,21 +133,16 @@ Ensure that there is enough available space in the migration-store location and
This documentation assumes that IT professionals using USMT understand command-line tools. The documentation also assumes that IT professionals using USMT to author MigXML rules understand the following:
- The navigation and hierarchy of the Windows registry.
-
- The files and file types that applications use.
-
- The methods to extract application and setting information manually from applications created by internal software-development groups and non-Microsoft software vendors.
-
- XML-authoring basics.
## Related topics
-[Plan Your Migration](usmt-plan-your-migration.md)
-
-[Estimate Migration Store Size](usmt-estimate-migration-store-size.md)
-
-[User State Migration Tool (USMT) Overview Topics](usmt-topics.md)
+[Plan Your Migration](usmt-plan-your-migration.md)
+[Estimate Migration Store Size](usmt-estimate-migration-store-size.md)
+[User State Migration Tool (USMT) Overview Topics](usmt-topics.md)
diff --git a/windows/deploy/windows-10-poc-mdt.md b/windows/deploy/windows-10-poc-mdt.md
index 057d16d9f6..54eb632a5f 100644
--- a/windows/deploy/windows-10-poc-mdt.md
+++ b/windows/deploy/windows-10-poc-mdt.md
@@ -306,7 +306,7 @@ This procedure will demonstrate how to deploy the reference image to the PoC env
```
[Settings]
Priority=Default
-
+
[Default]
_SMSTSORGNAME=Contoso
OSInstall=YES
@@ -362,7 +362,7 @@ This procedure will demonstrate how to deploy the reference image to the PoC env
```
[Settings]
Priority=Default
-
+
[Default]
DeployRoot=\\SRV1\MDTProd$
UserDomain=CONTOSO
@@ -417,12 +417,16 @@ This procedure will demonstrate how to deploy the reference image to the PoC env
Disable-NetAdapter "Ethernet 2" -Confirm:$false
```
+ >Wait until the disable-netadapter command completes before proceeding.
+
+
2. Next, switch to the Hyper-V host and open an elevated Windows PowerShell prompt. Create a generation 2 VM on the Hyper-V host that will load its OS using PXE. To create this VM, type the following commands at an elevated Windows PowerShell prompt:
```
New-VM –Name "PC2" –NewVHDPath "c:\vhd\pc2.vhdx" -NewVHDSizeBytes 60GB -SwitchName poc-internal -BootDevice NetworkAdapter -Generation 2
Set-VMMemory -VMName "PC2" -DynamicMemoryEnabled $true -MinimumBytes 720MB -MaximumBytes 2048MB -Buffer 20
```
+
>Dynamic memory is configured on the VM to conserve resources. However, this can cause memory allocation to be reduced past what is required to install an operating system. If this happens, reset the VM and begin the OS installation task sequence immediately. This ensures the VM memory allocation is not decreased too much while it is idle.
3. Start the new VM and connect to it:
@@ -452,24 +456,24 @@ This completes the demonstration of how to deploy a reference image to the netwo
This section will demonstrate how to export user data from an existing client computer, wipe the computer, install a new operating system, and then restore user data and settings. The scenario will use PC1, a computer that was cloned from a physical device to a VM, as described in [Step by step guide: Deploy Windows 10 in a test lab](windows-10-poc.md).
-If the PC1 VM is not already running, then start and connect to it:
-
+1. If the PC1 VM is not already running, then start and connect to it:
+
```
Start-VM PC1
vmconnect localhost PC1
```
-1. Switch back to the Hyper-V host and create a checkpoint for the PC1 VM so that it can easily be reverted to its current state for troubleshooting purposes and to perform additional scenarios. Checkpoints are also known as snapshots. To create a checkpoint for the PC1 VM, type the following command at an elevated Windows PowerShell prompt on the Hyper-V host:
+2. Switch back to the Hyper-V host and create a checkpoint for the PC1 VM so that it can easily be reverted to its current state for troubleshooting purposes and to perform additional scenarios. Checkpoints are also known as snapshots. To create a checkpoint for the PC1 VM, type the following command at an elevated Windows PowerShell prompt on the Hyper-V host:
```
Checkpoint-VM -Name PC1 -SnapshotName BeginState
```
-2. Sign on to PC1 using the CONTOSO\Administrator account.
+3. Sign on to PC1 using the CONTOSO\Administrator account.
>Specify **contoso\administrator** as the user name to ensure you do not sign on using the local administrator account. You must sign in with this account so that you have access to the deployment share.
-3. Open an elevated command prompt on PC1 and type the following:
+4. Open an elevated command prompt on PC1 and type the following:
```
cscript \\SRV1\MDTProd$\Scripts\Litetouch.vbs
@@ -477,13 +481,13 @@ If the PC1 VM is not already running, then start and connect to it:
**Note**: Litetouch.vbs must be able to create the C:\MININT directory on the local computer.
-4. Choose the **Windows 10 Enterprise x64 Custom Image** and then click **Next**.
+5. Choose the **Windows 10 Enterprise x64 Custom Image** and then click **Next**.
-5. Choose **Do not back up the existing computer** and click **Next**.
+6. Choose **Do not back up the existing computer** and click **Next**.
**Note**: The USMT will still back up the computer.
-6. Lite Touch Installation will perform the following actions:
+7. Lite Touch Installation will perform the following actions:
- Back up user settings and data using USMT.
- Install the Windows 10 Enterprise X64 operating system.
- Update the operating system via Windows Update.
@@ -491,15 +495,15 @@ If the PC1 VM is not already running, then start and connect to it:
You can review the progress of installation on SRV1 by clicking on the **Monitoring** node in the deployment workbench. When OS installation is complete, the computer will restart, set up devices, and configure settings.
-7. Sign in with the CONTOSO\Administrator account and verify that all CONTOSO domain user accounts and data have been migrated to the new operating system, or other user accounts as specified [previously](#configure-the-mdt-production-deployment-share).
+8. Sign in with the CONTOSO\Administrator account and verify that all CONTOSO domain user accounts and data have been migrated to the new operating system, or other user accounts as specified [previously](#configure-the-mdt-production-deployment-share).
-8. Create another checkpoint for the PC1 VM so that you can review results of the computer refresh later. To create a checkpoint, type the following command at an elevated Windows PowerShell prompt on the Hyper-V host:
+9. Create another checkpoint for the PC1 VM so that you can review results of the computer refresh later. To create a checkpoint, type the following command at an elevated Windows PowerShell prompt on the Hyper-V host:
```
Checkpoint-VM -Name PC1 -SnapshotName RefreshState
```
-9. Restore the PC1 VM to it's previous state in preparation for the replace procedure. To restore a checkpoint, type the following command at an elevated Windows PowerShell prompt on the Hyper-V host:
+10. Restore the PC1 VM to it's previous state in preparation for the replace procedure. To restore a checkpoint, type the following command at an elevated Windows PowerShell prompt on the Hyper-V host:
```
Restore-VMSnapshot -VMName PC1 -Name BeginState -Confirm:$false
@@ -507,7 +511,7 @@ If the PC1 VM is not already running, then start and connect to it:
vmconnect localhost PC1
```
-10. Sign in to PC1 using the contoso\administrator account.
+11. Sign in to PC1 using the contoso\administrator account.
## Replace a computer with Windows 10
@@ -557,10 +561,10 @@ At a high level, the computer replace process consists of:
```
3. Complete the deployment wizard using the following:
- **Task Sequence**: Backup Only Task Sequence
- - **User Data**: Specify a location: **\\SRV1\MigData$\PC1**
+ - **User Data**: Specify a location: **\\\\SRV1\MigData$\PC1**
- **Computer Backup**: Do not back up the existing computer.
4. While the task sequence is running on PC1, open the deployment workbench console on SRV1 and click the **Monitoring* node. Press F5 to refresh the console, and view the status of current tasks.
-5. Verify that **The user state capture was completed successfully** is displayed, and click **Finish** when the capture is complete.
+5. On PC1, verify that **The user state capture was completed successfully** is displayed, and click **Finish** when the capture is complete.
6. On SRV1, verify that the file **USMT.MIG** was created in the **C:\MigData\PC1\USMT** directory. See the following example:
```
@@ -585,18 +589,24 @@ At a high level, the computer replace process consists of:
```
Disable-NetAdapter "Ethernet 2" -Confirm:$false
```
+
+ >As mentioned previously, ensure that you disable the **external** network adapter, and wait for the command to complete before proceeding.
+
+
3. Start and connect to PC3 by typing the following commands at an elevated Windows PowerShell prompt on the Hyper-V host:
```
Start-VM PC3
vmconnect localhost PC3
```
+
4. When prompted, press ENTER for network boot.
-6. On PC3, ue the following settings for the Windows Deployment Wizard:
+6. On PC3, use the following settings for the Windows Deployment Wizard:
- **Task Sequence**: Windows 10 Enterprise x64 Custom Image
- **Move Data and Settings**: Do not move user data and settings
- - **User Data (Restore)**: Specify a location: **\\SRV1\MigData$\PC1**
+ - **User Data (Restore)**: Specify a location: **\\\\SRV1\MigData$\PC1**
+
5. When OS installation has started on PC1, re-enable the external network adapter on SRV1 by typing the following command on SRV1:
```
@@ -606,7 +616,9 @@ At a high level, the computer replace process consists of:
8. When PC3 has completed installing the OS, sign in to PC3 using the contoso\administrator account. When the PC completes updating, click **Finish**.
-9. Verify that settings have been migrated from PC1, and then shut down PC3 in preparation for the next procedure.
+9. Verify that settings have been migrated from PC1. This completes demonstration of the replace procedure.
+
+10. Shut down PC3 in preparation for the [next](windows-10-poc-sc-config-mgr.md) procedure.
## Troubleshooting logs, events, and utilities
diff --git a/windows/deploy/windows-10-poc-sc-config-mgr.md b/windows/deploy/windows-10-poc-sc-config-mgr.md
index d9278a15c5..ff0b497b45 100644
--- a/windows/deploy/windows-10-poc-sc-config-mgr.md
+++ b/windows/deploy/windows-10-poc-sc-config-mgr.md
@@ -163,8 +163,8 @@ Topics and procedures in this guide are summarized in the following table. An es
adsiedit.msc
```
-6. Right-click **ADSI Edit**, click **Connect to**, select **Default** under **Computer** and then click **OK**.
-7. Expand **Default naming context**>**DC=contoso,DC=com**, right-click **CN=System**, point to **New**, and then click **Object**.
+6. Right-click **ADSI Edit**, click **Connect to**, select **Default (Domain or server that you logged in to)** under **Computer** and then click **OK**.
+7. Expand **Default naming context**>**DC=contoso,DC=com**, and then in the console tree right-click **CN=System**, point to **New**, and then click **Object**.
8. Click **container** and then click **Next**.
9. Next to **Value**, type **System Management**, click **Next**, and then click **Finish**.
10. Right-click **CN=system Management** and then click **Properties**.
@@ -194,7 +194,7 @@ Topics and procedures in this guide are summarized in the following table. An es
- **Settings Summary**: Review settings and click **Next**.
- **Prerequisite Check**: No failures should be listed. Ignore any warnings and click **Begin Install**.
- >There should be at most three warnings present: WSUS on site server, configuration for SQL Server memory usage, and SQL Server process memory allocation. These warnings can safely be ignored.
+ >There should be at most three warnings present: WSUS on site server, configuration for SQL Server memory usage, and SQL Server process memory allocation. These warnings can safely be ignored in this test environment.
Depending on the speed of the Hyper-V host and resources allocated to SRV1, installation can require approximately one hour. Click **Close** when installation is complete.
@@ -207,7 +207,7 @@ Topics and procedures in this guide are summarized in the following table. An es
## Download MDOP and install DaRT
-1. Download the [Microsoft Desktop Optimization Pack 2015](https://msdn.microsoft.com/en-us/subscriptions/downloads/#ProductFamilyId=597) to the Hyper-V host using an MSDN subscription. Download the .ISO file (mu_microsoft_desktop_optimization_pack_2015_x86_x64_dvd_5975282.iso) to the C:\VHD directory on the Hyper-V host.
+1. Download the [Microsoft Desktop Optimization Pack 2015](https://msdn.microsoft.com/en-us/subscriptions/downloads/#ProductFamilyId=597) to the Hyper-V host using an MSDN subscription. Download the .ISO file (mu_microsoft_desktop_optimization_pack_2015_x86_x64_dvd_5975282.iso, 2.79 GB) to the C:\VHD directory on the Hyper-V host.
2. Type the following command at an elevated Windows PowerShell prompt on the Hyper-V host to mount the MDOP file on SRV1:
@@ -292,19 +292,19 @@ This section contains several procedures to support Zero Touch installation with
2. In the System Center Configuration Manager console, in the **Administration** workspace, click **Distribution Points**.
3. In the display pane, right-click **SRV1.CONTOSO.COM** and then click **Properties**.
4. On the PXE tab, select the following settings:
- - Enable PXE support for clients. Click **Yes** in the popup that appears.
- - Allow this distribution point to respond to incoming PXE requests
- - Enable unknown computer support. Click **OK** in the popup that appears.
- - Require a password when computers use PXE
- - Password and Confirm password: pass@word1
- - Respond to PXE requests on specific network interfaces: Click the yellow starburst and then enter the MAC address determined in the first step of this procedure.
+ - **Enable PXE support for clients**. Click **Yes** in the popup that appears.
+ - **Allow this distribution point to respond to incoming PXE requests**
+ - **Enable unknown computer support**. Click **OK** in the popup that appears.
+ - **Require a password when computers use PXE**
+ - **Password** and **Confirm password**: pass@word1
+ - **Respond to PXE requests on specific network interfaces**: Click the yellow starburst and then enter the MAC address determined in the first step of this procedure.
See the following example:
5. Click **OK**.
-6. Type the following command at an elevated Windows PowerShell prompt on SRV1, and verify that the files displayed are present:
+6. Wait for a minute, then type the following command at an elevated Windows PowerShell prompt on SRV1, and verify that the files displayed are present:
```
cmd /c dir /b C:\RemoteInstall\SMSBoot\x64
@@ -340,7 +340,7 @@ This section contains several procedures to support Zero Touch installation with
>You can open C:\Sources\OSD\Branding\contoso.bmp in MSPaint.exe if desired to customize this image.
-## Create a boot image for Configuration Manager
+### Create a boot image for Configuration Manager
1. In the Configuration Manager console, in the **Software Library** workspace, expand **Operating Systems**, right-click **Boot Images**, and then click **Create Boot Image using MDT**.
2. On the Package Source page, under **Package source folder to be created (UNC Path):**, type **\\\SRV1\Sources$\OSD\Boot\Zero Touch WinPE x64**, and then click **Next**.
@@ -357,13 +357,15 @@ This section contains several procedures to support Zero Touch installation with
```
Invoke-Item 'C:\Program Files\Microsoft Configuration Manager\tools\cmtrace.exe'
```
- >In the trace tool, click **Tools** on the menu and choose **Find**. Search for "**STATMSG: ID=2301**". For example:
+
+ In the trace tool, click **Tools** on the menu and choose **Find**. Search for "**STATMSG: ID=2301**". For example:
- ```
- STATMSG: ID=2301 SEV=I LEV=M SOURCE="SMS Server" COMP="SMS_DISTRIBUTION_MANAGER" SYS=SRV1.CONTOSO.COM SITE=PS1 PID=2476 TID=4636 GMTDATE=Wed Sep 14 22:11:09.363 2016 ISTR0="Configuration Manager Client Upgrade Package" ISTR1="PS100003" ISTR2="" ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=1 AID0=400 AVAL0="PS100003" SMS_DISTRIBUTION_MANAGER 9/14/2016 3:11:09 PM 4636 (0x121C)
- ```
-11. You can also review status by clicking the **Zero Touch WinPE x64** image, and then clicking **Content Status** under **Related Objects** in the bottom right-hand corner of the console, or by entering **\Monitoring\Overview\Distribution Status\Content Status** on the location bar in the console. Doublt-click **Zero Touch WinPE x64** under **Content Status** in the console tree and verify that a status of **Successfully distributed content** is displayed on the **Success** tab.
-12. In the **Software Library** workspace, double-click **Zero Touch WinPE x64** and then click the **Data Source** tab.
+ ```
+ STATMSG: ID=2301 SEV=I LEV=M SOURCE="SMS Server" COMP="SMS_DISTRIBUTION_MANAGER" SYS=SRV1.CONTOSO.COM SITE=PS1 PID=2476 TID=4636 GMTDATE=Wed Sep 14 22:11:09.363 2016 ISTR0="Configuration Manager Client Upgrade Package" ISTR1="PS100003" ISTR2="" ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=1 AID0=400 AVAL0="PS100003" SMS_DISTRIBUTION_MANAGER 9/14/2016 3:11:09 PM 4636 (0x121C)
+ ```
+
+11. You can also review status by clicking the **Zero Touch WinPE x64** image, and then clicking **Content Status** under **Related Objects** in the bottom right-hand corner of the console, or by entering **\Monitoring\Overview\Distribution Status\Content Status** on the location bar in the console. Double-click **Zero Touch WinPE x64** under **Content Status** in the console tree and verify that a status of **Successfully distributed content** is displayed on the **Success** tab.
+12. Next, in the **Software Library** workspace, double-click **Zero Touch WinPE x64** and then click the **Data Source** tab.
13. Select the **Deploy this boot image from the PXE-enabled distribution point** checkbox, and click **OK**.
14. Review the distmgr.log file again for "**STATMSG: ID=2301**" and verify that there are three folders under **C:\RemoteInstall\SMSImages** with boot images. See the following example:
@@ -380,7 +382,7 @@ This section contains several procedures to support Zero Touch installation with
>The first two images (*.wim files) are default boot images. The third is the new boot image with DaRT.
-## Create a Windows 10 reference image
+### Create a Windows 10 reference image
If you have already completed steps in [Deploy Windows 10 in a test lab using Microsoft Deployment Toolkit](windows-10-poc-mdt.md) then you have already created a Windows 10 reference image. In this case, skip to the next procedure in this guide: [Add a Windows 10 operating system image](#add-a-windows-10-operating-system-image). If you have not yet created a Windows 10 reference image, complete the steps in this section.
@@ -534,7 +536,7 @@ If you have already completed steps in [Deploy Windows 10 in a test lab using Mi
This step requires from 30 minutes to 2 hours, depending on the speed of the Hyper-V host and your network's download speed. After some time, you will have a Windows 10 Enterprise x64 image that is fully patched and has run through Sysprep. The image is located in the C:\MDTBuildLab\Captures folder on SRV1. The file name is **REFW10X64-001.wim**.
-## Add a Windows 10 operating system image
+### Add a Windows 10 operating system image
1. Type the following commands at an elevated Windows PowerShell prompt on SRV1:
@@ -553,11 +555,11 @@ If you have already completed steps in [Deploy Windows 10 in a test lab using Mi
6. In the Distribute Content Wizard, click **Next**, click **Add**, click **Distribution Point**, add the **SRV1.CONTOSO.COM** distribution point, click **OK**, click **Next** twice and then click **Close**.
-7. Enter **\Monitoring\Overview\Distribution Status\Content Status** on the location bar, click **Windows 10 Enterprise x64**, and monitor the status of content distribution until it is successful and no longer in progress. Refresh the view with the F5 key or by right-clicking **Windows 10 Enterprise x64** and clicking **Refresh**. Processing of the image on the site server can take several minutes.
+7. Enter **\Monitoring\Overview\Distribution Status\Content Status** on the location bar (be sure there is no space at the end of the location or you will get an error), click **Windows 10 Enterprise x64**, and monitor the status of content distribution until it is successful and no longer in progress. Refresh the view with the F5 key or by right-clicking **Windows 10 Enterprise x64** and clicking **Refresh**. Processing of the image on the site server can take several minutes.
>If content distribution is not successful, verify that sufficient disk space is available.
-## Create a task sequence
+### Create a task sequence
>Complete this section slowly. There are a large number of similar settings from which to choose.
@@ -567,37 +569,37 @@ If you have already completed steps in [Deploy Windows 10 in a test lab using Mi
3. On the General page, type **Windows 10 Enterprise x64** under **Task sequence name:** and then click **Next**.
-4. On the Details page, enter the following settings:
- - Join a domain: contoso.com
- - Account: click **Set**
- - User name: contoso\CM_JD
- - Password: pass@word1
- - Confirm password: pass@word1
- - Click **OK**
- - Windows Settings
- - User name: Contoso
- - Organization name: Contoso
- - Product key: \
- - Administrator Account: Enable the account and specify the local administrator password
- - Password: pass@word1
- - Confirm password: pass@word1
- - Click Next
+4. On the Details page, enter the following settings:
+ - Join a domain: **contoso.com**
+ - Account: click **Set**
+ - User name: **contoso\CM_JD**
+ - Password: **pass@word1**
+ - Confirm password: **pass@word1**
+ - Click **OK**
+ - Windows Settings
+ - User name: **Contoso**
+ - Organization name: **Contoso**
+ - Product key: \
.
-## Finalize the operating system configuration
+### Finalize the operating system configuration
>If you completed all procedures in [Deploy Windows 10 in a test lab using Microsoft Deployment Toolkit](windows-10-poc-mdt.md) then the MDT deployment share is already present on SRV1. In this case, skip the first four steps below and begin with step 5 to edit CustomSettings.ini.
@@ -670,7 +672,7 @@ If you have already completed steps in [Deploy Windows 10 in a test lab using Mi
[Settings]
Priority=Default
Properties=OSDMigrateConfigFiles,OSDMigrateMode
-
+
[Default]
DoCapture=NO
ComputerBackupLocation=NONE
@@ -681,6 +683,14 @@ If you have already completed steps in [Deploy Windows 10 in a test lab using Mi
EventService=http://SRV1:9800
ApplyGPOPack=NO
```
+
+ >As noted previously, if you wish to migrate accounts other than those in the Contoso domain, then change the OSDMigrateAdditionalCaptureOptions option. For example, the following option will capture settings from all user accounts:
+
+ ```
+ OSDMigrateAdditionalCaptureOptions=/all
+ ```
+
+
7. Return to the Configuration Manager console, and in the Software Library workspace, expand **Application Management**, click **Packages**, right-click **Windows 10 x64 Settings**, and then click **Update Distribution Points**. Click **OK** in the popup that appears.
8. In the Software Library workspace, expand **Operating Systems**, click **Task Sequences**, right-click **Windows 10 Enterprise x64**, and then click **Distribute Content**.
@@ -705,6 +715,8 @@ If you have already completed steps in [Deploy Windows 10 in a test lab using Mi
## Deploy Windows 10 using PXE and Configuration Manager
+In this first deployment scenario, we will deploy Windows 10 using PXE. This scenario creates a new computer that does not have any migrated users or settings.
+
1. Type the following commands at an elevated Windows PowerShell prompt on the Hyper-V host:
```
@@ -718,7 +730,7 @@ If you have already completed steps in [Deploy Windows 10 in a test lab using Mi
3. In the Task Sequence Wizard, provide the password: **pass@word1**, and then click **Next**.
-4. Before you click Next in the Task Sequence Wizard, press the **F8** key. A command prompt will open.
+4. Before you click **Next** in the Task Sequence Wizard, press the **F8** key. A command prompt will open.
5. At the command prompt, type **explorer.exe** and review the Windows PE file structure.
@@ -745,6 +757,7 @@ If you have already completed steps in [Deploy Windows 10 in a test lab using Mi
- Join the computer to the contoso.com domain
- Install any applications that were specified in the reference image
+
12. When Windows 10 installation has completed, sign in to PC4 using the **contoso\administrator** account.
13. Right-click **Start**, click **Run**, type **control appwiz.cpl**, press ENTER, click Turn Windows features on or off, and verify that **.NET Framework 3.5 (includes .NET 2.0 and 3.0)** is installed. This is a feature included in the reference image.
@@ -927,7 +940,7 @@ vmconnect localhost PC1
- Task sequence comments: **USMT backup only**
4. Click **Next**, and on the Boot Image page, browse and select the **Zero Touch WinPE x64** boot image package. Click **OK** and then click **Next** to continue.
-5. On the MDT Package page, browse and select the **MDT 2013** package. Click **OK** and then click **Next** to continue.
+5. On the MDT Package page, browse and select the **MDT** package. Click **OK** and then click **Next** to continue.
6. On the USMT Package page, browse and select the **Microsoft Corporation User State Migration Tool for Windows** package. Click **OK** and then click **Next** to continue.
7. On the Settings Package page, browse and select the **Windows 10 x64 Settings** package. Click **OK** and then click **Next** to continue.
8. On the Summary page, review the details and then click **Next**.
diff --git a/windows/keep-secure/TOC.md b/windows/keep-secure/TOC.md
index 3a3d3bcda1..92fb8a44a9 100644
--- a/windows/keep-secure/TOC.md
+++ b/windows/keep-secure/TOC.md
@@ -722,6 +722,7 @@
#### [Tpmvscmgr](virtual-smart-card-tpmvscmgr.md)
### [Windows Defender Advanced Threat Protection](windows-defender-advanced-threat-protection.md)
#### [Minimum requirements](minimum-requirements-windows-defender-advanced-threat-protection.md)
+#### [Preview features](preview-windows-defender-advanced-threat-protection.md)
#### [Data storage and privacy](data-storage-privacy-windows-defender-advanced-threat-protection.md)
#### [Assign user access to the portal](assign-portal-access-windows-defender-advanced-threat-protection.md)
#### [Onboard endpoints and set up access](onboard-configure-windows-defender-advanced-threat-protection.md)
@@ -735,21 +736,60 @@
##### [Troubleshoot onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md)
#### [Portal overview](portal-overview-windows-defender-advanced-threat-protection.md)
#### [Use the Windows Defender ATP portal](use-windows-defender-advanced-threat-protection.md)
-##### [View the Dashboard](dashboard-windows-defender-advanced-threat-protection.md)
+##### [View the Dashboard](dashboard-windows-defender-advanced-threat-protection.md)
##### [View and organize the Alerts queue](alerts-queue-windows-defender-advanced-threat-protection.md)
##### [Investigate alerts](investigate-alerts-windows-defender-advanced-threat-protection.md)
-##### [Investigate machines](investigate-machines-windows-defender-advanced-threat-protection.md)
+###### [Alert process tree](investigate-alerts-windows-defender-advanced-threat-protection.md#alert-process-tree)
+###### [Incident graph](investigate-alerts-windows-defender-advanced-threat-protection.md#incident-graph)
+###### [Alert timeline](investigate-alerts-windows-defender-advanced-threat-protection.md#alert-timeline)
##### [Investigate files](investigate-files-windows-defender-advanced-threat-protection.md)
##### [Investigate an IP address](investigate-ip-windows-defender-advanced-threat-protection.md)
##### [Investigate a domain](investigate-domain-windows-defender-advanced-threat-protection.md)
+##### [View and organize the Machines view](machines-view-overview-windows-defender-advanced-threat-protection.md)
+##### [Investigate machines](investigate-machines-windows-defender-advanced-threat-protection.md)
+###### [Search for specific alerts](investigate-machines-windows-defender-advanced-threat-protection.md#search-for-specific-alerts)
+###### [Filter events from a specific date](investigate-machines-windows-defender-advanced-threat-protection.md#filter-events-from-a-specific-date)
+###### [Export machine timeline events](investigate-machines-windows-defender-advanced-threat-protection.md#export-machine-timeline-events)
+###### [Navigate between pages](investigate-machines-windows-defender-advanced-threat-protection.md#navigate-between-pages)
+##### [Investigate a user account](investigate-user-windows-defender-advanced-threat-protection.md)
##### [Manage alerts](manage-alerts-windows-defender-advanced-threat-protection.md)
-#### [Windows Defender ATP settings](settings-windows-defender-advanced-threat-protection.md)
-#### [Windows Defender ATP service status](service-status-windows-defender-advanced-threat-protection.md)
+##### [Take response actions](response-actions-windows-defender-advanced-threat-protection.md)
+###### [Take response actions on a machine](respond-machine-alerts-windows-defender-advanced-threat-protection.md)
+####### [Isolate machines from the network](respond-machine-alerts-windows-defender-advanced-threat-protection.md#isolate-machines-from-the-network)
+####### [Undo machine isolation](respond-machine-alerts-windows-defender-advanced-threat-protection.md#undo-machine-isolation)
+####### [Collect investigation package](respond-machine-alerts-windows-defender-advanced-threat-protection.md#collect-investigation-package)
+####### [Check activity details in Action center](respond-machine-alerts-windows-defender-advanced-threat-protection.md#check-activity-details-in-action-center)
+###### [Take response actions on a file](respond-file-alerts-windows-defender-advanced-threat-protection.md)
+####### [Stop and quarantine files in your network](respond-file-alerts-windows-defender-advanced-threat-protection.md#stop-and-quarantine-files-in-your-network)
+####### [Remove file from quarantine](respond-file-alerts-windows-defender-advanced-threat-protection.md#remove-file-from-quarantine)
+####### [Block files in your network](respond-file-alerts-windows-defender-advanced-threat-protection.md#block-files-in-your-network)
+####### [Check activity details in Action center](respond-file-alerts-windows-defender-advanced-threat-protection.md#check-activity-details-in-action-center)
+####### [Deep analysis](respond-file-alerts-windows-defender-advanced-threat-protection.md#deep-analysis)
+######## [Submit files for analysis](respond-file-alerts-windows-defender-advanced-threat-protection.md#submit-files-for-analysis)
+######## [View deep analysis reports](respond-file-alerts-windows-defender-advanced-threat-protection.md#view-deep-analysis-reports)
+######## [Troubleshoot deep analysis](respond-file-alerts-windows-defender-advanced-threat-protection.md#troubleshoot-deep-analysis)
#### [Configure SIEM tools to consume alerts](configure-siem-windows-defender-advanced-threat-protection.md)
##### [Configure an Azure Active Directory application for SIEM integration](configure-aad-windows-defender-advanced-threat-protection.md)
##### [Configure Splunk to consume Windows Defender ATP alerts](configure-splunk-windows-defender-advanced-threat-protection.md)
##### [Configure HP ArcSight to consume Windows Defender ATP alerts](configure-arcsight-windows-defender-advanced-threat-protection.md)
-#### [Configure email notifications](configure-email-notifications-windows-defender-advanced-threat-protection.md)
+#### [Use the threat intelligence API to create custom alerts](use-custom-ti-windows-defender-advanced-threat-protection.md)
+##### [Understand threat intelligence concepts](threat-indicator-concepts-windows-defender-advanced-threat-protection.md)
+##### [Enable the custom threat intelligence application](enable-custom-ti-windows-defender-advanced-threat-protection.md)
+##### [Create custom threat intelligence alerts](custom-ti-api-windows-defender-advanced-threat-protection.md)
+##### [PowerShell code examples](powershell-example-code-windows-defender-advanced-threat-protection.md)
+##### [Python code examples](python-example-code-windows-defender-advanced-threat-protection.md)
+##### [Troubleshoot custom threat intelligence issues](troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md)
+#### [Check sensor state](check-sensor-status-windows-defender-advanced-threat-protection.md)
+##### [Fix unhealthy sensors](fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md)
+###### [Inactive machines](fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md#inactive-machines)
+###### [Misconfigured machines](fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md#misconfigured-machines)
+#### [Configure Windows Defender ATP preferences settings](preferences-setup-windows-defender-advanced-threat-protection.md)
+##### [Update general settings](general-settings-windows-defender-advanced-threat-protection.md)
+##### [Turn on advanced features](advanced-features-windows-defender-advacned-threat-protection.md)
+##### [Turn on preview experience](preview-settings-windows-defender-advanced-threat-protection.md)
+##### [Configure email notifications](configure-email-notifications-windows-defender-advanced-threat-protection.md)
+#### [Windows Defender ATP settings](settings-windows-defender-advanced-threat-protection.md)
+#### [Windows Defender ATP service status](service-status-windows-defender-advanced-threat-protection.md)
#### [Troubleshoot Windows Defender ATP](troubleshoot-windows-defender-advanced-threat-protection.md)
#### [Review events and errors on endpoints with Event Viewer](event-error-codes-windows-defender-advanced-threat-protection.md)
#### [Windows Defender compatibility](defender-compatibility-windows-defender-advanced-threat-protection.md)
diff --git a/windows/keep-secure/advanced-features-windows-defender-advacned-threat-protection.md b/windows/keep-secure/advanced-features-windows-defender-advacned-threat-protection.md
new file mode 100644
index 0000000000..d7678c4832
--- /dev/null
+++ b/windows/keep-secure/advanced-features-windows-defender-advacned-threat-protection.md
@@ -0,0 +1,30 @@
+---
+title: Turn on advanced features in Windows Defender Advanced Threat Protection
+description: Turn on advanced features such as block file in Windows Defender Advanced Threat Protection.
+keywords: advanced features, preferences setup, block file
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+author: mjcaparas
+localizationpriority: high
+---
+# Turn on advanced features in Windows Defender ATP
+
+**Applies to:**
+
+- Windows 10 Enterprise
+- Windows 10 Education
+- Windows 10 Pro
+- Windows 10 Pro Education
+- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+
+1. In the navigation pane, select **Preferences setup** > **Advanced features**.
+2. Select the advanced feature you want to configure and toggle the setting between **On** and **Off**.
+3. Click **Save preferences**.
+
+## Related topics
+- [Update general settings in Windows Defender ATP](general-settings-windows-defender-advanced-threat-protection.md)
+- [Turn on the preview experience in Windows Defender ATP](preview-settings-windows-defender-advanced-threat-protection.md)
+- [Configure email notifications in Windows Defender ATP](configure-email-notifications-windows-defender-advanced-threat-protection.md)
diff --git a/windows/keep-secure/alerts-queue-windows-defender-advanced-threat-protection.md b/windows/keep-secure/alerts-queue-windows-defender-advanced-threat-protection.md
index 3a4746998e..f9805f6b95 100644
--- a/windows/keep-secure/alerts-queue-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/alerts-queue-windows-defender-advanced-threat-protection.md
@@ -21,55 +21,99 @@ localizationpriority: high
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-As a security operations team member, you can manage Windows Defender ATP alerts as part of your routine activities. Alerts will appear in queues according to their current status.
+The **Alerts queue** shows a list of alerts that were flagged from endpoints in your network. Alerts are displayed in queues according to their current status. In any of the queues, you'll see details such as the severity of alerts and the number of machines where the alerts were seen.
+
+Alerts are organized in queues by their workflow status or assignment:
+
+- **New**
+- **In progress**
+- **Resolved**
+- **Assigned to me**
To see a list of alerts, click any of the queues under the **Alerts queue** option in the navigation pane.
> [!NOTE]
> By default, the queues are sorted from newest to oldest.
-The following table and screenshot demonstrate the main areas of the **Alerts queue**.
+## Sort and filter the alerts
+You can sort and filter the alerts by using the available filters or clicking columns that allows you to sort the view in ascending or descending order.
-
+
Highlighted area|Area name|Description
:---|:---|:---
-(1)|**Alerts queue**| Select to show **New**, **In Progress**, or **Resolved alerts**
-(2)|Alerts|Each alert shows:
Clicking an alert expands to display more information about the threat and brings you to the date in the timeline when the alert was detected.
-(3)|Alerts sorting and filters | You can sort alerts by:
You can also filter the displayed alerts by:
See [Investigate alerts](investigate-alerts-windows-defender-advanced-threat-protection.md) for more details.
+1 | Alert filters | Filter the list of alerts by severity, detection source, time period, or change the view from flat to grouped.
+2 | Alert selected | Select an alert to bring up the **Alert management** to manage and see details about the alert.
+3 | Alert management pane | View and manage alerts without leaving the alerts queue view.
-##Sort and filter the Alerts queue
-You can filter and sort (or "pivot") the Alerts queue to identify specific alerts based on certain criteria.
-There are three mechanisms to pivot the queue against:
+### Sort, filter, and group the alerts list
+You can use the following filters to limit the list of alerts displayed during an investigation:
-1. Sort the queue by opening the drop-down menu in the **Sort by** field and choosing:
+**Severity**
- - **Newest** - Sorts alerts based on when the alert was last seen on an endpoint.
- - **Time in queue** - Sorts alerts by the length of time an alert has been in the queue.
- - **Severity** - Sorts alerts by their level of severity.
+Alert severity | Description
+:---|:---
+High (Red) | Threats often associated with advanced persistent threats (APT). These alerts indicate a high risk due to the severity of damage they can inflict on endpoints.
+Medium (Orange) | Threats rarely observed in the organization, such as anomalous registry change, execution of suspicious files, and observed behaviors typical of attack stages.
+Low (Yellow) | Threats associated with prevalent malware and hack-tools that do not necessarily indicate an advanced threat targeting the organization.
+Informational (Grey) | Informational alerts are those that might not be considered harmful to the network but might be good to keep track of.
-2. Filter alerts by their **Severity** by opening the drop-down menu in the **Filter by** field and selecting one or more of the check boxes:
+Reviewing the various alerts and their severity can help you decide on the appropriate action to protect your organization's endpoints.
- - High (Red) - Threats often associated with advanced persistent threats (APT). These alerts indicate a high risk due to the severity of damage they can inflict on endpoints.
- - Medium (Orange) - Threats rarely observed in the organization, such as anomalous registry change, execution of suspicious files, and observed behaviors typical of attack stages.
- - Low (Yellow) - Threats associated with prevalent malware and hack-tools that do not appear to indicate an advanced threat targeting the organization.
+**Detection source**
+- Windows Defender AV
+- Windows Defender ATP
-3. Limit the queue to see alerts from various set periods by clicking the drop-down menu in the date range field (by default, this is selected as **6 months**):
+>[!NOTE]
+>The Windows Defender AV filter will only appear if your endpoints are using Windows Defender as the default real-time protection antimalware product.
- - **1 day**
- - **3 days**
- - **7 days**
- - **30 days**
- - **6 months**
+**Time period**
+- 1 day
+- 3 days
+- 7 days
+- 30 days
+- 6 months
- > [!NOTE]
- > You can change the sort order (for example, from most recent to least recent) by clicking the sort order icon 
+**View**
+- **Flat view** - Lists alerts individually with alerts having the latest activity displayed at the top.
+- **Grouped view** - Groups alerts by alert ID, file hash, malware family, or other attribute to enable more efficient alert triage and management. Alert grouping reduces the number of rows in the queue by aggregating alerts together.
-### Related topics
+The group view allows for efficient alert triage and management.
+
+### Use the Alert management pane
+Selecting an alert brings up the **Alert management** pane where you can manage and see details about the alert.
+
+You can take immediate action on an alert and see details about an alert in the **Alert management** pane:
+
+- Change the status of an alert from new, to in progress, or resolved.
+- Specify the alert classification from true alert or false alert.
+ Selecting true alert displays the **Determination** drop-down list to provide additional information about the true alert:
+ - APT
+ - Malware
+ - Security personnel
+ - Security testing
+ - Unwanted software
+ - Other
+- Assign the alert to yourself if the alert is not yet assigned.
+- View related activity on the machine.
+- Add and view comments about the alert.
+
+>[!NOTE]
+>You can also access the **Alert management** pane from the machine details view by selecting an alert in the **Alerts related to this machine** section.
+
+### Bulk edit alerts
+Select multiple alerts (Ctrl or Shift select) and manage or edit alerts together, which allows resolving multiple similar alerts in one action.
+
+
+
+## Related topics
- [View the Windows Defender Advanced Threat Protection Dashboard](dashboard-windows-defender-advanced-threat-protection.md)
- [Investigate Windows Defender Advanced Threat Protection alerts](investigate-alerts-windows-defender-advanced-threat-protection.md)
-- [Investigate machines in the Windows Defender ATP Machines view](investigate-machines-windows-defender-advanced-threat-protection.md)
- [Investigate a file associated with a Windows Defender ATP alert](investigate-files-windows-defender-advanced-threat-protection.md)
- [Investigate an IP address associated with a Windows Defender ATP alert](investigate-ip-windows-defender-advanced-threat-protection.md)
- [Investigate a domain associated with a Windows Defender ATP alert](investigate-domain-windows-defender-advanced-threat-protection.md)
+- [View and organize the Windows Defender ATP Machines view](machines-view-overview-windows-defender-advanced-threat-protection.md)
+- [Investigate machines in the Windows Defender ATP Machines view](investigate-machines-windows-defender-advanced-threat-protection.md)
+- [Investigate a user account in Windows Defender ATP](investigate-user-windows-defender-advanced-threat-protection.md)
- [Manage Windows Defender Advanced Threat Protection alerts](manage-alerts-windows-defender-advanced-threat-protection.md)
+- [Take response actions in Windows Defender ATP](response-actions-windows-defender-advanced-threat-protection.md)
diff --git a/windows/keep-secure/assign-portal-access-windows-defender-advanced-threat-protection.md b/windows/keep-secure/assign-portal-access-windows-defender-advanced-threat-protection.md
index 129b49f08e..95c54414fa 100644
--- a/windows/keep-secure/assign-portal-access-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/assign-portal-access-windows-defender-advanced-threat-protection.md
@@ -1,5 +1,5 @@
---
-title: Assign user access to the Windows Defender Advanced Threat Protection portal
+title: Assign user access to the Windows Defender ATP portal
description: Assign read and write or read only access to the Windows Defender Advanced Threat Protection portal.
keywords: assign user roles, assign read and write access, assign read only access, user, user roles, roles
search.product: eADQiWindows 10XVcnh
diff --git a/windows/keep-secure/bitlocker-countermeasures.md b/windows/keep-secure/bitlocker-countermeasures.md
index 89261d666c..5cf31239ce 100644
--- a/windows/keep-secure/bitlocker-countermeasures.md
+++ b/windows/keep-secure/bitlocker-countermeasures.md
@@ -115,7 +115,11 @@ Windows 10 uses Trusted Boot on any hardware platform: It requires neither UEFI
Because UEFI-based Secure Boot has protected the bootloader and Trusted Boot has protected the Windows kernel or other Windows startup components, the next opportunity for malware to start is by infecting a non-Microsoft boot-related driver. Traditional antimalware apps don’t start until after the boot-related drivers have been loaded, giving a rootkit disguised as a driver the opportunity to work.
-The purpose of ELAM is to load an antimalware driver before drivers that are flagged as boot-start can be executed. This approach provides the ability for an antimalware driver to register as a trusted boot-critical driver. It is launched during the Trusted Boot process, and with that, Windows ensures that it is loaded before any other non-Microsoft software.
+Early Launch Antimalware (ELAM) is designed to enable the antimalware solution to start before all non-Microsoft drivers and apps. ELAM checks the integrity of non-Microsoft drivers to determine whether the drivers are trustworthy. Because Windows needs to start as fast as possible, ELAM cannot be a complicated process of checking the driver files against known malware signatures. Instead, ELAM has the simple task of examining every boot driver and determining whether it is on the list of trusted drivers. If malware modifies a boot-related driver, ELAM will detect the change, and Windows will prevent the driver from starting, thus blocking driver-based rootkits. ELAM also allows the registered antimalware provider to scan drivers that are loaded after the boot process is complete.
+
+Windows Defender in Windows 10 supports ELAM, as do Microsoft System Center 2012 Endpoint Protection and non-Microsoft antimalware apps.
+
+To do this, ELAM loads an antimalware driver before drivers that are flagged as boot-start can be executed. This approach provides the ability for an antimalware driver to register as a trusted boot-critical driver. It is launched during the Trusted Boot process, and with that, Windows ensures that it is loaded before any other non-Microsoft software.
With this solution in place, boot drivers are initialized based on the classification that the ELAM driver returns according to an initialization policy. IT pros have the ability to change this policy through Group Policy.
ELAM classifies drivers as follows:
diff --git a/windows/keep-secure/bitlocker-group-policy-settings.md b/windows/keep-secure/bitlocker-group-policy-settings.md
index 26cadf522b..c0112dcf47 100644
--- a/windows/keep-secure/bitlocker-group-policy-settings.md
+++ b/windows/keep-secure/bitlocker-group-policy-settings.md
@@ -32,6 +32,7 @@ The following sections provide a comprehensive list of BitLocker Group Policy se
The following policy settings can be used to determine how a BitLocker-protected drive can be unlocked.
+- [Allow devices with Secure Boot and protect DMS ports to opt out of preboot PIN](#bkmk-hstioptout)
- [Allow network unlock at startup](#bkmk-netunlock)
- [Require additional authentication at startup](#bkmk-unlockpol1)
- [Allow enhanced PINs for startup](#bkmk-unlockpol2)
@@ -85,6 +86,55 @@ The following policies are used to support customized deployment scenarios in yo
- [Allow access to BitLocker-protected fixed data drives from earlier versions of Windows](#bkmk-depopt4)
- [Allow access to BitLocker-protected removable data drives from earlier versions of Windows](#bkmk-depopt5)
+### Allow devices with Secure Boot and protect DMS ports to opt out of preboot PIN
+
+This policy setting allows users on devices that are compliant with InstantGo or the Microsoft Hardware Security Test Interface (HSTI) to not have a PIN for preboot authentication.
+
+
+
+
+**Reference**
+
+The preboot authentication option Require startup PIN with TPM of the [Require additional authentication at startup](#bkmk-unlockpol1) policy is often enabled to help ensure security for older devices that do not support InstantGo.
+But visually impaired users have no audible way to know when to enter a PIN.
+This setting enables an exception to the PIN-required policy on secure hardware.
+
### Allow network unlock at startup
This policy controls a portion of the behavior of the Network Unlock feature in BitLocker. This policy is required to enable BitLocker Network Unlock on a network because it allows clients running BitLocker to create the necessary network key protector during encryption. This policy is used in addition to the BitLocker Drive Encryption Network Unlock Certificate security policy (located in the **Public Key Policies** folder of Local Computer Policy) to allow systems that are connected to a trusted network to properly utilize the Network Unlock feature.
diff --git a/windows/keep-secure/check-sensor-status-windows-defender-advanced-threat-protection.md b/windows/keep-secure/check-sensor-status-windows-defender-advanced-threat-protection.md
new file mode 100644
index 0000000000..6f9e2ee36d
--- /dev/null
+++ b/windows/keep-secure/check-sensor-status-windows-defender-advanced-threat-protection.md
@@ -0,0 +1,55 @@
+---
+title: Check sensor health state in Windows Defender ATP
+description: Check sensor health on machines to see if they are misconfigured or inactive.
+keywords: sensor, sensor health, misconfigured, inactive, no sensor data, sensor data, impaired communication, communication
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+author: mjcaparas
+localizationpriority: high
+---
+
+# Check sensor health state in Windows Defender ATP
+
+**Applies to:**
+
+- Windows 10 Enterprise
+- Windows 10 Education
+- Windows 10 Pro
+- Windows 10 Pro Education
+- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+
+[Some information relates to pre-released product, which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]
+
+The sensor health tile provides information on the individual endpoint’s ability to provide sensor data and communicate with the Windows Defender ATP service. It reports how many machines require attention and helps you identify problematic machines and take action to correct known issues.
+
+
+
+There are two status indicators on the tile that provide information on the number of machines that are not reporting properly to the service:
+- **Inactive** - Machines that have stopped reporting to the Windows Defender ATP service for more than seven days in the past month.
+- **Misconfigured** - These machines might partially be reporting sensor data to the Windows Defender ATP service and might have configuration errors that need to be corrected.
+
+Clicking any of the groups directs you to Machines view, filtered according to your choice.
+
+
+
+You can filter the health state list by the following status:
+- **Active** - Machines that are actively reporting to the Windows Defender ATP service.
+- **Inactive** - Machines that have stopped reporting to the Windows Defender ATP service.
+- **Misconfigured** - These machines might partially be reporting sensor data to the Windows Defender ATP service but have configuration errors that need to be corrected. Misconfigured machines can have either one or a combination of the following issues:
+ - **No sensor data** - Machines has stopped sending sensor data. Limited alerts can be triggered from the machine.
+ - **Impaired communication** - Ability to communicate with machine is impaired. Sending files for deep analysis, blocking files, isolating machine from network and other actions that require communication with the machine may not work.
+
+You can view the machine details when you click on a misconfigured or inactive machine. You’ll see more specific machine information when you click the information icon.
+
+
+
+In the **Machines view**, you can download a full list of all the machines in your organization in a CSV format. To download, click the **Manage Alert** menu icon on the top corner of the page.
+
+>[!NOTE]
+>Export the list in CSV format to display the unfiltered data. The CSV file will include all machines in the organization, regardless of any filtering applied in the view itself and can take a significant amount of time to download, depending on how large your organization is.
+
+## Related topic
+- [Fix unhealthy sensors in Windows Defender ATP](fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md)
diff --git a/windows/keep-secure/code/example.ps1 b/windows/keep-secure/code/example.ps1
new file mode 100644
index 0000000000..278824d13a
--- /dev/null
+++ b/windows/keep-secure/code/example.ps1
@@ -0,0 +1,52 @@
+$tenantId = '{Your Tenant ID}'
+$clientId = '{Your Client ID}'
+$clientSecret = '{Your Client Secret}'
+
+$authUrl = "https://login.windows.net/{0}/oauth2/token" -f $tenantId
+
+$tokenPayload = @{
+ "resource"='https://graph.windows.net'
+ "client_id" = $clientId
+ "client_secret" = $clientSecret
+ "grant_type"='client_credentials'}
+
+$response = Invoke-RestMethod $authUrl -Method Post -Body $tokenPayload
+$token = $response.access_token
+
+$headers = @{
+ "Content-Type"="application/json"
+ "Accept"="application/json"
+ "Authorization"="Bearer {0}" -f $token }
+
+$apiBaseUrl = "https://ti.securitycenter.windows.com/V1.0/"
+
+$alertDefinitions =
+ (Invoke-RestMethod ("{0}AlertDefinitions" -f $apiBaseUrl) -Method Get -Headers $headers).value
+
+$alertDefinitionPayload = @{
+ "Name"= "The alert's name"
+ "Severity"= "Low"
+ "InternalDescription"= "An internal description of the Alert"
+ "Title"= "The Title"
+ "UxDescription"= "Description of the alerts"
+ "RecommendedAction"= "The alert's recommended action"
+ "Category"= "Trojan"
+ "Enabled"= "true"}
+
+$alertDefinition =
+ Invoke-RestMethod ("{0}AlertDefinitions" -f $apiBaseUrl) `
+ -Method Post -Headers $headers -Body ($alertDefinitionPayload | ConvertTo-Json)
+
+$alertDefinitionId = $alertDefinition.Id
+
+$iocPayload = @{
+ "Type"="Sha1"
+ "Value"="dead1111eeaabbccddeeaabbccddee11ffffffff"
+ "DetectionFunction"="Equals"
+ "Enabled"="true"
+ "AlertDefinition@odata.bind"="AlertDefinitions({0})" -f $alertDefinitionId }
+
+
+$ioc =
+ Invoke-RestMethod ("{0}IndicatorsOfCompromise" -f $apiBaseUrl) `
+ -Method Post -Headers $headers -Body ($iocPayload | ConvertTo-Json)
diff --git a/windows/keep-secure/code/example.py b/windows/keep-secure/code/example.py
new file mode 100644
index 0000000000..7bf906738c
--- /dev/null
+++ b/windows/keep-secure/code/example.py
@@ -0,0 +1,53 @@
+import json
+import requests
+from pprint import pprint
+
+tenant_id="{your tenant ID}"
+client_id="{your client ID}"
+client_secret="{your client secret}"
+
+auth_url = "https://login.windows.net/{0}/oauth2/token".format(tenant_id)
+
+payload = {"resource": "https://graph.windows.net",
+ "client_id": client_id,
+ "client_secret": client_secret,
+ "grant_type": "client_credentials"}
+
+response = requests.post(auth_url, payload)
+token = json.loads(response.text)["access_token"]
+
+with requests.Session() as session:
+ session.headers = {
+ 'Authorization': 'Bearer {}'.format(token),
+ 'Content-Type': 'application/json',
+ 'Accept': 'application/json'}
+
+ response = session.get("https://ti.securitycenter.windows.com/V1.0/AlertDefinitions")
+ pprint(json.loads(response.text))
+
+ alert_definition = {"Name": "The alert's name",
+ "Severity": "Low",
+ "InternalDescription": "An internal description of the alert",
+ "Title": "The Title",
+ "UxDescription": "Description of the alerts",
+ "RecommendedAction": "The alert's recommended action",
+ "Category": "Trojan",
+ "Enabled": True}
+
+ response = session.post(
+ "https://ti.securitycenter.windows.com/V1.0/AlertDefinitions",
+ json=alert_definition)
+
+ alert_definition_id = json.loads(response.text)["Id"]
+
+ ioc = {'Type': "Sha1",
+ 'Value': "dead1111eeaabbccddeeaabbccddee11ffffffff",
+ 'DetectionFunction': "Equals",
+ 'Enabled': True,
+ "AlertDefinition@odata.bind": "AlertDefinitions({0})".format(alert_definition_id)}
+
+ response = session.post(
+ "https://ti.securitycenter.windows.com/V1.0/IndicatorsOfCompromise",
+ json=ioc)
+
+ pprint(json.loads(response.text))
diff --git a/windows/keep-secure/configure-arcsight-windows-defender-advanced-threat-protection.md b/windows/keep-secure/configure-arcsight-windows-defender-advanced-threat-protection.md
index a5cd3f4bf4..c4ebb2bd23 100644
--- a/windows/keep-secure/configure-arcsight-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/configure-arcsight-windows-defender-advanced-threat-protection.md
@@ -52,7 +52,7 @@ You'll need to configure HP ArcSight so that it can consume Windows Defender ATP
## Configure HP ArcSight
The following steps assume that you have completed all the required steps in [Before you begin](#before-you-begin). For more information, see the ArcSight FlexConnector Developer's guide.
-1. Save the [WDATP-connector.jsonparser.properties file](http://download.microsoft.com/download/0/8/A/08A4957D-0923-4353-B25F-395EAE363E8C/WDATP-connector.jsonparser.properties) file into the connector installation folder. The
+1. Save the [WDATP-connector.jsonparser.properties file](http://download.microsoft.com/download/0/8/A/08A4957D-0923-4353-B25F-395EAE363E8C/WDATP-connector.jsonparser.properties) file into the connector installation folder.
2. Save the [WDATP-connector.properties](http://download.microsoft.com/download/3/9/C/39C703C2-487C-4C3E-AFD8-14C2253C2F12/WDATP-connector.properties) file into the `
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
-> If you are an OEM, see the requirements information at [PC OEM requirements for Device Guard and Credential Guard](https://msdn.microsoft.com/library/windows/hardware/mt767514.aspx).
-> Starting in Widows 10, 1607, TPM 2.0 is required.
+> Beginning with Windows 10, version 1607, Trusted Platform Module (TPM 2.0) must be enabled by default on new computers.
+> If you are an OEM, see [PC OEM requirements for Device Guard and Credential Guard](https://msdn.microsoft.com/library/windows/hardware/mt767514.aspx).
-#### Baseline protection recommendations
+#### Baseline protections
|Baseline Protections | Description |
|---------------------------------------------|----------------------------------------------------|
| Hardware: **64-bit CPU** | A 64-bit computer is required for the Windows hypervisor to provide VBS. |
-| Hardware: **CPU virtualization extensions**,
plus **extended page tables** | **Requirements**: These hardware features are required for VBS:
One of the following virtualization extensions:
- VT-x (Intel) or
- AMD-V
And:
- Extended page tables, also called Second Level Address Translation (SLAT).
**Security benefits**: VBS provides isolation of secure kernel from normal operating system. Vulnerabilities and Day 0s in normal operating system cannot be exploited because of this isolation. |
+| Hardware: **CPU virtualization extensions**,
plus **extended page tables** | **Requirements**: These hardware features are required for VBS:
One of the following virtualization extensions:
• VT-x (Intel) or
• AMD-V
And:
• Extended page tables, also called Second Level Address Translation (SLAT).
**Security benefits**: VBS provides isolation of secure kernel from normal operating system. Vulnerabilities and Day 0s in normal operating system cannot be exploited because of this isolation. |
| Hardware: **Trusted Platform Module (TPM)** | **Requirement**: TPM 1.2 or TPM 2.0, either discrete or firmware.
**Security benefits**: A TPM provides protection for VBS encryption keys that are stored in the firmware. This helps protect against attacks involving a physically present user with BIOS access. |
| Firmware: **UEFI firmware version 2.3.1.c or higher with UEFI Secure Boot** | **Requirements**: See the following Windows Hardware Compatibility Program requirement: [System.Fundamentals.Firmware.UEFISecureBoot](http://msdn.microsoft.com/library/windows/hardware/dn932805.aspx#system-fundamentals-firmware-uefisecureboot)
**Security benefits**: UEFI Secure Boot helps ensure that the device boots only authorized code. This can prevent boot kits and root kits from installing and persisting across reboots. |
| Firmware: **Secure firmware update process** | **Requirements**: UEFI firmware must support secure firmware update found under the following Windows Hardware Compatibility Program requirement: [System.Fundamentals.Firmware.UEFISecureBoot](http://msdn.microsoft.com/library/windows/hardware/dn932805.aspx#system-fundamentals-firmware-uefisecureboot).
**Security benefits**: UEFI firmware just like software can have security vulnerabilities that, when found, need to be patched through firmware updates. Patching helps prevent root kits from getting installed. |
-| Software: Qualified **Windows operating system** | **Requirement**: Windows 10 Enterprise, Windows 10 Education, Windows 2016 Server, or Windows Enterprise IoT
Windows Server 2016 running as a domain controller does not support Credential Guard. Only Device Guard is supported in this configuration.
**Security benefits**: Support for VBS and for management features that simplify configuration of Credential Guard. |
+| Software: Qualified **Windows operating system** | **Requirement**: Windows 10 Enterprise, Windows 10 Education, Windows Server 2016, or Windows 10 IoT Enterprise
Windows Server 2016 running as a domain controller does not support Credential Guard. Only Device Guard is supported in this configuration.
**Security benefits**: Support for VBS and for management features that simplify configuration of Credential Guard. |
> [!IMPORTANT]
-> The preceding table lists requirements for baseline protections. The following tables list requirements for improved security. You can use Credential Guard with hardware, firmware, and software that support baseline protections, even if they do not support protections for improved security. However, we strongly recommend meeting the requirements for improved security to significantly strengthen the level of security that Credential Guard can provide.
+> The following tables list additional qualifications for improved security. We strongly recommend meeting the additional qualifications to significantly strengthen the level of security that Credential Guard can provide.
-#### 2015 Additional Security Recommendations (starting with Windows 10, version 1507, and Windows Server 2016, Technical Preview 4)
+#### 2015 Additional security qualifications starting with Windows 10, version 1507, and Windows Server 2016 Technical Preview 4
| Protections for Improved Security | Description |
|---------------------------------------------|----------------------------------------------------|
| Hardware: **IOMMU** (input/output memory management unit) | **Requirement**: VT-D or AMD Vi IOMMU
**Security benefits**: An IOMMU can enhance system resiliency against memory attacks. For more information, see [ACPI description tables](https://msdn.microsoft.com/windows/hardware/drivers/bringup/acpi-system-description-tables). |
-| Firmware: **Securing Boot Configuration and Management** | **Requirements**:
- BIOS password or stronger authentication must be supported.
- In the BIOS configuration, BIOS authentication must be set.
- There must be support for protected BIOS option to configure list of permitted boot devices (for example, “Boot only from internal hard drive”) and boot device order, overriding BOOTORDER modification made by operating system.
- In the BIOS configuration, BIOS options related to security and boot options (list of permitted boot devices, boot order) must be secured to prevent other operating systems from starting and to prevent changes to the BIOS settings.
**Security benefits**:
- BIOS password or stronger authentication helps ensure that only authenticated Platform BIOS administrators can change BIOS settings. This helps protect against a physically present user with BIOS access.
- Boot order when locked provides protection against the computer being booted into WinRE or another operating system on bootable media. |
-| Firmware: **Secure MOR implementation** | **Requirement**: Secure MOR implementation
**Security benefits**: A secure MOR bit prevents advanced memory attacks. For more information, see [Secure MOR implementation](https://msdn.microsoft.com/windows/hardware/drivers/bringup/device-guard-requirements). |
+| Firmware: **Securing Boot Configuration and Management** | **Requirements**:
• BIOS password or stronger authentication must be supported.
• In the BIOS configuration, BIOS authentication must be set.
• There must be support for protected BIOS option to configure list of permitted boot devices (for example, “Boot only from internal hard drive”) and boot device order, overriding BOOTORDER modification made by operating system.
• In the BIOS configuration, BIOS options related to security and boot options (list of permitted boot devices, boot order) must be secured to prevent other operating systems from starting and to prevent changes to the BIOS settings.
**Security benefits**:
• BIOS password or stronger authentication helps ensure that only authenticated Platform BIOS administrators can change BIOS settings. This helps protect against a physically present user with BIOS access.
• Boot order when locked provides protection against the computer being booted into WinRE or another operating system on bootable media. |
+| Firmware: **Secure MOR, revision 2 implementation** | **Requirement**: Secure MOR, revision 2 implementation
**Security benefits**: A secure MOR bit prevents advanced memory attacks. For more information, see [Secure MOR implementation](https://msdn.microsoft.com/windows/hardware/drivers/bringup/device-guard-requirements). |
-#### 2016 Additional Security Recommendations (starting with Windows 10, version 1607, and Windows Server 2016)
+#### 2016 Additional security qualifications starting with Windows 10, version 1607, and Windows Server 2016
> [!IMPORTANT]
-> The following tables list requirements for improved security, beyond the level of protection described in the preceding tables. You can use Credential Guard with hardware, firmware, and software that do not support the following protections for improved security. As your systems meet more requirements, more protections become available to them.
+> The following tables list additional qualifications for improved security. Systems that meet these additional qualifications can provide more protections.
| Protections for Improved Security | Description |
|---------------------------------------------|----------------------------------------------------|
-| Firmware: **Hardware Rooted Trust Platform Secure Boot** | **Requirements**:
Boot Integrity (Platform Secure Boot) must be supported. See the Windows Hardware Compatibility Program requirements under [System.Fundamentals.Firmware.CS.UEFISecureBoot.ConnectedStandby](https://msdn.microsoft.com/library/windows/hardware/dn932807(v=vs.85).aspx#system_fundamentals_firmware_cs_uefisecureboot_connectedstandby)
- The Hardware Security Test Interface (HSTI) must be implemented. See [Hardware Security Testability Specification](https://msdn.microsoft.com/en-us/library/windows/hardware/mt712332(v=vs.85).aspx).
**Security benefits**:
- Boot Integrity (Platform Secure Boot) from Power-On provides protections against physically present attackers, and defense-in-depth against malware.
- HSTI provides additional security assurance for correctly secured silicon and platform. |
+| Firmware: **Hardware Rooted Trust Platform Secure Boot** | **Requirements**:
Boot Integrity (Platform Secure Boot) must be supported. See the Windows Hardware Compatibility Program requirements under [System.Fundamentals.Firmware.CS.UEFISecureBoot.ConnectedStandby](https://msdn.microsoft.com/library/windows/hardware/dn932807(v=vs.85).aspx#system_fundamentals_firmware_cs_uefisecureboot_connectedstandby)
• The Hardware Security Test Interface (HSTI) must be implemented. See [Hardware Security Testability Specification](https://msdn.microsoft.com/en-us/library/windows/hardware/mt712332(v=vs.85).aspx).
**Security benefits**:
• Boot Integrity (Platform Secure Boot) from Power-On provides protections against physically present attackers, and defense-in-depth against malware.
• HSTI provides additional security assurance for correctly secured silicon and platform. |
| Firmware: **Firmware Update through Windows Update** | **Requirements**: Firmware must support field updates through Windows Update and UEFI encapsulation update.
**Security benefits**: Helps ensure that firmware updates are fast, secure, and reliable. |
-| Firmware: **Securing Boot Configuration and Management** | **Requirements**:
- Required BIOS capabilities: Ability of OEM to add ISV, OEM, or Enterprise Certificate in Secure Boot DB at manufacturing time.
- Required configurations: Microsoft UEFI CA must be removed from Secure Boot DB. Support for 3rd-party UEFI modules is permitted but should leverage ISV-provided certificates or OEM certificate for the specific UEFI software.
**Security benefits**:
- Enterprises can choose to allow proprietary EFI drivers/applications to run.
- Removing Microsoft UEFI CA from Secure Boot DB provides full control to enterprises over software that runs before the operating system boots. |
+| Firmware: **Securing Boot Configuration and Management** | **Requirements**:
• Required BIOS capabilities: Ability of OEM to add ISV, OEM, or Enterprise Certificate in Secure Boot DB at manufacturing time.
• Required configurations: Microsoft UEFI CA must be removed from Secure Boot DB. Support for 3rd-party UEFI modules is permitted but should leverage ISV-provided certificates or OEM certificate for the specific UEFI software.
**Security benefits**:
• Enterprises can choose to allow proprietary EFI drivers/applications to run.
• Removing Microsoft UEFI CA from Secure Boot DB provides full control to enterprises over software that runs before the operating system boots. |
-#### 2017 Additional Security Recommendations (starting with the next major release of Windows 10)
+#### 2017 Additional security qualifications starting with Windows 10, version 1703
+
+The following table lists qualifications for Windows 10, version 1703, which are in addition to all preceding qualifications.
| Protection for Improved Security | Description |
|---------------------------------------------|----------------------------------------------------|
-| Firmware: **Firmware support for SMM protection** | **Requirements**: The [Windows SMM Security Mitigations Table (WSMT) specification](http://download.microsoft.com/download/1/8/A/18A21244-EB67-4538-BAA2-1A54E0E490B6/WSMT.docx) contains details of an Advanced Configuration and Power Interface (ACPI) table that was created for use with Windows operating systems that support Windows virtualization-based security (VBS) features.
**Security benefits**:
- Protects against potential vulnerabilities in UEFI runtime in functions such as Update Capsule, Set Variables, and so on, so they can't compromise VBS.
- Reduces attack surface to VBS from system firmware.
- Blocks additional security attacks against SMM. |
+| Firmware: **VBS enablement of NX protection for UEFI runtime services** | **Requirements**:
• VBS will enable No-Execute (NX) protection on UEFI runtime service code and data memory regions. UEFI runtime service code must support read-only page protections, and UEFI runtime service data must not be exceutable.
• UEFI runtime service must meet these requirements:
- Implement UEFI 2.6 EFI_MEMORY_ATTRIBUTES_TABLE. All UEFI runtime service memory (code and data) must be described by this table.
- PE sections need to be page-aligned in memory (not required for in non-volitile storage).
- The Memory Attributes Table needs to correctly mark code and data as RO/NX for configuration by the OS:
- All entries must include attributes EFI_MEMORY_RO, EFI_MEMORY_XP, or both
- No entries may be left with neither of the above attributes, indicating memory that is both exceutable and writable. Memory must be either readable and executable or writeable and non-executable.
• This only applies to UEFI runtime service memory, and not UEFI boot service memory.
• This protection is applied by VBS on OS page tables.
Please also note the following:
• Do not use sections that are both writeable and exceutable
• Do not attempt to directly modify executable system memory
• Do not use dynamic code
**Security benefits**:
• Vulnerabilities in UEFI runtime, if any, will be blocked from compromising VBS (such as in functions like UpdateCapsule and SetVariable)
• Reduces the attack surface to VBS from system firmware. |
+| Firmware: **Firmware support for SMM protection** | **Requirements**: The [Windows SMM Security Mitigations Table (WSMT) specification](http://download.microsoft.com/download/1/8/A/18A21244-EB67-4538-BAA2-1A54E0E490B6/WSMT.docx) contains details of an Advanced Configuration and Power Interface (ACPI) table that was created for use with Windows operating systems that support Windows virtualization-based security (VBS) features.
**Security benefits**:
• Protects against potential vulnerabilities in UEFI runtime services, if any, will be blocked from compromising VBS (such as in functions like UpdateCapsule and SetVariable)
• Reduces the attack surface to VBS from system firmware.
• Blocks additional security attacks against SMM. |
## Manage Credential Guard
@@ -178,11 +180,11 @@ You can do this by using either the Control Panel or the Deployment Image Servic
1. Open an elevated command prompt.
2. Add the Hyper-V Hypervisor by running the following command:
- ``` syntax
+ ```
dism /image:
**Set-RuleOption -FilePath $InitialCIPolicy -Option 0**
+ > - When you specify the **-UserPEs** parameter (to include user mode executables in the scan), rule option **0 Enabled:UMCI** is automatically added to the code integrity policy. In contrast, if you do not specify **-UserPEs**, the policy will be empty of user mode executables and will only have rules for kernel mode binaries like drivers, in other words, the whitelist will not include applications. If you create such a policy and later add rule option **0 Enabled:UMCI**, all attempts to start applications will cause a response from Device Guard. In audit mode, the response is logging an event, and in enforced mode, the response is blocking the application.
+
+ > - You can add the **-Fallback** parameter to catch any applications not discovered using the primary file rule level specified by the **-Level** parameter. For more information about file rule level options, see [Code integrity file rule levels](deploy-code-integrity-policies-policy-rules-and-file-rules.md#code-integrity-file-rule-levels) in “Deploy code integrity policies: policy rules and file rules.”
- > - You can add the *–Fallback* parameter to catch any applications not discovered using the primary file rule level specified by the *–Level* parameter. For more information about file rule level options, see [Code integrity file rule levels](deploy-code-integrity-policies-policy-rules-and-file-rules.md#code-integrity-file-rule-levels) in “Deploy code integrity policies: policy rules and file rules.”
-
- > - To specify that the code integrity policy scan only a specific drive, include the *–ScanPath* parameter followed by a path. Without this parameter, the entire system is scanned.
+ > - To specify that the code integrity policy scan only a specific drive, include the **-ScanPath** parameter followed by a path. Without this parameter, the entire system is scanned.
> - The preceding example includes `3> CIPolicylog.txt`, which redirects warning messages to a text file, **CIPolicylog.txt**.
diff --git a/windows/keep-secure/deploy-device-guard-enable-virtualization-based-security.md b/windows/keep-secure/deploy-device-guard-enable-virtualization-based-security.md
index 9f7be87cbb..b03c8c1332 100644
--- a/windows/keep-secure/deploy-device-guard-enable-virtualization-based-security.md
+++ b/windows/keep-secure/deploy-device-guard-enable-virtualization-based-security.md
@@ -30,10 +30,10 @@ For information about enabling Credential Guard, see [Protect derived domain cre
In addition to the hardware requirements found in [Hardware, firmware, and software requirements for Device Guard](requirements-and-deployment-planning-guidelines-for-device-guard.md#hardware-firmware-and-software-requirements-for-device-guard), you must confirm that certain operating system features are enabled before you can enable VBS:
-- With Windows 10, version 1607 or Windows Server 2016:
+- Beginning with Windows 10, version 1607 or Windows Server 2016:
Hyper-V Hypervisor, which is enabled automatically. No further action is needed.
-- With an earlier version of Windows 10, or Windows Server 2016 Technical Preview 5 or earlier:
+- With an earlier version of Windows 10:
Hyper-V Hypervisor and Isolated User Mode (shown in Figure 1).
> **Note** You can configure these features by using Group Policy or Deployment Image Servicing and Management, or manually by using Windows PowerShell or the Windows Features dialog box.
@@ -42,12 +42,8 @@ Hyper-V Hypervisor and Isolated User Mode (shown in Figure 1).
**Figure 1. Enable operating system features for VBS, Windows 10, version 1511**
-After you enable the feature or features, you can enable VBS for Device Guard, as described in the following sections.
-
## Enable Virtualization Based Security (VBS) and Device Guard
-Before you begin this process, verify that the target device meets the hardware and firmware requirements for the features that you want, as described in [Hardware, firmware, and software requirements for Device Guard](requirements-and-deployment-planning-guidelines-for-device-guard.md#hardware-firmware-and-software-requirements-for-device-guard). Also, confirm that you have enabled the Windows features discussed in the previous section, [Windows feature requirements for virtualization-based security](#windows-feature-requirements-for-virtualization-based-security-and-device-guard).
-
There are multiple ways to configure VBS features for Device Guard:
- You can use the [readiness tool](https://www.microsoft.com/en-us/download/details.aspx?id=53337) rather than the procedures in this topic.
@@ -68,7 +64,7 @@ There are multiple ways to configure VBS features for Device Guard:
3. Open the Group Policy Management Editor: right-click the new GPO, and then click **Edit**.
-4. Within the selected GPO, navigate to Computer Configuration\\Administrative Templates\\System\\Device Guard. Right-click **Turn On Virtualization Based Security**, and then click **Edit**.
+4. Within the selected GPO, navigate to Computer Configuration\\Policies\\Administrative Templates\\System\\Device Guard. Right-click **Turn On Virtualization Based Security**, and then click **Edit**.
@@ -91,7 +87,7 @@ There are multiple ways to configure VBS features for Device Guard:
- With Windows 10, version 1607 or Windows Server 2016, choose an appropriate option:
For an initial deployment or test deployment, we recommend **Enabled without lock**.
When your deployment is stable in your environment, we recommend changing to **Enabled with lock**. This option helps protect the registry from tampering, either through malware or by an unauthorized person.
- - With earlier versions of Windows 10, or Windows Server 2016 Technical Preview 5 or earlier:
Select the **Enable Virtualization Based Protection of Code Integrity** check box.
+ - With earlier versions of Windows 10:
Select the **Enable Virtualization Based Protection of Code Integrity** check box.
@@ -183,7 +179,7 @@ reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard" /v "RequirePlatformS
reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard" /v "HypervisorEnforcedCodeIntegrity" /t REG_DWORD /d 1 /f
-reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard" /v " Unlocked" /t REG_DWORD /d 1 /f
+reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard" /v "Unlocked" /t REG_DWORD /d 1 /f
```
If you want to customize the preceding recommended settings, use the following settings.
@@ -211,7 +207,7 @@ reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard" /v "HypervisorEnforc
**To enable virtualization-based protection of Code Integrity policies without UEFI lock**
``` command
-reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard" /v " Unlocked" /t REG_DWORD /d 1 /f
+reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard" /v "Unlocked" /t REG_DWORD /d 1 /f
```
### Validate enabled Device Guard hardware-based security features
diff --git a/windows/keep-secure/domain-controller-ldap-server-signing-requirements.md b/windows/keep-secure/domain-controller-ldap-server-signing-requirements.md
index 10001b50e6..9ef4617e9f 100644
--- a/windows/keep-secure/domain-controller-ldap-server-signing-requirements.md
+++ b/windows/keep-secure/domain-controller-ldap-server-signing-requirements.md
@@ -22,9 +22,9 @@ This policy setting determines whether the Lightweight Directory Access Protocol
Unsigned network traffic is susceptible to man-in-the-middle attacks, where an intruder captures packets between the server and the client device and modifies them before forwarding them to the client device. In the case of an LDAP server, this means that a malicious user can cause a client device to make decisions based on false records from the LDAP directory. You can lower the risk of a malicious user accomplishing this in a corporate network by implementing strong physical security measures to protect the network infrastructure. Furthermore, implementing Internet Protocol security (IPsec) Authentication Header mode, which provides mutual authentication and packet integrity for IP traffic, can make all types of man-in-the-middle attacks extremely difficult.
-This setting does not have any impact on LDAP simple bind or LDAP simple bind through SSL.
+This setting does not have any impact on LDAP simple bind through SSL (LDAP TCP/636).
-If signing is required, then LDAP simple bind and LDAP simple bind through SSL requests are rejected.
+If signing is required, then LDAP simple binds not using SSL are rejected (LDAP TCP/389).
>**Caution:** If you set the server to Require signature, you must also set the client device. Not setting the client device results in loss of connection with the server.
diff --git a/windows/keep-secure/enable-custom-ti-windows-defender-advanced-threat-protection.md b/windows/keep-secure/enable-custom-ti-windows-defender-advanced-threat-protection.md
new file mode 100644
index 0000000000..e62a85a083
--- /dev/null
+++ b/windows/keep-secure/enable-custom-ti-windows-defender-advanced-threat-protection.md
@@ -0,0 +1,47 @@
+---
+title: Enable the custom threat intelligence application in Windows Defender ATP
+description: Enable the custom threat intelligence application in Windows Defender ATP so that you can create custom threat intelligence using REST API.
+keywords: enable custom threat intelligence application, custom ti application, application name, client id, authorization url, resource, client secret, access tokens
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+author: mjcaparas
+localizationpriority: high
+---
+
+# Enable the custom threat intelligence application
+
+**Applies to:**
+
+- Windows 10 Enterprise
+- Windows 10 Education
+- Windows 10 Pro
+- Windows 10 Pro Education
+- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+
+[Some information relates to pre-released product, which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]
+
+Before you can create custom threat intelligence (TI) using REST API, you'll need to set up the custom threat intelligence application through the Windows Defender ATP portal.
+
+1. In the navigation pane, select **Preference Setup** > **Threat intel API**.
+
+2. Select **Enable threat intel API**. This activates the **Azure Active Directory application** setup sections with pre-populated values.
+
+3. Copy the individual values or select **Save details to file** to download a file that contains all the values.
+
+ >[!WARNING]
+ >The client secret is only displayed once. Make sure you keep a copy of it in a safe place.
+ >For more information about getting a new secret see, [Learn how to get a new secret](troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md#learn-how-to-get-a-new-client-secret).
+
+4. Select **Generate tokens** to get an access and refresh token.
+
+You’ll need to use the access token in the Authorization header when doing REST API calls.
+
+## Related topics
+- [Understand threat intelligence concepts](threat-indicator-concepts-windows-defender-advanced-threat-protection.md)
+- [Create custom threat intelligence alerts](custom-ti-api-windows-defender-advanced-threat-protection.md)
+- [PowerShell code examples](powershell-example-code-windows-defender-advanced-threat-protection.md)
+- [Python code examples](python-example-code-windows-defender-advanced-threat-protection.md)
+- [Troubleshoot custom threat intelligence issues](troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md)
diff --git a/windows/keep-secure/fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md b/windows/keep-secure/fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md
new file mode 100644
index 0000000000..749d25c114
--- /dev/null
+++ b/windows/keep-secure/fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md
@@ -0,0 +1,80 @@
+---
+title: Fix unhealthy sensors in Windows Defender ATP
+description: Fix machine sensors that are reporting as misconfigured or inactive.
+keywords: misconfigured, inactive, fix sensor, sensor health, no sensor data, sensor data, impaired communication, communication
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+author: mjcaparas
+localizationpriority: high
+---
+
+# Fix unhealthy sensors in Windows Defender ATP
+
+**Applies to:**
+
+- Windows 10 Enterprise
+- Windows 10 Education
+- Windows 10 Pro
+- Windows 10 Pro Education
+- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+
+[Some information relates to pre-released product, which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]
+
+Machines that are categorized as misconfigured or inactive can be flagged due to varying causes. This section provides some explanations as to what might have caused a machine to be categorized as inactive or misconfigured.
+
+## Inactive machines
+
+An inactive machine is not necessarily flagged due to an issue. The following actions taken on a machine can cause a machine to be categorized as inactive:
+
+**Machine is not in use**
+If the machine has not been in use for more than 7 days for any reason, it will remain in an ‘Inactive’ status in the portal.
+
+**Machine was reinstalled or renamed**
+A reinstalled or renamed machine will generate a new machine entity in Windows Defender ATP portal. The previous machine entity will remain with an ‘Inactive’ status in the portal. If you reinstalled a machine and deployed the Windows Defender ATP package, search for the new machine name to verify that the machine is reporting normally.
+
+**Machine was offboarded**
+If the machine was offboarded it will still appear in machines view. After 7 days, the machine health state should change to inactive.
+
+Do you expect a machine to be in ‘Active’ status? [Open a CSS ticket](https://support.microsoft.com/en-us/getsupport?wf=0&tenant=ClassicCommercial&oaspworkflow=start_1.0.0.0&locale=en-us&supportregion=en-us&pesid=16055&ccsid=636206786382823561).
+
+## Misconfigured machines
+Misconfigured machines can further be classified to:
+ - Impaired communication
+ - No sensor data
+
+### Impaired communication
+This status indicates that there's limited communication between the machine and the service.
+
+The following suggested actions can help fix issues related to a misconfigured machine with impaired communication:
+
+- [Ensure the endpoint has Internet connection](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#ensure-the-endpoint-has-an-internet-connection)
+ The Window Defender ATP sensor requires Microsoft Windows HTTP (WinHTTP) to report sensor data and communicate with the Windows Defender ATP service.
+
+- [Verify client connectivity to Windows Defender ATP service URLs](configure-proxy-internet-windows-defender-advanced-threat-protection.md#verify-client-connectivity-to-windows-defender-atp-service-urls)
+ Verify the proxy configuration completed successfully, that WinHTTP can discover and communicate through the proxy server in your environment, and that the proxy server allows traffic to the Windows Defender ATP service URLs.
+
+If you took corrective actions and the machine status is still misconfigured, [open a support ticket](http://go.microsoft.com/fwlink/?LinkID=761093&clcid=0x409).
+
+### No sensor data
+A misconfigured machine with status ‘No sensor data’ has communication with the service but can only report partial sensor data.
+Follow theses actions to correct known issues related to a misconfigured machine with status ‘Impaired communication’:
+
+- [Ensure the endpoint has Internet connection](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#ensure-the-endpoint-has-an-internet-connection)
+ The Window Defender ATP sensor requires Microsoft Windows HTTP (WinHTTP) to report sensor data and communicate with the Windows Defender ATP service.
+
+- [Verify client connectivity to Windows Defender ATP service URLs](configure-proxy-internet-windows-defender-advanced-threat-protection.md#verify-client-connectivity-to-windows-defender-atp-service-urls)
+ Verify the proxy configuration completed successfully, that WinHTTP can discover and communicate through the proxy server in your environment, and that the proxy server allows traffic to the Windows Defender ATP service URLs.
+
+- [Ensure the telemetry and diagnostics service is enabled](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#ensure-the-telemetry-and-diagnostics-service-is-enabled)
+If the endpoints aren't reporting correctly, you might need to check that the Windows 10 telemetry and diagnostics service is set to automatically start and is running on the endpoint.
+
+- [Ensure that Windows Defender is not disabled by policy](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#ensure-that-windows-defender-is-not-disabled-by-a-policy)
+If your endpoints are running a third-party antimalware client, the Windows Defender ATP agent needs the Windows Defender Early Launch Antimalware (ELAM) driver to be enabled.
+
+If you took corrective actions and the machine status is still misconfigured, [open a support ticket](http://go.microsoft.com/fwlink/?LinkID=761093&clcid=0x409).
+
+## Related topic
+- [Check sensor health state in Windows Defender ATP](check-sensor-status-windows-defender-advanced-threat-protection.md)
diff --git a/windows/keep-secure/general-settings-windows-defender-advanced-threat-protection.md b/windows/keep-secure/general-settings-windows-defender-advanced-threat-protection.md
new file mode 100644
index 0000000000..b8021ab337
--- /dev/null
+++ b/windows/keep-secure/general-settings-windows-defender-advanced-threat-protection.md
@@ -0,0 +1,36 @@
+---
+title: Update general Windows Defender Advanced Threat Protection settings
+description: Update your general Windows Defender Advanced Threat Protection settings after onboarding.
+keywords: general settings, settings, update settings
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+author: mjcaparas
+localizationpriority: high
+---
+# Update general Windows Defender ATP settings
+
+**Applies to:**
+
+- Windows 10 Enterprise
+- Windows 10 Education
+- Windows 10 Pro
+- Windows 10 Pro Education
+- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+
+During the onboarding process, a wizard takes you through the general settings of Windows Defender ATP. After onboarding, you might want to update some settings which you'll be able to do through the **Preferences setup** menu.
+
+1. In the navigation pane, select **Preferences setup** > **General**.
+2. Modify settings such as data retention policy or the industry that best describes your organization.
+
+ >[!NOTE]
+ >Other settings are not editable.
+3. Click **Save preferences**.
+
+
+## Related topics
+- [Turn on advanced features in Windows Defender ATP](advanced-features-windows-defender-advacned-threat-protection.md)
+- [Turn on the preview experience in Windows Defender ATP ](preview-settings-windows-defender-advanced-threat-protection.md)
+- [Configure email notifications in Windows Defender ATP](configure-email-notifications-windows-defender-advanced-threat-protection.md)
diff --git a/windows/keep-secure/hello-and-password-changes.md b/windows/keep-secure/hello-and-password-changes.md
index b9937eeaa8..dc6bb1e021 100644
--- a/windows/keep-secure/hello-and-password-changes.md
+++ b/windows/keep-secure/hello-and-password-changes.md
@@ -6,7 +6,7 @@ ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
-author: jdeckerMS
+author: DaniHalfin
localizationpriority: high
---
# Windows Hello and password changes
diff --git a/windows/keep-secure/hello-biometrics-in-enterprise.md b/windows/keep-secure/hello-biometrics-in-enterprise.md
index 162ff7d762..caf9da8a9b 100644
--- a/windows/keep-secure/hello-biometrics-in-enterprise.md
+++ b/windows/keep-secure/hello-biometrics-in-enterprise.md
@@ -7,7 +7,7 @@ ms.prod: w10
ms.mktglfcycl: explore
ms.sitesec: library
ms.pagetype: security
-author: jdeckerMS
+author: DaniHalfin
localizationpriority: high
---
diff --git a/windows/keep-secure/hello-enable-phone-signin.md b/windows/keep-secure/hello-enable-phone-signin.md
index c77dfeeaf1..b325dd3b58 100644
--- a/windows/keep-secure/hello-enable-phone-signin.md
+++ b/windows/keep-secure/hello-enable-phone-signin.md
@@ -5,7 +5,7 @@ keywords: ["identity", "PIN", "biometric", "Hello"]
ms.prod: W10
ms.mktglfcycl: deploy
ms.sitesec: library
-author: jdeckerMS
+author: DaniHalfin
localizationpriority: high
---
diff --git a/windows/keep-secure/hello-errors-during-pin-creation.md b/windows/keep-secure/hello-errors-during-pin-creation.md
index a362e1f253..98dce6bbda 100644
--- a/windows/keep-secure/hello-errors-during-pin-creation.md
+++ b/windows/keep-secure/hello-errors-during-pin-creation.md
@@ -7,7 +7,7 @@ ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
-author: jdeckerMS
+author: DaniHalfin
localizationpriority: high
---
@@ -89,7 +89,7 @@ If the error occurs again, check the error code against the following table to s
0x80090035
Policy requires TPM and the device does not have TPM.
-Change the Passport policy to not require a TPM.
+Change the Windows Hello for Business policy to not require a TPM.
0x801C0003
@@ -149,7 +149,7 @@ If the error occurs again, check the error code against the following table to s
0x801C03EA
Server failed to authorize user or device.
-Check if the token is valid and user has permission to register Passport keys.
+Check if the token is valid and user has permission to register Windows Hello for Business keys.
0x801C03EB
diff --git a/windows/keep-secure/hello-event-300.md b/windows/keep-secure/hello-event-300.md
index ea19c3f794..a59c57e6be 100644
--- a/windows/keep-secure/hello-event-300.md
+++ b/windows/keep-secure/hello-event-300.md
@@ -7,7 +7,7 @@ ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
-author: jdeckerMS
+author: DaniHalfin
localizationpriority: high
---
diff --git a/windows/keep-secure/hello-how-it-works.md b/windows/keep-secure/hello-how-it-works.md
index 089387f204..8a3c433fa4 100644
--- a/windows/keep-secure/hello-how-it-works.md
+++ b/windows/keep-secure/hello-how-it-works.md
@@ -5,7 +5,7 @@ ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
-author: jdeckerMS
+author: DaniHalfin
localizationpriority: high
---
# How Windows Hello for Business works
diff --git a/windows/keep-secure/hello-identity-verification.md b/windows/keep-secure/hello-identity-verification.md
index a1e391508f..c13f490b56 100644
--- a/windows/keep-secure/hello-identity-verification.md
+++ b/windows/keep-secure/hello-identity-verification.md
@@ -7,7 +7,7 @@ ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security, mobile
-author: jdeckerMS
+author: DaniHalfin
localizationpriority: high
---
# Windows Hello for Business
@@ -72,7 +72,7 @@ Imagine that someone is looking over your shoulder as you get money from an ATM
Windows Hello helps protect user identities and user credentials. Because the user doesn't enter a password (except during provisioning), it helps circumvent phishing and brute force attacks. It also helps prevent server breaches because Windows Hello credentials are an asymmetric key pair, which helps prevent replay attacks when these keys are protected by TPMs.
-For customers using a hybrid Active Directory and Azure Active Directorye environment, Windows Hello also enables Windows 10 Mobile devices to be used as [a remote credential](hello-prepare-people-to-use.md#bmk-remote) when signing into Windows 10 PCs. During the sign-in process, the Windows 10 PC can connect using Bluetooth to access Windows Hello on the user’s Windows 10 Mobile device. Because users carry their phone with them, Windows Hello makes implementing two-factor authentication across the enterprise less costly and complex than other solutions.
+For customers using a hybrid Active Directory and Azure Active Directory environment, Windows Hello also enables Windows 10 Mobile devices to be used as [a remote credential](hello-prepare-people-to-use.md#bmk-remote) when signing into Windows 10 PCs. During the sign-in process, the Windows 10 PC can connect using Bluetooth to access Windows Hello on the user’s Windows 10 Mobile device. Because users carry their phone with them, Windows Hello makes implementing two-factor authentication across the enterprise less costly and complex than other solutions.
> [!NOTE]
> Phone sign-in is currently limited to select Technology Adoption Program (TAP) participants.
@@ -113,9 +113,7 @@ Windows Hello for Business can use either keys (hardware or software) or certifi
[Windows 10: The End Game for Passwords and Credential Theft?](https://go.microsoft.com/fwlink/p/?LinkId=533891)
-[Authenticating identities without passwords through Microsoft Passport](https://go.microsoft.com/fwlink/p/?LinkId=616778)
-
-[Microsoft Passport guide](https://go.microsoft.com/fwlink/p/?LinkId=691928)
+[Authenticating identities without passwords through Windows Hello for Business](https://go.microsoft.com/fwlink/p/?LinkId=616778)
## Related topics
diff --git a/windows/keep-secure/hello-manage-in-organization.md b/windows/keep-secure/hello-manage-in-organization.md
index f2a43b7df1..beca5f89e3 100644
--- a/windows/keep-secure/hello-manage-in-organization.md
+++ b/windows/keep-secure/hello-manage-in-organization.md
@@ -7,7 +7,7 @@ ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
-author: jdeckerMS
+author: DaniHalfin
localizationpriority: high
---
@@ -352,7 +352,7 @@ You’ll need this software to set Windows Hello for Business policies in your e
+> • To understand the requirements in the following tables, you will need to be familiar with the main features in Device Guard: configurable code integrity policies, virtualization-based security (VBS), and Universal Extensible Firmware Interface (UEFI) Secure Boot. For information about these features, see [How Device Guard features help protect against threats](introduction-to-device-guard-virtualization-based-security-and-code-integrity-policies.md#how-device-guard-features-help-protect-against-threats).
+> • Beginning with Windows 10, version 1607, Trusted Platform Module (TPM 2.0) must be enabled by default on new computers.
## Device Guard requirements for baseline protections
|Baseline Protections - requirement | Description |
|---------------------------------------------|----------------------------------------------------|
| Hardware: **64-bit CPU** | A 64-bit computer is required for the Windows hypervisor to provide VBS. |
-| Hardware: **CPU virtualization extensions**,
plus **extended page tables** | **Requirements**: These hardware features are required for VBS:
One of the following virtualization extensions:
- VT-x (Intel) or
- AMD-V
And:
- Extended page tables, also called Second Level Address Translation (SLAT).
**Security benefits**: VBS provides isolation of secure kernel from normal operating system. Vulnerabilities and Day 0s in normal operating system cannot be exploited because of this isolation. |
+| Hardware: **CPU virtualization extensions**,
plus **extended page tables** | **Requirements**: These hardware features are required for VBS:
One of the following virtualization extensions:
• VT-x (Intel) or
• AMD-V
And:
• Extended page tables, also called Second Level Address Translation (SLAT).
**Security benefits**: VBS provides isolation of the secure kernel from the normal operating system. Vulnerabilities and zero-days in the normal operating system cannot be exploited because of this isolation. |
| Firmware: **UEFI firmware version 2.3.1.c or higher with UEFI Secure Boot** | **Requirements**: See the following Windows Hardware Compatibility Program requirement: [System.Fundamentals.Firmware.UEFISecureBoot](http://msdn.microsoft.com/library/windows/hardware/dn932805.aspx#system-fundamentals-firmware-uefisecureboot)
**Security benefits**: UEFI Secure Boot helps ensure that the device boots only authorized code. This can prevent boot kits and root kits from installing and persisting across reboots. |
| Firmware: **Secure firmware update process** | **Requirements**: UEFI firmware must support secure firmware update found under the following Windows Hardware Compatibility Program requirement: [System.Fundamentals.Firmware.UEFISecureBoot](http://msdn.microsoft.com/library/windows/hardware/dn932805.aspx#system-fundamentals-firmware-uefisecureboot).
**Security benefits**: UEFI firmware just like software can have security vulnerabilities that, when found, need to be patched through firmware updates. Patching helps prevent root kits from getting installed. |
| Software: **HVCI compatible drivers** | **Requirements**: See the Windows Hardware Compatibility Program requirements under [Filter.Driver.DeviceGuard.DriverCompatibility](https://msdn.microsoft.com/library/windows/hardware/mt589732(v=vs.85).aspx).
**Security benefits**: [HVCI Compatible](https://blogs.msdn.microsoft.com/windows_hardware_certification/2015/05/22/driver-compatibility-with-device-guard-in-windows-10/) drivers help ensure that VBS can maintain appropriate memory permissions. This increases resistance to bypassing vulnerable kernel drivers and helps ensure that malware cannot run in kernel. Only code verified through code integrity can run in kernel mode. |
-| Software: Qualified **Windows operating system** | **Requirement**: Windows 10 Enterprise, Windows 10 Education, Windows 2016 Server, or Windows Enterprise IoT
Windows Server 2016 running as a domain controller does not support Credential Guard. Only Device Guard is supported in this configuration.
**Security benefits**: Support for VBS and for management features that simplify configuration of Device Guard. |
+| Software: Qualified **Windows operating system** | **Requirement**: Windows 10 Enterprise, Windows 10 Education, Windows Server 2016, or Windows 10 IoT Enterprise
Windows Server 2016 running as a domain controller does not support Credential Guard. Only Device Guard is supported in this configuration.
**Security benefits**: Support for VBS and for management features that simplify configuration of Device Guard. |
> **Important** The preceding table lists requirements for baseline protections. The following tables list requirements for improved security. You can use Device Guard with hardware, firmware, and software that support baseline protections, even if they do not support protections for improved security. However, we strongly recommend meeting the requirements for improved security, to significantly strengthen the level of security that Device Guard can provide.
@@ -62,32 +62,34 @@ The following tables provide more information about the hardware, firmware, and
The following tables describes additional hardware and firmware requirements, and the improved security that is available when those requirements are met.
-### 2015 Additional Qualification Requirements for Device Guard (starting with Windows 10, version 1507, and Windows Server 2016, Technical Preview 4)
+### Additional Qualification Requirements starting with Windows 10, version 1507, and Windows Server 2016, Technical Preview 4
| Protections for Improved Security - requirement | Description |
|---------------------------------------------|----------------------------------------------------|
-| Firmware: **Securing Boot Configuration and Management** | **Requirements**:
- BIOS password or stronger authentication must be supported.
- In the BIOS configuration, BIOS authentication must be set.
- There must be support for protected BIOS option to configure list of permitted boot devices (for example, “Boot only from internal hard drive”) and boot device order, overriding BOOTORDER modification made by operating system.
- In the BIOS configuration, BIOS options related to security and boot options (list of permitted boot devices, boot order) must be secured to prevent other operating systems from starting and to prevent changes to the BIOS settings.
**Security benefits**:
- BIOS password or stronger authentication helps ensure that only authenticated Platform BIOS administrators can change BIOS settings. This helps protect against a physically present user with BIOS access.
- Boot order when locked provides protection against the computer being booted into WinRE or another operating system on bootable media. |
+| Firmware: **Securing Boot Configuration and Management** | **Requirements**:
• BIOS password or stronger authentication must be supported.
• In the BIOS configuration, BIOS authentication must be set.
• There must be support for protected BIOS option to configure list of permitted boot devices (for example, “Boot only from internal hard drive”) and boot device order, overriding BOOTORDER modification made by operating system.
• In the BIOS configuration, BIOS options related to security and boot options (list of permitted boot devices, boot order) must be secured to prevent other operating systems from starting and to prevent changes to the BIOS settings.
**Security benefits**:
• BIOS password or stronger authentication helps ensure that only authenticated Platform BIOS administrators can change BIOS settings. This helps protect against a physically present user with BIOS access.
• Boot order when locked provides protection against the computer being booted into WinRE or another operating system on bootable media. |
-### 2016 Additional Qualification Requirements for Device Guard (starting with Windows 10, version 1607, and Windows Server 2016)
+### Additional Qualification Requirements starting with Windows 10, version 1607, and Windows Server 2016
> **Important** The following tables list requirements for improved security, beyond the level of protection described in the preceding tables. You can use Device Guard with hardware, firmware, and software that do not support the following protections for improved security. As your systems meet more requirements, more protections become available to them.
| Protections for Improved Security - requirement | Description |
|---------------------------------------------|----------------------------------------------------|
-| Firmware: **Hardware Rooted Trust Platform Secure Boot** | **Requirements**:
Boot Integrity (Platform Secure Boot) must be supported. See the Windows Hardware Compatibility Program requirements under [System.Fundamentals.Firmware.CS.UEFISecureBoot.ConnectedStandby](https://msdn.microsoft.com/library/windows/hardware/dn932807(v=vs.85).aspx#system_fundamentals_firmware_cs_uefisecureboot_connectedstandby)
- The Hardware Security Test Interface (HSTI) must be implemented. See [Hardware Security Testability Specification](https://msdn.microsoft.com/en-us/library/windows/hardware/mt712332(v=vs.85).aspx).
**Security benefits**:
- Boot Integrity (Platform Secure Boot) from Power-On provides protections against physically present attackers, and defense-in-depth against malware.
- HSTI provides additional security assurance for correctly secured silicon and platform. |
+| Firmware: **Hardware Rooted Trust Platform Secure Boot** | **Requirements**:
Boot Integrity (Platform Secure Boot) must be supported. See the Windows Hardware Compatibility Program requirements under [System.Fundamentals.Firmware.CS.UEFISecureBoot.ConnectedStandby](https://msdn.microsoft.com/library/windows/hardware/dn932807(v=vs.85).aspx#system_fundamentals_firmware_cs_uefisecureboot_connectedstandby)
• The Hardware Security Test Interface (HSTI) 1.1.a must be implemented. See [Hardware Security Testability Specification](https://msdn.microsoft.com/en-us/library/windows/hardware/mt712332.aspx).
**Security benefits**:
• Boot Integrity (Platform Secure Boot) from Power-On provides protections against physically present attackers, and defense-in-depth against malware.
• HSTI 1.1.a provides additional security assurance for correctly secured silicon and platform. |
| Firmware: **Firmware Update through Windows Update** | **Requirements**: Firmware must support field updates through Windows Update and UEFI encapsulation update.
**Security benefits**: Helps ensure that firmware updates are fast, secure, and reliable. |
-| Firmware: **Securing Boot Configuration and Management** | **Requirements**:
- Required BIOS capabilities: Ability of OEM to add ISV, OEM, or Enterprise Certificate in Secure Boot DB at manufacturing time.
- Required configurations: Microsoft UEFI CA must be removed from Secure Boot DB. Support for 3rd-party UEFI modules is permitted but should leverage ISV-provided certificates or OEM certificate for the specific UEFI software.
**Security benefits**:
- Enterprises can choose to allow proprietary EFI drivers/applications to run.
- Removing Microsoft UEFI CA from Secure Boot DB provides full control to enterprises over software that runs before the operating system boots. |
+| Firmware: **Securing Boot Configuration and Management** | **Requirements**:
• Required BIOS capabilities: Ability of OEM to add ISV, OEM, or Enterprise Certificate in Secure Boot DB at manufacturing time.
• Required configurations: Microsoft UEFI CA must be removed from Secure Boot DB. Support for 3rd-party UEFI modules is permitted but should leverage ISV-provided certificates or OEM certificate for the specific UEFI software.
**Security benefits**:
• Enterprises can choose to allow proprietary EFI drivers/applications to run.
• Removing Microsoft UEFI CA from Secure Boot DB provides full control to enterprises over software that runs before the operating system boots. |
-### 2017 Additional Qualification Requirements for Device Guard (announced as options for future Windows operating systems for 2017)
+### Additional Qualification Requirements starting with Windows 10, version 1703
-| Protections for Improved Security - requirement | Description |
+The following table lists requirements for Windows 10, version 1703, which are in addition to all preceding requirements.
+
+| Protection for Improved Security | Description |
|---------------------------------------------|----------------------------------------------------|
-| Firmware: **UEFI NX Protections** | **Requirements**:
- All UEFI memory that is marked executable must be read only. Memory marked writable must not be executable.
UEFI Runtime Services:
- Must implement the UEFI 2.6 EFI_MEMORY_ATTRIBUTES_TABLE. The entire UEFI runtime must be described by this table.
- All entries must include attributes EFI_MEMORY_RO, EFI_MEMORY_XP, or both.
- No entries may be left with neither of the above attributes, indicating memory that is both executable and writable. Memory MUST be either readable and executable OR writeable and non-executable.
**Security benefits**:
- Protects against potential vulnerabilities in UEFI runtime in functions such as Update Capsule, Set Variables, and so on, so they can't compromise VBS.
- Reduces attack surface to VBS from system firmware. |
-| Firmware: **Firmware support for SMM protection** | **Requirements**: The [Windows SMM Security Mitigations Table (WSMT) specification](http://download.microsoft.com/download/1/8/A/18A21244-EB67-4538-BAA2-1A54E0E490B6/WSMT.docx) contains details of an Advanced Configuration and Power Interface (ACPI) table that was created for use with Windows operating systems that support Windows virtualization-based security (VBS) features.
**Security benefits**:
- Protects against potential vulnerabilities in UEFI runtime in functions such as Update Capsule, Set Variables, and so on, so they can't compromise VBS.
- Reduces attack surface to VBS from system firmware.
- Blocks additional security attacks against SMM. |
+| Firmware: **VBS enablement of NX protection for UEFI runtime services** | **Requirements**:
• VBS will enable No-Execute (NX) protection on UEFI runtime service code and data memory regions. UEFI runtime service code must support read-only page protections, and UEFI runtime service data must not be exceutable.
• UEFI runtime service must meet these requirements:
• Implement UEFI 2.6 EFI_MEMORY_ATTRIBUTES_TABLE. All UEFI runtime service memory (code and data) must be described by this table.
• PE sections need to be page-aligned in memory (not required for in non-volitile storage).
• The Memory Attributes Table needs to correctly mark code and data as RO/NX for configuration by the OS:
• All entries must include attributes EFI_MEMORY_RO, EFI_MEMORY_XP, or both
• No entries may be left with neither of the above attributes, indicating memory that is both exceutable and writable. Memory must be either readable and executable or writeable and non-executable.
• This only applies to UEFI runtime service memory, and not UEFI boot service memory.
• This protection is applied by VBS on OS page tables.
Please also note the following:
• Do not use sections that are both writeable and exceutable
• Do not attempt to directly modify executable system memory
• Do not use dynamic code
**Security benefits**:
• Vulnerabilities in UEFI runtime, if any, will be blocked from compromising VBS (such as in functions like UpdateCapsule and SetVariable)
• Reduces the attack surface to VBS from system firmware. |
+| Firmware: **Firmware support for SMM protection** | **Requirements**: The [Windows SMM Security Mitigations Table (WSMT) specification](http://download.microsoft.com/download/1/8/A/18A21244-EB67-4538-BAA2-1A54E0E490B6/WSMT.docx) contains details of an Advanced Configuration and Power Interface (ACPI) table that was created for use with Windows operating systems that support Windows virtualization-based security (VBS) features.
**Security benefits**:
• Protects against potential vulnerabilities in UEFI runtime services, if any, will be blocked from compromising VBS (such as in functions like UpdateCapsule and SetVariable)
• Reduces the attack surface to VBS from system firmware.
• Blocks additional security attacks against SMM. |
## Device Guard deployment in different scenarios: types of devices
@@ -95,9 +97,9 @@ Typically, deployment of Device Guard happens best in phases, rather than being
| **Type of device** | **How Device Guard relates to this type of device** | **Device Guard components that you can use to protect this kind of device** |
|------------------------------------|------------------------------------------------------|--------------------------------------------------------------------------------|
-| **Fixed-workload devices**: Perform same tasks every day.
Lists of approved applications rarely change.
Examples: kiosks, point-of-sale systems, call center computers. | Device Guard can be deployed fully, and deployment and ongoing administration are relatively straightforward.
After Device Guard deployment, only approved applications can run. This is because of protections offered by the Hypervisor Code Integrity (HVCI) service. | - VBS (hardware-based) protections, enabled.
- Code integrity policies in enforced mode, with UMCI enabled. |
-| **Fully managed devices**: Allowed software is restricted by IT department.
Users can request additional software, or install from a list of applications provided by IT department.
Examples: locked-down, company-owned desktops and laptops. | An initial baseline code integrity policy can be established and enforced. Whenever the IT department approves additional applications, it will update the code integrity policy and (for unsigned LOB applications) the catalog.
Code integrity policies are supported by the HVCI service. | - VBS (hardware-based) protections, enabled.
- Code integrity policies in enforced mode, with UMCI enabled. |
-| **Lightly managed devices**: Company-owned, but users are free to install software.
Devices are required to run organization's antivirus solution and client management tools. | Device Guard can be used to help protect the kernel, and to monitor (audit) for problem applications rather than limiting the applications that can be run. | - VBS (hardware-based) protections, enabled. When enabled with a code integrity policy in audit mode only, VBS means the hypervisor helps enforce the default kernel-mode code integrity policy, which protects against unsigned drivers or system files.
- Code integrity policies, with UMCI enabled, but running in audit mode only. This means applications are not blocked—the policy just logs an event whenever an application outside the policy is started. |
+| **Fixed-workload devices**: Perform same tasks every day.
Lists of approved applications rarely change.
Examples: kiosks, point-of-sale systems, call center computers. | Device Guard can be deployed fully, and deployment and ongoing administration are relatively straightforward.
After Device Guard deployment, only approved applications can run. This is because of protections offered by the Hypervisor Code Integrity (HVCI) service. | - VBS (hardware-based) protections, enabled.
• Code integrity policies in enforced mode, with UMCI enabled. |
+| **Fully managed devices**: Allowed software is restricted by IT department.
Users can request additional software, or install from a list of applications provided by IT department.
Examples: locked-down, company-owned desktops and laptops. | An initial baseline code integrity policy can be established and enforced. Whenever the IT department approves additional applications, it will update the code integrity policy and (for unsigned LOB applications) the catalog.
Code integrity policies are supported by the HVCI service. | - VBS (hardware-based) protections, enabled.
• Code integrity policies in enforced mode, with UMCI enabled. |
+| **Lightly managed devices**: Company-owned, but users are free to install software.
Devices are required to run organization's antivirus solution and client management tools. | Device Guard can be used to help protect the kernel, and to monitor (audit) for problem applications rather than limiting the applications that can be run. | - VBS (hardware-based) protections, enabled. When enabled with a code integrity policy in audit mode only, VBS means the hypervisor helps enforce the default kernel-mode code integrity policy, which protects against unsigned drivers or system files.
• Code integrity policies, with UMCI enabled, but running in audit mode only. This means applications are not blocked—the policy just logs an event whenever an application outside the policy is started. |
| **Bring Your Own Device**: Employees are allowed to bring their own devices, and also use those devices away from work. | Device Guard does not apply. Instead, you can explore other hardening and security features with MDM-based conditional access solutions, such as Microsoft Intune. | N/A |
## Device Guard deployment in virtual machines
diff --git a/windows/keep-secure/respond-file-alerts-windows-defender-advanced-threat-protection.md b/windows/keep-secure/respond-file-alerts-windows-defender-advanced-threat-protection.md
new file mode 100644
index 0000000000..0d15caf8a1
--- /dev/null
+++ b/windows/keep-secure/respond-file-alerts-windows-defender-advanced-threat-protection.md
@@ -0,0 +1,231 @@
+---
+title: Take response actions on a file in Windows Defender Advanced Threat Protection
+description: Take response actions on file related alerts by stopping and quarantining a file or blocking a file and checking activity details.
+keywords: respond, stop and quarantine, block file, deep analysis
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+author: mjcaparas
+localizationpriority: high
+---
+
+# Take response actions on a file
+
+**Applies to:**
+
+- Windows 10 Enterprise
+- Windows 10 Education
+- Windows 10 Pro
+- Windows 10 Pro Education
+- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+
+[Some information relates to pre–released product, which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]
+
+Quickly respond to detected attacks by stopping and quarantining files or blocking a file. After taking action on files, you can check activity details on the Action center.
+
+>[!NOTE]
+> These response actions are only available for machines on Windows 10, version 1703.
+
+You can also submit files for deep analysis to run the file in a secure cloud sandbox. When the analysis is complete, you'll get a detailed report that provides information about the behavior of the file.
+
+## Stop and quarantine files in your network
+You can contain an attack in your organization by stopping the malicious process and quarantine the file where it was observed.
+
+The **Stop & Quarantine File** action includes stopping running processes, quarantining the files, and deleting persistency such as registry keys.
+
+The action takes effect on machines with the latest Windows 10 Insider Preview build where the file was observed in the last 30 days.
+
+### Stop and quarantine files
+1. Select the file you want to stop and quarantine. You can select a file from any of the following views or use the Search box:
+
+ – **Alerts** - click the corresponding links from the Description or Details in the Alert timeline
+ – **Search box** - select File from the drop–down menu and enter the file name
+
+2. Open the **Actions menu** and select **Stop & Quarantine File**.
+ 
+
+3. Type a comment (optional), and select **Yes** to take action on the file. The comment will be saved in the Action center for reference.
+
+ The Action center shows the submission information:
+ 
+
+ – **Submission time** - Shows when the action was submitted.
+ – **Submitting user** - Shows who submitted the action on the file. You can view the comments provided by the user by selecting the information icon.
+ – **Pending** - Shows the number of machines where the file is yet to be stopped and quarantined from. This can take time for cases when the machine is offline or not connected to the network.
+ – **Success** - Shows the number of machines where the file has been stopped and quarantined.
+ – **Failed** - Shows the number of machines where the action failed and details about the failure.
+
+4. Select any of the status indicators to view more information about the action. For example, select **Failed** to see where the action failed.
+
+**Notification on machine user**:
+When the file is being removed from an endpoint, the following notification is shown:
+
+
+
+In the machine timeline, a new event is added for each machine where a file was stopped and quarantined.
+
+>[!NOTE]
+>The **Action** button is turned off for files signed by Microsoft as well as trusted third–party publishers to prevent the removal of critical system files and files used by important applications.
+
+
+
+For prevalent files in the organization, a warning is shown before an action is implemented to validate that the operation is intended.
+
+### Remove file from quarantine
+You can roll back and remove a file from quarantine if you’ve determined that it’s clean after an investigation. Run the following command on each machine where the file was quarantined.
+
+1. Open an elevated command–line prompt on the endpoint:
+
+ a. Go to **Start** and type cmd.
+
+ b. Right–click **Command prompt** and select **Run as administrator**.
+
+2. Enter the following command, and press **Enter**:
+ ```
+ “%ProgramFiles%\Windows Defender\MpCmdRun.exe” –Restore –Name EUS:Win32/CustomEnterpriseBlock –All
+ ```
+ >[!NOTE]
+ >Windows Defender ATP will remove all files that were quarantined on this machine in the last 30 days.
+
+## Block files in your network
+You can prevent further propagation of an attack in your organization by banning potentially malicious files or suspected malware. If you know a potentially malicious file, you can block it. This operation will prevent it from being read, written, or executed on machines in your organization.
+
+>[!NOTE]
+>This feature is only available if your organization uses Windows Defender Antivirus and Cloud–based protection is enabled. For more information, see [Manage cloud–based protection](configure-windows-defender-in-windows-10.md).
+This feature is designed to prevent suspected malware (or potentially malicious files) from being downloaded from the web. The coverage will be extended over time. The action takes effect on machines with the latest Windows 10 Insider Preview build.
+
+### Enable the block file feature
+1. In the navigation pane, select **Preference Setup** > **Advanced features** > **Block file**.
+
+2. Toggle the setting between **On** and **Off** and select **Save preferences**.
+
+ 
+
+3. Type a comment (optional) and select **Yes** to take action on the file.
+The Action center shows the submission information:
+
+ 
+
+ – **Submission time** - Shows when the action was submitted.
+ – **Submitting user** - Shows who submitted the action on the file. You can view the comments provided by the user by selecting the information icon.
+ – **Status** - Indicates whether the file was added to or removed from the blacklist.
+
+When the file is blocked, there will be a new event in the machine timeline.
+
+**Notification on machine user**:
+When a file is being blocked on the endpoint, the following notification is displayed to inform the user that the file was blocked:
+
+
+
+>[!NOTE]
+>The **Action** button is turned off for files signed by Microsoft to prevent negative impact on machines in your organization caused by the removal of files that might be related to the operating system.
+
+
+
+For prevalent files in the organization, a warning is shown before an action is implemented to validate that the operation is intended.
+
+### Remove file from blocked list
+1. Select the file you want to remove from the blocked list. You can select a file from any of the following views or use the Search box:
+
+ – **Alerts** - Click the file links from the Description or Details in the Alert timeline
+ – **Machines view** - Click the file links in the Description or Details columns in the Observed on machine section
+ – **Search box** - Select File from the drop–down menu and enter the file name
+
+2. Open the **Actions** menu and select **Remove file from blocked list**.
+
+ 
+
+3. Type a comment and select **Yes** to take action on the file. The file will be allowed to run in the organization.
+
+
+## Check activity details in Action center
+The **Action center** provides information on actions that were taken on a machine or file. You’ll be able to view the details on the last action that were taken on a file such as stopped and quarantined files or blocked files.
+
+
+
+## Deep analysis
+Cyber security investigations are typically triggered by an alert. Alerts are related to one or more observed files that are often new or unknown. Clicking a file takes you to the file view where you can see the file's metadata. To enrich the data related to the file, you can submit the file for deep analysis.
+
+The deep analysis feature executes a file in a secure, fully instrumented cloud environment. Deep analysis results show the file's activities, observed behaviors, and associated artifacts, such as dropped files, registry modifications, and communication with IPs.
+Deep analysis currently supports extensive analysis of portable executable (PE) files (including _.exe_ and _.dll_ files).
+
+Deep analysis of a file takes several minutes. When the file analysis is complete, results are made available in the File view page, under a new **Deep analysis summary** section. The summary includes a list of observed *behaviors*, some of which can indicate malicious activity, and *observables*, including contacted IPs and files created on the disk.
+
+Results of deep analysis are matched against threat intelligence and any matches will generate appropriate alerts.
+
+### Submit files for analysis
+
+Use the deep analysis feature to investigate the details of any file, usually during an investigation of an alert or for any other reason where you suspect malicious behavior. This feature is available in the context of the file view.
+
+In the file's page, **Submit for deep analysis** is enabled when the file is available in the Windows Defender ATP backend sample collection or if it was observed on a Windows 10 machine that supports submitting to deep analysis.
+
+> [!NOTE]
+> Only files from Windows 10 can be automatically collected.
+
+You can also manually submit a sample through the [Malware Protection Center Portal](https://www.microsoft.com/security/portal/submission/submit.aspx) if the file was not observed on a Windows 10 machine, and wait for **Submit for deep analysis** button to become available.
+
+> [!NOTE]
+> Due to backend processing flows in the Malware Protection Center Portal, there could be up to 10 minutes of latency between file submission and availability of the deep analysis feature in Windows Defender ATP.
+
+When the sample is collected, Windows Defender ATP runs the file in is a secure environment and creates a detailed report of observed behaviors and associated artifacts, such as files dropped on machines, communication to IPs, and registry modifications.
+
+**Submit files for deep analysis:**
+
+1. Select the file that you want to submit for deep analysis. You can select or search a file from any of the following views:
+ – Alerts - click the file links from the **Description** or **Details** in the Alert timeline
+ – **Machines View** - click the file links from the **Description** or **Details** in the **Machine in organization** section
+ – Search box - select **File** from the drop–down menu and enter the file name
+2. In the **Deep analysis** section of the file view, click **Submit**.
+
+
+
+>**Note** Only PE files are supported, including _.exe_ and _.dll_ files
+
+A progress bar is displayed and provides information on the different stages of the analysis. You can then view the report when the analysis is done.
+
+> [!NOTE]
+> Depending on machine availability, sample collection time can vary. There is a 3–hour timeout for sample collection. The collection will fail and the operation will abort if there is no online Windows 10 machine reporting at that time. You can re–submit files for deep analysis to get fresh data on the file.
+
+### View deep analysis reports
+
+View the deep analysis report that Windows Defender ATP provides to see the details of the deep analysis that was conducted on the file you submitted. This feature is available in the file view context.
+
+You can view the comprehensive report that provides details on:
+
+– Observed behaviors
+– Associated artifacts
+
+The details provided can help you investigate if there are indications of a potential attack.
+
+
+1. Select the file you submitted for deep analysis.
+2. Click **See the report below**. Information on the analysis is displayed.
+
+
+
+### Troubleshooting deep analysis
+
+If you encounter a problem when trying to submit a file, try each of the following troubleshooting steps.
+
+
+1. Ensure that the file in question is a PE file. PE files typically have _.exe_ or _.dll_ extensions (executable programs or applications).
+2. Ensure the service has access to the file, that it still exists, and has not been corrupted or modified.
+3. You can wait a short while and try to submit the file again, in case the queue is full or there was a temporary connection or communication error.
+4. Verify the policy setting enables sample collection and try to submit the file again.
+
+ a. Change the following registry entry and values to change the policy on specific endpoints:
+ ```
+HKLM\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection
+ Value = 0 – block sample collection
+ Value = 1 – allow sample collection
+```
+5. Change the organizational unit through the Group Policy. For more information, see [Configure with Group Policy](configure-endpoints-gp-windows-defender-advanced-threat-protection.md).
+6. If these steps do not resolve the issue, contact [winatp@microsoft.com](mailto:winatp@microsoft.com).
+
+> [!NOTE]
+> If the value *AllowSampleCollection* is not available, the client will allow sample collection by default.
+
+## Related topics
+– [Take response actions on a machine](respond-machine-alerts-windows-defender-advanced-threat-protection.md)
diff --git a/windows/keep-secure/respond-machine-alerts-windows-defender-advanced-threat-protection.md b/windows/keep-secure/respond-machine-alerts-windows-defender-advanced-threat-protection.md
new file mode 100644
index 0000000000..7262eeac48
--- /dev/null
+++ b/windows/keep-secure/respond-machine-alerts-windows-defender-advanced-threat-protection.md
@@ -0,0 +1,131 @@
+---
+title: Take response actions on a machine in Windows Defender Advanced Threat Protection
+description: Take response actions on a machine by isolating machines, collecting an investigation package, and checking activity details.
+keywords: respond, isolate, isolate machine, collect investigation package, action center
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+author: mjcaparas
+localizationpriority: high
+---
+
+# Take response actions on a machine
+
+**Applies to:**
+
+- Windows 10 Enterprise
+- Windows 10 Education
+- Windows 10 Pro
+- Windows 10 Pro Education
+- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+
+[Some information relates to pre-released product, which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]
+
+Quickly respond to detected attacks by isolating machines or collecting an investigation package. After taking action on machines, you can check activity details on the Action center.
+
+>[!NOTE]
+> These response actions are only available for machines on Windows 10, version 1703.
+
+## Isolate machines from the network
+Depending on the severity of the attack and the sensitivity of the machine, you might want to isolate the machine from the network. This action can help prevent the attacker from controlling the compromised machine and performing further activities such as data exfiltration and lateral movement.
+
+This machine isolation feature disconnects the compromised machine from the network while retaining connectivity to the Windows Defender ATP service, which continues to monitor the machine.
+
+>[!NOTE]
+>You’ll be able to reconnect the machine back to the network at any time.
+
+1. Select the machine that you want to isolate. You can select or search for a machine from any of the following views:
+
+ - **Dashboard** - Select the machine name from the Top machines with active alerts section.
+ - **Alerts queue** - Select the machine name beside the machine icon from the alerts queue.
+ - **Machines view** - Select the machine name from the list of machines.
+ - **Search box** - Select Machine from the drop-down menu and enter the machine name.
+
+2. Open the **Actions** menu and select **Isolate machine**.
+
+ 
+
+3. Type a comment (optional) and select **Yes** to take action on the machine.
+ >[!NOTE]
+ >The machine will remain connected to the Windows Defender ATP service even if it is isolated from the network.
+
+ The Action center shows the submission information:
+ 
+
+ - **Submission time** - Shows when the isolation action was submitted.
+ - **Submitting user** - Shows who submitted the action on the machine. You can view the comments provided by the user by selecting the information icon.
+ - **Status** - Indicates any pending actions or the results of completed actions.
+
+When the isolation configuration is applied, there will be a new event in the machine timeline.
+
+**Notification on machine user**:
+When a machine is being isolated, the following notification is displayed to inform the user that the machine is being isolated from the network:
+
+
+
+## Undo machine isolation
+Depending on the severity of the attack and the state of the machine you can choose to release the machine isolation after you have verified that the compromised machine has been remediated.
+
+1. Select a machine that was previously isolated.
+
+2. Open the **Actions** menu and select **Undo machine isolation**.
+
+ 
+
+3. Type a comment (optional) and select **Yes** to take action on the file. The machine will be reconnected to the network.
+
+## Collect investigation package from machines
+As part of the investigation or response process, you can collect an investigation package from a machine. By collecting the investigation package, you can identify the current state of the machine and further understand the tools and techniques used by the attacker.
+
+You can download the package (Zip file) and investigate the events that occurred on a machine.
+
+The package contains the following folders:
+
+Folder | Description
+:---|:---
+Autoruns | Contains a set of files that each represent the content of the registry of a known auto start entry point (ASEP) to help identify attacker’s persistency on the machine. NOTE: If the registry key is not found, the file will contain the following message: “ERROR: The system was unable to find the specified registry key or value.”
+Installed programs | This .CSV file contains the list of installed programs that can help identify what is currently installed on the machine. For more information, see [Win32_Product class](https://go.microsoft.com/fwlink/?linkid=841509).
+Network connections | This folder contains a set of data points related to the connectivity information which can help in identifying connectivity to suspicious URLs, attacker’s command and control (C&C) infrastructure, any lateral movement, or remote connections. - ActiveNetworkConnections.txt – Displays protocol statistics and current TCP/IP network connections. Provides the ability to look for suspicious connectivity made by a process. - Arp.txt – Displays the current address resolution protocol (ARP) cache tables for all interfaces. ARP cache can reveal additional hosts on a network that have been compromised or suspicious systems on the network that night have been used to run an internal attack. - Dnscache.txt - Displays the contents of the DNS client resolver cache, which includes both entries preloaded from the local Hosts file and any recently obtained resource records for name queries resolved by the computer. This can help in identifying suspicious connections. - Ipconfig.txt – Displays the full TCP/IP configuration for all adapters. Adapters can represent physical interfaces, such as installed network adapters, or logical interfaces, such as dial-up connections.
+Prefetch files | Windows Prefetch files are designed to speed up the application startup process. It can be used to track all the files recently used in the system and find traces for applications that might have been deleted but can still be found in the prefetch file list. - Prefetch folder – Contains a copy of the prefetch files from `%SystemRoot%\Prefetch`. NOTE: It is suggested to download a prefetch file viewer to view the prefetch files. - PrefetchFilesList.txt – Contains the list of all the copied files which can be used to track if there were any copy failures to the prefetch folder.
+Processes | Contains a .CSV file listing the running processes which provides the ability to identify current processes running on the machine. This can be useful when identifying a suspicious process and its state.
+Scheduled tasks | Contains a .CSV file listing the scheduled tasks which can be used to identify routines performed automatically on a chosen machine to look for suspicious code which was set to run automatically.
+Security event log | Contains the security event log which contains records of login or logout activity, or other security-related events specified by the system's audit policy. NOTE: Open the event log file using Event viewer.
+Services | Contains the services.txt file which lists services and their states.
+Windows Server Message Block (SMB) sessions | Lists shared access to files, printers, and serial ports and miscellaneous communications between nodes on a network. This can help identify data exfiltration or lateral movement. Contains files for SMBInboundSessions and SMBOutboundSession. NOTE: If the file contains the following message: “ERROR: The system was unable to find the specified registry key or value.”, it means that there were no SMB sessions of this type (inbound or outbound).
+Temp Directories | Contains a set of text files that lists the files located in %Temp% for every user in the system. This can help to track suspicious files that an attacker may have dropped on the system. NOTE: If the file contains the following message: “The system cannot find the path specified”, it means that there is no temp directory for this user, and might be because the user didn’t log in to the system.
+Users and Groups | Provides a list of files that each represent a group and its members.
+CollectionSummaryReport.xls | This file is a summary of the investigation package collection, it contains the list of data points, the command used to extract the data, the execution status, and the error code in case of failure. You can use this report to track if the package includes all the expected data and identify if there were any errors.
+
+1. Select the machine that you want to investigate. You can select or search for a machine from any of the following views:
+
+ - **Dashboard** - Select the machine name from the Top machines with active alerts section.
+ - **Alerts queue** - Select the machine name beside the machine icon from the alerts queue.
+ - **Machines view** - Select the heading of the machine name from the machines view.
+ - **Search box** - Select Machine from the drop-down menu and enter the machine name.
+
+2. Open the **Actions** menu and select **Collect investigation package**.
+
+ The Action center shows the submission information:
+ 
+
+ - **Submission time** - Shows when the action was submitted.
+ - **Submitting user** - Shows who submitted the action on the file. You can view the comments provided by the user by selecting the information icon.
+ - **Status** - Indicates if the package was successfully collected from the network. When the collection is complete, you can download the package.
+
+3. Select **Package available** to download the package.
+ When the package is available a new event will be added to the machine timeline.
+ You can download the package from the machine page, or the Action center.
+
+ 
+
+ You can also search for historical packages in the machine timeline.
+
+## Check activity details in Action center
+The **Action center** provides information on actions that were taken on a machine or file. You’ll be able to view if a machine was isolated and if an investigation package is available from a machine. All related details are also shown, for example, submission time, submitting user, and if the action succeeded or failed.
+
+
+
+## Related topics
+- [Take response actions on a file](respond-file-alerts-windows-defender-advanced-threat-protection.md)
diff --git a/windows/keep-secure/response-actions-windows-defender-advanced-threat-protection.md b/windows/keep-secure/response-actions-windows-defender-advanced-threat-protection.md
new file mode 100644
index 0000000000..3fdf40354f
--- /dev/null
+++ b/windows/keep-secure/response-actions-windows-defender-advanced-threat-protection.md
@@ -0,0 +1,47 @@
+---
+title: Take response actions on files and machines in Windows Defender Advanced Threat Protection
+description: Take response actions on files and machines by stopping and quarantining files, blocking a file, isolating machines, or collecting an investigation package.
+keywords: respond, stop and quarantine, block file, deep analysis, isolate machine, collect investigation package, action center
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+author: mjcaparas
+localizationpriority: high
+---
+
+# Take response actions in Windows Defender ATP
+
+**Applies to:**
+
+- Windows 10 Enterprise
+- Windows 10 Education
+- Windows 10 Pro
+- Windows 10 Pro Education
+- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+
+[Some information relates to pre-released product, which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]
+
+You can take response actions on machines and files to quickly respond to detected attacks so that you can contain or reduce and prevent further damage caused by malicious attackers in your organization.
+
+>[!NOTE]
+> These response actions are only available for machines on Windows 10, version 1703.
+
+## In this section
+Topic | Description
+:---|:---
+[Take response actions on a machine](respond-machine-alerts-windows-defender-advanced-threat-protection.md)| Isolate machines or collect an investigation package.
+[Take response actions on a file](respond-file-alerts-windows-defender-advanced-threat-protection.md)| Stop and quarantine files or block a file from your network.
+
+## Related topics
+- [View the Windows Defender Advanced Threat Protection Dashboard](dashboard-windows-defender-advanced-threat-protection.md)
+- [View and organize the Windows Defender Advanced Threat Protection Alerts queue ](alerts-queue-windows-defender-advanced-threat-protection.md)
+- [Investigate Windows Defender Advanced Threat Protection alerts](investigate-alerts-windows-defender-advanced-threat-protection.md)
+- [Investigate a file associated with a Windows Defender ATP alert](investigate-files-windows-defender-advanced-threat-protection.md)
+- [Investigate an IP address associated with a Windows Defender ATP alert](investigate-ip-windows-defender-advanced-threat-protection.md)
+- [Investigate a domain associated with a Windows Defender ATP alert](investigate-domain-windows-defender-advanced-threat-protection.md)
+- [View and organize the Windows Defender ATP Machines view](machines-view-overview-windows-defender-advanced-threat-protection.md)
+- [Investigate machines in the Windows Defender ATP Machines view](investigate-machines-windows-defender-advanced-threat-protection.md)
+- [Investigate a user account in Windows Defender ATP](investigate-user-windows-defender-advanced-threat-protection.md)
+- [Manage Windows Defender Advanced Threat Protection alerts](manage-alerts-windows-defender-advanced-threat-protection.md)
diff --git a/windows/keep-secure/settings-windows-defender-advanced-threat-protection.md b/windows/keep-secure/settings-windows-defender-advanced-threat-protection.md
index a5df900c1d..caaafb618e 100644
--- a/windows/keep-secure/settings-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/settings-windows-defender-advanced-threat-protection.md
@@ -50,8 +50,8 @@ Setting the time zone also changes the times for all Windows Defender ATP views.
To set the time zone:
1. Click the **Settings** menu .
-2. Select the **Timezone:UTC** indicator.
-3. The time zone indicator changes to **Timezone:Local**. Click it again to change back to **Timezone:UTC**.
+2. Select the **Timezone UTC** indicator.
+3. Select **Timezone Local** or **-8:00**.
## Suppression rules
The suppression rules control what alerts are suppressed. You can suppress alerts so that certain activities are not flagged as suspicious. For more information see, [Suppress alerts](manage-alerts-windows-defender-advanced-threat-protection.md#suppress-alerts).
diff --git a/windows/keep-secure/threat-indicator-concepts-windows-defender-advanced-threat-protection.md b/windows/keep-secure/threat-indicator-concepts-windows-defender-advanced-threat-protection.md
new file mode 100644
index 0000000000..be6cfe9d8e
--- /dev/null
+++ b/windows/keep-secure/threat-indicator-concepts-windows-defender-advanced-threat-protection.md
@@ -0,0 +1,55 @@
+---
+title: Understand threat intelligence concepts in Windows Defender ATP
+description: Understand the concepts around threat intelligence in Windows Defender Advanced Threat Protection so that you can effectively create custom intelligence for your organization.
+keywords: threat intelligence, alert definitions, indicators of compromise, ioc
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+author: mjcaparas
+localizationpriority: high
+---
+
+# Understand threat intelligence concepts
+
+**Applies to:**
+
+- Windows 10 Enterprise
+- Windows 10 Education
+- Windows 10 Pro
+- Windows 10 Pro Education
+- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+
+[Some information relates to pre-released product, which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]
+
+Advanced cybersecurity attacks comprise of multiple complex malicious events, attributes, and contextual information. Identifying and deciding which of these activities qualify as suspicious can be a challenging task. Your knowledge of known attributes and abnormal activities specific to your industry is fundamental in knowing when to call an observed behavior as suspicious.
+
+With Windows Defender ATP, you can create custom threat alerts that can help you keep track of possible attack activities in your organization. You can flag suspicious events to piece together clues and possibly stop an attack chain. These custom threat alerts will only appear in your organization and will flag events that you set it to track.
+
+Before creating custom threat alerts, it's important to know the concepts behind alert definitions and indicators of compromise (IOCs) and the relationship between them.
+
+## Alert definitions
+Alert definitions are contextual attributes that can be used collectively to identify early clues on a possible cybersecurity attack. These indicators are typically a combination of activities, characteristics, and actions taken by an attacker to successfully achieve the objective of an attack. Monitoring these combinations of attributes is critical in gaining a vantage point against attacks and possibly interfering with the chain of events before an attacker's objective is reached.
+
+## Indicators of compromise (IOC)
+IOCs are individually-known malicious events that indicate that a network or machine has already been breached. Unlike alert definitions, these indicators are considered as evidence of a breach. They are often seen after an attack has already been carried out and the objective has been reached, such as exfiltration. Keeping track of IOCs is also important during forensic investigations. Although it might not provide the ability to intervene with an attack chain, gathering these indicators can be useful in creating better defenses for possible future attacks.
+
+## Relationship between alert definitions and IOCs
+In the context of Windows Defender ATP, alert definitions are containers for IOCs and defines the alert, including the metadata that is raised in case of a specific IOC match. Various metadata is provided as part of the alert definitions. Metadata such as alert definition name of attack, severity, and description is provided along with other options. For more information on available metadata options, see [Threat Intelligence API metadata](custom-ti-api-windows-defender-advanced-threat-protection.md#threat-intelligence-api-metadata).
+
+Each IOC defines the concrete detection logic based on its type and value as well as its action, which determines how it is matched. It is bound to a specific alert definition that defines how a detection is displayed as an alert on the Windows Defender ATP console.
+
+Here is an example of an IOC:
+ - Type: Sha1
+ - Value: 92cfceb39d57d914ed8b14d0e37643de0797ae56
+ - Action: Equals
+
+IOCs have a many-to-one relationship with alert definitions such that an alert definition can have many IOCs that correspond to it.
+
+## Related topics
+- [Enable the custom threat intelligence application](enable-custom-ti-windows-defender-advanced-threat-protection.md)
+- [Create custom threat intelligence alerts](custom-ti-api-windows-defender-advanced-threat-protection.md)
+- [PowerShell code examples](powershell-example-code-windows-defender-advanced-threat-protection.md)
+- [Python code examples](python-example-code-windows-defender-advanced-threat-protection.md)
+- [Troubleshoot custom threat intelligence issues](troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md)
diff --git a/windows/keep-secure/troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md b/windows/keep-secure/troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md
new file mode 100644
index 0000000000..d63bd1bf4c
--- /dev/null
+++ b/windows/keep-secure/troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md
@@ -0,0 +1,54 @@
+---
+title: Troubleshoot custom threat intelligence issues in Windows Defender ATP
+description: Troubleshoot issues that might arise when using the custom threat intelligence feature in Windows Defender ATP.
+keywords: troubleshoot, custom threat intelligence, custom ti, rest api, api, alert definitions, indicators of compromise
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+author: mjcaparas
+localizationpriority: high
+---
+
+# Troubleshoot custom threat intelligence issues
+
+**Applies to:**
+
+- Windows 10 Enterprise
+- Windows 10 Education
+- Windows 10 Pro
+- Windows 10 Pro Education
+- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+
+[Some information relates to pre-released product, which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]
+
+You might need to troubleshoot issues while using the custom threat intelligence feature.
+
+This page provides detailed steps to troubleshoot issues you might encounter while using the feature.
+
+
+## Learn how to get a new client secret
+If your client secret expires or if you've misplaced the copy provided when you were enabling the custom threat intelligence application, you'll need to get a new secret.
+
+1. Login to the [Azure management portal](https://ms.portal.azure.com).
+
+2. Select **Active Directory**.
+
+3. Select your tenant.
+
+4. Click **Application**, then select your custom threat intelligence application.
+
+5. Select **Keys** section, then provide a key description and specify the key validity duration.
+
+6. Click **Save**. The key value is displayed.
+
+7. Copy the value and save it in a safe place.
+
+
+## Related topics
+- [Understand threat intelligence](threat-indicator-concepts-windows-defender-advanced-threat-protection.md)
+- [Enable the custom threat intelligence application](enable-custom-ti-windows-defender-advanced-threat-protection.md)
+- [Create custom threat intelligence](custom-ti-api-windows-defender-advanced-threat-protection.md)
+- [PowerShell code examples](powershell-example-code-windows-defender-advanced-threat-protection.md)
+- [Python code examples](python-example-code-windows-defender-advanced-threat-protection.md)
diff --git a/windows/keep-secure/troubleshoot-windows-defender-advanced-threat-protection.md b/windows/keep-secure/troubleshoot-windows-defender-advanced-threat-protection.md
index 4cb0a35b53..088a82e8d9 100644
--- a/windows/keep-secure/troubleshoot-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/troubleshoot-windows-defender-advanced-threat-protection.md
@@ -26,40 +26,15 @@ This section addresses issues that might arise as you use the Windows Defender A
If you encounter a server error when trying to access the service, you’ll need to change your browser cookie settings.
Configure your browser to allow cookies.
-### No data is shown on the portal
-If no data is displayed on the Dashboard portal even if no errors were encountered in the portal logs or in the browser console, you'll need to whitelist the threat intelligence, data access, and detonation endpoints that also use this protocol.
+### Elements or data missing on the portal
+If some UI elements or data is missing on the Windows Defender ATP portal it’s possible that proxy settings are blocking it.
+
+Make sure that `*.securitycenter.windows.com` is included the proxy whitelist.
+
> [!NOTE]
> You must use the HTTPS protocol when adding the following endpoints.
-Depending on your region, add the following endpoints to the whitelist:
-
-U.S. region:
-
-- daasmon-cus-prd.cloudapp.net
-- daasmon-eus-prd.cloudapp.net
-- dataaccess-cus-prd.cloudapp.net
-- dataaccess-eus-prd.cloudapp.net
-- threatintel-cus-prd.cloudapp.net
-- threatintel-eus-prd.cloudapp.net
-- winatpauthorization.windows.com
-- winatpfeedback.windows.com
-- winatpmanagement.windows.com
-- winatponboarding.windows.com
-- winatpservicehealth.windows.com
-
-EU region:
-
-- dataaccess-neu-prd.cloudapp.net
-- dataaccess-weu-prd.cloudapp.net
-- threatintel-neu-prd.cloudapp.net
-- threatintel-weu-prd.cloudapp.net
-- winatpauthorization.windows.com
-- winatpfeedback.windows.com
-- winatpmanagement.windows.com
-- winatponboarding.windows.com
-- winatpservicehealth.windows.com
-
### Windows Defender ATP service shows event or error logs in the Event Viewer
See the topic [Review events and errors on endpoints with Event Viewer](event-error-codes-windows-defender-advanced-threat-protection.md) for a list of event IDs that are reported by the Windows Defender ATP service. The topic also contains troubleshooting steps for event errors.
diff --git a/windows/keep-secure/use-custom-ti-windows-defender-advanced-threat-protection.md b/windows/keep-secure/use-custom-ti-windows-defender-advanced-threat-protection.md
new file mode 100644
index 0000000000..0757a26702
--- /dev/null
+++ b/windows/keep-secure/use-custom-ti-windows-defender-advanced-threat-protection.md
@@ -0,0 +1,39 @@
+---
+title: Use the threat intelligence API in Windows Defender Advanced Threat Protection to create custom alerts
+description: Use the custom threat intelligence API to create custom alerts for your organization.
+keywords: threat intelligence, alert definitions, indicators of compromise
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+author: mjcaparas
+localizationpriority: high
+---
+
+# Use the threat intelligence API to create custom alerts
+
+**Applies to:**
+
+- Windows 10 Enterprise
+- Windows 10 Education
+- Windows 10 Pro
+- Windows 10 Pro Education
+- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+
+[Some information relates to pre-released product, which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]
+
+Understand threat intelligence concepts, then enable the custom threat intelligence application so that you can proceed to create custom threat intelligence alerts that are specific to your organization.
+
+You can use the code examples to guide you in creating calls to the custom threat intelligence API.
+
+## In this section
+
+Topic | Description
+:---|:---
+[Understand threat intelligence concepts](threat-indicator-concepts-windows-defender-advanced-threat-protection.md) | Understand the concepts around threat intelligence so that you can effectively create custom intelligence for your organization.
+[Enable the custom threat intelligence application](enable-custom-ti-windows-defender-advanced-threat-protection.md) | Set up the custom threat intelligence application through the Windows Defender ATP portal so that you can create custom threat intelligence (TI) using REST API.
+[Create custom threat intelligence alerts](custom-ti-api-windows-defender-advanced-threat-protection.md) | Create custom threat intelligence alerts so that you can generate specific alerts that are applicable to your organization.
+[PowerShell code examples](powershell-example-code-windows-defender-advanced-threat-protection.md) | Use the PowerShell code examples to guide you in using the custom threat intelligence API.
+[Python code examples](python-example-code-windows-defender-advanced-threat-protection.md) | Use the Python code examples to guide you in using the custom threat intelligence API.
+[Troubleshoot custom threat intelligence issues](troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md) | Learn how to address possible issues you might encounter while using the threat intelligence API.
diff --git a/windows/keep-secure/use-windows-defender-advanced-threat-protection.md b/windows/keep-secure/use-windows-defender-advanced-threat-protection.md
index 2f238a4d6d..23bb45e5bf 100644
--- a/windows/keep-secure/use-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/use-windows-defender-advanced-threat-protection.md
@@ -41,8 +41,11 @@ Topic | Description
[View the Dashboard](dashboard-windows-defender-advanced-threat-protection.md) | The Windows Defender ATP **Dashboard** provides a snapshot of your network. You can view aggregates of alerts, the overall status of the service of the endpoints on your network, investigate machines, files, and URLs, and see snapshots of threats seen on machines.
[View and organize the Alerts queue](alerts-queue-windows-defender-advanced-threat-protection.md) | You can sort and filter alerts across your network, and drill down on individual alert queues such as new, in progress, or resolved queues.
[Investigate alerts](investigate-alerts-windows-defender-advanced-threat-protection.md)| Investigate alerts in Windows Defender ATP which might indicate possible security breaches on endpoints in your organization.
-[Investigate machines](investigate-machines-windows-defender-advanced-threat-protection.md) | The **Machines view** shows a list of the machines in your network, the corresponding number of active alerts for each machine categorized by alert severity levels, as well as the number of threats.
[Investigate files](investigate-files-windows-defender-advanced-threat-protection.md) | Investigate the details of a file associated with a specific alert, behavior, or event to help determine if the file exhibits malicious activities, identify the attack motivation, and understand the potential scope of the breach.
[Investigate an IP address](investigate-ip-windows-defender-advanced-threat-protection.md) | Examine possible communication between your machines and external Internet protocol (IP) addresses.
[Investigate a domain](investigate-domain-windows-defender-advanced-threat-protection.md) | Investigate a domain to see if machines and servers in your enterprise network have been communicating with a known malicious domain.
+[View and organize the Machines view](machines-view-overview-windows-defender-advanced-threat-protection.md)| You can sort, filter, and exporting the machine list.
+[Investigate machines](investigate-machines-windows-defender-advanced-threat-protection.md) | The **Machines view** shows a list of the machines in your network, the corresponding number of active alerts for each machine categorized by alert severity levels, as well as the number of threats.
+[Investigate a user account](investigate-user-windows-defender-advanced-threat-protection.md)| Investigate user accounts with the most active alerts.
[Manage alerts](manage-alerts-windows-defender-advanced-threat-protection.md) | The **Manage Alert** menu on every alert lets you change an alert's status, resolve it, suppress it, or contribute comments about the alert.
+[Take response actions](response-actions-windows-defender-advanced-threat-protection.md)| Take action on a machine or file to quickly respond to detected attacks.
diff --git a/windows/keep-secure/windows-defender-block-at-first-sight.md b/windows/keep-secure/windows-defender-block-at-first-sight.md
index a31f43f6ee..342b7ac541 100644
--- a/windows/keep-secure/windows-defender-block-at-first-sight.md
+++ b/windows/keep-secure/windows-defender-block-at-first-sight.md
@@ -31,7 +31,7 @@ It is enabled by default when certain pre-requisite settings are also enabled. I
When a Windows Defender client encounters a suspicious but undetected file, it queries our cloud protection backend. The cloud backend will apply heuristics, machine learning, and automated analysis of the file to determine the files as malicious or clean.
> [!NOTE]
-> The Block at first sight feature only use the cloud protection backend for executable files that are downloaded from the Internet, or originating from the Internet zone. A hash value of the EXE file is checked via the cloud backend to determine if this is a previously undetected file.
+> The Block at first sight feature only uses the cloud-protection backend for "portable executable" (PE) files that are downloaded from the Internet, or originating from the Internet zone. This includes file types such as .exe, .dll, .scr, and so on. A hash value of the file is checked via the cloud backend to determine if this is a previously undetected file.
If the cloud backend is unable to make a determination, the file will be locked by Windows Defender while a copy is uploaded to the cloud. Only after the cloud has received the file will Windows Defender release the lock and let the file run. The cloud will perform additional analysis to reach a determination, blocking all future encounters of that file.
diff --git a/windows/manage/TOC.md b/windows/manage/TOC.md
index d68415cde7..70f2e9290f 100644
--- a/windows/manage/TOC.md
+++ b/windows/manage/TOC.md
@@ -20,6 +20,9 @@
### [Prepare servicing strategy for Windows 10 updates](waas-servicing-strategy-windows-10-updates.md)
### [Build deployment rings for Windows 10 updates](waas-deployment-rings-windows-10-updates.md)
### [Assign devices to servicing branches for Windows 10 updates](waas-servicing-branches-windows-10-updates.md)
+### [Monitor Windows Updates with Update Compliance](update-compliance-monitor.md)
+#### [Get started with Update Compliance](update-compliance-get-started.md)
+#### [Use Update Compliance](update-compliance-using.md)
### [Optimize update delivery for Windows 10 updates](waas-optimize-windows-10-updates.md)
#### [Configure Delivery Optimization for Windows 10 updates](waas-delivery-optimization.md)
#### [Configure BranchCache for Windows 10 updates](waas-branchcache.md)
@@ -159,6 +162,7 @@
### [Troubleshooting App-V](appv-troubleshooting.md)
### [Technical Reference for App-V](appv-technical-reference.md)
#### [Performance Guidance for Application Virtualization](appv-performance-guidance.md)
+
#### [Application Publishing and Client Interaction](appv-application-publishing-and-client-interaction.md)
#### [Viewing App-V Server Publishing Metadata](appv-viewing-appv-server-publishing-metadata.md)
#### [Running a Locally Installed Application Inside a Virtual Environment with Virtualized Applications](appv-running-locally-installed-applications-inside-a-virtual-environment.md)
@@ -218,4 +222,5 @@
#### [Update Windows Store for Business account settings](update-windows-store-for-business-account-settings.md)
#### [Manage user accounts in Windows Store for Business](manage-users-and-groups-windows-store-for-business.md)
### [Troubleshoot Windows Store for Business](troubleshoot-windows-store-for-business.md)
+## [Windows Libraries](windows-libraries.md)
## [Change history for Manage and update Windows 10](change-history-for-manage-and-update-windows-10.md)
diff --git a/windows/manage/change-history-for-manage-and-update-windows-10.md b/windows/manage/change-history-for-manage-and-update-windows-10.md
index 837fac6dda..13a0de7e4f 100644
--- a/windows/manage/change-history-for-manage-and-update-windows-10.md
+++ b/windows/manage/change-history-for-manage-and-update-windows-10.md
@@ -18,7 +18,13 @@ This topic lists new and updated topics in the [Manage and update Windows 10](in
| New or changed topic | Description |
| --- | --- |
+| [Windows Libraries](windows-libraries.md) | New |
+| [Monitor Windows Updates with Update Compliance](update-compliance-monitor.md) | New |
+| [Get started with Update Compliance](update-compliance-get-started.md) | New |
+| [Use Update Compliance to monitor Windows Updates](update-compliance-using.md) | New |
| [Assign devices to servicing branches for Windows 10 updates](waas-servicing-branches-windows-10-updates.md) | Added Group Policy setting that blocks user access to Windows Update. |
+| [Optimize update delivery for Windows 10 updates](waas-optimize-windows-10-updates.md) | Added Express updates. |
+| [Distribute offline apps](distribute-offline-apps.md) | General updates to topic. Added links to supporting content for System Center Configuration Manager and Microsoft Intune. |
## January 2017
@@ -75,7 +81,7 @@ This topic lists new and updated topics in the [Manage and update Windows 10](in
| [Configure Windows 10 taskbar](configure-windows-10-taskbar.md) | Updated sample XML for combined Start and taskbar layout; added note to explain the difference between applying taskbar configuration by Group Policy and by provisioning package |
| [Set up a kiosk on Windows 10 Pro, Enterprise, or Education](set-up-a-kiosk-for-windows-10-for-desktop-editions.md) | Updated instructions for exiting assigned access mode. |
| Application development for Windows as a service | Topic moved to MSDN: [Application development for Windows as a service](https://msdn.microsoft.com/windows/uwp/get-started/application-development-for-windows-as-a-service)
-| Windows 10 servicing options | New content replaced this topic; see [Overview of Windows as a service](https://technet.microsoft.com/en-us/itpro/windows/manage/waas-overview) |
+| Windows 10 servicing options | New content replaced this topic; see [Overview of Windows as a service](waas-overview.md) |
## RELEASE: Windows 10, version 1607
@@ -180,4 +186,4 @@ The topics in this library have been updated for Windows 10, version 1607 (also
[Change history for Keep Windows 10 secure](../keep-secure/change-history-for-keep-windows-10-secure.md)
-
\ No newline at end of file
+
diff --git a/windows/manage/configure-windows-10-taskbar.md b/windows/manage/configure-windows-10-taskbar.md
index bd5e26f4ba..dd1108511b 100644
--- a/windows/manage/configure-windows-10-taskbar.md
+++ b/windows/manage/configure-windows-10-taskbar.md
@@ -42,6 +42,8 @@ To configure the taskbar:
>[!IMPORTANT]
>If you use a provisioning package to configure the taskbar, your configuration will be reapplied each time the explorer.exe process restarts. If your configuration pins an app and the user then unpins that app, the user's change will be overwritten the next time the configuration is applied. To apply a taskbar configuration that allows users to make changes that will persist, apply your configuration by using Group Policy.
+>
+>If you use Group Policy and your configuration only contains a taskbar layout, the default Windows tile layout will be applied and cannot be changed by users. If you use Group Policy and your configuration includes taskbar and a full Start layout, users can only make changes to the taskbar. If you use Group Policy and your configuration includes taskbar and a [partial Start layout](https://technet.microsoft.com/itpro/windows/manage/customize-and-export-start-layout#configure-a-partial-start-layout), users can make changes to the taskbar and to tile groups not defined in the partial Start layout.
### Tips for finding AUMID and Desktop Application Link Path
diff --git a/windows/manage/cortana-at-work-o365.md b/windows/manage/cortana-at-work-o365.md
index d58663dc00..764b5638e0 100644
--- a/windows/manage/cortana-at-work-o365.md
+++ b/windows/manage/cortana-at-work-o365.md
@@ -57,7 +57,7 @@ Cortana can only access data in your Office 365 org when it’s turned on. If yo
**To turn off Cortana with Office 365**
1. [Sign in to Office 365](http://www.office.com/signin) using your Azure AD account.
-2. Go to the [Office 365 admin center](https://support.office.com/en-us/article/Office-365-admin-center-58537702-d421-4d02-8141-e128e3703547).
+2. Go to the [Office 365 admin center](https://support.office.com/article/Office-365-admin-center-58537702-d421-4d02-8141-e128e3703547).
3. Expand **Service Settings**, and select **Cortana**.
diff --git a/windows/manage/cortana-at-work-overview.md b/windows/manage/cortana-at-work-overview.md
index 96064364c3..29a9ab3bba 100644
--- a/windows/manage/cortana-at-work-overview.md
+++ b/windows/manage/cortana-at-work-overview.md
@@ -59,6 +59,6 @@ Cortana is covered under the [Microsoft Privacy Statement](https://privacy.micro
- [Cortana and Windows](http://go.microsoft.com/fwlink/?LinkId=717384)
-- [Known issues for Windows Desktop Search and Cortana in Windows 10](http://support.microsoft.com/kb/3206883/EN-US)
+- [Known issues for Windows Desktop Search and Cortana in Windows 10](https://support.microsoft.com/help/3206883/known-issues-for-windows-desktop-search-and-cortana-in-windows-10)
- [Cortana for developers](http://go.microsoft.com/fwlink/?LinkId=717385)
diff --git a/windows/manage/cortana-at-work-powerbi.md b/windows/manage/cortana-at-work-powerbi.md
index 98b90f572f..979cde3b57 100644
--- a/windows/manage/cortana-at-work-powerbi.md
+++ b/windows/manage/cortana-at-work-powerbi.md
@@ -19,7 +19,7 @@ localizationpriority: high
Integration between Cortana and Power BI shows how Cortana can work with custom business analytics solutions to enable you to get answers directly from your key business data, including introducing new features that let you create custom Cortana “answers” using the full capabilities of Power BI Desktop.
>[!Note]
->Cortana for Power BI is currently only available in English. For more info about Cortana and Power BI, see [Use Power BI to create a custom Answer Page for Cortana](https://powerbi.microsoft.com/en-us/documentation/powerbi-service-cortana-desktop-entity-cards/).
+>Cortana for Power BI is currently only available in English. For more info about Cortana and Power BI, see [Use Power BI to create a custom Answer Page for Cortana](https://powerbi.microsoft.com/documentation/powerbi-service-cortana-desktop-entity-cards/).
## Before you begin
To use this walkthrough, you’ll need:
@@ -135,4 +135,4 @@ Now that you’ve set up your device, you can use Cortana to show your info from
>[!NOTE]
->For more info about how to connect your own data, build your own custom Power BI cards and Answer Pages for Cortana, and how to share the cards with everyone in your organization, see [Use Power BI to create a custom Answer Page for Cortana](https://powerbi.microsoft.com/en-us/documentation/powerbi-service-cortana-desktop-entity-cards/).
+>For more info about how to connect your own data, build your own custom Power BI cards and Answer Pages for Cortana, and how to share the cards with everyone in your organization, see [Use Power BI to create a custom Answer Page for Cortana](https://powerbi.microsoft.com/documentation/powerbi-service-cortana-desktop-entity-cards/).
diff --git a/windows/manage/cortana-at-work-voice-commands.md b/windows/manage/cortana-at-work-voice-commands.md
index 766a5914ad..2e2743fa61 100644
--- a/windows/manage/cortana-at-work-voice-commands.md
+++ b/windows/manage/cortana-at-work-voice-commands.md
@@ -19,7 +19,7 @@ localizationpriority: high
Working with a developer, you can create voice commands that use Cortana to perform voice-enabled actions in your line-of-business (LOB) Universal Windows Platform (UWP) apps. These voice-enabled actions can reduce the time necessary to access your apps and to complete simple actions.
>[!NOTE]
->For more info about how your developer can extend your current apps to work directly with Cortana, see [Cortana interactions in UWP apps](https://msdn.microsoft.com/en-us/windows/uwp/input-and-devices/cortana-interactions).
+>For more info about how your developer can extend your current apps to work directly with Cortana, see [The Cortana Skills Kit](https://docs.microsoft.com/cortana/getstarted).
## High-level process
Cortana uses a Voice Command Definition (VCD) file, aimed at an installed app, to define the actions that are to happen during certain vocal commands. A VCD file can be very simple to very complex, supporting anything from a single sound to a collection of more flexible, natural language sounds, all with the same intent.
@@ -30,9 +30,9 @@ To enable voice commands in Cortana
Cortana can perform actions on apps in the foreground (taking focus from Cortana) or in the background (allowing Cortana to keep focus). We recommend that you decide where an action should happen, based on what your voice command is intended to do. For example, if your voice command requires employee input, it’s best for that to happen in the foreground. However, if the app only uses basic commands and doesn’t require interaction, it can happen in the background.
- - **Start Cortana with focus on your app, using specific voice-enabled statements.** [Create and install a VCD file that starts a foreground app using voice commands and Cortana](https://msdn.microsoft.com/en-us/windows/uwp/input-and-devices/launch-a-foreground-app-with-voice-commands-in-cortana).
+ - **Start Cortana with focus on your app, using specific voice-enabled statements.** [Create and install a VCD file that starts a foreground app using voice commands and Cortana](https://docs.microsoft.com/cortana/voicecommands/launch-a-foreground-app-with-voice-commands-in-cortana).
- - **Start Cortana removing focus from your app, using specific voice-enabled statements.** [Create and install a VCD file that starts a background app using voice commands and Cortana](https://msdn.microsoft.com/en-us/windows/uwp/input-and-devices/launch-a-background-app-with-voice-commands-in-cortana).
+ - **Start Cortana removing focus from your app, using specific voice-enabled statements.** [Create and install a VCD file that starts a background app using voice commands and Cortana](https://docs.microsoft.com/cortana/voicecommands/launch-a-background-app-with-voice-commands-in-cortana).
2. **Install the VCD file on employees' devices**. You can use System Center Configuration Manager or Microsoft Intune to deploy and install the VCD file on your employees' devices, the same way you deploy and install any other package in your organization.
diff --git a/windows/manage/group-policies-for-enterprise-and-education-editions.md b/windows/manage/group-policies-for-enterprise-and-education-editions.md
index 40c5250e62..0eb86b635e 100644
--- a/windows/manage/group-policies-for-enterprise-and-education-editions.md
+++ b/windows/manage/group-policies-for-enterprise-and-education-editions.md
@@ -28,7 +28,7 @@ In Windows 10, version 1607, the following Group Policy settings apply only to W
| **Start layout** | User Configuration\Administrative Templates\Start Menu and Taskbar | For more info, see [Manage Windows 10 Start layout options and policies](windows-10-start-layout-options-and-policies.md) |
| **Turn off the Store application** | Computer Configuration > Administrative Templates > Windows Components > Store > Turn off the Store application
User Configuration > Administrative Templates > Windows Components > Store > Turn off the Store application | For more info, see [Knowledge Base article# 3135657](https://support.microsoft.com/kb/3135657). |
| **Only display the private store within the Windows Store app** | Computer Configuration > Administrative Templates > Windows Components > Store > Only display the private store within the Windows Store app
User Configuration > Administrative Templates > Windows Components > Store > Only display the private store within the Windows Store app | For more info, see [Manage access to private store](manage-access-to-private-store.md) |
-| **Don't search the web or display web results** | Computer Configuration\Administrative Templates\Windows Components\Search\Don't search the web or display web results | For more info, see [Cortana integration in your enterprise](manage-cortana-in-enterprise.md) |
+| **Don't search the web or display web results** | Computer Configuration\Administrative Templates\Windows Components\Search\Don't search the web or display web results | For more info, see [Cortana integration in your enterprise](cortana-at-work-overview.md) |
diff --git a/windows/manage/images/uc-01.png b/windows/manage/images/uc-01.png
new file mode 100644
index 0000000000..7f4df9f6d7
Binary files /dev/null and b/windows/manage/images/uc-01.png differ
diff --git a/windows/manage/images/uc-02.png b/windows/manage/images/uc-02.png
new file mode 100644
index 0000000000..8317f051c3
Binary files /dev/null and b/windows/manage/images/uc-02.png differ
diff --git a/windows/manage/images/uc-02a.png b/windows/manage/images/uc-02a.png
new file mode 100644
index 0000000000..d12544e3a0
Binary files /dev/null and b/windows/manage/images/uc-02a.png differ
diff --git a/windows/manage/images/uc-03.png b/windows/manage/images/uc-03.png
new file mode 100644
index 0000000000..58494c4128
Binary files /dev/null and b/windows/manage/images/uc-03.png differ
diff --git a/windows/manage/images/uc-03a.png b/windows/manage/images/uc-03a.png
new file mode 100644
index 0000000000..39412fc8f3
Binary files /dev/null and b/windows/manage/images/uc-03a.png differ
diff --git a/windows/manage/images/uc-04.png b/windows/manage/images/uc-04.png
new file mode 100644
index 0000000000..ef9a37d379
Binary files /dev/null and b/windows/manage/images/uc-04.png differ
diff --git a/windows/manage/images/uc-04a.png b/windows/manage/images/uc-04a.png
new file mode 100644
index 0000000000..537d4bbe72
Binary files /dev/null and b/windows/manage/images/uc-04a.png differ
diff --git a/windows/manage/images/uc-05.png b/windows/manage/images/uc-05.png
new file mode 100644
index 0000000000..21c8e9f9e0
Binary files /dev/null and b/windows/manage/images/uc-05.png differ
diff --git a/windows/manage/images/uc-05a.png b/windows/manage/images/uc-05a.png
new file mode 100644
index 0000000000..2271181622
Binary files /dev/null and b/windows/manage/images/uc-05a.png differ
diff --git a/windows/manage/images/uc-06.png b/windows/manage/images/uc-06.png
new file mode 100644
index 0000000000..03a559800b
Binary files /dev/null and b/windows/manage/images/uc-06.png differ
diff --git a/windows/manage/images/uc-06a.png b/windows/manage/images/uc-06a.png
new file mode 100644
index 0000000000..15df1cfea0
Binary files /dev/null and b/windows/manage/images/uc-06a.png differ
diff --git a/windows/manage/images/uc-07.png b/windows/manage/images/uc-07.png
new file mode 100644
index 0000000000..de1ae35e82
Binary files /dev/null and b/windows/manage/images/uc-07.png differ
diff --git a/windows/manage/images/uc-07a.png b/windows/manage/images/uc-07a.png
new file mode 100644
index 0000000000..c0f2d9fd73
Binary files /dev/null and b/windows/manage/images/uc-07a.png differ
diff --git a/windows/manage/images/uc-08.png b/windows/manage/images/uc-08.png
new file mode 100644
index 0000000000..877fcd64c0
Binary files /dev/null and b/windows/manage/images/uc-08.png differ
diff --git a/windows/manage/images/uc-08a.png b/windows/manage/images/uc-08a.png
new file mode 100644
index 0000000000..89da287d3d
Binary files /dev/null and b/windows/manage/images/uc-08a.png differ
diff --git a/windows/manage/images/uc-09.png b/windows/manage/images/uc-09.png
new file mode 100644
index 0000000000..37d7114f19
Binary files /dev/null and b/windows/manage/images/uc-09.png differ
diff --git a/windows/manage/images/uc-09a.png b/windows/manage/images/uc-09a.png
new file mode 100644
index 0000000000..f6b6ec5b60
Binary files /dev/null and b/windows/manage/images/uc-09a.png differ
diff --git a/windows/manage/images/uc-10.png b/windows/manage/images/uc-10.png
new file mode 100644
index 0000000000..3ab72d10d2
Binary files /dev/null and b/windows/manage/images/uc-10.png differ
diff --git a/windows/manage/images/uc-10a.png b/windows/manage/images/uc-10a.png
new file mode 100644
index 0000000000..1c6b8b01dc
Binary files /dev/null and b/windows/manage/images/uc-10a.png differ
diff --git a/windows/manage/images/uc-11.png b/windows/manage/images/uc-11.png
new file mode 100644
index 0000000000..8b4fc568ea
Binary files /dev/null and b/windows/manage/images/uc-11.png differ
diff --git a/windows/manage/images/uc-12.png b/windows/manage/images/uc-12.png
new file mode 100644
index 0000000000..4198684c99
Binary files /dev/null and b/windows/manage/images/uc-12.png differ
diff --git a/windows/manage/images/uc-13.png b/windows/manage/images/uc-13.png
new file mode 100644
index 0000000000..117f9b9fd8
Binary files /dev/null and b/windows/manage/images/uc-13.png differ
diff --git a/windows/manage/images/uc-14.png b/windows/manage/images/uc-14.png
new file mode 100644
index 0000000000..66047984e7
Binary files /dev/null and b/windows/manage/images/uc-14.png differ
diff --git a/windows/manage/images/uc-15.png b/windows/manage/images/uc-15.png
new file mode 100644
index 0000000000..c241cd9117
Binary files /dev/null and b/windows/manage/images/uc-15.png differ
diff --git a/windows/manage/images/uc-16.png b/windows/manage/images/uc-16.png
new file mode 100644
index 0000000000..e7aff4d4ed
Binary files /dev/null and b/windows/manage/images/uc-16.png differ
diff --git a/windows/manage/images/uc-17.png b/windows/manage/images/uc-17.png
new file mode 100644
index 0000000000..cb8e42ca5e
Binary files /dev/null and b/windows/manage/images/uc-17.png differ
diff --git a/windows/manage/images/uc-18.png b/windows/manage/images/uc-18.png
new file mode 100644
index 0000000000..5eff59adc9
Binary files /dev/null and b/windows/manage/images/uc-18.png differ
diff --git a/windows/manage/images/uc-19.png b/windows/manage/images/uc-19.png
new file mode 100644
index 0000000000..791900eafc
Binary files /dev/null and b/windows/manage/images/uc-19.png differ
diff --git a/windows/manage/images/uc-20.png b/windows/manage/images/uc-20.png
new file mode 100644
index 0000000000..7dbb027b9f
Binary files /dev/null and b/windows/manage/images/uc-20.png differ
diff --git a/windows/manage/images/uc-21.png b/windows/manage/images/uc-21.png
new file mode 100644
index 0000000000..418db41fe4
Binary files /dev/null and b/windows/manage/images/uc-21.png differ
diff --git a/windows/manage/images/uc-22.png b/windows/manage/images/uc-22.png
new file mode 100644
index 0000000000..2ca5c47a61
Binary files /dev/null and b/windows/manage/images/uc-22.png differ
diff --git a/windows/manage/images/uc-23.png b/windows/manage/images/uc-23.png
new file mode 100644
index 0000000000..58b82db82d
Binary files /dev/null and b/windows/manage/images/uc-23.png differ
diff --git a/windows/manage/images/uc-24.png b/windows/manage/images/uc-24.png
new file mode 100644
index 0000000000..00bc61e3e1
Binary files /dev/null and b/windows/manage/images/uc-24.png differ
diff --git a/windows/manage/images/uc-25.png b/windows/manage/images/uc-25.png
new file mode 100644
index 0000000000..4e0f0bdb03
Binary files /dev/null and b/windows/manage/images/uc-25.png differ
diff --git a/windows/manage/index.md b/windows/manage/index.md
index 73e961d01d..bdb730b559 100644
--- a/windows/manage/index.md
+++ b/windows/manage/index.md
@@ -35,7 +35,7 @@ Learn about managing and updating Windows 10.
-[Update Windows 10 in the enterprise](waas-update-windows-10.md) Learn how to manage updates to Windows 10 in your organization, including Windows Update for Business. [Update Windows 10 in the enterprise](waas-update-windows-10.md) Learn how to manage updates to Windows 10 in your organization, including Update Compliance, and Windows Update for Business.
+
+
+
+## Add Update Compliance to Microsoft Operations Management Suite
+
+Update Compliance is offered as a solution in the Microsoft Operations Management Suite (OMS), a collection of cloud-based servicing for monitoring and automating your on-premises and cloud environments. For more information about OMS, see [Operations Management Suite overview](https://azure.microsoft.com/en-us/documentation/articles/operations-management-suite-overview/).
+
+If you are already using OMS, you’ll find Update Compliance in the Solutions Gallery. Select the **Update Compliance** tile in the gallery and then click **Add** on the solution's details page. Update Compliance is now visible in your workspace.
+
+If you are not yet using OMS, use the following steps to subscribe to OMS Update Compliance:
+
+1. Go to [Operations Management Suite’s page](https://www.microsoft.com/en-us/cloud-platform/operations-management-suite) on Microsoft.com and click **Sign in**.
+
+ Service Endpoint
+ Connected User Experience and Telemetry component v10.vortex-win.data.microsoft.com
+
settings-win.data.microsoft.com
+ Windows Error Reporting watson.telemetry.microsoft.com
+ Online Crash Analysis oca.telemetry.microsoft.com
+
+ 
+
+
+2. Sign in to Operations Management Suite (OMS). You can use either a Microsoft Account or a Work or School account to create a workspace. If your company is already using Azure Active Directory (Azure AD), use a Work or School account when you sign in to OMS. Using a Work or School account allows you to use identities from your Azure AD to manage permissions in OMS.
+
+
+ 
+
+
+3. Create a new OMS workspace.
+
+
+ 
+
+
+4. Enter a name for the workspace, select the workspace region, and provide the email address that you want associated with this workspace. Click **Create**.
+
+
+ 
+
+
+5. If your organization already has an Azure subscription, you can link it to your workspace. Note that you may need to request access from your organization’s Azure administrator. If your organization does not have an Azure subscription, create a new one or select the default OMS Azure subscription from the list. If you do not yet have an Azure subscription, follow [this guide](https://blogs.technet.microsoft.com/upgradeanalytics/2016/11/08/linking-operations-management-suite-workspaces-to-microsoft-azure/) to create and link an Azure subscription to an OMS workspace.
+
+
+ 
+
+
+6. To add the Update Compliance solution to your workspace, go to the Solutions Gallery.
+
+
+ 
+
+
+7. Select the **Update Compliance** tile in the gallery and then select **Add** on the solution’s details page. You might need to scroll to find **Update Compliance**. The solution is now visible on your workspace.
+
+
+ 
+
+
+8. Click the **Update Compliance** tile to configure the solution. The **Settings Dashboard** opens.
+
+
+ 
+
+
+9. Click **Subscribe** to subscribe to OMS Update Compliance. You will then need to distribute your Commercial ID across all your organization’s devices. More information on the Commercial ID is provided below.
+
+
+ 
+
+
+After you are subscribed to OMS Update Compliance and your devices have a Commercial ID, you will begin receiving data. It will typically take 24 hours for the first data to begin appearing. The following section explains how to deploy your Commercial ID to your Windows 10 devices.
+
+>You can unsubscribe from the Update Compliance solution if you no longer want to monitor your organization’s devices. User device data will continue to be shared with Microsoft while the opt-in keys are set on user devices and the proxy allows traffic.
+
+## Deploy your Commercial ID to your Windows 10 devices
+
+In order for your devices to show up in Windows Analytics: Update Compliance, they must be configured with your organization’s Commercial ID. This is so that Microsoft knows that a given device is a member of your organization and to feed that device’s data back to you. There are two primary methods for widespread deployment of your Commercial ID: Group Policy and Mobile Device Management (MDM).
+
+- Using Group Policy
+ Deploying your Commercial ID using Group Policy can be accomplished by configuring domain Group Policy Objects with the Group Policy Management Editor, or by configuring local Group Policy using the Local Group Policy Editor.
+ 1. In the console tree, navigate to **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Data Collection and Preview Builds**
+ 2. Double-click **Configure the Commercial ID**
+ 3. In the **Options** box, under **Commercial Id**, type the Commercial ID GUID, and then click **OK**.
+ Microsoft’s Mobile Device Management can be used to deploy your Commercial ID to your organization’s devices. The Commercial ID is listed under **Provider/ProviderID/CommercialID**. More information on deployment using MDM can be found [here](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/dmclient-csp).
+
+ For information on how to use MDM configuration CSPs, see [Introduction to configuration service providers (CSPs) for IT pros](https://technet.microsoft.com/en-us/itpro/windows/manage/how-it-pros-can-use-configuration-service-providers).
+
+ When using the Intune console, you can use the OMA-URI settings of a [custom policy](https://go.microsoft.com/fwlink/p/?LinkID=616316) to configure the commercial ID. The OMA-URI (case sensitive) path for configuring the commerical ID is: ./Vendor/MSFT/DMClient/Provider/ProviderID/CommercialID
+
+ For example, you can use the following values in **Add or edit OMA-URI Setting**:
+
+ **Setting Name**: Windows Analytics Commercial ID
+ **Setting Description**: Configuring commercial id for Windows Analytics solutions
+ **Data Type**: String
+ **OMA-URI (case sensitive)**: ./Vendor/MSFT/DMClient/Provider/ProviderID/CommercialID
+ **Value**: \
](images/ua-cg-15.png){kind=link}