Merge remote-tracking branch 'refs/remotes/origin/rs2' into dhrs2-whfb

.openpublishing.redirection.json

@@ -332,7 +332,7 @@
     },
     {
         "source_path": "windows/deploy/provision-pcs-with-apps-and-certificates.md",
-        "redirect_url": "/itpro/windows/configure/provision-pcs-with-apps-and-certificates",
+        "redirect_url": "/itpro/windows/configure/provision-pcs-with-apps",
         "redirect_document_id": true
     },
     {
@@ -1053,7 +1053,7 @@
     {
         "source_path": "windows/whats-new/security.md",
         "redirect_url": "/itpro/windows/keep-secure/overview-of-threat-mitigations-in-windows-10",
-        "redirect_document_id": true
+        "redirect_document_id": false
     },
   ]
 }

browsers/edge/change-history-for-microsoft-edge.md

@@ -15,7 +15,7 @@ For a detailed feature list of what's in the current Microsoft Edge releases, th
 ## February 2017
 |New or changed topic | Description |
 |----------------------|-------------|
-|[Available Group Policy and Mobile Data Management (MDM) settings for Microsoft Edge](available-policies.md) |Added new Group Policy and MDM settings for the Windows Insider Program. |
+|[Available Group Policy and Mobile Data Management (MDM) settings for Microsoft Edge](available-policies.md) |Added new Group Policy and MDM settings for the Windows Insider Program. Reformatted for easier readability outside of scrolling table. |
 
 ## November 2016
 |New or changed topic | Description |

education/windows/index.md

@@ -63,7 +63,12 @@ author: CelesteDG
 
  <div class="side-by-side"> <div class="side-by-side-content">
  <div class="side-by-side-content-left"><p><b>[Upgrade Windows 10 Pro to Pro Education from Windows Store for Business](windows-10-pro-to-pro-edu-upgrade.md)</b><br />If you have an education tenant and use Windows 10 Pro in your schools now, find out how you can opt-in to a free upgrade to Windows 10 Pro Education.</p></div>
+<<<<<<< HEAD
+ <div class="side-by-side-content-right">
+ <p></p>
+=======
  <div class="side-by-side-content-right"><p></p>
+>>>>>>> e04a8c5905ed4bcb1df7b6b60d48146df9095a12
  </div>
  </div>
 

smb/TOC.md

@@ -1 +1,2 @@
-# [SMB](index.md)
+# [Windows 10 for SMB](index.md)
+## [Get started: Deploy and manage a full cloud IT solution for your business](cloud-mode-business-setup.md)

smb/cloud-mode-business-setup.md

@@ -0,0 +1,578 @@
+---
+title: Deploy and manage a full cloud IT solution for your business
+description: Learn how to set up a cloud infrastructure for your business, acquire devices and apps, and configure and deploy policies to your devices.
+keywords: smb, full cloud IT solution, small to medium business, deploy, setup, manage, Windows, Intune, Office 365
+ms.prod: w10
+ms.technology: smb-windows
+ms.topic: hero-article
+ms.author: celested
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: smb
+author: CelesteDG
+---
+
+![Are you ready to move to the cloud?](images/business-cloud-mode.png)
+
+# Get started: Deploy and manage a full cloud IT solution for your business
+**Applies to:**
+
+-   Office 365 Business Premium, Azure AD Premium, Intune, Windows Store for Business, Windows 10
+
+In this walkthrough, we'll show you how to deploy and manage a full cloud IT solution for your small to medium business using Office 365 Business Premium, Microsoft Azure AD, Intune, Windows Store for Business, and Windows 10. We'll show you the basics on how to:
+- Acquire an Office 365 business domain
+- Add Microsoft Intune and Azure Active Directory (AD) Premium licenses to your business tenant
+- Set up Windows Store for Business and manage app deployment and sync with Intune
+- Add users and groups in Azure AD and Intune
+- Create policies and app deployment rules
+- Log in as a user and start using your Windows device
+
+Go to the <a href="http://business.microsoft.com" target="_blank">Microsoft Business site</a> and select **Products** to learn more about pricing and purchasing options for your business.
+
+## Prerequisites
+Here's a few things to keep in mind before you get started:
+- You'll need a registered domain to successfully go through the walkthrough.
+  - If you already own a domain, you can add this during the Office 365 setup.
+  - If you don't already own a domain, you'll have the option to purchase a domain from the Office 365 admin center. We'll show how to do this as part of the walkthrough.
+- You'll need an email address to create your Office 365 tenant.
+- We recommend that you use Internet Explorer for the entire walkthrough. Right click on Internet Explorer and then choose **Start InPrivate Browsing**.
+
+## 1. Set up your cloud infrastructure
+To set up a cloud infrastructure for your organization, follow the steps in this section.
+
+### 1.1 Set up Office 365 for business
+See <a href="https://support.office.com/en-us/article/Set-up-Office-365-for-business-6a3a29a0-e616-4713-99d1-15eda62d04fa" target="_blank">Set up Office 365 for business</a> to learn more about the setup steps for businesses and nonprofits who have Office 365. You can watch video and learn how to:
+- Plan your setup
+- Create Office 365 accounts and how to add your domain.
+- Install Office
+
+To set up your Office 365 business tenant, see <a href="https://support.office.com/en-us/article/Get-started-with-Office-365-for-Business-d6466f0d-5d13-464a-adcb-00906ae87029" target="_blank">Get Started with Office 365 for business</a>.
+
+If this is the first time you're setting this up, and you'd like to see how it's done, you can follow these steps to get started:
+
+1. Go to the <a href="https://business.microsoft.com/en-us/products/office-365" target="_blank">Office 365</a> page in the <a href="http://business.microsoft.com" target="_blank">Microsoft Business site</a>. Select **Try now** to use the Office 365 Business Premium Trial or select **Buy now** to sign up for Office 365 Business Premium. In this walkthrough, we'll select **Try now**.
+
+  **Figure 1** - Try or buy Office 365
+
+  ![Office 365 for business sign up](images/office365_tryorbuy_now.png)
+
+2. Fill out the sign up form and provide information about you and your company.
+3. Create a user ID and password to use to sign into your account.
+
+  This step creates an onmicrosoft.com email address. You can use this email address to sign in to the various admin centers. Save your sign-in info so you can use it to sign into <a href="https://portal.office.com" target="_blank">https://portal.office.com</a> (the admin portal).
+
+4. Select **Create my account** and then enter the phone number you used in step 2 to verify your identity. You'll be asked to enter your verification code.
+5. Select **You're ready to go...** which will take you to the Office 365 portal.
+
+  > [!NOTE]  
+  > In the Office 365 portal, icons that are greyed out are still installing.
+
+  **Figure 2** - Office 365 portal
+
+  ![Office 365 portal](images/office365_portal.png)
+
+
+6. Select the **Admin** tile to go to the Office 365 admin center.
+7. In the admin center, click **Next** to see the highlights and welcome info for the admin center. When you're done, click **Go to setup** to complete the Office 365 setup.
+
+  This may take up to a half hour to complete.
+  
+  **Figure 3** - Office 365 admin center
+
+  ![Office 365 admin center](images/office365_admin_portal.png)
+
+
+8. Go back to the <a href="https://portal.office.com/adminportal/home#/homepage" target="_blank">Office 365 admin center</a> to add or buy a domain.
+  1. Select the **Domains** option.
+
+    **Figure 4** - Option to add or buy a domain
+
+    ![Add or buy a domain in Office 365 admin center](images/office365_buy_domain.png)
+    
+
+  2.  In the **Home > Domains** page, you will see the Microsoft-provided domain, such as *fabrikamdesign.onmicrosoft.com*.
+
+    **Figure 5** - Microsoft-provided domain
+
+    ![Microsoft-provided domain](images/office365_ms_provided_domain.png)
+
+    - If you already have a domain, select **+ Add domain** to add your existing domain. If you select this option, you'll be required to verify that you own the domain. Follow the steps in the wizard to verify your domain.
+    - If you don't already own a domain, select **+ Buy domain**. If you're using a trial plan, you'll be required to upgrade your trial plan in order to buy a domain. Choose the subscription plan to use for your business and provide the details to complete your order.
+
+    Once you've added your domain, you'll see it listed in addition to the Microsoft-provided onmicrosoft.com domain.
+
+    **Figure 6** - Domains
+
+    ![Verify your domains in Office 365 admin center](images/office365_additional_domain.png)
+
+### 1.2 Add users and assign product licenses
+Once you've set up Office and added your domain, it's time to add users so they have access to Office 365. People in your organization need an account before they can sign in and access Office 365. The easiest way to add users is to add them one at a time in the Office 365 admin center.
+
+When adding users, you can also assign admin privileges to certain users in your team. You'll also want to assign **Product licenses** to each user so that subscriptions can be assigned to the person.
+
+**To add users and assign product licenses**
+
+1. In the <a href="https://portal.office.com/adminportal/home#/homepage" target="_blank">Office 365 admin center</a>, select **Users > Active users**.
+
+  **Figure 7** - Add users
+
+  ![Add Office 365 users](images/office365_users.png)
+
+2. In the **Home > Active users** page, add users individually or in bulk.
+  - To add users one at a time, select **+ Add a user**.
+
+    If you select this option, you'll see the **New user** screen and you can add details about the new user including their name, user name, role, and so on. You also have the opportunity to assign **Product licenses**. For detailed step-by-step info on adding a user account, see *Add a user account in the Office 365 admin center* in <a href="https://support.office.com/en-us/article/Add-users-individually-or-in-bulk-to-Office-365-Admin-Help-1970f7d6-03b5-442f-b385-5880b9c256ec" target="_blank">Add users individually or in bulk to Office 365 - Admin Help</a>.
+
+    **Figure 8** - Add an individual user
+
+    ![Add an individual user](images/office365_add_individual_user.png)
+
+  - To add multiple users at once, select **More** and then choose **+ Import multiple users**. If you select this option, you'll need to create and upload a CSV file containing the list of users.
+
+    The **Import multiple users** screen includes a link where you can learn more about importing multiple users and also links for downloading a sample CSV file (one with headers only and another with headers and sample user information). For detailed step-by-step info on adding multiple users to Office 365, see <a href="https://support.office.com/en-us/article/Add-several-users-at-the-same-time-to-Office-365-Admin-Help-1f5767ed-e717-4f24-969c-6ea9d412ca88" target="_blank">Add several users at the same time to Office 365 - Admin Help</a>. Once you've added all the users, don't forget to assign **Product licenses** to the new users.
+
+    **Figure 9** - Import multiple users
+
+    ![Import multiple users](images/office365_import_multiple_users.png)
+
+3. Verify that all the users you added appear in the list of **Active users**. The **Status** should indicate the product licenses that were assigned to them.
+
+  **Figure 10** - List of active users
+
+  ![Verify users and assigned product licenses](images/o365_active_users.png)
+
+### 1.3 Add Microsoft Intune
+Microsoft Intune provides mobile device management, app management, and PC management capabilities from the cloud. Using Intune, organizations can provide their employees with access to apps, data, and corporate resources from anywhere on almost any device while helping to keep corporate information secure. To learn more, see <a href="https://docs.microsoft.com/en-us/intune/understand-explore/introduction-to-microsoft-intune" target="_blank">What is Intune?</a>
+
+**To add Microsoft Intune to your tenant**
+
+1. In the <a href="https://portal.office.com/adminportal/home#/homepage" target="_blank">Office 365 admin center</a>, select **Billing > Purchase services**.
+2. In the **Home > Purchase services** screen, search for **Microsoft Intune**. Hover over **Microsoft Intune** to see the options to start a free 30-day trial or to buy now.
+3. Confirm your order to enable access to Microsoft Intune.
+4. In the admin center, the Intune licenses will show as available and ready to be assigned to users. Select **Users > Active users** and then edit the product licenses assigned to the users to turn on **Intune A Direct**.
+
+  **Figure 11** - Assign Intune licenses
+
+  ![Assign Microsoft Intune licenses to users](images/o365_assign_intune_license.png)
+
+5. In the admin center, confirm that **Intune** shows up in the list under **Admin centers**. If it doesn't, sign out and then sign back in and then check again.
+6. Select **Intune**. This will take you to the Intune management portal.
+
+  **Figure 12** - Microsoft Intune management portal
+
+  ![Microsoft Intune management portal](images/intune_portal_home.png)
+
+Intune should now be added to your tenant. We'll come back to Intune later when we [Configure Windows Store for Business for app distribution](#17-configure-windows-store-for-business-for-app-distribution).
+
+### 1.4 Add Azure AD to your domain
+Microsoft Azure is an open and flexible cloud platform that enables you to quickly build, deploy, and manage apps across a global network of Microsoft-managed datacenters. In this walkthrough, we won't be using the full power of Azure and we'll primarily use it to create groups that we then use for provisioning through Intune. 
+
+**To add Azure AD to your domain**
+
+1. In the <a href="https://portal.office.com/adminportal/home#/homepage" target="_blank">Office 365 admin center</a>, select **Admin centers > Azure AD**.
+
+  > [!NOTE]
+  > You will need Azure AD Premium to configure automatic MDM enrollment with Intune.
+
+2. If you have not signed up for Azure AD before, you will see the following message. To proceed with the rest of the walkthrough, you need to activate an Azure subscription.
+
+  **Figure 13** - Access to Azure AD is not available
+
+  ![Access to Azure AD not available](images/azure_ad_access_not_available.png)
+
+3. From the error message, select the country/region for your business. This should match with the location you specified when you signed up for Office 365.
+4. Click **Azure subscription**. This will take you to a free trial sign up screen.
+
+  **Figure 14** - Sign up for Microsoft Azure
+
+  ![Sign up for Microsoft Azure](images/azure_ad_sign_up_screen.png)
+
+5. In the **Free trial sign up** screen, fill in the required information and then click **Sign up**.
+6. After you sign up, you should see the message that your subscription is ready. Click **Start managing my service**.
+
+  **Figure 15** - Start managing your Azure subscription
+
+  ![Start managing your Azure subscription](images/azure_ad_successful_signup.png)
+
+  This will take you to the <a href="https://portal.azure.com" target="_blank">Microsoft Azure portal</a>.
+
+### 1.5 Add groups in Azure AD
+This section is the walkthrough is optional. However, we recommend that you create groups in Azure AD to manage access to corporate resources, such as apps, policies and settings, and so on. For more information, see <a href="https://docs.microsoft.com/en-us/azure/active-directory/active-directory-manage-groups" target="_blank">Managing access to resources with Azure Active Directory groups</a>.
+
+To add Azure AD group(s), we will use the <a href="https://manage.windowsazure.com/" target="_blank">classic Azure portal (https://manage.windowsazure.com)</a>. See <a href="https://docs.microsoft.com/en-us/azure/active-directory/active-directory-accessmanagement-manage-groups" target="_blank">Managing groups in Azure Active Directory</a> for more information about managing groups.
+
+**To add groups in Azure AD**
+
+1. If this is the first time you're setting up your directory, when you navigate to the **Azure Active Directory** node in the <a href="https://manage.windowsazure.com/" target="_blank">classic Azure portal</a>, you will see a screen informing you that your directory is ready for use.
+
+  Afterwards, you should see a list of active directories. In the following example, **Fabrikam Design** is the active directory.
+
+  **Figure 16** - Azure first sign-in screen
+
+  ![Select Azure AD](images/azure_portal_classic_configure_directory.png)
+
+2. Select the directory (such as Fabrikam Design) to go to the directory's home page.
+
+  **Figure 17** - Directory home page
+
+  ![Directory home page](images/azure_portal_classic_directory_ready.png)
+
+3. From the menu options on top, select **Groups**.
+
+  **Figure 18** - Azure AD groups
+
+  ![Add groups in Azure AD](images/azure_portal_classic_groups.png)
+
+4. Select **Add a group** (from the top) or **Add group** at the bottom.
+5. In the **Add Group** window, add a name, group type, and description for the group and click the checkmark to save your changes. The new group will appear on the groups list.
+
+  **Figure 19** - Newly added group in Azure AD
+
+  ![Verify the new group appears on the list](images/azure_portal_classic_all_users_group.png)
+
+6. In the **Groups** tab, select the arrow next to the group (such as **All users**), add members to the group, and then save your changes.
+
+  The members that were added to the group will appear on the list.
+
+  **Figure 20** - Members in the new group
+
+  ![Members added to the new group](images/azure_portal_classic_members_added.png)
+
+7. Repeat steps 2-6 to add other groups. You can add groups based on their roles in your company, based on the apps that each group can use, and so on.
+
+### 1.6 Configure automatic MDM enrollment with Intune
+Now that you have Azure AD Premium and have it properly configured, you can configure automatic MDM enrollment with Intune, which allows users to enroll their Windows devices into Intune management, join their devices directly to Azure AD, and get access to Office 365 resources after sign in.
+
+You can read <a href="https://blogs.technet.microsoft.com/enterprisemobility/2015/08/14/windows-10-azure-ad-and-microsoft-intune-automatic-mdm-enrollment-powered-by-the-cloud/" target="_blank">this blog post</a> to learn how you can combine login, Azure AD Join, and Intune MDM enrollment into an easy step so that you can bring your devices into a managed state that complies with the policies for your organization. We will use this blog post as our guide for this part of the walkthrough.
+
+> [!IMPORTANT]  
+> We will use the classic Azure portal instead of the new portal to configure automatic MDM enrollment with Intune.
+
+**To enable automatic MDM enrollment**
+
+1. In to the <a href="https://manage.windowsazure.com/" target="_blank">classic Azure portal</a>, click on your company's Azure Active Directory to go back to the main window. Select **Applications** from the list of directory menu options. 
+
+  The list of applications for your company will appear. **Microsoft Intune** will be one of the applications on the list.
+
+  **Figure 21** - List of applications for your company
+
+  ![List of applications for your company](images/azure_portal_classic_applications.png)
+
+2. Select **Microsoft Intune** to configure the application.
+3. In the Microsoft Intune configuration page, click **Configure** to start automatic MDM enrollment configuration with Intune.
+
+  **Figure 22** - Configure Microsoft Intune in Azure
+
+  ![Configure Microsoft Intune in Azure](images/azure_portal_classic_configure_intune_app.png)
+
+4. In the Microsoft Intune configuration page:
+  - In the **Properties** section, you should see a list of URLs for MDM discovery, MDM terms of use, and MDM compliance.
+
+    > [!NOTE]  
+    > The URLs are automatically configured for your Azure AD tenant so you don't need to change them.
+
+  - In the **Manage devices for these users** section, you can specify which users' devices should be managed by Intune.
+    - **All** will enable all users' Windows 10 devices to be managed by Intune.
+    - **Groups** let you select whether only users that belong to a specific group will have their devices managed by Intune.
+
+    > [!NOTE]  
+    > In this step, choose the group that contains all the users in your organization as members. This is the **All** group.
+
+5. After you've chosen how to manage devices for users, select **Save** to enable automatic MDM enrollment with Intune.
+
+  **Figure 23** - Configure Microsoft Intune
+
+  ![Configure automatic MDM enrollment with Intune](images/azure_portal_classic_configure_intune_mdm_enrollment.png)
+
+### 1.7 Configure Windows Store for Business for app distribution
+Next, you'll need to configure Windows Store for Business to distribute apps with a management tool such as Intune.
+
+In this part of the walkthrough, we'll be working on the <a href="https://manage.microsoft.com/" target="_blank">Microsoft Intune management portal</a> and <a href="https://businessstore.microsoft.com/en-us/Store/Apps" target="_blank">Windows Store for Business</a>.
+
+**To associate your Store account with Intune and configure synchronization**
+
+1. From the <a href="https://manage.microsoft.com/" target="_blank">Microsoft Intune management portal</a>, select **Admin**.
+2. In the **Administration** workspace, click **Mobile Device Management**. If this is the first tiem you're using the portal, click **manage mobile devices** in the **Mobile Device Management** window. The page will refresh and you'll have new options under **Mobile Device Management**.
+
+  **Figure 24** - Mobile device management
+
+  ![Set up mobile device management in Intune](images/intune_admin_mdm_configure.png)
+
+3. Sign into <a href="https://businessstore.microsoft.com/en-us/Store/Apps" target="_blank">Windows Store for Business</a> using the same tenant account that you used to sign into Intune.
+4. Accept the EULA.
+5. In the Store portal, select **Settings > Management tools** to go to the management tools page.
+6. In the **Management tools** page, find **Microsoft Intune** on the list and click **Activate** to get Intune ready to use with Windows Store for Business.
+
+  **Figure 25** - Activate Intune as the Store management tool
+
+  ![Activate Intune from the Store portal](images/wsfb_management_tools_activate.png)
+
+7. Go back to the <a href="https://manage.microsoft.com/" target="_blank">Intune management portal</a>, select **Admin > Mobile Device Management**, expand **Windows**, and then choose **Store for Business**.
+8. In the **Windows Store for Business** page, select **Configure Sync** to sync your Store for Business volume-purchased apps with Intune.
+
+  **Figure 26** - Configure Store for Business sync in Intune
+
+  ![Configure Store for Business sync in Intune](images/intune_admin_mdm_store_sync.png)
+
+9. In the **Configure Windows Store for Business app sync** dialog box, check **Enable Windows Store for Business sync**. In the **Language** dropdown list, choose the language in which you want apps from the Store to be displayed in the Intune console and then click **OK**.
+
+  **Figure 27** - Enable Windows Store for Business sync in Intune
+
+  ![Enable Store for Business sync in Intune](images/intune_configure_store_app_sync_dialog.png)
+
+  The **Windows Store for Business** page will refresh and it will show the details from the sync.
+
+**To buy apps from the Store**
+
+In your <a href="https://businessstore.microsoft.com/en-us/Store/Apps" target="_blank">Windows Store for Business</a> portal, you can see the list of apps that you own by going to **Manage > Inventory**. You should see the following apps in your inventory:
+- Sway
+- OneNote
+- PowerPoint Mobile
+- Excel Mobile
+- Word Mobile
+
+In the <a href="https://manage.microsoft.com/" target="_blank">Intune management portal</a>, select **Apps > Apps > Volume-Purchased Apps** and verify that you can see the same list of apps appear on Intune.
+
+In the following example, we'll show you how to buy apps through the Windows Store for Business and then make sure the apps appear on Intune.
+
+**Example 1 - Add other apps like Reader and InstaNote**
+
+1. In the <a href="https://businessstore.microsoft.com/en-us/Store/Apps" target="_blank">Windows Store for Business</a> portal, click **Shop**, scroll down to the **Made by Microsoft** category, and click **Show all** to see all the Microsoft apps in the list.
+
+  **Figure 28** - Shop for Store apps
+
+  ![Shop for Store apps](images/wsfb_shop_microsoft_apps.png)
+
+2. Click to select an app, such as **Reader**. This opens the app page.
+3. In the app's Store page, click **Get the app**. You should see a dialog that confirms your order. Click **Close**. This will refresh the app's Store page.
+4. In the app's Store page, click **Add to private store**.
+5. Next, search for another app by name (such as **InstaNote**) or repeat steps 1-4 for the **InstaNote** app.
+6. Go to **Manage > Inventory** and verify that the apps you purchased appear in your inventory.
+
+  **Figure 29** - App inventory shows the purchased apps
+
+  ![Confirm that your inventory shows purchased apps](images/wsfb_manage_inventory_newapps.png)
+
+  > [!NOTE]
+  > Sync happens automatically, but it may take up to 24 hours for your organization's private store and 12 hours for Intune to sync all your purchased apps. You can force a sync to make this process happen faster. For more info, see [To sync recently purchased apps](#forceappsync).
+
+**<a name="forceappsync"></a>To sync recently purchased apps**
+
+If you need to sync your most recently purchased apps and have it appear in your catalog, you can do this by forcing a sync.
+
+1. In the <a href="https://manage.microsoft.com/" target="_blank">Intune management portal</a>, select **Admin > Mobile Device Management > Windows > Store for Business**.
+2. In the **Windows Store for Business** page, click **Sync now** to force a sync.
+
+  **Figure 30** - Force a sync in Intune
+
+  ![Force a sync in Intune](images/intune_admin_mdm_forcesync.png)
+
+**To view purchased apps**
+- In the <a href="https://manage.microsoft.com/" target="_blank">Intune management portal</a>, select **Apps > Apps** and then choose **Volume-Purchased Apps** to see the list of available apps. Verify that the apps you purchased were imported correctly.
+
+**To add more apps**
+- If you have other apps that you want to deploy or manage, you must add it to Microsoft Intune. To deploy Win32 apps and Web links, see <a href="https://docs.microsoft.com/en-us/intune/deploy-use/add-apps-for-mobile-devices-in-microsoft-intune" target="_blank">Add apps for enrolled devices to Intune</a> for more info on how to do this.
+
+## 2. Set up devices
+
+### 2.1 Set up new devices
+To set up new Windows devices, go through the Windows initial device setup or first-run experience to configure your device.
+
+**<a name="usewindowsoobe"></a>To set up a device**
+1. Go through the Windows device setup experience. On a new or reset device, this starts with the **Hi there** screen on devices running Windows 10, version 1607 (Anniversary Update). The setup lets you:
+  - Fill in the details in the **Hi there** screen including your home country/region, preferred language, keyboard layout, and timezone
+  - Accept the EULA
+  - Customize the setup or use Express settings
+
+  **Figure 31** - First screen in Windows device setup
+
+  ![First screen in Windows device setup](images/win10_hithere.png)
+
+  > [!NOTE]  
+  > During setup, if you don't have a Wi-Fi network configured, make sure you connect the device to the Internet through a wired/Ethernet connection.
+
+2. In the **Who owns this PC?** screen, select **My work or school owns it** and click **Next**.
+3. In the **Choose how you'll connect** screen, select **Join Azure Active Directory** and click **Next**.
+
+  **Figure 32** - Choose how you'll connect your Windows device
+
+  ![Choose how you'll connect the Windows device](images/win10_choosehowtoconnect.png)
+
+4. In the **Let's get you signed in** screen, sign in using one of the user accounts you added in section [1.2 Add users and assign product licenses](#12-add-users-and-assign-product-licenses). We suggest signing in as one of the global administrators. Later, sign in on another device using one of the non-admin accounts.
+
+  **Figure 33** - Sign in using one of the accounts you added
+
+  ![Sign in using one of the accounts you added](images/win10_signin_admin_account.png)
+
+5. If this is the first time you're signing in, you will be asked to update your password. Update the password and continue with sign-in and setup.
+
+  Windows will continue with setup and you may be asked to set up a PIN for Windows Hello if your organization has it enabled.
+
+### 2.2 Verify correct device setup
+Verify that the device is set up correctly and boots without any issues.
+
+**To verify that the device was set up correctly**
+1. Click on the **Start** menu and select some of the options to make sure everything launches properly.
+2. Confirm that the Store and built-in apps are working.
+
+### 2.3 Verify the device is Azure AD joined
+In the <a href="https://manage.microsoft.com/" target="_blank">Intune management portal</a>, verify that the device is joined to Azure AD and shows up as being managed in Microsoft Intune.
+
+**To verify if the device is joined to Azure AD**
+1. Check the device name on your PC. To do this, on your Windows PC, select **Settings > System > About** and then check **PC name**.
+
+  **Figure 34** - Check the PC name on your device
+
+  ![Check the PC name on your device](images/win10_settings_pcname.png)
+  
+2. Log in to the <a href="https://manage.microsoft.com/" target="_blank">Intune management portal</a>.
+3. Select **Groups** and then go to **Devices**.
+4. In the **All Devices** page, look at the list of devices and select the entry that matches the name of your PC. 
+  - Check that the device name appears in the list. Select the device and it will also show the user that's currently logged in in the **General Information** section.
+  - Check the **Management Channel** column and confirm that it says **Managed by Microsoft Intune**.
+  - Check the **AAD Registered** column and confirm that it says **Yes**.
+
+  **Figure 35** - Check that the device appears in Intune
+
+  ![Check that the device appears in Intune](images/intune_groups_devices_list.png)
+
+## 3. Manage device settings and features
+You can use Microsoft Intune admin settings and policies to manage features on your organization's mobile devices and computers. For more info, see [Manage settings and features on your devices with Microsoft Intune policies](https://docs.microsoft.com/en-us/intune/deploy-use/manage-settings-and-features-on-your-devices-with-microsoft-intune-policies).
+
+In this section, we'll show you how to reconfigure app deployment settings and add a new policy that will disable the camera for the Intune-managed devices and turn off Windows Hello and PINs during setup.
+
+### 3.1 Reconfigure app deployment settings
+In some cases, if an app is missing from the device, you need to reconfigure the deployment settings for the app and set the app to require installation as soon as possible.
+
+**To reconfigure app deployment settings**
+1. In the <a href="https://manage.microsoft.com/" target="_blank">Intune management portal</a>, select **Apps** and go to **Apps > Volume-Purchased Apps**.
+2. Select the app, right-click, then select **Manage Deployment...**.
+3. Select the group(s) whose apps will be managed, and then click **Add** to add the group.
+4. Click **Next** at the bottom of the app deployment settings window or select **Deployment Action** on the left column to check the deployment settings for the app.
+5. For each group that you selected, set **Approval** to **Required Install**. This automatically sets **Deadline** to **As soon as possible**. If **Deadline** is not automatically set, set it to **As soon as possible**.
+
+  **Figure 36** - Reconfigure an app's deployment setting in Intune
+
+  ![Reconfigure app deployment settings in Intune](images/intune_apps_deploymentaction.png)
+
+6. Click **Finish**.
+7. Repeat steps 2-6 for other apps that you want to deploy to the device(s) as soon as possible.
+6. Verify that the app shows up on the device. To do this:
+  - Make sure you're logged in to the Windows device.
+  - Click the **Start** button and check the apps that appear in the **Recently added** section. If you don't see the apps that you deployed in Intune, give it a few minutes. Only apps that aren't already deployed on the device will appear in the **Recently added** section.
+
+    **Figure 37** - Confirm that additional apps were deployed to the device
+
+    ![Confirm that additiional apps were deployed to the device](images/win10_deploy_apps_immediately.png)
+
+### 3.2 Configure other settings in Intune
+
+**To disable the camera**
+1. In the <a href="https://manage.microsoft.com/" target="_blank">Intune management portal</a>, select **Policy > Configuration Policies**.
+2. In the **Policies** window, click **Add** to create a new policy.
+3. On the **Create a New Policy** page, click **Windows** to expand the group, select **General Configuration (Windows 10 Desktop and Mobile and later)**, choose **Create and Deploy a Custom Policy**, and then click **Create Policy**.
+4. On the **Create Policy** page, select **Device Capabilities**.
+5. In the **General** section, add a name and description for this policy. For example:
+  - **Name**: Test Policy - Disable Camera
+  - **Description**: Disables the camera
+6. Scroll down to the **Hardware** section, find **Allow camera is not configured**, toggle the button so that it changes to **Allow camera** and choose **No** from the dropdown list.
+
+  **Figure 38** - Add a configuration policy
+
+  ![Add a configuration policy](images/intune_policy_disablecamera.png)
+
+7. Click **Save Policy**. A confirmation window will pop up.
+8. On the **Deploy Policy** confirmation window, select **Yes** to deploy the policy now.
+9. On the **Management Deployment** window, select the user group(s) or device group(s) that you want to apply the policy to (for example, **All Users**), and then click **Add**. 
+10. Click **OK** to close the window. 
+
+  **Figure 39** - The new policy should appear in the **Policies** list.
+
+  ![New policy appears on the list](images/intune_policies_newpolicy_deployed.png)
+
+**To turn off Windows Hello and PINs during device setup**
+1. In the <a href="https://manage.microsoft.com/" target="_blank">Intune management portal</a>, select **Admin**.
+2. Go to **Mobile Device Management > Windows > Windows Hello for Business**.
+3. In the **Windows Hello for Business** page, select **Disable Windows Hello for Business on enrolled devices**.
+
+  **Figure 40** - Policy to disable Windows Hello for Business
+
+  ![Disable Windows Hello for Business](images/intune_policy_disable_windowshello.png)
+
+4. Click **Save**.
+
+  > [!NOTE]
+  > This policy is a tenant-wide Intune setting. It disables Windows Hello and required PINs during setup for all enrolled devices in a tenant.
+
+To test whether these policies get successfully deployed to your tenant, go through [4. Add more devices and users](#4-add-more-devices-and-users) and setup another Windows device and login as one of the users. 
+
+## 4. Add more devices and users
+After your cloud infrastructure is set up and you have a device management strategy in place, you may need to add more devices or users and you want the same policies to apply to these new devices and users. In this section, we'll show you how to do this.
+
+### 4.1 Connect other devices to your cloud infrastructure
+Adding a new device to your cloud-based tenant is easy. For new devices, you can follow the steps in [2. Set up devices](#2-set-up-devices). 
+
+For other devices, such as those personally-owned by employees who need to connect to the corporate network to access corporate resources (BYOD), you can follow the steps in this section to get these devices connected.
+
+  > [!NOTE]
+  > These steps enable users to get access to the organization's resources, but it also gives the organization some control over the device.
+
+**To connect a personal device to your work or school**
+1. On your Windows device, go to **Settings > Accounts**.
+2. Select **Access work or school** and then click **Connect** in the **Connect to work or school** page.
+3. In the **Set up a work or school account** window, click **Join this device to Azure Active Directory** to add an Azure AD account to the device.
+
+  **Figure 41** - Add an Azure AD account to the device
+
+  ![Add an Azure AD account to the device](images/win10_add_new_user_join_aad.png)
+
+4. In the **Let's get you signed in** window, enter the work credentials for the account and then click **Sign in** to authenticate the user.
+
+  **Figure 42** - Enter the account details
+
+  ![Enter the account details](images/win10_add_new_user_account_aadwork.png)
+
+5. You will be asked to update the password so enter a new password.
+6. Verify the details to make sure you're connecting to the right organization and then click **Join**.
+
+  **Figure 43** - Make sure this is your organization
+
+  ![Make sure this is your organization](images/win10_confirm_organization_details.png)
+
+7. You will see a confirmation window that says the device is now connected to your organization. Click **Done**.
+
+  **Figure 44** - Confirmation that the device is now connected
+
+  ![Confirmation that the device is now connected](images/win10_confirm_device_connected_to_org.png)
+
+8. The **Connect to work or school** window will refresh and will now include an entry that shows you're connected to your organization's Azure AD. This means the device is now registered in Azure AD and enrolled in MDM and the account should have access to the organization's resources.
+
+  **Figure 45** - Device is now enrolled in Azure AD
+
+  ![Device is enrolled in Azure AD](images/win10_device_enrolled_in_aad.png)
+
+9. You can confirm that the new device and user are showing up as Intune-managed by going to the <a href="https://manage.microsoft.com/" target="_blank">Intune management portal</a> and following the steps in [2.3 Verify the device is Azure AD joined](#23-verify-the-device-is-azure-ad-joined). It may take several minutes before the new device shows up so check again later.
+
+### 4.2 Add a new user
+You can add new users to your tenant simply by adding them to the Office 365 groups. Adding new users to Office 365 groups automatically adds them to the corresponding groups in Microsoft Intune.
+
+See [Add users to Office 365](https://support.office.com/en-us/article/Add-users-to-Office-365-for-business-435ccec3-09dd-4587-9ebd-2f3cad6bc2bc?ui=en-US&rs=en-US&ad=US&fromAR=1) to learn more. Once you're done adding new users, go to the <a href="https://manage.microsoft.com/" target="_blank">Intune management portal</a> and verify that the same users were added to the Intune groups as well.
+
+## Get more info
+
+### For IT admins
+To learn more about the services and tools mentioned in this walkthrough, and learn what other tasks you can do, follow these links:
+- <a href="https://support.office.com/en-us/article/Set-up-Office-365-for-business-6a3a29a0-e616-4713-99d1-15eda62d04fa" target="_blank">Set up Office 365 for business</a>
+- Common admin tasks in Office 365 including email and OneDrive in <a href="https://support.office.com/en-us/article/Common-management-tasks-for-Office-365-46c667f7-5073-47b9-a75f-05a60cf77d91" target="_blank">Manage Office 365</a>
+- More info about managing devices, apps, data, troubleshooting, and more in <a href="https://docs.microsoft.com/en-us/intune/" target="_blank">Intune documentation</a>
+- Learn more about Windows 10 in <a href="http://technet.microsoft.com/windows/windows10.aspx" target="_blank">Windows 10 guide for IT pros</a>
+- Info about distributing apps to your employees, managing apps, managing settings, and more in <a href="https://technet.microsoft.com/en-us/itpro/windows/manage/windows-store-for-business" target="_blank">Windows Store for Business</a>
+
+### For information workers
+Whether it's in the classroom, getting the most out of your devices, or learning some of the cool things you can do, we've got teachers covered. Follow these links for more info:
+- <a href="https://support.office.com/" target="_blank">Office help and training</a>
+- <a href="https://support.microsoft.com/en-us/products/windows?os=windows-10" target="_blank">Windows 10 help</a>
+
+## Related topics
+
+- [Windows 10 and Windows 10 Mobile](https://technet.microsoft.com/itpro/windows/index)

smb/index.md

@@ -1,4 +1,45 @@
 ---
-title: SMB placeholder
+title: Windows 10 for small to midsize businesses
-description: SMB placeholder
+description: Microsoft products and devices to transform and grow your businessLearn how to use Windows 10 for your small to midsize business.
+keywords: Windows 10, SMB, small business, midsize business, business
+ms.prod: w10
+ms.technology: smb-windows
+ms.topic: article
+ms.author: celested
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: smb
+author: CelesteDG
 ---
+
+![Windows 10 for SMB](images/smb_portal_banner.png)
+
+# Windows 10 for SMB
+<link rel="stylesheet" href="https://az835927.vo.msecnd.net/sites/uwp/Resources/css/custom.css">
+
+## ![Learn more about Windows and other resources for SMBs](images/learn.png) Learn
+
+<div class="side-by-side"> <div class="side-by-side-content">
+<div class="side-by-side-content-left">
+<p><b><a href="https://business.microsoft.com/en-us/products/windows" target="_blank">Windows 10 for business</a></b><br />Learn how Windows 10 and Windows devices can help your business.</p>
+<p><b><a href="https://blogs.business.microsoft.com/" target="_blank">SMB blog</a></b><br />Read about the latest stories, technology insights, and business strategies for SMBs.</p>
+</div>
+<div class="side-by-side-content-right">
+<p><b><a href="https://business.microsoft.com/en-us/products" target="_blank">How to buy</a></b><br />Go here when you're ready to buy or want to learn more about Microsoft products you can use to help transform your business.</p>
+</div>
+</div>
+
+## ![Deploy a Microsoft solution for your business](images/deploy.png) Deploy
+
+<div class="side-by-side"> <div class="side-by-side-content">
+<div class="side-by-side-content-left">
+<p><b>[Get started: Deploy and manage a full cloud IT solution for your business](cloud-mode-business-setup.md)</b><br />Find out how easy it is to deploy and manage a full cloud IT solution for your small to midsize business using Microsoft cloud services and tools.</p>
+</div>
+<div class="side-by-side-content-right">
+<p></p>
+</div>
+</div>
+
+ ## Related topics
+
+- [Windows 10 and Windows 10 Mobile](https://technet.microsoft.com/itpro/windows/index)

windows/configure/provisioning-multivariant.md

@@ -1,6 +1,6 @@
 ---
 title: Create a provisioning package with multivariant settings (Windows 10)
-description: Create a provisioning package with multivariant settings to customize the provisioned settings.
+description: Create a provisioning package with multivariant settings to customize the provisioned settings for defined conditions.
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -16,37 +16,31 @@ localizationpriority: high
 -   Windows 10
 -   Windows 10 Mobile
 
-Multivariant provisioning packages enable you to create a single provisioning package that can work for multiple locales.
 
-To provision multivariant settings, you must create a provisioning package with defined **Conditions** and **Settings** that are tied to these conditions. When you install this package on a Windows 10 device, the provisioning engine applies the matching condition settings at every event and triggers provisioning.
+In your organization, you might have different configuration requirements for devices that you manage. You can create separate provisioning packages for each group of devices in your organization that have different requirements. Or, you can create a multivariant provisioning package, a single provisioning package that can work for multiple conditions. For example, in a single provisioning package, you can define one set of customization settings that will apply to devices set up for French and a different set of customization settings for devices set up for Japanese. 
 
-The following events trigger provisioning on Windows 10 devices:
+To provision multivariant settings, you use Windows Imaging and Configuration Designer (ICD) to create a provisioning package that contains all of the customization settings that you want to apply to any of your devices. Next, you manually edit the .XML file for that project to define each set of devices (a **Target**). For each **Target**, you specify at least one **Condition** with a value, which identifies the devices to receive the configuration. Finally, for each **Target**, you provide the customization settings to be applied to those devices.
 
-| Event | Windows 10 Mobile | Windows 10 for desktop editions (Home, Pro, Enterprise, and Education) |
+Let's begin by learning how to define a **Target**.
-| --- | --- | --- |
-| System boot | Supported | Supported |
-| Operating system update | Supported | Planned |
-| Package installation during device first run experience | Supported | Supported |
-| Detection of SIM presence or update | Supported | Not supported |
-| Package installation at runtime | Supported | Supported |
-| Roaming detected | Supported | Not supported |
 
-## Target, TargetState, Condition, and priorities
 
-Targets describe keying for a variant and must be described or pre-declared before being referenced by the variant.
+## Define a target
 
-- You can define multiple **Target** child elements for each **Id** that you need for the customization setting.
+In the XML file, you provide an **Id**, or friendly name, for each **Target**. Each **Target** is defined by at least one **TargetState** which contains at least one **Condition**. A **Condition** element defines the matching type between the condition and the specified value.
 
-- Within a **Target** you can define multiple **TargetState** elements.
+A **Target** can have more than one **TargetState**, and a **TargetState** can have more than one **Condition**. 
 
-- Within a **TargetState** element you can create multiple **Condition** elements.
+![Target with multiple target states and conditions](images/multi-target.png)
 
-- A **Condition** element defines the matching type between the condition and the specified value.
+The following table describes the logic for the target definition.
 
-The following table shows the conditions supported in Windows 10 provisioning:
+<table><tr><td>When all **Condition** elements are TRUE, **TargetState** is TRUE.</td><td>![Target state is true when all conditions are true](images/icd-multi-targetstate-true.png)</td></tr>
+<tr><td>If any of the **TargetState** elements is TRUE, **Target** is TRUE, and the **Id** can be used for setting customizations.</td><td>![Target is true if any target state is true](images/icd-multi-target-true.png)</td></tr></table>
+
+### Conditions
+
+The following table shows the conditions supported in Windows 10 provisioning for a **TargetState**:
 
->[!NOTE]
->You can use any of these supported conditions when defining your **TargetState**.
 
 | Condition Name | Condition priority | Windows 10 Mobile | Windows 10 for desktop editions | Value type | Value description |
 | --- | --- | --- | --- | --- | --- |
@@ -57,54 +51,47 @@ The following table shows the conditions supported in Windows 10 provisioning:
 | GID1 | P0 | Supported | N/A | Digit string | Use to target settings based on the Group Identifier (level 1) value. |
 | ICCID | P0 | Supported | N/A | Digit string | Use to target settings based on the Integrated Circuit Card Identifier (ICCID) value. |
 | Roaming | P0 | Supported | N/A | Boolean | Use to specify roaming. Set the value to **1** (roaming) or **0** (non-roaming). | 
-| UICC | P0 | Supported | N/A | Enumeration | Use to specify the UICC state. Set the value to one of the following:</br></br></br>- 0 - Empty</br>- 1 - Ready</br>- 2 - Locked |
+| UICC | P0 | Supported | N/A | Enumeration | Use to specify the Universal Integrated Circuit Card (UICC) state. Set the value to one of the following:</br></br></br>- 0 - Empty</br>- 1 - Ready</br>- 2 - Locked |
 | UICCSLOT | P0 | Supported | N/A | Digit string | Use to specify the UICC slot. Set the value one of the following:</br></br></br>- 0 - Slot 0</br>- 1 - Slot 1 |
 | ProcessorType | P1 | Supported | Supported | String | Use to target settings based on the processor type. |
 | ProcessorName | P1 | Supported | Supported | String | Use to target settings based on the processor name. |
-| AoAc | P1 | Supported | Supported | Boolean | Set the value to 0 or 1. |
+| AoAc ("Always On, Always Connected") | P1 | Supported | Supported | Boolean | Set the value to **0** (false) or **1** (true). If this condition is TRUE, the system supports the S0 low power idle model. |
-| PowerPlatformRole | P1 | Supported | Supported | Enumeration | Indicates the preferred power management profile. Set the value based on the POWER_PLATFORM_ROLE enumeration. |
+| PowerPlatformRole | P1 | Supported | Supported | Enumeration | Indicates the preferred power management profile. Set the value based on the [POWER_PLATFORM_ROLE enumeration](https://msdn.microsoft.com/library/windows/desktop/aa373174.aspx).  |
 | Architecture | P1 | Supported | Supported | String | Matches the PROCESSOR_ARCHITECTURE environment variable. |
-| Server | P1 | Supported | Supported | Boolean | Set the value to 0 or 1. |
+| Server | P1 | Supported | Supported | Boolean | Set the value to **0** (false) or **1** (true) to identify a server. |
-| Region | P1 | Supported | Supported | Enumeration | Use to target settings based on country/region. |
+| Region | P1 | Supported | Supported | Enumeration | Use to target settings based on country/region, using the 2-digit alpha ISO code per [ISO 3166-1 alpha-2](https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2). |
-| Lang | P1 | Supported | Supported | Enumeration | Use to target settings based on language code. |
+| Lang | P1 | Supported | Supported | Enumeration | Use to target settings based on language code, using the 2-digit [ISO 639 alpha-2 code](https://en.wikipedia.org/wiki/ISO_639).  |
-| ROMLANG | P1 | Supported | N/A | Digit string | Use to specify the PhoneROMLanguage that's set for DeviceTargeting. This condition is used primarily to detect variants for China. For example, you can use this condition and set the value to "0804". |
+
 
 The matching types supported in Windows 10 are:
 
 | Matching type | Syntax | Example |
 | --- | --- | --- |
 | Straight match | Matching type is specified as-is | &lt;Condition Name="ProcessorName" Value="Barton" /&gt; |
-| Regex match | Matching type is prefixed by "Pattern:" | &lt;Condition Name="ProcessorName" Value="Pattern:.*Celeron.*" /&gt; |
+| Regular expression (Regex) match | Matching type is prefixed by "Pattern:" | &lt;Condition Name="ProcessorName" Value="Pattern:.*Celeron.*" /&gt; |
 | Numeric range match | Matching type is prefixed by "!Range:" | &lt;Condition Name="MNC" Value="!Range:400, 550" /&gt; |
  
 
-- When all **Condition** elements are TRUE, **TargetState** is TRUE (**AND** logic).
+### TargetState priorities
 
-- If any of the **TargetState** elements is TRUE, **Target** is TRUE (**OR** logic), and **Id** can be used for the setting customization.
+You can define more than one **TargetState** within a provisioning package to apply settings to devices that match device conditions. When the provisioning engine evalues each **TargetState**, more than one **TargetState** may fit current device conditions. To determine the order in which the settings are applied, the system assigns a priority to every **TargetState**. 
 
+A setting that matches a **TargetState** with a lower priority is applied before the setting that matches a **TargetState** with a higher priority. This means that a setting for the **TargetState** with the higher priority can overwrite a setting for the **TargetState** with the lower priority.
 
-You can define more than one **TargetState** within a provisioning package to apply variant settings that match device conditions. When the provisioning engine evalues each **TargetState**, more than one **TargetState** may fit current device conditions. To determine the order in which the variant settings are applied, the system assigns a priority to every **TargetState**. 
+Settings that match more than one **TargetState** with equal priority are applied according to the order that each **TargetState** is defined in the provisioning package.
 
-A variant setting that matches a **TargetState** with a lower priority is applied before the variant that matches a **TargetState** with a higher priority. Variant settings that match more than one **TargetState** with equal priority are applied according to the order that each **TargetState** is defined in the provisioning package.
+The **TargetState** priority is assigned based on the condition's priority (see the [Conditions table](#conditions) for priorities). The priority evaluation rules are as followed:
 
-The **TargetState** priority is assigned based on the conditions priority and the priority evaluation rules are as followed:
+1. A **TargetState** with P0 conditions is higher than a **TargetState** without P0 conditions.
 
-1. **TargetState** with P0 conditions is higher than **TargetState** without P0 conditions.
+2. A **TargetState** with both P0 and P1 conditions is higher than a **TargetState** with only P0 conditions.
 
+2. A **TargetState** with a greater number of matched P0 conditions is higher than **TargetState** with fewer matched P0 conditions, regardless of the number of P1 conditions matched.
 
-2. **TargetState** with P1 conditions is higher than **TargetState** without P0 and P1 conditions.
+2. If the number of P0 conditions matched are equivalent, then the **TargetState** with the most matched P1 conditions has higher priority.
 
+3. If both P0 and P1 conditions are equally matched, then the **TargetState** with the greatest total number of matched conditions has highest priority.
 
-3. If N₁>N₂>0, the **TargetState** priority with N₁ P0 conditions is higher than the **TargetState** with N₂ P1 conditions.
-
-
-4. For **TargetState** without P0 conditions, if N₁>N₂>0 **TargetState** with N₁ P1 conditions is higher than the **TargetState** with N₂ P1 conditions.
-
-
-5. For **TargetState** without P0 and P1 conditions, if N₁>N₂>0 **TargetState** priority with N₁ P2 conditions is higher than the **TargetState** with N₂ P2 conditions.
-
-
-6. For rules 3, 4, and 5, if N₁=N₂, **TargetState** priorities are considered equal.
 
 
 ## Create a provisioning package with multivariant settings
@@ -112,17 +99,15 @@ The **TargetState** priority is assigned based on the conditions priority and th
 Follow these steps to create a provisioning package with multivariant capabilities.
 
 
-1. Build a provisioning package and configure the customizations you need to apply during certain conditions. For more information, see [Create a provisioning package](provisioning-create-package.md).
+1. Build a provisioning package and configure the customizations you want to apply during certain conditions. For more information, see [Create a provisioning package](provisioning-create-package.md).
-
 
 2. After you've [configured the settings](provisioning-create-package.md#configure-settings), save the project.
 
-
+3. Open the project folder and copy the customizations.xml file to any local location. 
-3. Open the project folder and copy the customizations.xml file. 
 
 4. Use an XML or text editor to open the customizations.xml file.
 
-    The customizations.xml file holds the package metadata (including the package owner and rank) and the settings that you configured when you created your provisioning package. The Customizations node contains a Common section, which contains the customization settings.
+    The customizations.xml file holds the package metadata (including the package owner and rank) and the settings that you configured when you created your provisioning package. The **Customizations** node of the file contains a **Common** section, which contains the customization settings.
 
     The following example shows the contents of a sample customizations.xml file.
 
@@ -153,7 +138,7 @@ Follow these steps to create a provisioning package with multivariant capabiliti
 </WindowsCustomizatons> 
     ```
 
-4. Edit the customizations.xml file and create a **Targets** section to describe the conditions that will handle your multivariant settings. 
+4. Edit the customizations.xml file to create a **Targets** section to describe the conditions that will handle your multivariant settings. 
 
     The following example shows the customizations.xml, which has been modified to include several conditions including **ProcessorName**, **ProcessorType**, **MCC**, and **MNC**.
     
@@ -210,10 +195,10 @@ Follow these steps to create a provisioning package with multivariant capabiliti
 
     c. Move compliant settings from the **Common** section to the **Variant** section.
 
-    If any of the TargetRef elements matches the Target, all settings in the Variant are applied (OR logic).
+    If any of the **TargetRef** elements matches the **Target**, all settings in the **Variant** are applied.
 
     >[!NOTE]
-    >You can define multiple Variant sections. Settings that reside in the **Common** section are applied unconditionally on every triggering event.
+    >You can define multiple **Variant** sections. Settings that reside in the **Common** section are applied unconditionally on every triggering event.
 
     The following example shows the customizations.xml updated to include a **Variant** section and the moved settings that will be applied if the conditions for the variant are met.
 
@@ -289,7 +274,20 @@ In this example, the **StoreFile** corresponds to the location of the settings s
 
  
 
+## Events that trigger provisioning
 
+When you install the multivariant provisioning package on a Windows 10 device, the provisioning engine applies the matching condition settings at every event and triggers provisioning.
+
+The following events trigger provisioning on Windows 10 devices:
+
+| Event | Windows 10 Mobile | Windows 10 for desktop editions |
+| --- | --- | --- |
+| System boot | Supported | Supported |
+| Operating system update | Supported | Planned |
+| Package installation during device first run experience | Supported | Supported |
+| Detection of SIM presence or update | Supported | Supported |
+| Package installation at runtime | Supported | Supported |
+| Roaming detected | Supported | Not supported |
  
 
  

windows/deploy/TOC.md

@@ -1,18 +1,18 @@
 # [Deploy Windows 10](index.md)
 ## [Windows 10 deployment scenarios](windows-10-deployment-scenarios.md)
-## [Manage Windows upgrades with Upgrade Analytics](manage-windows-upgrades-with-upgrade-analytics.md)
+## [Manage Windows upgrades with Upgrade Readiness](manage-windows-upgrades-with-upgrade-readiness.md)
-### [Upgrade Analytics architecture](upgrade-analytics-architecture.md)
+### [Upgrade Readiness architecture](upgrade-readiness-architecture.md)
-### [Upgrade Analytics requirements](upgrade-analytics-requirements.md)
+### [Upgrade Readiness requirements](upgrade-readiness-requirements.md)
-### [Upgrade Analytics release notes](upgrade-analytics-release-notes.md)
+### [Upgrade Readiness release notes](upgrade-readiness-release-notes.md)
-### [Get started with Upgrade Analytics](upgrade-analytics-get-started.md)
+### [Get started with Upgrade Readiness](upgrade-readiness-get-started.md)
-#### [Upgrade Analytics deployment script](upgrade-analytics-deployment-script.md)
+#### [Upgrade Readiness deployment script](upgrade-readiness-deployment-script.md)
-### [Use Upgrade Analytics to manage Windows upgrades](use-upgrade-analytics-to-manage-windows-upgrades.md)
+### [Use Upgrade Readiness to manage Windows upgrades](use-upgrade-readiness-to-manage-windows-upgrades.md)
-#### [Upgrade overview](upgrade-analytics-upgrade-overview.md)
+#### [Upgrade overview](upgrade-readiness-upgrade-overview.md)
-#### [Step 1: Identify apps](upgrade-analytics-identify-apps.md)
+#### [Step 1: Identify apps](upgrade-readiness-identify-apps.md)
-#### [Step 2: Resolve issues](upgrade-analytics-resolve-issues.md)
+#### [Step 2: Resolve issues](upgrade-readiness-resolve-issues.md)
-#### [Step 3: Deploy Windows](upgrade-analytics-deploy-windows.md)
+#### [Step 3: Deploy Windows](upgrade-readiness-deploy-windows.md)
-#### [Additional insights](upgrade-analytics-additional-insights.md)
+#### [Additional insights](upgrade-readiness-additional-insights.md)
-### [Troubleshoot Upgrade Analytics](troubleshoot-upgrade-analytics.md)
+### [Troubleshoot Upgrade Readiness](troubleshoot-upgrade-readiness.md)
 ## [Step by step guide: Configure a test lab to deploy Windows 10](windows-10-poc.md)
 ### [Deploy Windows 10 in a test lab using Microsoft Deployment Toolkit](windows-10-poc-mdt.md)
 ### [Deploy Windows 10 in a test lab using System Center Configuration Manager](windows-10-poc-sc-config-mgr.md)
@@ -51,6 +51,7 @@
 ## [Upgrade to Windows 10 with the Microsoft Deployment Toolkit](upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md)
 ## [Upgrade to Windows 10 with System Center Configuration Manager](upgrade-to-windows-10-with-system-center-configuraton-manager.md)
 ## [Resolve Windows 10 upgrade errors](resolve-windows-10-upgrade-errors.md)
+## [Convert MBR partition to GPT](mbr-to-gpt.md)
 ## [Configure a PXE server to load Windows PE](configure-a-pxe-server-to-load-windows-pe.md)
 ## [Windows 10 upgrade paths](windows-10-upgrade-paths.md)
 ## [Windows 10 edition upgrade](windows-10-edition-upgrades.md)

windows/deploy/change-history-for-deploy-windows-10.md

@@ -12,12 +12,17 @@ author: greg-lindsay
 This topic lists new and updated topics in the [Deploy Windows 10](index.md) documentation for [Windows 10 and Windows 10 Mobile](../index.md).
 
 ## RELEASE: Windows 10, version 1703
-
 The topics in this library have been updated for Windows 10, version 1703 (also known as the Creators Update). The provisioning topics have been moved to [Configure Windows 10](../configure/index.md).
 
+## March 2017
+| New or changed topic | Description |
+|----------------------|-------------|
+| [Convert MBR partition to GPT](mbr-to-gpt.md) | New | 
+
 ## February 2017
 | New or changed topic | Description |
 |----------------------|-------------|
+| [Manage Windows upgrades with Upgrade Readiness](manage-windows-upgrades-with-upgrade-readiness.md) | Multiple topics updated, name changed from Upgrade Analytics to Upgrade Readiness, and other content updates. | 
 | [USMT Requirements](usmt-requirements.md) | Updated: Vista support removed and other minor changes | 
 | [Get started with Upgrade Analytics](upgrade-analytics-get-started.md) | Updated structure and content | 
 | [Upgrade Analytics deployment script](upgrade-analytics-deployment-script.md) | Added as a separate page from get started |