Merge branch 'main' into v-tappelgate-CI-164475

.openpublishing.redirection.json

@@ -19574,6 +19574,21 @@
       "source_path": "windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md",
       "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-windows-defender-application-control-policies-using-intune",
       "redirect_document_id": false
+     },
+     {
+      "source_path": "smb/cloud-mode-business-setup.md",
+      "redirect_url": "https://techcommunity.microsoft.com/t5/small-and-medium-business-blog/bg-p/Microsoft365BusinessBlog",
+      "redirect_document_id": false
+     },
+     {
+      "source_path": "smb/index.md",
+      "redirect_url": "https://techcommunity.microsoft.com/t5/small-and-medium-business-blog/bg-p/Microsoft365BusinessBlog",
+      "redirect_document_id": false
+     },
+     {
+      "source_path": "windows/whats-new/contribute-to-a-topic.md",
+      "redirect_url": "https://github.com/MicrosoftDocs/windows-itpro-docs/blob/public/CONTRIBUTING.md#editing-windows-it-professional-documentation",
+      "redirect_document_id": false
      }
   ]
 }

bcs/TOC.yml

@@ -1,2 +0,0 @@
-- name: Index
-  href: index.md

bcs/breadcrumb/toc.yml

@@ -1,3 +0,0 @@
-- name: Docs
-  tocHref: /
-  topicHref: /

education/windows/TOC.yml

@@ -65,6 +65,8 @@
       href: s-mode-switch-to-edu.md
     - name: Change to Windows 10 Pro Education from Windows 10 Pro
       href: change-to-pro-education.md
+    - name: Upgrade Windows Home to Windows Education on student-owned devices
+      href: change-home-to-edu.md
     - name: Chromebook migration guide
       href: chromebook-migration-guide.md
     - name: Change history for Windows 10 for Education

education/windows/change-home-to-edu.md

@@ -0,0 +1,229 @@
+---
+title: Upgrade Windows Home to Windows Education on student-owned devices
+description: Learn how IT Pros can upgrade student-owned devices from Windows Home to Windows Education using Mobile Device Management or Kivuto OnTheHub with qualifying subscriptions.
+ms.date: 07/05/2021
+ms.prod: windows
+ms.technology: windows
+ms.topic: how-to
+ms.localizationpriority: medium
+author: scottbreenmsft
+ms.author: scbree
+ms.reviewer: paoloma
+manager: jeffbu
+ms.collection: highpri
+---
+
+# Upgrade Windows Home to Windows Education on student-owned devices
+
+## Overview
+
+Customers with qualifying subscriptions can upgrade student-owned and institution-owned devices from *Windows Home* to *Windows Education*, which is designed for both the classroom and remote learning. 
+
+> [!NOTE]
+> To be qualified for this process, customers must have a Windows Education subscription that includes the student use benefit and must have access to the Volume Licensing Service Center (VLSC) or the Microsoft 365 Admin Center.
+
+IT admins can upgrade student devices using a multiple activation key (MAK) manually or through Mobile Device Management (MDM). Alternatively, IT admins can set up a portal through [Kivuto OnTheHub](http://onthehub.com) where students can request a *Windows Pro Education* product key. The table below provides the recommended method depending on the scenario.
+
+| Method | Product key source | Device ownership | Best for |
+|-|-|-|-|
+| MDM | VLSC | Personal (student-owned) | IT admin initiated via MDM |
+| Kivuto | Kivuto | Personal (student-owned) | Initiated on device by student, parent or guardian |
+| Provisioning package | VLSC | Personal (student-owned) or Corporate (institution-owned) | IT admin initiated at first boot |
+
+These methods apply to devices with *Windows Home* installed; institution-owned devices can be upgraded from *Windows Professional* or *Windows Pro Edu* to *Windows Education* or *Windows Enterprise* using [Windows 10/11 Subscription Activation](/windows/deployment/windows-10-subscription-activation).
+
+## User Notifications
+
+Users aren't notified their device has been or will be upgraded to Windows Education when using MDM. It's the responsibility of the institution to notify their users. Institutions should notify their users that MDM will initiate an upgrade to Windows Education and this upgrade will give the institution extra capabilities, such as installing applications.
+
+Device users can disconnect from MDM in the Settings app, to prevent further actions from being taken on their personal device. For instructions on disconnecting from MDM, see [Remove your Windows device from management](/mem/intune/user-help/unenroll-your-device-from-intune-windows).
+
+## Why upgrade student-owned devices from Windows Home to Windows Education?
+
+Some school institutions want to streamline student onboarding for student-owned devices using MDM. Typical MDM requirements include installing certificates, configuring WiFi profiles and installing applications. On Windows, MDM uses Configuration Service Providers (CSPs) to configure settings. Some CSPs aren't available on Windows Home, which can limit the capabilities. Some of the CSPs not available in Windows Home that can affect typical student onboarding are:
+
+- [EnterpriseDesktopAppManagement](/windows/client-management/mdm/enterprisemodernappmanagement-csp) - which enables deployment of Windows installer or Win32 applications.
+- [DeliveryOptimization](/windows/client-management/mdm/policy-csp-deliveryoptimization) - which enables configuration of Delivery Optimization.
+
+A full list of CSPs are available at [Configuration service provider reference](/windows/client-management/mdm/configuration-service-provider-reference). For more information about enrolling devices into Microsoft Intune, see [Deployment guide: Enroll Windows devices in Microsoft Intune](/mem/intune/fundamentals/deployment-guide-enrollment-windows).
+
+## Requirements for using a MAK to upgrade from Windows Home to Windows Education
+
+- Access to Volume Licensing Service Center (VLSC) or the Microsoft 365 Admin Center.
+- A qualifying Windows subscription such as:
+  - Windows A3, or;
+  - Windows A5.
+- A pre-installed and activated instance of Windows 10 Home or Windows 11 Home.
+
+You can find more information in the [Microsoft Product Terms](https://www.microsoft.com/licensing/terms/productoffering).
+
+## How the upgrade process works
+
+IT admins with access to the VLSC or the Microsoft 365 Admin Center, can find their MAK for Windows Education and trigger an upgrade using Mobile Device Management or manually on devices.
+
+> [!WARNING]
+> The MAK is highly sensitive and should always be protected. Only authorized staff should be given access to the key and it should never be distributed to students or broadly to your organization in documentation or emails.
+
+### Recommended methods for using a MAK
+
+It's critical that MAKs are protected whenever they're used. The following processes provide the best protection for a MAK being applied to a device:
+
+- Provisioning package by institution approved staff;
+- Manual entry by institution approved staff (don't distribute the key via email);
+- Mobile Device Management (like Microsoft Intune) via [WindowsLicensing CSP](/windows/client-management/mdm/windowslicensing-csp);
+    > [!IMPORTANT]
+    > If you are using a Mobile Device Management product other than Microsoft Intune, ensure the key isn't accessible by students.
+- Operating System Deployment processes with tools such as Microsoft Deployment Toolkit or Microsoft Endpoint Configuration Manager.
+
+For a full list of methods to perform a Windows edition upgrade and more details, see [Windows 10 edition upgrade](/windows/deployment/upgrade/windows-10-edition-upgrades).
+
+## Downgrading, resetting, reinstalling and graduation rights
+
+After upgrading from *Windows Home* to *Windows Education* there are some considerations for what happens during downgrade, reset or reinstall of the operating system.
+
+The table below highlights the differences by upgrade product key type:
+
+| Product Key Type | Downgrade (in-place) | Reset | Student reinstall |
+|-|-|-|-|
+| VLSC | No | Yes | No |
+| Kivuto OnTheHub | No | Yes | Yes |
+
+### Downgrade
+
+It isn't possible to downgrade to *Windows Home* from *Windows Education* without reinstalling Windows.
+
+### Reset
+
+If the computer is reset, Windows Education will be retained. 
+
+### Reinstall
+
+The Education upgrade doesn't apply to reinstalling Windows. Use the original Windows edition when reinstalling Windows. The original product key or [firmware-embedded product key](#what-is-a-firmware-embedded-activation-key) will be used to activate Windows.
+
+If students require a *Windows Pro Education* key that can work on a new install of Windows, they should use [Kivuto OnTheHub](http://onthehub.com) to request a key prior to graduation.
+
+For details on product keys and reinstalling Windows, see [Find your Windows product key](https://support.microsoft.com/windows/find-your-windows-product-key-aaa2bf69-7b2b-9f13-f581-a806abf0a886).
+
+### Resale
+
+The license will remain installed on the device if resold and the same conditions above apply for downgrade, reset or reinstall.
+
+## Step by step process for customers to upgrade student-owned devices using Microsoft Intune
+
+These steps provide instructions on how to use Microsoft Intune to upgrade devices from Home to Education. 
+
+### Step 1: Create a Windows Home edition filter
+
+These steps configure a filter that will only apply to devices running the *Windows Home edition*. This filter will ensure only devices running *Windows Home edition* are upgraded. For more information about filters, see [Create filters in Microsoft Intune](/mem/intune/fundamentals/filters).
+
+- Start in the [**Microsoft Endpoint Manager admin console**](https://endpoint.microsoft.com)
+- Select **Tenant administration** > **Filters**
+- Select **Create**
+  - Specify a name for the filter (for example *Windows Home edition*)
+  - Select the **platform** as **Windows 10 and later**
+  - Select **Next**
+- On the **Rules** screen, configure the following rules:
+  - **operatingSystemSKU** equals **Core (Windows 10/11 Home (101))**
+    - OR
+  - **operatingSystemSKU** equals **CoreN (Windows 10/11 Home N (98))**
+    - OR
+  - **operatingSystemSKU** equals **CoreSingleLanguage (Windows 10/11 Home single language (100))**
+
+    > [!NOTE]
+    > Ensure you've selected OR as the operator in the right And/Or column
+    
+    :::image type="content" source="images/change-home-to-edu-windows-home-edition-intune-filter.png" alt-text="Example of configuring the Windows Home filter":::
+
+- Optionally select scope tags as required
+- Save the filter by selecting **Create**
+
+### Step 2: Create a Windows edition upgrade policy
+
+These steps create and assign a Windows edition upgrade policy. For more information, see [Windows 10/11 device settings to upgrade editions or enable S mode in Intune](/mem/intune/configuration/edition-upgrade-windows-settings).
+
+- Start in the [**Microsoft Endpoint Manager admin console**](https://endpoint.microsoft.com)
+- Select **Devices** > **Configuration profiles**
+- Select **Create profile**
+  - Select the **Platform** as **Windows 10 or later**
+  - Select the **Profile type** as **Templates**
+  - Select the **Template** as **Edition upgrade and mode switch**
+  - Select **Create**
+- Specify a name for the policy (for example *Windows Education edition upgrade*), select **Next**
+- On the **Configuration settings** screen
+  - Expand **Edition Upgrade**
+  - Change **Edition to upgrade** to **Windows 10/11 Education**
+  - In the **Product Key**, enter your *Windows 10/11 Education MAK*
+  - Select **Next**
+  
+    :::image type="content" source="images/change-home-to-edu-windows-edition-upgrade-policy.png" alt-text="Example of configuring the Windows upgrade policy in Microsoft Intune":::
+
+- Optionally select scope tags as required and select **Next**
+- On the **assignments** screen;
+  - Select **Add all devices**
+  - Next to **All devices**, select **Edit filter**
+  
+      > [!NOTE]
+      > You can also target other security groups that contain a smaller scope of users or devices and apply the filter rather than All devices.
+
+  - Select to **Include filtered devices in assignment**
+  - Select the *Windows Home edition* filter you created earlier
+  - Choose **Select** to save the filter selection
+  - Select **Next** to progress to the next screen
+- Don't configure any applicability rules and select **next**
+- Review your settings and select **Create**
+
+The edition upgrade policy will now apply to all existing and new Windows Home edition devices targeted.
+
+### Step 3: Report on device edition
+
+You can check the Windows versions of managed devices in the Microsoft Endpoint Manager admin console.
+
+- Start in the **Microsoft Endpoint Manager admin console**
+- Select **Devices** > **Windows**
+- Select the **Columns** button
+- Select **Sku Family**
+- Select **Export**
+- Select **Only include the selected columns in the exported file** and select **Yes**
+- Open the file in Excel and filter on the Sku Family column to identify which devices are running the Home SKU
+
+## Frequently asked questions (FAQ)
+
+### My MAK key has run out of activations, how do I request a new one?
+
+Increases to MAK Activation quantity can be requested by contacting [VLSC support](/licensing/contact-us) and may be granted by exception. A request can be made by accounts with the VLSC Administrator, Key Administrator, or Key Viewer permissions. The request should include the following information:
+
+- Agreement/Enrollment Number or License ID and Authorization.
+- Product Name (includes version and edition).
+- Last five characters of the product key.
+- The number of host activations required.
+- Business Justification or Reason for Deployment.
+
+### What is a firmware-embedded activation key?
+
+A firmware-embedded activation key is a Windows product key that is installed into the firmware of your device. The embedded key makes it easier to install and activate Windows. To determine if the computer has a firmware-embedded activation key, type the following command at an elevated Windows PowerShell prompt:
+
+```powershell
+(Get-CimInstance -query 'select * from SoftwareLicensingService').OA3xOriginalProductKey
+```
+
+If the device has a firmware-embedded activation key, it will be displayed in the output. Otherwise, the device doesn't have a firmware embedded activation key. Most OEM-provided devices designed to run Windows 8 or later will have a firmware-embedded key.
+
+A firmware embedded key is only required to upgrade using Subscription Activation, a MAK upgrade doesn't require the firmware embedded key.
+
+### What is a multiple activation key and how does it differ from using KMS, Active Directory based activation or Subscription Activation?
+
+A multiple activation key activates either individual computers or a group of computers by connecting directly to servers over the internet or by telephone. KMS, Active Directory based activation and subscription activation are bulk activation methods that work based on network proximity or joining to Active Directory or Azure Active Directory. The table below shows which methods can be used for each scenario.
+
+| Scenario | Ownership | MAK | KMS | AD based activation | Subscription Activation |
+|-|-|:-:|:-:|:-:|:-:|
+| **Workplace join (add work or school account)** | Personal (or student-owned) | X | | | |
+| **Azure AD Join** | Organization | X | X | | X |
+| **Hybrid Azure AD Join** | Organization | X | X | X | X |
+
+## Related links
+
+- [Windows 10 edition upgrade (Windows 10)](/windows/deployment/upgrade/windows-10-edition-upgrades)
+- [Windows 10/11 Subscription Activation](/windows/deployment/windows-10-subscription-activation)
+- [Equip Your Students with Windows 11 Education - Kivuto](https://kivuto.com/windows-11-student-use-benefit/)
+- [Upgrade Windows Home to Windows Pro (microsoft.com)](https://support.microsoft.com/windows/upgrade-windows-home-to-windows-pro-ef34d520-e73f-3198-c525-d1a218cc2818)
+- [Partner Center: Upgrade Education customers from Windows 10 Home to Windows 10 Education](/partner-center/upgrade-windows-to-education)

education/windows/set-up-school-pcs-whats-new.md

@@ -17,6 +17,14 @@ manager: dansimp
 # What's new in Set up School PCs
 Learn what’s new with the Set up School PCs app each week. Find out about new app features and functionality, see updated screenshots, and find information about past releases.   
 
+## Week of July 25, 2022
+
+### Reimage option for Windows 11 SE  
+Set up School PCs has added an option to reimage your Windows SE devices during the creation of a provisioning package. Previously, the process to reimage a device was specific to the OEM and required technical knowledge. The new reimaging feature in SUSPCs provides a unified way for all OEMs, using a simple and easy solution. Now you can plug in your USB stick with a Windows 11 SE image and a provisioning package on it, and your device will be reimaged before the provisioning package is installed on that device.  
+
+Note: If after you have reimaged the device, you notice there are missing drivers, the IT admin should manually add those drivers to the image. The SUSPC reimaging tool has been tested on Surface SE devices, but since there are a variety of SE devices, the SUSPC reimage tool has not been tested on all SE devices. Contact your OEM to learn more about the necessary drivers.  
+
+The option to reimage by getting the image from an OEM is still viable. 
 
 ## Week of August 24, 2020
 

education/windows/windows-11-se-overview.md

@@ -75,14 +75,13 @@ Windows 11 SE comes with some preinstalled apps. The following apps can also run
 |NonVisual Desktop Access	            |2021.3.1	|Win32    |NV Access|
 |NWEA Secure Testing Browser	        |5.4.300.0	 |Win32   |NWEA|
 |Pearson TestNav	                    |1.10.2.0	|Store    |Pearson|
-|Questar Secure Browser	                |4.8.3.376	|Win32    |Questar|
+|Questar Secure Browser	                |4.8.3.376	|Win32    |Questar, Inc|
 |ReadAndWriteForWindows	                |12.0.60.0	 |Win32   |Texthelp Ltd.|
 |Remote Desktop client (MSRDC)          |1.2.3213.0 |Win32 |Microsoft| 
 |Remote Help	                        |3.8.0.12	 |Win32   |Microsoft|
 |Respondus Lockdown Browser         	|2.0.8.05	 |Win32   |Respondus|
 |Safe Exam Browser                   	|3.3.2.413	  |Win32  |Safe Exam Browser|
 |Secure Browser	                    |14.0.0	   |Win32     |Cambium Development|
-|Secure Browser	                        |4.8.3.376	  |Win32  |Questar, Inc|
 |Senso.Cloud	                    |2021.11.15.0 |Win32|Senso.Cloud|
 |SuperNova Magnifier & Screen Reader	|21.02	     |Win32   |Dolphin Computer Access|
 |Zoom	                                |5.9.1 (2581)|Win32	|Zoom|

gdpr/TOC.yml

@@ -1,2 +0,0 @@
-- name: Index
-  href: index.md

gdpr/index.md

@@ -1,4 +0,0 @@
----
-ms.date: 09/21/2017
----
-# placeholder

smb/TOC.yml

@@ -1,5 +0,0 @@
-- name: Windows 10 for SMB
-  href: index.md
-  items: 
-    - name: "Get started: Deploy and manage a full cloud IT solution for your business"
-      href: cloud-mode-business-setup.md

smb/breadcrumb/toc.yml

@@ -1,12 +0,0 @@
-items:
-- name: Docs
-  tocHref: /
-  topicHref: /
-  items:
-    - name: Windows
-      tocHref: /windows
-      topicHref: /windows/resources/
-      items:
-      - name: SMB
-        tocHref: /windows/smb
-        topicHref: /windows/smb/index

smb/cloud-mode-business-setup.md

@@ -1,590 +0,0 @@
----
-title: Deploy and manage a full cloud IT solution for your business
-description: Learn how to set up a cloud infrastructure for your business, acquire devices and apps, and configure and deploy policies to your devices.
-keywords: smb, full cloud IT solution, small to medium business, deploy, setup, manage, Windows, Intune, Office 365
-ms.prod: w10
-ms.technology:
-ms.author: eravena
-audience: itpro
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: smb
-author: eavena
-ms.reviewer: 
-manager: dansimp
-ms.localizationpriority: medium
-ms.topic: conceptual
----
-
-# Get started: Deploy and manage a full cloud IT solution for your business
-
-![Learn how to set up a full cloud infrastructure for your business.](images/business-cloud-mode.png)
-
-**Applies to:**
-
--   Microsoft 365 Business Standard, Azure AD Premium, Intune, Microsoft Store for Business, Windows 10
-
-Are you ready to move your business to the cloud or wondering what it takes to make this happen with Microsoft cloud services and tools?
-
-In this walkthrough, we'll show you how to deploy and manage a full cloud IT solution for your small to medium business using Microsoft 365 Business Standard, Microsoft Azure AD, Intune, Microsoft Store for Business, and Windows 10. We'll show you the basics on how to:
-- Acquire a Microsoft 365 for business domain
-- Add Microsoft Intune and Azure Active Directory (AD) Premium licenses to your business tenant
-- Set up Microsoft Store for Business and manage app deployment and sync with Intune
-- Add users and groups in Azure AD and Intune
-- Create policies and app deployment rules
-- Log in as a user and start using your Windows device
-
-Go to [Microsoft 365 for business](https://www.microsoft.com/microsoft-365/business) to learn more about pricing and purchasing options for your business.
-
-## Prerequisites
-
-Here's a few things to keep in mind before you get started:
-
-- You'll need a registered domain to successfully go through the walkthrough.
-  - If you already own a domain, you can add this during the Office 365 setup.
-  - If you don't already own a domain, you can purchase a domain from the Microsoft 365 admin center. This walkthrough includes the steps.
-- You'll need an email address to create your Office 365 tenant.
-- We recommend that you use Internet Explorer for the entire walkthrough. Right select on Internet Explorer > **Start InPrivate Browsing**.
-
-## 1. Set up your cloud infrastructure
-To set up a cloud infrastructure for your organization, follow the steps in this section.
-
-### 1.1 Set up Office 365 for business
-
-See [Microsoft 365 admin center for business](/microsoft-365/admin) and [Microsoft 365 resources for nonprofits](https://www.microsoft.com/nonprofits/microsoft-365) to learn more about the setup steps for businesses and nonprofits who have Office 365. You can learn how to:
-- Plan your setup
-- Create Office 365 accounts and how to add your domain.
-- Install Office
-
-To set up your Microsoft 365 for business tenant, see [Get Started with Microsoft 365 for business](/microsoft-365/business-video/what-is-microsoft-365).
-
-If you're new at setting up Office 365, and you'd like to see how it's done, you can follow these steps to get started:
-
-1. Go to [Try or buy a Microsoft 365 for business subscription](/microsoft-365/commerce/try-or-buy-microsoft-365). In this walkthrough, we'll select **Try now**.
-
-   **Figure 1** - Try or buy Office 365
-
-   ![Office 365 for business sign up.](images/office365_tryorbuy_now.png)
-
-2. Fill out the sign up form and provide information about you and your company.
-3. Create a user ID and password to use to sign into your account.
-
-   This step creates an `onmicrosoft.com` email address. You can use this email address to sign in to the various admin centers. Save your sign-in info so you can use it to sign into [https://portal.office.com](https://portal.office.com) (the admin portal).
-
-4. Select **Create my account** and then enter the phone number you used in step 2 to verify your identity. You'll be asked to enter your verification code.
-5. Select **You're ready to go...** which will take you to the Microsoft 365 admin center.
-
-   > [!NOTE]  
-   > In the Microsoft 365 admin center, icons that are greyed out are still installing.
-
-   **Figure 2** - Microsoft 365 admin center
-
-   :::image type="content" alt-text="Opens the Microsoft 365 admin center." source="images/office365_portal.png":::
-
-
-6. Select the **Admin** tile to go to the admin center.
-7. In the admin center, click **Next** to see the highlights and welcome info for the admin center. When you're done, click **Go to setup** to complete the Office 365 setup.
-
-   This step can take up to a half hour to complete.
-  
-   **Figure 3** - Admin center
-
-   :::image type="content" alt-text="Complete the Office 365 setup in the Microsoft 365 admin center." source="images/office365_admin_portal.png":::
-
-
-8. Go back to the [admin center](https://portal.office.com/adminportal/home#/homepage) to add or buy a domain.
-   1. Select the **Domains** option.
-
-      **Figure 4** - Option to add or buy a domain
-
-      :::image type="content" alt-text="Add or buy a domain in admin center." source="images/office365_buy_domain.png":::
-    
-
-   2. In the **Home > Domains** page, you will see the Microsoft-provided domain, such as `fabrikamdesign.onmicrosoft.com`.
-
-      **Figure 5** - Microsoft-provided domain
-
-      :::image type="content" alt-text="Microsoft-provided domain." source="images/office365_ms_provided_domain.png":::
-
-      - If you already have a domain, select **+ Add domain** to add your existing domain. If you select this option, you'll be required to verify that you own the domain. Follow the steps in the wizard to verify your domain.
-      - If you don't already own a domain, select **+ Buy domain**. If you're using a trial plan, you'll be required to upgrade your trial plan in order to buy a domain. Choose the subscription plan to use for your business and provide the details to complete your order.
-
-      Once you've added your domain, you'll see it listed in addition to the Microsoft-provided onmicrosoft.com domain.
-
-      **Figure 6** - Domains
-
-      :::image type="content" alt-text="Verify your domains in the admin center." source="images/office365_additional_domain.png":::
-
-### 1.2 Add users and assign product licenses
-Once you've set up Office and added your domain, it's time to add users so they have access to Office 365. People in your organization need an account before they can sign in and access Office 365. The easiest way to add users is to add them one at a time in the Microsoft 365 admin center.
-
-When adding users, you can also assign admin privileges to certain users in your team. You'll also want to assign **Product licenses** to each user so that subscriptions can be assigned to the person.
-
-**To add users and assign product licenses**
-
-1. In the [admin center](https://portal.office.com/adminportal/home#/homepage), select **Users > Active users**.
-
-   **Figure 7** - Add users
-
-   :::image type="content" alt-text="Add Office 365 users." source="images/office365_users.png":::
-
-2. In the **Home > Active users** page, add users individually or in bulk.
-   - To add users one at a time, select **+ Add a user**.
-
-     If you select this option, you'll see the **New user** screen and you can add details about the new user including their name, user name, role, and so on. You also have the opportunity to assign **Product licenses**. For detailed step-by-step info on adding a user account, see [Add users and assign licenses at the same time](/microsoft-365/admin/add-users/add-users).
-
-     **Figure 8** - Add an individual user
-
-     :::image type="content" alt-text="Add an individual user." source="images/office365_add_individual_user.png":::
-
-   - To add multiple users at once, select **More** and then choose **+ Import multiple users**. If you select this option, you'll need to create and upload a CSV file containing the list of users.
-
-     The **Import multiple users** screen includes a link where you can learn more about importing multiple users and also links for downloading a sample CSV file (one with headers only and another with headers and sample user information). For detailed step-by-step info on adding multiple users to Office 365, see [Add users and assign licenses at the same time](/microsoft-365/admin/add-users/add-users). Once you've added all the users, don't forget to assign **Product licenses** to the new users.
-
-     **Figure 9** - Import multiple users
-
-     :::image type="content" alt-text="Import multiple users." source="images/office365_import_multiple_users.png":::
-
-3. Verify that all the users you added appear in the list of **Active users**. The **Status** should indicate the product licenses that were assigned to them.
-
-   **Figure 10** - List of active users
-
-   :::image type="content" alt-text="Verify users and assigned product licenses." source="images/o365_active_users.png":::
-
-### 1.3 Add Microsoft Intune
-Microsoft Intune provides mobile device management, app management, and PC management capabilities from the cloud. Using Intune, organizations can provide their employees with access to apps, data, and corporate resources from anywhere on almost any device while helping to keep corporate information secure. To learn more, see [Microsoft Intune is an MDM and MAM provider](/mem/intune/fundamentals/what-is-intune).
-
-**To add Microsoft Intune to your tenant**
-
-1. In the [admin center](https://portal.office.com/adminportal/home#/homepage), select **Billing > Purchase services**.
-2. In the **Home > Purchase services** screen, search for **Microsoft Intune**. Hover over **Microsoft Intune** to see the options to start a free 30-day trial or to buy now.
-3. Confirm your order to enable access to Microsoft Intune.
-4. In the admin center, the Intune licenses will show as available and ready to be assigned to users. Select **Users > Active users** and then edit the product licenses assigned to the users to turn on **Intune A Direct**.
-
-   **Figure 11** - Assign Intune licenses
-
-   :::image type="content" alt-text="Assign Microsoft Intune licenses to users." source="images/o365_assign_intune_license.png":::
-
-5. In the admin center, confirm that **Intune** shows up in the list under **Admin centers**. If it doesn't, sign out and then sign back in and then check again.
-6. Select **Intune**. This step opens the Endpoint Manager admin center.
-
-   **Figure 12** - Microsoft Intune management portal
-
-   :::image type="content" alt-text="Microsoft Intune management portal." source="images/intune_portal_home.png":::
-
-Intune should now be added to your tenant. We'll come back to Intune later when we [Configure Microsoft Store for Business for app distribution](#17-configure-microsoft-store-for-business-for-app-distribution).
-
-### 1.4 Add Azure AD to your domain
-Microsoft Azure is an open and flexible cloud platform that enables you to quickly build, deploy, and manage apps across a global network of Microsoft-managed datacenters. In this walkthrough, we won't be using the full power of Azure and we'll primarily use it to create groups that we then use for provisioning through Intune. 
-
-**To add Azure AD to your domain**
-
-1. In the [admin center](https://portal.office.com/adminportal/home#/homepage), select **Admin centers > Azure AD**.
-
-   > [!NOTE]
-   > You will need Azure AD Premium to configure automatic MDM enrollment with Intune.
-
-2. If you have not signed up for Azure AD before, you will see the following message. To proceed with the rest of the walkthrough, you need to activate an Azure subscription.
-
-   **Figure 13** - Access to Azure AD is not available
-
-   :::image type="content" alt-text="Access to Azure AD not available." source="images/azure_ad_access_not_available.png":::
-
-3. From the error message, select the country/region for your business. The region should match with the location you specified when you signed up for Office 365.
-4. Select **Azure subscription**. This step will take you to a free trial sign up screen.
-
-   **Figure 14** - Sign up for Microsoft Azure
-
-   :::image type="content" alt-text="Sign up for Microsoft Azure." source="images/azure_ad_sign_up_screen.png":::
-
-5. In the **Free trial sign up** screen, fill in the required information and then click **Sign up**.
-6. After you sign up, you should see the message that your subscription is ready. Click **Start managing my service**.
-
-   **Figure 15** - Start managing your Azure subscription
-
-   :::image type="content" alt-text="Start managing your Azure subscription." source="images/azure_ad_successful_signup.png":::
-
-   This step will take you to the [Microsoft Azure portal](https://portal.azure.com).
-
-### 1.5 Add groups in Azure AD
-This section is the walkthrough is optional. However, we recommend that you create groups in Azure AD to manage access to corporate resources, such as apps, policies and settings, and so on. For more information, see [Managing access to resources with Azure Active Directory groups](/azure/active-directory/active-directory-manage-groups.
-
-To add Azure AD group(s), use the [Microsoft Azure portal](https://portal.azure.com). See [Managing groups in Azure Active Directory](/azure/active-directory/active-directory-accessmanagement-manage-groups) for more information about managing groups.
-
-**To add groups in Azure AD**
-
-1. If this is the first time you're setting up your directory, when you navigate to the **Azure Active Directory** node, you will see a screen informing you that your directory is ready for use.
-
-   Afterwards, you should see a list of active directories. In the following example, **Fabrikam Design** is the active directory.
-
-   **Figure 16** - Azure first sign-in screen
-
-   :::image type="content" alt-text="Select Azure AD." source="images/azure_portal_classic_configure_directory.png":::
-
-2. Select the directory (such as Fabrikam Design) to go to the directory's home page.
-
-   **Figure 17** - Directory home page
-
-   :::image type="content" alt-text="Directory home page." source="images/azure_portal_classic_directory_ready.png":::
-
-3. From the menu options on top, select **Groups**.
-
-   **Figure 18** - Azure AD groups
-
-   :::image type="content" alt-text="Add groups in Azure AD." source="images/azure_portal_classic_groups.png":::
-
-4. Select **Add a group** (from the top) or **Add group** at the bottom.
-5. In the **Add Group** window, add a name, group type, and description for the group and click the checkmark to save your changes. The new group will appear on the groups list.
-
-   **Figure 19** - Newly added group in Azure AD
-
-   :::image type="content" alt-text="Verify the new group appears on the list." source="images/azure_portal_classic_all_users_group.png":::
-
-6. In the **Groups** tab, select the arrow next to the group (such as **All users**), add members to the group, and then save your changes.
-
-   The members that were added to the group will appear on the list.
-
-   **Figure 20** - Members in the new group
-
-   :::image type="content" alt-text="Members added to the new group." source="images/azure_portal_classic_members_added.png":::
-
-7. Repeat steps 2-6 to add other groups. You can add groups based on their roles in your company, based on the apps that each group can use, and so on.
-
-### 1.6 Configure automatic MDM enrollment with Intune
-Now that you have Azure AD Premium and have it properly configured, you can configure automatic MDM enrollment with Intune, which allows users to enroll their Windows devices into Intune management, join their devices directly to Azure AD, and get access to Office 365 resources after sign in.
-
-You can read the [Windows 10, Azure AD and Microsoft Intune blog post](https://blogs.technet.microsoft.com/enterprisemobility/2015/08/14/windows-10-azure-ad-and-microsoft-intune-automatic-mdm-enrollment-powered-by-the-cloud/) to learn how you can combine login, Azure AD Join, and Intune MDM enrollment into an easy step so that you can bring your devices into a managed state that complies with the policies for your organization. We will use this blog post as our guide for this part of the walkthrough.
-
-> [!IMPORTANT]
-> We will use the classic Azure portal instead of the new portal to configure automatic MDM enrollment with Intune.
-
-**To enable automatic MDM enrollment**
-
-1. In the Azure portal, click on your company's Azure Active Directory to go back to the main window. Select **Applications** from the list of directory menu options. 
-
-   The list of applications for your company will appear. **Microsoft Intune** will be one of the applications on the list.
-
-   **Figure 21** - List of applications for your company
-
-   :::image type="content" alt-text="List of applications for your company." source="images/azure_portal_classic_applications.png":::
-
-2. Select **Microsoft Intune** to configure the application.
-3. In the Microsoft Intune configuration page, click **Configure** to start automatic MDM enrollment configuration with Intune.
-
-   **Figure 22** - Configure Microsoft Intune in Azure
-
-   :::image type="content" alt-text="Configure Microsoft Intune in Azure." source="images/azure_portal_classic_configure_intune_app.png":::
-
-4. In the Microsoft Intune configuration page:
-   - In the **Properties** section, you should see a list of URLs for MDM discovery, MDM terms of use, and MDM compliance.
-
-     > [!NOTE]  
-     > The URLs are automatically configured for your Azure AD tenant so you don't need to change them.
-
-   - In the **Manage devices for these users** section, you can specify which users' devices should be managed by Intune.
-     - **All** will enable all users' Windows 10 devices to be managed by Intune.
-     - **Groups** let you select whether only users that belong to a specific group will have their devices managed by Intune.
-
-     > [!NOTE]  
-     > In this step, choose the group that contains all the users in your organization as members. This is the **All** group.
-
-5. After you've chosen how to manage devices for users, select **Save** to enable automatic MDM enrollment with Intune.
-
-   **Figure 23** - Configure Microsoft Intune
-
-   :::image type="content" alt-text="Configure automatic MDM enrollment with Intune." source="images/azure_portal_classic_configure_intune_mdm_enrollment.png":::
-
-### 1.7 Configure Microsoft Store for Business for app distribution
-Next, you'll need to configure Microsoft Store for Business to distribute apps with a management tool such as Intune.
-
-In this part of the walkthrough, use the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and [Microsoft Store for Business](https://businessstore.microsoft.com/Store/Apps).
-
-**To associate your Store account with Intune and configure synchronization**
-
-1. Sign in to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
-2. In the **Administration** workspace, click **Mobile Device Management**. If this is the first item you're using the portal, click **manage mobile devices** in the **Mobile Device Management** window. The page will refresh and you'll have new options under **Mobile Device Management**.
-
-   **Figure 24** - Mobile device management
-
-   :::image type="content" alt-text="Set up mobile device management in Intune." source="images/intune_admin_mdm_configure.png":::
-
-3. Sign into [Microsoft Store for Business](https://businessstore.microsoft.com/Store/Apps) using the same tenant account that you used to sign into Intune.
-4. Accept the EULA.
-5. In the Store portal, select **Settings > Management tools** to go to the management tools page.
-6. In the **Management tools** page, find **Microsoft Intune** on the list and click **Activate** to get Intune ready to use with Microsoft Store for Business.
-
-   **Figure 25** - Activate Intune as the Store management tool
-
-   :::image type="content" alt-text="Activate Intune from the Store portal." source="images/wsfb_management_tools_activate.png":::
-
-7. Go back to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), select **Admin > Mobile Device Management**, expand **Windows**, and then choose **Store for Business**.
-8. In the **Microsoft Store for Business** page, select **Configure Sync** to sync your Store for Business volume-purchased apps with Intune.
-
-   **Figure 26** - Configure Store for Business sync in Intune
-
-   :::image type="content" alt-text="Configure Store for Business sync in Intune." source="images/intune_admin_mdm_store_sync.png":::
-
-9. In the **Configure Microsoft Store for Business app sync** dialog box, check **Enable Microsoft Store for Business sync**. In the **Language** dropdown list, choose the language in which you want apps from the Store to be displayed in the Intune console and then click **OK**.
-
-   **Figure 27** - Enable Microsoft Store for Business sync in Intune
-
-   :::image type="content" alt-text="Enable Store for Business sync in Intune." source="images/intune_configure_store_app_sync_dialog.png":::
-
-   The **Microsoft Store for Business** page will refresh and it will show the details from the sync.
-
-**To buy apps from the Store**
-
-In your [Microsoft Store for Business portal](https://businessstore.microsoft.com/Store/Apps), you can see the list of apps that you own by going to **Manage > Inventory**. You should see the following apps in your inventory:
-- Sway
-- OneNote
-- PowerPoint Mobile
-- Excel Mobile
-- Word Mobile
-
-In the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), select **Apps > Apps > Volume-Purchased Apps** and verify that you can see the same list of apps appear on Intune.
-
-In the following example, we'll show you how to buy apps through the Microsoft Store for Business and then make sure the apps appear on Intune.
-
-**Example 1 - Add other apps like Reader and InstaNote**
-
-1. In the [Microsoft Store for Business portal](https://businessstore.microsoft.com/Store/Apps), click **Shop**, scroll down to the **Made by Microsoft** category, and click **Show all** to see all the Microsoft apps in the list.
-
-   **Figure 28** - Shop for Store apps
-
-   :::image type="content" alt-text="Shop for Store apps." source="images/wsfb_shop_microsoft_apps.png":::
-
-2. Click to select an app, such as **Reader**. This opens the app page.
-3. In the app's Store page, click **Get the app**. You should see a dialog that confirms your order. Click **Close**. This will refresh the app's Store page.
-4. In the app's Store page, click **Add to private store**.
-5. Next, search for another app by name (such as **InstaNote**) or repeat steps 1-4 for the **InstaNote** app.
-6. Go to **Manage > Inventory** and verify that the apps you purchased appear in your inventory.
-
-   **Figure 29** - App inventory shows the purchased apps
-
-   :::image type="content" alt-text="Confirm that your inventory shows purchased apps." source="images/wsfb_manage_inventory_newapps.png":::
-
-   > [!NOTE]
-   > Sync happens automatically, but it may take up to 24 hours for your organization's private store and 12 hours for Intune to sync all your purchased apps. You can force a sync to make this process happen faster. For more info, see [To sync recently purchased apps](#forceappsync).
-
-**<a name="forceappsync"></a>To sync recently purchased apps**
-
-If you need to sync your most recently purchased apps and have it appear in your catalog, you can do this by forcing a sync.
-
-1. In the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), select **Admin > Mobile Device Management > Windows > Store for Business**.
-2. In the **Microsoft Store for Business** page, click **Sync now** to force a sync.
-
-   **Figure 30** - Force a sync in Intune
-
-   :::image type="content" alt-text="Force a sync in Intune." source="images/intune_admin_mdm_forcesync.png":::
-
-**To view purchased apps**
-- In the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), select **Apps > Apps** and then choose **Volume-Purchased Apps** to see the list of available apps. Verify that the apps you purchased were imported correctly.
-
-**To add more apps**
-- If you have other apps that you want to deploy or manage, you must add it to Microsoft Intune. To deploy Win32 apps and Web links, see [Add apps to Microsoft Intune](/mem/intune/apps/apps-add) for more info on how to do this.
-
-## 2. Set up devices
-
-### 2.1 Set up new devices
-To set up new Windows devices, go through the Windows initial device setup or first-run experience to configure your device.
-
-**<a name="usewindowsoobe"></a>To set up a device**
-1. Go through the Windows device setup experience. On a new or reset device, this starts with the **Hi there** screen on devices running Windows 10, version 1607 (Anniversary Update). The setup lets you:
-   - Fill in the details in the **Hi there** screen including your home country/region, preferred language, keyboard layout, and timezone
-   - Accept the EULA
-   - Customize the setup or use Express settings
-
-   **Figure 31** - First screen in Windows device setup
-
-   :::image type="content" alt-text="First screen in Windows device setup." source="images/win10_hithere.png":::
-
-   > [!NOTE]  
-   > During setup, if you don't have a Wi-Fi network configured, make sure you connect the device to the Internet through a wired/Ethernet connection.
-
-2. In the **Who owns this PC?** screen, select **My work or school owns it** and click **Next**.
-3. In the **Choose how you'll connect** screen, select **Join Azure Active Directory** and click **Next**.
-
-   **Figure 32** - Choose how you'll connect your Windows device
-
-   :::image type="content" alt-text="Choose how you'll connect the Windows device." source="images/win10_choosehowtoconnect.png":::
-
-4. In the **Let's get you signed in** screen, sign in using a user account you added in section [1.2 Add users and assign product licenses](#12-add-users-and-assign-product-licenses). We suggest signing in as one of the global administrators. Later, sign in on another device using one of the non-admin accounts.
-
-   **Figure 33** - Sign in using one of the accounts you added
-
-   :::image type="content" alt-text="Sign in using one of the accounts you added." source="images/win10_signin_admin_account.png":::
-
-5. If this is the first time you're signing in, you will be asked to update your password. Update the password and continue with sign-in and setup.
-
-   Windows will continue with setup and you may be asked to set up a PIN for Windows Hello if your organization has it enabled.
-
-### 2.2 Verify correct device setup
-Verify that the device is set up correctly and boots without any issues.
-
-**To verify that the device was set up correctly**
-1. Click on the **Start** menu and select some of the options to make sure everything opens properly.
-2. Confirm that the Store and built-in apps are working.
-
-### 2.3 Verify the device is Azure AD joined
-In the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), verify that the device is joined to Azure AD and shows up as being managed in Microsoft Intune.
-
-**To verify if the device is joined to Azure AD**
-1. Check the device name on your PC. On your Windows PC, select **Settings > System > About** and then check **PC name**.
-
-   **Figure 34** - Check the PC name on your device
-
-   :::image type="content" alt-text="Check the PC name on your device." source="images/win10_settings_pcname.png":::
-  
-2. Sign in to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
-3. Select **Groups** and then go to **Devices**.
-4. In the **All Devices** page, look at the list of devices and select the entry that matches the name of your PC. 
-   - Check that the device name appears in the list. Select the device and it will also show the current logged-in user in the **General Information** section.
-   - Check the **Management Channel** column and confirm that it says **Managed by Microsoft Intune**.
-   - Check the **AAD Registered** column and confirm that it says **Yes**.
-
-   **Figure 35** - Check that the device appears in Intune
-
-   :::image type="content" alt-text="Check that the device appears in Intune." source="images/intune_groups_devices_list.png":::
-
-## 3. Manage device settings and features
-You can use Microsoft Intune admin settings and policies to manage features on your organization's mobile devices and computers. For more info, see [Manage settings and features on your devices with Microsoft Intune policies](/mem/intune/configuration/device-profiles).
-
-In this section, we'll show you how to reconfigure app deployment settings and add a new policy that will disable the camera for the Intune-managed devices and turn off Windows Hello and PINs during setup.
-
-### 3.1 Reconfigure app deployment settings
-In some cases, if an app is missing from the device, you need to reconfigure the deployment settings for the app and set the app to require installation as soon as possible.
-
-**To reconfigure app deployment settings**
-1. In the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), select **Apps** and go to **Apps > Volume-Purchased Apps**.
-2. Select the app, right-click, then select **Manage Deployment...**.
-3. Select the group(s) whose apps will be managed, and then click **Add** to add the group.
-4. Click **Next** at the bottom of the app deployment settings window or select **Deployment Action** on the left column to check the deployment settings for the app.
-5. For each group that you selected, set **Approval** to **Required Install**. This step automatically sets **Deadline** to **As soon as possible**. If **Deadline** is not automatically set, set it to **As soon as possible**.
-
-   **Figure 36** - Reconfigure an app's deployment setting in Intune
-
-   :::image type="content" alt-text="Reconfigure app deployment settings in Intune." source="images/intune_apps_deploymentaction.png":::
-
-6. Click **Finish**.
-7. Repeat steps 2-6 for other apps that you want to deploy to the device(s) as soon as possible.
-8. Verify that the app shows up on the device using the following steps:
-   - Make sure you're logged in to the Windows device.
-   - Click the **Start** button and check the apps that appear in the **Recently added** section. If you don't see the apps that you deployed in Intune, give it a few minutes. Only apps that aren't already deployed on the device will appear in the **Recently added** section.
-
-     **Figure 37** - Confirm that additional apps were deployed to the device
-
-     :::image type="content" alt-text="Confirm that additional apps were deployed to the device." source="images/win10_deploy_apps_immediately.png":::
-
-### 3.2 Configure other settings in Intune
-
-**To disable the camera**
-1. In the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), select **Devices > Configuration Policies**.
-2. In the **Policies** window, click **Add** to create a new policy.
-3. On the **Create a New Policy** page, click **Windows** to expand the group, select **General Configuration (Windows 10 Desktop and Mobile and later)**, choose **Create and Deploy a Custom Policy**, and then click **Create Policy**.
-4. On the **Create Policy** page, select **Device Capabilities**.
-5. In the **General** section, add a name and description for this policy. For example:
-   - **Name**: Test Policy - Disable Camera
-   - **Description**: Disables the camera
-6. Scroll down to the **Hardware** section, find **Allow camera is not configured**, toggle the button so that it changes to **Allow camera** and choose **No** from the dropdown list.
-
-   **Figure 38** - Add a configuration policy
-
-   :::image type="content" alt-text="Add a configuration policy." source="images/intune_policy_disablecamera.png":::
-
-7. Click **Save Policy**. A confirmation window will pop up.
-8. On the **Deploy Policy** confirmation window, select **Yes** to deploy the policy now.
-9. On the **Management Deployment** window, select the user group(s) or device group(s) that you want to apply the policy to (for example, **All Users**), and then click **Add**. 
-10. Click **OK** to close the window. 
-
-    **Figure 39** - The new policy should appear in the **Policies** list.
-
-    :::image type="content" alt-text="New policy appears on the list." source="images/intune_policies_newpolicy_deployed.png":::
-
-**To turn off Windows Hello and PINs during device setup**
-1. Go to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
-2. Go to **Mobile Device Management > Windows > Windows Hello for Business**.
-3. In the **Windows Hello for Business** page, select **Disable Windows Hello for Business on enrolled devices**.
-
-   **Figure 40** - Policy to disable Windows Hello for Business
-
-   :::image type="content" alt-text="Disable Windows Hello for Business." source="images/intune_policy_disable_windowshello.png":::
-
-4. Click **Save**.
-
-   > [!NOTE]
-   > This policy is a tenant-wide Intune setting. It disables Windows Hello and required PINs during setup for all enrolled devices in a tenant.
-
-To test whether these policies get successfully deployed to your tenant, go through [4. Add more devices and users](#4-add-more-devices-and-users) and setup another Windows device and login as one of the users. 
-
-## 4. Add more devices and users
-After your cloud infrastructure is set up and you have a device management strategy in place, you may need to add more devices or users and you want the same policies to apply to these new devices and users. In this section, we'll show you how to do this.
-
-### 4.1 Connect other devices to your cloud infrastructure
-Adding a new device to your cloud-based tenant is easy. For new devices, you can follow the steps in [2. Set up devices](#2-set-up-devices). 
-
-For other devices, such as those personally-owned by employees who need to connect to the corporate network to access corporate resources (BYOD), you can follow the steps in this section to get these devices connected.
-
-  > [!NOTE]
-  > These steps enable users to get access to the organization's resources, but it also gives the organization some control over the device.
-
-**To connect a personal device to your work or school**
-1. On your Windows device, go to **Settings > Accounts**.
-2. Select **Access work or school** and then click **Connect** in the **Connect to work or school** page.
-3. In the **Set up a work or school account** window, click **Join this device to Azure Active Directory** to add an Azure AD account to the device.
-
-   **Figure 41** - Add an Azure AD account to the device
-
-   :::image type="content" alt-text="Add an Azure AD account to the device." source="images/win10_add_new_user_join_aad.png":::
-
-4. In the **Let's get you signed in** window, enter the work credentials for the account and then click **Sign in** to authenticate the user.
-
-   **Figure 42** - Enter the account details
-
-   :::image type="content" alt-text="Enter the account details." source="images/win10_add_new_user_account_aadwork.png":::
-
-5. You will be asked to update the password so enter a new password.
-6. Verify the details to make sure you're connecting to the right organization and then click **Join**.
-
-   **Figure 43** - Make sure this is your organization
-
-   :::image type="content" alt-text="Make sure this is your organization." source="images/win10_confirm_organization_details.png":::
-
-7. You will see a confirmation window that says the device is now connected to your organization. Click **Done**.
-
-   **Figure 44** - Confirmation that the device is now connected
-
-   :::image type="content" alt-text="Confirmation that the device is now connected." source="images/win10_confirm_device_connected_to_org.png":::
-
-8. The **Connect to work or school** window will refresh and will now include an entry that shows you're connected to your organization's Azure AD. This means the device is now registered in Azure AD and enrolled in MDM and the account should have access to the organization's resources.
-
-   **Figure 45** - Device is now enrolled in Azure AD
-
-   :::image type="content" alt-text="Device is enrolled in Azure AD." source="images/win10_device_enrolled_in_aad.png":::
-
-9. You can confirm that the new device and user are showing up as Intune-managed by going to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and following the steps in [2.3 Verify the device is Azure AD joined](#23-verify-the-device-is-azure-ad-joined). It may take several minutes before the new device shows up so check again later.
-
-### 4.2 Add a new user
-You can add new users to your tenant simply by adding them to the Microsoft 365 groups. Adding new users to Microsoft 365 groups automatically adds them to the corresponding groups in Microsoft Intune.
-
-See [Add users to Office 365](/microsoft-365/admin/add-users/add-users) to learn more. Once you're done adding new users, go to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and verify that the same users were added to the Intune groups as well.
-
-## Get more info
-
-### For IT admins
-To learn more about the services and tools mentioned in this walkthrough, and learn what other tasks you can do, follow these links:
-- [Set up Office 365 for business](/microsoft-365/admin/setup)
-- Common admin tasks in Office 365 including email and OneDrive in [Manage Office 365](/microsoft-365/admin/)
-- More info about managing devices, apps, data, troubleshooting, and more in the [Intune documentation](/mem/intune/)
-- Learn more about Windows client in the [Windows client documentation for IT Pros](/windows/resources/).
-- Info about distributing apps to your employees, managing apps, managing settings, and more in [Microsoft Store for Business](/microsoft-store/)
-
-### For information workers
-Whether it's in the classroom, getting the most out of your devices, or learning some of the cool things you can do, we've got teachers covered. Follow these links for more info:
-
-- [Office Help & Training](https://support.microsoft.com/office)
-- [Windows help & learning](https://support.microsoft.com/windows)
-
-## Related topics
-
-- [Windows for business](https://www.microsoft.com/windows/business)
-- [Microsoft 365 for business](https://www.microsoft.com/microsoft-365/business)

smb/includes/smb-content-updates.md

@@ -2,9 +2,10 @@
 
 
 
-## Week of December 13, 2021
+## Week of July 18, 2022
 
 
 | Published On |Topic title | Change |
 |------|------------|--------|
-| 12/14/2021 | [Deploy and manage a full cloud IT solution for your business](/windows/smb/cloud-mode-business-setup) | modified |
+| 7/22/2022 | Deploy and manage a full cloud IT solution for your business | removed |
+| 7/22/2022 | Windows 10/11 for small to midsize businesses | removed |

smb/index.md

@@ -1,53 +0,0 @@
----
-title: Windows 10/11 for small to midsize businesses
-description: Microsoft products and devices to transform and grow your businessLearn how to use Windows 10 for your small to midsize business.
-keywords: Windows 10, Windows 11, SMB, small business, midsize business, business
-ms.prod: w10
-ms.technology: 
-ms.topic: article
-ms.author: dansimp
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: smb
-author: dansimp
-ms.localizationpriority: medium
-manager: dansimp
-audience: itpro
----
-
-# Windows 10/11 for Small and Medium Business (SMB)
-
-![Windows 10 for SMB.](images/smb_portal_banner.png)
-
-## ![Learn more about Windows and other resources for SMBs.](images/learn.png) Learn
-
-**[Windows for business](https://www.microsoft.com/windows/business)**
-
-Learn how Windows can help your business be more productive, collaborate better, and be more secure.
-
-**[Bing Pages](https://www.microsoft.com/bing/bing-pages-overview)**
-
-Use Bing to grow your business and enhance your brand online.
-
-**[Customer stories](https://customers.microsoft.com/)**
-
-Read about the latest stories and technology insights.
-
-**[SMB Blog](https://techcommunity.microsoft.com/t5/small-and-medium-business-blog/bg-p/Microsoft365BusinessBlog)**
-
-Read about business strategies and collaborations with SMBs.
-
-**[Business Solutions and Technology](https://www.microsoft.com/store/b/business)**
-
-Learn more about Microsoft products, or when you're ready to buy products and services to help transform your business.
-
-## ![Deploy a Microsoft solution for your business.](images/deploy.png) Deploy
-
-**[Get started: Deploy and manage a full cloud IT solution for your business](cloud-mode-business-setup.md)**
-
-Using Microsoft cloud services and tools, it can be easy to deploy and manage a full cloud IT solution for your small to midsize business.
-
-## Related articles
-
-- [Windows for business](https://www.microsoft.com/windows/business)
-- [Microsoft 365 for business](https://www.microsoft.com/microsoft-365/business)

windows/client-management/mdm/universalprint-csp.md

@@ -15,18 +15,18 @@ manager: dougeby
 
 The table below shows the applicability of Windows:
 
-|Edition|Windows 11|
-|--- |--- |
-|Home|No|
-|Pro|Yes|
-|Windows SE|Yes|
-|Business|Yes|
-|Enterprise|Yes|
-|Education|Yes|
+|Edition|Windows 11|Windows 10|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Windows SE|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
 
 The UniversalPrint configuration service provider (CSP) is used to add Universal Print-compatible printers to Windows client endpoints. Universal Print is a cloud-based printing solution that runs entirely in Microsoft Azure. It doesn't require any on-premises infrastructure. For more specific information, go to [What is Universal Print](/universal-print/fundamentals/universal-print-whatis).
 
-This CSP was added in Windows 11.
+This CSP was added in Windows 11 and in Windows 10 21H2 July 2022 update [KB5015807](https://support.microsoft.com/topic/july-12-2022-kb5015807-os-builds-19042-1826-19043-1826-and-19044-1826-8c8ea8fe-ec83-467d-86fb-a2f48a85eb41).
 
 The following example shows the UniversalPrint configuration service provider in tree format.