diff --git a/windows/application-management/media/cmd-type.png b/windows/application-management/media/cmd-type.png
new file mode 100644
index 0000000000..a6c13e8c7c
Binary files /dev/null and b/windows/application-management/media/cmd-type.png differ
diff --git a/windows/application-management/per-user-services-in-windows.md b/windows/application-management/per-user-services-in-windows.md
index 69b7933f18..7e6bf874fa 100644
--- a/windows/application-management/per-user-services-in-windows.md
+++ b/windows/application-management/per-user-services-in-windows.md
@@ -67,8 +67,6 @@ In light of these restrictions, you can use the following methods to manage per-
 
 You can manage the CDPUserSvc and OneSyncSvc per-user services with a [security template](/windows/device-security/security-policy-settings/administer-security-policy-settings#bkmk-sectmpl). See [Administer security policy settings](/windows/device-security/security-policy-settings/administer-security-policy-settings) for more information.
 
-device-security/security-policy-settings/administer-security-policy-settings
-
 For example: 
 
 ```
@@ -113,8 +111,8 @@ If a per-user service can't be disabled using a the security template, you can d
 
 ### Managing Template Services with reg.exe
 
-If you cannot use GPP to manage the per-user services you can edit the registry with reg.exe. 
-To disable the Template Services change the Startup Type for each service to 4 (disabled). 
+If you cannot use Group Policy Preferences to manage the per-user services, you can edit the registry with reg.exe. 
+To disable the Template Services, change the Startup Type for each service to 4 (disabled). 
 For example:
 
 ```code
@@ -173,4 +171,10 @@ For example, you might see the following per-user services listed in the Service
 - ContactData_443f50
 - Sync Host_443f50
 - User Data Access_443f50
-- User Data Storage_443f50
\ No newline at end of file
+- User Data Storage_443f50
+
+## View per-user services from the command line
+
+You can query the service configuration from the command line. The **Type** value indicates whether the service is a user-service template or user-service instance.
+
+![Use sc.exe to view service type](media/cmd-type.png)
diff --git a/windows/client-management/mdm/devicestatus-csp.md b/windows/client-management/mdm/devicestatus-csp.md
index df99bcf53d..25e45dfb80 100644
--- a/windows/client-management/mdm/devicestatus-csp.md
+++ b/windows/client-management/mdm/devicestatus-csp.md
@@ -7,7 +7,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 11/01/2017
+ms.date: 03/12/2018
 ---
 
 # DeviceStatus CSP
@@ -132,6 +132,15 @@ Added in Windows, version 1607. String that specifies the OS edition.
 
 Supported operation is Get.
 
+<a href="" id="devicestatus-os-mode"></a>**DeviceStatus/OS/Mode**  
+Added in Windows, version 1803. Read only node that specifies the device mode.
+
+Valid values:  
+-  0 - the device is in standard configuration
+-  1 - the device is in S mode configuration
+
+Supported operation is Get.
+
 <a href="" id="devicestatus-antivirus"></a>**DeviceStatus/Antivirus**  
 Added in Windows, version 1607. Node for the antivirus query.
 
diff --git a/windows/client-management/mdm/devicestatus-ddf.md b/windows/client-management/mdm/devicestatus-ddf.md
index 08187de0a3..7e4a7a5933 100644
--- a/windows/client-management/mdm/devicestatus-ddf.md
+++ b/windows/client-management/mdm/devicestatus-ddf.md
@@ -7,7 +7,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 12/05/2017
+ms.date: 03/12/2018
 ---
 
 # DeviceStatus DDF
@@ -17,7 +17,7 @@ This topic shows the OMA DM device description framework (DDF) for the **DeviceS
 
 Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
 
-The XML below is for Windows 10, version 1709.
+The XML below is for Windows 10, version 1803.
 
 ``` syntax
 <?xml version="1.0" encoding="UTF-8"?>
@@ -469,6 +469,27 @@ The XML below is for Windows 10, version 1709.
               </DFType>
             </DFProperties>
           </Node>
+          <Node>
+            <NodeName>Mode</NodeName>
+            <DFProperties>
+              <AccessType>
+                <Get />
+              </AccessType>
+              <DefaultValue>Not available</DefaultValue>
+              <DFFormat>
+                <chr />
+              </DFFormat>
+              <Occurrence>
+                <One />
+              </Occurrence>
+              <Scope>
+                <Permanent />
+              </Scope>
+              <DFType>
+                <MIME>text/plain</MIME>
+              </DFType>
+            </DFProperties>
+          </Node>
         </Node>
         <Node>
           <NodeName>Antivirus</NodeName>
diff --git a/windows/client-management/mdm/images/provisioning-csp-devicestatus.png b/windows/client-management/mdm/images/provisioning-csp-devicestatus.png
index 76c746d95f..520d58a825 100644
Binary files a/windows/client-management/mdm/images/provisioning-csp-devicestatus.png and b/windows/client-management/mdm/images/provisioning-csp-devicestatus.png differ
diff --git a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
index 62bdf664f0..375d058557 100644
--- a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
+++ b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
@@ -1411,6 +1411,13 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
 </ul>
 </td></tr>
 <tr>
+<td style="vertical-align:top">[DeviceStatus CSP](devicestatus-csp.md)</td>
+<td style="vertical-align:top"><p>Added the following node in Windows 10, version 1803:</p>
+<ul>
+<li>OS/Mode</li>
+</ul>
+</td></tr>
+<tr>
 <td style="vertical-align:top">[Understanding ADMX-backed policies](understanding-admx-backed-policies.md)</td>
 <td style="vertical-align:top"><p>Added the following videos:</p>
 <ul>
diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md
index 6f733c2214..204daddb5b 100644
--- a/windows/client-management/mdm/policy-configuration-service-provider.md
+++ b/windows/client-management/mdm/policy-configuration-service-provider.md
@@ -498,6 +498,9 @@ The following diagram shows the Policy configuration service provider in tree fo
   <dd>
     <a href="./policy-csp-browser.md#browser-preventsmartscreenpromptoverrideforfiles" id="browser-preventsmartscreenpromptoverrideforfiles">Browser/PreventSmartScreenPromptOverrideForFiles</a>
   </dd>
+  <dd>
+    <a href="./policy-csp-browser.md#browser-preventtabpreloading" id="browser-preventtabpreloading">Browser/PreventTabPreloading</a>
+  </dd>
   <dd>
     <a href="./policy-csp-browser.md#browser-preventusinglocalhostipaddressforwebrtc" id="browser-preventusinglocalhostipaddressforwebrtc">Browser/PreventUsingLocalHostIPAddressForWebRTC</a>
   </dd>
diff --git a/windows/client-management/mdm/policy-csp-browser.md b/windows/client-management/mdm/policy-csp-browser.md
index ccafd7cbed..79d91ff2dc 100644
--- a/windows/client-management/mdm/policy-csp-browser.md
+++ b/windows/client-management/mdm/policy-csp-browser.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 03/12/2018
+ms.date: 03/13/2018
 ---
 
 # Policy CSP - Browser
@@ -117,6 +117,9 @@ ms.date: 03/12/2018
   <dd>
     <a href="#browser-preventsmartscreenpromptoverrideforfiles">Browser/PreventSmartScreenPromptOverrideForFiles</a>
   </dd>
+  <dd>
+    <a href="#browser-preventtabpreloading">Browser/PreventTabPreloading</a>
+  </dd>
   <dd>
     <a href="#browser-preventusinglocalhostipaddressforwebrtc">Browser/PreventUsingLocalHostIPAddressForWebRTC</a>
   </dd>
@@ -2150,6 +2153,58 @@ The following list shows the supported values:
 
 <hr/>
 
+<!--Policy-->
+<a href="" id="browser-preventtabpreloading"></a>**Browser/PreventTabPreloading**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td></td>
+	<td></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Added in Windows 10, version 1803. This is only a placeholder. Do not use in production code. 
+
+<!--/Description-->
+
+<!--SupportedValues-->
+The following list shows the supported values:
+
+-   0 (default) – Allow pre-launch and preload.
+-   1 – Prevent pre-launch and preload.
+
+<!--/SupportedValues-->
+<!--/Policy-->
+
+<hr/>
+
 <!--Policy-->
 <a href="" id="browser-preventusinglocalhostipaddressforwebrtc"></a>**Browser/PreventUsingLocalHostIPAddressForWebRTC**  
 
diff --git a/windows/security/threat-protection/windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md
index b30883b882..9f225964af 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md
@@ -50,7 +50,7 @@ PUAs are blocked when a user attempts to download or install the detected file,
 - The file is being scanned from the browser
 - The file is in a folder with "**downloads**" in the path
 - The file is in a folder with "**temp**" in the path
-- The file is on the user's Dekstop
+- The file is on the user's Desktop
 - The file does not meet one of these conditions and is not under *%programfiles%*, *%appdata%*, or *%windows%*
 
 The file is placed in the quarantine section so it won't run.