Merge branch 'master' into vs-diagnosticdataviewer

bcs/index.md

@@ -733,7 +733,7 @@ ms.date: 11/01/2017
                                 </div>
                             </li>
                             <li>
-                                <a href="http://videoplayercdn.osi.office.net/embed/0705c337-f3e8-4d28-bb6c-530cd28e99f2_1280x720_3400.mp4" target="_blank">
+                                <a href="http://videoplayercdn.osi.office.net/embed/0705c337-f3e8-4d28-bb6c-530cd28e99f2" target="_blank">
                                     <div class="cardSize">
                                         <div class="cardPadding">
                                             <div class="card">
@@ -752,7 +752,7 @@ ms.date: 11/01/2017
                                 </a>
                             </li>
                             <li>
-                                <a href="http://videoplayercdn.osi.office.net/embed/a5734146-620a-4cec-8618-536b3ca37972_1280x720_3400.mp4" target="_blank">
+                                <a href="http://videoplayercdn.osi.office.net/embed/a5734146-620a-4cec-8618-536b3ca37972" target="_blank">
                                     <div class="cardSize">
                                         <div class="cardPadding">
                                             <div class="card">
@@ -771,7 +771,7 @@ ms.date: 11/01/2017
                                 </a>
                             </li> 
                             <li>
-                                <a href="http://videoplayercdn.osi.office.net/embed/e0ee7052-e0f4-4c42-a4f1-5e91b9776ce9_1280x720_3400.mp4" target="_blank">
+                                <a href="http://videoplayercdn.osi.office.net/embed/e0ee7052-e0f4-4c42-a4f1-5e91b9776ce9" target="_blank">
                                     <div class="cardSize">
                                         <div class="cardPadding">
                                             <div class="card">
@@ -1704,7 +1704,7 @@ ms.date: 11/01/2017
                                 </div>
                             </li>
                             <li>
-                                <a href="http://videoplayercdn.osi.office.net/embed/0705c337-f3e8-4d28-bb6c-530cd28e99f2_1280x720_3400.mp4" target="_blank">
+                                <a href="http://videoplayercdn.osi.office.net/embed/0705c337-f3e8-4d28-bb6c-530cd28e99f2" target="_blank">
                                     <div class="cardSize">
                                         <div class="cardPadding">
                                             <div class="card">
@@ -1723,7 +1723,7 @@ ms.date: 11/01/2017
                                 </a>
                             </li>
                             <li>
-                                <a href="http://videoplayercdn.osi.office.net/embed/a5734146-620a-4cec-8618-536b3ca37972_1280x720_3400.mp4" target="_blank">
+                                <a href="http://videoplayercdn.osi.office.net/embed/a5734146-620a-4cec-8618-536b3ca37972" target="_blank">
                                     <div class="cardSize">
                                         <div class="cardPadding">
                                             <div class="card">
@@ -1742,7 +1742,7 @@ ms.date: 11/01/2017
                                 </a>
                             </li> 
                             <li>
-                                <a href="http://videoplayercdn.osi.office.net/embed/e0ee7052-e0f4-4c42-a4f1-5e91b9776ce9_1280x720_3400.mp4" target="_blank">
+                                <a href="http://videoplayercdn.osi.office.net/embed/e0ee7052-e0f4-4c42-a4f1-5e91b9776ce9" target="_blank">
                                     <div class="cardSize">
                                         <div class="cardPadding">
                                             <div class="card">

devices/surface-hub/TOC.md

@@ -31,6 +31,7 @@
 #### [Use fully qualified domain name with Surface Hub](use-fully-qualified-domain-name-surface-hub.md)
 #### [Wireless network management](wireless-network-management-for-surface-hub.md)
 ### [Install apps on your Surface Hub](install-apps-on-surface-hub.md)
+### [Configure Surface Hub Start menu](surface-hub-start-menu.md)
 ### [Set up and use Whiteboard to Whiteboard collaboration](whiteboard-collaboration.md) 
 ### [End a Surface Hub meeting with End session](i-am-done-finishing-your-surface-hub-meeting.md)
 ### [Sign in to Surface Hub with Microsoft Authenticator](surface-hub-authenticator-app.md)

devices/surface-hub/change-history-surface-hub.md

@@ -8,7 +8,7 @@ ms.sitesec: library
 ms.pagetype: surfacehub
 author: jdeckerms
 ms.author: jdecker
-ms.date: 01/10/2018
+ms.date: 01/17/2018
 ms.localizationpriority: medium
 ---
 
@@ -20,6 +20,7 @@ This topic lists new and updated topics in the [Surface Hub Admin Guide]( surfac
 
 New or changed topic | Description
 --- | ---
+[Configure Surface Hub Start menu](surface-hub-start-menu.md) | New
 [PowerShell for Surface Hub](appendix-a-powershell-scripts-for-surface-hub.md) | Added prerequisites for running the scripts
 
 ## November 2017

devices/surface-hub/manage-settings-with-mdm-for-surface-hub.md

@@ -9,7 +9,7 @@ ms.sitesec: library
 ms.pagetype: surfacehub, mobility
 author: jdeckerms
 ms.author: jdecker
-ms.date: 11/29/2017
+ms.date: 01/17/2018
 ms.localizationpriority: medium
 ---
 
@@ -185,7 +185,12 @@ The following tables include info on Windows 10 settings that have been validate
 | Set Network proxy | Use to configure a proxy server for ethernet and Wi-Fi connections. | [NetworkProxy CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/networkproxy-csp) | Yes <br> [Use a custom policy.](#example-intune)  |  Yes.<br> [Use a custom setting.](#example-sccm) | Yes |
 \*Settings supported with SyncML can also be configured in a Windows Configuration Designer provisioning package.
 
+#### Configure Start menu
 
+| Setting | Details | CSP reference | Supported with<br>Intune? | Supported with<br>Configuration Manager? | Supported with<br>SyncML*? |
+| --- | ---- | --- |---- | --- | --- |
+| Configure Start menu | Use to configure which apps are displayed on the Start menu. For more information, see [Configure Surface Hub Start menu](surface-hub-start-menu.md) | [Policy CSP: Start/StartLayout](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-start#start-startlayout) | Yes <br> [Use a custom policy.](#example-intune)  |  Yes.<br> [Use a custom setting.](#example-sccm) | Yes |
+\*Settings supported with SyncML can also be configured in a Windows Configuration Designer provisioning package.
 
 ### Generate OMA URIs for settings 
 You need to use a setting’s OMA URI to create a custom policy in Intune, or a custom setting in System Center Configuration Manager.

devices/surface-hub/manage-surface-hub.md

@@ -9,7 +9,7 @@ ms.sitesec: library
 ms.pagetype: surfacehub
 author: jdeckerms
 ms.author: jdecker
-ms.date: 11/15/2017
+ms.date: 01/17/2018
 ms.localizationpriority: medium
 ---
 
@@ -32,6 +32,7 @@ Learn about managing and updating Surface Hub.
 | [Remote Surface Hub management](remote-surface-hub-management.md) |Topics related to managing your Surface Hub remotely. Include install apps, managing settings with MDM and monitoring with Operations Management Suite. |
 | [Manage Surface Hub settings](manage-surface-hub-settings.md) |Topics related to managing Surface Hub settings: accessibility, device account, device reset, fully qualified domain name, Windows Update settings, and wireless network |
 | [Install apps on your Surface Hub]( https://technet.microsoft.com/itpro/surface-hub/install-apps-on-surface-hub) | Admins can install apps can from either the Microsoft Store or the Microsoft Store for Business.|
+[Configure Surface Hub Start menu](surface-hub-start-menu.md) | Use MDM to customize the Start menu for Surface Hub.
 | [Set up and use Whiteboard to Whiteboard collaboration](whiteboard-collaboration.md)  | Microsoft Whiteboard’s latest update includes the capability for two Surface Hubs to collaborate in real time on the same board.   |
 | [End a meeting with End session](https://technet.microsoft.com/itpro/surface-hub/i-am-done-finishing-your-surface-hub-meeting) | At the end of a meeting, users can tap **End session** to clean up any sensitive data and prepare the device for the next meeting.|
 | [Sign in to Surface Hub with Microsoft Authenticator](surface-hub-authenticator-app.md) | You can sign in to a Surface Hub without a password using the Microsoft Authenticator app, available on Android and iOS.   |

devices/surface-hub/surface-hub-start-menu.md

@@ -0,0 +1,179 @@
+---
+title: Configure Surface Hub Start menu
+description: Use MDM to customize the Start menu on Surface Hub. 
+ms.prod: w10
+ms.mktglfcycl: manage
+ms.sitesec: library
+ms.pagetype: surfacehub
+author: jdeckerms
+ms.author: jdecker
+ms.date: 01/17/2018
+ms.localizationpriority: medium
+---
+
+# Configure Surface Hub Start menu
+
+The [January 17, 2018 update to Windows 10](https://support.microsoft.com/help/4057144) (build 15063.877) enables customized Start menus on Surface Hub devices. You apply the customized Start menu layout using mobile device management (MDM).
+
+When you apply a customized Start menu layout to Surface Hub, users cannot pin, unpin, or uninstall apps from Start. 
+
+## How to apply a customized Start menu to Surface Hub
+
+The customized Start menu is defined in a Start layout XML file. You have two options for creating your Start layout XML file:
+
+- Edit the [default Surface Hub Start XML](#default)
+
+    -or-
+
+- Configure the desired Start menu on a desktop (pinning only apps that are available on Surface Hub), and then [export the layout](https://docs.microsoft.com/windows/configuration/customize-and-export-start-layout#export-the-start-layout).
+
+>[!TIP]
+>To add a tile with a web link to your desktop start menu, go the the link in Microsoft Edge, select `...` in the top right corner, and select **Pin this page to Start**. See [a Start layout that includes a Microsoft Edge link](#edge) for an example of how links will appear in the XML.
+
+To edit the default XML or the exported layout, familiarize yourself with the [Start layout XML](https://docs.microsoft.com/en-us/windows/configuration/start-layout-xml-desktop). There are a few [differences between Start layout on a deskop and a Surface Hub.](#differences)
+
+When you have your Start menu defined in a Start layout XML, [create an MDM policy to apply the layout.](https://docs.microsoft.com/windows/configuration/customize-windows-10-start-screens-by-using-mobile-device-management#a-href-idbkmk-domaingpodeploymentacreate-a-policy-for-your-customized-start-layout)
+
+<span id="differences" />
+## Differences between Surface Hub and desktop Start menu
+
+There are a few key differences between Start menu customization for Surface Hub and a Windows 10 desktop:
+
+- You cannot use **DesktopApplicationTile** (https://docs.microsoft.com/en-us/windows/configuration/start-layout-xml-desktop#startdesktopapplicationtile) in your Start layout XML because Windows desktop applications (Win32) are not supported on Surface Hub.
+- You cannot use the Start layout XML to configure the taskbar or the Welcome screen for Surface Hub.  
+- Surface Hub supports a maximum of 6 columns (6 1x1 tiles), however, you **must** define `GroupCellWidth=8` even though Surface Hub will only display tiles in columns 0-5, not columns 6 and 7.
+- Surface Hub supports a maximum 6 rows (6 1x1 tiles)
+- `SecondaryTile`, which is used for links, will open the link in Microsoft Edge.
+
+
+<span id="default" />
+## Example: Default Surface Hub Start layout
+
+```xml
+<LayoutModificationTemplate Version="1" xmlns="http://schemas.microsoft.com/Start/2014/LayoutModification">
+  <LayoutOptions StartTileGroupCellWidth="8" />
+  <DefaultLayoutOverride>
+    <StartLayoutCollection>
+      <defaultlayout:StartLayout GroupCellWidth="8" xmlns:defaultlayout="http://schemas.microsoft.com/Start/2014/FullDefaultLayout">
+        <start:Group Name="" xmlns:start="http://schemas.microsoft.com/Start/2014/StartLayout">
+        <start:Tile
+            AppUserModelID="Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge"
+            Size="2x2"
+            Row="0"
+            Column="0"/>
+        <start:Tile
+            AppUserModelID="Microsoft.Getstarted_8wekyb3d8bbwe!App"
+            Size="4x2"
+            Row="0"
+            Column="2"/>
+        <start:Tile
+            AppUserModelID="Microsoft.Office.PowerPoint_8wekyb3d8bbwe!Microsoft.pptim"
+            Size="2x2"
+            Row="2"
+            Column="0"/>
+        <start:Tile
+            AppUserModelID="Microsoft.Office.Word_8wekyb3d8bbwe!Microsoft.Word"
+            Size="2x2"
+            Row="2"
+            Column="2"/>
+        <start:Tile
+            AppUserModelID="Microsoft.Office.Excel_8wekyb3d8bbwe!Microsoft.Excel"
+            Size="2x2"
+            Row="2"
+            Column="4"/>
+        <start:Tile
+            AppUserModelID="c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy!App"
+            Size="2x2"
+            Row="4"
+            Column="0"/>
+        <start:Tile
+            AppUserModelID="microsoft.microsoftskydrive_8wekyb3d8bbwe!App"
+            Size="2x2"
+            Row="4"
+            Column="2"/>
+        <start:Tile
+            AppUserModelID="Microsoft.MicrosoftPowerBIForWindows_8wekyb3d8bbwe!Microsoft.MicrosoftPowerBIForWindows"
+            Size="2x2"
+            Row="4"
+            Column="4"/>
+        </start:Group>
+      </defaultlayout:StartLayout>
+    </StartLayoutCollection>
+  </DefaultLayoutOverride>
+</LayoutModificationTemplate>
+
+```
+
+<span id="edge" />
+## Example: Start layout that includes a Microsoft Edge link
+
+This example shows a link to a website and a link to a .pdf file.
+
+```xml
+<LayoutModificationTemplate Version="1" xmlns="http://schemas.microsoft.com/Start/2014/LayoutModification">
+  <LayoutOptions StartTileGroupCellWidth="8" />
+  <DefaultLayoutOverride>
+    <StartLayoutCollection>
+      <defaultlayout:StartLayout GroupCellWidth="8" xmlns:defaultlayout="http://schemas.microsoft.com/Start/2014/FullDefaultLayout">
+        <start:Group Name="" xmlns:start="http://schemas.microsoft.com/Start/2014/StartLayout">
+    <start:Tile
+              AppUserModelID="Microsoft.Office.PowerPoint_8wekyb3d8bbwe!Microsoft.pptim"
+              Size="2x2"
+              Row="0"
+              Column="0"/>
+          <start:Tile
+              AppUserModelID="Microsoft.Office.Word_8wekyb3d8bbwe!Microsoft.Word"
+              Size="2x2"
+              Row="0"
+              Column="2"/>
+          <start:Tile
+              AppUserModelID="Microsoft.Office.Excel_8wekyb3d8bbwe!Microsoft.Excel"
+              Size="2x2"
+              Row="0"
+              Column="4"/>
+    <start:Tile
+              AppUserModelID="Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge"
+              Size="2x2"
+              Row="2"
+              Column="0"/>
+    <start:Tile
+              AppUserModelID="microsoft.microsoftskydrive_8wekyb3d8bbwe!App"
+              Size="2x2" 
+             Row="2"
+             Column="2"/>   
+  <start:SecondaryTile
+            AppUserModelID="Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge"
+           TileID="2678823080"
+           DisplayName="Bing"
+           Arguments="https://www.bing.com/"
+           Square150x150LogoUri="ms-appdata:///local/PinnedTiles/2678823080/lowres.png"
+           Wide310x150LogoUri="ms-appx:///"
+           ShowNameOnSquare150x150Logo="true"
+           ShowNameOnWide310x150Logo="false"
+           BackgroundColor="#ffe9e7e7"
+           ForegroundText="dark"
+           Size="2x2"
+           Column="4"
+           Row="2"  />
+    <start:Tile
+              AppUserModelID="Microsoft.Windows.Photos_8wekyb3d8bbwe!App"
+              Size="2x2"
+              Row="4"
+              Column="0"/>
+    <start:SecondaryTile
+             AppUserModelID="Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge"
+             TileID="6153963000"
+             DisplayName="cstrtqbiology.pdf"
+             Arguments="-contentTile -formatVersion 0x00000003 -pinnedTimeLow 0x45b7376e -pinnedTimeHigh 0x01d2356c -securityFlags 0x00000000 -tileType 0x00000000 -url 0x0000003a https://www.ada.gov/regs2010/2010ADAStandards/Guidance_2010ADAStandards.pdf"
+             Square150x150LogoUri="ms-appdata:///local/PinnedTiles/2678823080/lowres.png"                                                Wide310x150LogoUri="ms-appx:///" ShowNameOnSquare150x150Logo="true"                                                      ShowNameOnWide310x150Logo="true"
+             BackgroundColor="#ff4e4248"
+             Size="4x2" 
+             Row="4"
+             Column="2"/>
+        </start:Group>
+      </defaultlayout:StartLayout>
+    </StartLayoutCollection>
+  </DefaultLayoutOverride>
+</LayoutModificationTemplate>
+
+```

education/trial-in-a-box/TOC.md

@@ -1,4 +1,4 @@
 # [Microsoft Education Trial in a Box](index.md)
-## [Get started for Educators](educator-tib-get-started.md)
+## [Educator Trial in a Box Guide](educator-tib-get-started.md)
-## [Get started for IT admins](itadmin-tib-get-started.md)
+## [IT Admin Trial in a Box Guide](itadmin-tib-get-started.md)
-## [Microsoft Education support](support-options.md)
+## [Microsoft Education Trial in a Box Support](support-options.md)

education/trial-in-a-box/educator-tib-get-started.md

@@ -1,5 +1,5 @@
 ---
-title: Get started for Educators
+title: Educator Trial in a Box Guide
 description: Need help or have a question about using Microsoft Education? Start here. 
 keywords: support, troubleshooting, education, Microsoft Education, full cloud IT solution, school, deploy, setup, manage, Windows 10, Intune for Education, Office 365 for Education, Microsoft Store for Education, Set up School PCs
 ms.prod: w10
@@ -11,70 +11,106 @@ ms.pagetype: edu
 ROBOTS: noindex,nofollow
 author: CelesteDG
 ms.author: celested
-ms.date: 12/11/2017
+ms.date: 01/12/2017
 ---
 
-# Get started for Educators
+# Educator Trial in a Box Guide
-Hello, Teachers! In this guide we'll show you how you can quickly and easily try out a few transformational tools in Microsoft Education.
 
-Connect the device to your school's Wi-Fi and then log-in with your teacher credentials included with your Trial in a Box.
+![Welcome, Educators!](images/Welocme-Educators.png)
 
-![Explore these four tools for educators](images/msedu_tib_teachersteps_nologo.png)
+<span style="font-size: 1.5em">This guide shows you how to quickly and easily try a few transformational tools from Microsoft Education in 5 quick steps.</span>
 
-## Explore these four tools in Microsoft Education
+|  |  |
+| :---: |:--- |
+| [![Connect the device to Wi-Fi](images/edu-TIB-setp-1-v3.png)](#edu-task1) | [Log in](#edu-task1) to **Device A** with your Teacher credentials and connect to the school network. |
+| [![Try Learning Tools Immersive Reader](images/edu-TIB-setp-2-v3.png)](#edu-task2) | **Interested in drastically improving your students' reading speed and comprehension?<sup>[1](#footnote1)</sup>** </br>Try the [Learning Tools Immersive Reader](#edu-task2) to see how kids can learn to read faster, using text read aloud, and highlighting words for syntax. |
+| [![Launch Microsoft Teams](images/edu-TIB-setp-3-v3.png)](#edu-task3) | **Looking to foster collaboration, communication, and critical thinking in the classroom?** </br>Launch [Microsoft Teams](#edu-task3) and learn how to set up digital classroom discussions, respond to student questions, and organize class content. |
+| [![Open OneNote](images/edu-TIB-setp-4-v3.png)](#edu-task4) | **Trying to expand classroom creativity and interaction between students?** </br>Open [OneNote](#edu-task4) and create an example group project for your class. |
+| [![Play with Minecraft: Education Edition](images/edu-TIB-setp-5-v3.png)](#edu-task5) | **Want to teach kids to further collaborate and problem solve?** </br>Play with [Minecraft: Education Edition](#edu-task5) to see how it can be used as a collaborative and versatile platform across subjects to encourage 21st century skills. |
+|  |  |
 
-1. [Microsoft Learning Tools](#1-microsoft-learning-tools)
+</br>
-2. [Microsoft Teams](#2-microsoft-teams)
-3. [OneNote](#3-onenote)
-4. [Minecraft: Education Edition](#4-minecraft-education-edition)
 
-## 1. Microsoft Learning Tools
+<!-- hiding placeholder
-Learning Tools is a set of features available in Word, OneNote, and the Edge browser that helps:
+<center><iframe width="560" height="315" src="https://aka.ms/EDU-Get-Started" frameborder="3" allow="autoplay; encrypted-media" allowfullscreen></iframe></center>
+</br>
+-->
+
+![Log in to Device A and connect to the school network](images/edu-TIB-setp-1-jump.png) 
+## <a name="edu-task1"></a>1. Log in and connect to the school network
+To try out the educator tasks, start by logging in as a teacher.
+
+1. Log in to **Device A** using the **Teacher Username** and **Teacher Password** included in the **Credentials Sheet** located in your kit.
+2. Connect to your school's Wi-Fi network or connect with a local Ethernet connection.
+
+</br>
+
+![Improve student reading speed and comprehension](images/edu-TIB-setp-2-jump.png) 
+## <a name="edu-task2"></a>2. Drastically improve student reading speed and comprehension
+
+<!-- hiding placeholder
+<center><iframe width="560" height="315" src="https://aka.ms/EDU-Learning-Tools" frameborder="3" allow="autoplay; encrypted-media" allowfullscreen></iframe></center>
+</br>
+-->
+
+Learning Tools and the Immersive Reader can be used in the Microsoft Edge browser, Microsoft Word, and Microsoft OneNote to:
 * Increase fluency for English language learners
 * Build confidence for emerging readers
 * Provide text decoding solutions for students with learning differences such as dyslexia 
 
-See how Microsoft Learning Tools change lives.
+**Try this!**
-</br>
-<iframe width="420" height="236" src="https://www.youtube-nocookie.com/embed/nt3hz2vVf8c?rel=0" frameborder="0" allowfullscreen></iframe>
 
-<span style="color:#00BCF2; font-size: 1.5em">**Try this!**</span> Launch Immersive Reader directly from "Learning design thinking from the ancient Egyptians" in Word Online. Hear text read aloud, change the spacing of lines, and highlight for syntax.
+1. On the **Start** menu, click the Word document titled **Design Think**.
-
+2. Click **Edit Document** and select **Edit in Browser**.
-1. On the desktop, double-click the **Learning Design** icon to open "Learning design thinking from the ancient Egyptians" in Word Online.  
+3. Select the **View** menu.
-2. Click **Edit Document** and then select **Edit in Browser**.
+4. Select the **Immersive Reader** button.  
-3. Immersive Reader will launch into a full-screen experience.
 
   ![Word Online's Immersive Reader](images/word_online_immersive_reader.png)
 
-4. Select these different settings to see what they do:
+5. Press the **Play** button to hear text read aloud.
+6. Select these various settings to see different ways to configure Immersive Reader for your students.
 
   | Text to Speech | Text Preferences | Grammar Options | Line Focus |
   | :------------: | :--------------: | :-------------: | :--------: |
   | ![Word Online Text to Speech](images/wordonline_tts.png) | ![Word Online Text Preferences](images/wordonline_text_preferences.png) | ![Word Online Grammar Options](images/wordonline_grammar_options.png) | ![Word Online Line Focus](images/wordonline_line_focus.png) |
 
-## 2. Microsoft Teams
-Microsoft Teams is a digital hub that brings conversations, content, and apps together in one place. This guided tour walks you through the essential teaching features of the app. Then, through interactive prompts, experience how you can use this tool in your own classroom to spark classroom digital discussions, respond to student questions, organize content, and more!  
-
-See how Microsoft Teams for Education works in the classroom.
 </br>
-<iframe width="420" height="236" src="https://www.youtube-nocookie.com/embed/N7uiMs4dPcg?rel=0" frameborder="0" allowfullscreen></iframe>
 
-<span style="color:#00BCF2; font-size: 1.5em">**Try this!**</span> Take a guided tour of Microsoft Teams and test drive some teaching tasks. 
+![Spark communication, critical thinking, and creativity with Microsoft Teams](images/edu-TIB-setp-3-jump.png) 
+## <a name="edu-task3"></a>3. Spark communication, critical thinking, and creativity in the classroom
 
-1. Open your browser and visit <a href="https://msteamsdemo.azurewebsites.net/" target="_blank">https://msteamsdemo.azurewebsites.net/</a>.
+<!-- hiding placeholder
-2. Follow along with the guide.
+<center><iframe width="560" height="315" src="https://aka.ms/EDU-Teams" frameborder="3" allow="autoplay; encrypted-media" allowfullscreen></iframe></center>
-
-## 3. OneNote
-OneNote acts as an unlimited digital canvas for the whole class to store text, images, handwritten drawings, attachments, links, voice, video, and more. See how a group project comes together with opportunities to interact with other students, multimedia, and sophisticated drawing tools. This one works best with your digital pen! 
-
-Watch how OneNote allows teachers to differentiate instruction to allow for collaboration.
 </br>
-<iframe width="420" height="236" src="https://www.youtube-nocookie.com/embed/hMmRud4B54o?rel=0" frameborder="0" allowfullscreen></iframe>
+-->
 
-<span style="color:#00BCF2; font-size: 1.5em">**Try this!**</span> See how a group project, “Reimagine the Great Pyramids of Giza,” comes together with opportunities to interact with other students, collaborate with peers, and leverage multiple features.  
+Microsoft Teams is a digital hub that brings conversations, content, and apps together in one place. This guided tour walks you through the essential teaching features of the app. Then, through interactive prompts, experience how you can use this tool in your own classroom to spark digital classroom discussions, respond to student questions, organize content, and more!  
 
-1. On the desktop, double-click the OneNote shortcut named **Great Pyramid** to open the **Reimagine the Great Pyramid of Giza** lesson page inside the 21st Century Learning notebook. 
+Take a guided tour of Microsoft Teams and test drive this digital hub.
-2. Follow the instructions for the project.  Look for the **Try this!** call-outs to experiment with these engaging features: 
+
+**Try this!**
+
+1. Take a guided tour of Microsoft Teams and test drive some teaching tasks. Open the Microsoft Edge browser and navigate to <a href="https://msteamsdemo.azurewebsites.net/" target="_blank">https://msteamsdemo.azurewebsites.net</a>.
+2. Use your school credentials provided in the **Credentials Sheet**.
+
+</br>
+
+![Expand classroom collaboration and interaction with OneNote](images/edu-TIB-setp-4-jump.png) 
+## <a name="edu-task4"></a>4. Expand classroom collaboration and interaction between students
+
+<!-- hiding placeholder
+<center><iframe width="560" height="315" src="https://aka.ms/EDU-OneNote" frameborder="3" allow="autoplay; encrypted-media" allowfullscreen></iframe></center>
+</br>
+-->
+
+Microsoft OneNote organizes curriculum and lesson plans for teachers and students to work together and at their own pace. It provides a digital canvas to store text, images, handwritten drawings, attachments, links, voice, and video.
+
+**Try this!**
+See how a group project comes together with opportunities to interact with other students and collaborate with peers. This one works best with the digital pen, included with your Trial in a Box.
+
+1. On the **Start** menu, click the OneNote shortcut named **Imagine Giza** to open the **Reimagine the Great Pyramid of Giza project**.
+2. Take the digital pen out of the box and make notes or draw.
+3. Follow the instructions for the project. Look for the **Try this!** callouts to experiment with these engaging activities.
   - Discover the power of digital ink by selecting the Draw tab. Choose your pen and get scribbling.
 
     ![OneNote Draw tab](images/onenote_draw.png)
@@ -88,39 +124,76 @@ Watch how OneNote allows teachers to differentiate instruction to allow for coll
 
     ![OneNote Researcher](images/onenote_researcher.png)
 
-## 4. Minecraft: Education Edition
-Minecraft: Education Edition is an open-world game that promotes creativity, collaboration, and problem-solving in an immersive environment where the only limit is your imagination.   
-
-Learn about Code Builder for Minecraft: Education Edition.
 </br>
-<iframe width="420" height="236" src="https://www.youtube-nocookie.com/embed/3rKuSlgqePo?rel=0" frameborder="0" allowfullscreen></iframe>
 
-<span style="color:#00BCF2; font-size: 1.5em">**Try this!**</span> Explore a Minecraft world
+![Further collaborate and problem solve with Minecraft: Education Edition](images/edu-TIB-setp-5-jump.png) 
+## <a name="edu-task5"></a>5. Get kids to further collaborate and problem solve
 
-1. First, connect the included mouse to your computer. Minecraft: Education Edition operates best with a mouse.
+<!-- hiding placeholder
-2. Open your browser and visit <a href="https://aka.ms/lessonhub" target="_blank">https://aka.ms/lessonhub</a>.
+<center><iframe width="560" height="315" src="https://aka.ms/EDU-Minecraft-EE" frameborder="3" allow="autoplay; encrypted-media" allowfullscreen></iframe></center>
+</br>
+-->
+
+Minecraft: Education Edition provides an immersive environment to develop creativity, collaboration, and problem-solving in an immersive environment where the only limit is your imagination.   
+
+**Try this!**
+Today, we'll explore a Minecraft world through the eyes of a student.
+
+1. Connect the included mouse to your computer for optimal interaction. 
+2. Open Microsoft Edge and visit <a href="https://aka.ms/lessonhub" target="_blank">https://aka.ms/lessonhub</a>.
 3. Scroll down to the **Details** section and select **Download World**.
 
   ![Select the download world link](images/mcee_downloadworld.png)
 
 4. When prompted, save the world.
-5. Double click on the world to launch it in Minecraft: Education Edition.
+5. Enter your same teacher username and password and click **Accept**.
-6. Once inside the world, click **Play** and use the guide to walk around and click on the different subject area examples to learn more about teaching and learning with Minecraft: Education Edition. 
+6. Click **OK** on the **Minecraft: Education Edition Free Trial** box.
+7. Click **Play**.
+8. Click **Lesson Hub Vol 1** to enter the downloaded world.
+9. Explore the world by using the keys on your keyboard.
+  * **W** moves forward.
+  * **A** moves left.
+  * **D** moves right.
+  * **S** moves backward
 
-  To visit a specific subject area section, right click on the button under the name of that subject area. Remember that the mouse works as your “eyes” in the game. Simply move your mouse around to look around the world. 
+10. Use your mouse as your "eyes". Just move it to look around.
-* To move forward, use the W key.  
+11. For a bird's eye view, double-tap the SPACE BAR. Now press the SPACE BAR to fly higher. And then hold the SHIFT key to safely land.
-* To move left, use the A key. 
-* To move right, The D key. 
-* And to move backward, use the S key.
-* Want to get a bird’s eye view of the world? Double tap the space bar.
-* To safely land, hold the shift key
 
   To try more advanced movements or building within Minecraft, use the Minecraft Controls Diagram.
 
   ![Minecraft mouse and keyboard controls](images/mcee_keyboard_mouse_controls.png)
 
-Stay in touch with us through our site at <a href="https://education.minecraft.net" target="_blank">https://education.minecraft.net</a> and follow @playcraftlearn on Twitter to keep up with our community news!
+12. Access and adapt over 300 lesson plans, spanning all grades and subjects, to meet your needs. Enjoy exploring new worlds and happy crafting.
+
+  **Try this!**
+
+  1. Go to <a href="https://education.minecraft.net" target="_blank">education.minecraft.net/</a>.
+  2. Click **Class Resources**.
+  3. Click **Find a Lesson**.
+
+  ![Access and adapt over 300 Minecraft lesson plans](images/minecraft_lesson_plans.png)
+
+</br>
+
+**Watch what Educators say about Microsoft Education delivering better learning outcomes**
+Bring out the best in students by providing a platform for collaborating, exploring, personalized learning, and getting things done across all devices.
+
+|  |  |
+|:--- |:--- |
+| <iframe width="420" height="236" src="https://www.youtube-nocookie.com/embed/nt3hz2vVf8c" frameborder="0" allowfullscreen></iframe></br>See how one school improves reading skills using Learning Tools Immersive Reader | <iframe width="420" height="236" src="https://www.youtube-nocookie.com/embed/N7uiMs4dPcg" frameborder="0" allowfullscreen></iframe></br>Here's how Microsoft Teams creates more robust classroom experiences at all ages. |
+| <iframe width="420" height="236" src="https://www.youtube-nocookie.com/embed/hMmRud4B54o" frameborder="0" allowfullscreen></iframe></br>Watch teachers elevate the education of students using OneNote. | <iframe width="420" height="236" src="https://www.youtube.com/embed/hl9ZQiektJE" frameborder="0" allowfullscreen></iframe></br>Here what other teachers say about using Minecraft: Education Edition in their classrooms. |
+|  |  |
+
 
 ## Get more info
-[Education help center](https://support.office.com/en-us/education)</br>
+* Learn more at <a href="https://www.microsoft.com/education" target="_blank">microsoft.com/education</a>
-[Microsoft Education Trial in a Box](index.md)
+* Find out if your school is eligible for a device trial at <a href="https://aka.ms/EDUTrialInABox" target="_blank">aka.ms/EDUTrialInABox</a>
+* <a href="https://www.microsoft.com/en-us/education/devices/default.aspx" target="_blank">Buy Windows 10 devices</a>
+
+<br/>
+<br/>
+<br/>
+<br/>
+<br/>
+<br/>
+<a name="footnote1"></a><sup>1</sup> <small>OneNote in Education Learning Tools transform the student experience.</small>

education/trial-in-a-box/index.md

@@ -16,66 +16,19 @@ ms.date: 12/11/2017
 
 # Microsoft Education Trial in a Box
 
-![Microsoft Education Trial in a Box header image](images/TrialInABox_Header_Map_Graphic-01.png)
+![Microsoft Education Trial in a Box - Unlock Limitless Learning](images/Unlock-Limitless-Learning.png)
-
-## Welcome to the Microsoft Education Trial in a Box!
-
-**Applies to:**
-
--   Windows 10 S Fall Creators Update, Office 365 for Education, Microsoft Intune for Education, Microsoft Store for Education, Minecraft: Education Edition
-
-## What's Trial in a Box?
-Trial in a Box puts the Microsoft education technology into an easy package so you can see how our solution can help to:
-
-* Enhance independence for students of all abilities with intelligent tools like Microsoft Learning Tools, and spark creativity, collaboration, and problem-solving with OneNote.
-* Inspire creativity, collaboration, and improve problem-solving skills with Minecraft: Education Edition and bring ideas to life in 3D.
-* Allow IT admins to quickly implement and deploy a full cloud infrastructure for their school that's secure and easy to manage.
-
-## What's in Trial in a Box?
-
-* **User name and passwords** - We've already set up a cloud-based school using Microsoft 365 Education. Your login credentials are included in the kit.
-* **Device A** - A 2-in-1 convertible PC that supports digital ink. This device is pre-configured with Windows 10 S<sup>[1](#footnote1),</sup> <sup>[2](#footnote2)</sup> and ready for login so you can try the Microsoft Education classroom experience. 
-* **Device B** - An affordable PC designed to survive the rigors of classroom life. This PC has the latest installation of Windows 10 S<sup>[1](#footnote1),</sup> <sup>[2](#footnote2)</sup> so you can see how easy it is to set up a brand new device.
-* **Accessories** - A wireless mouse to use with Minecraft: Education Edition, a USB memory stick to set up school PCs, and a network adapter (just in case).
-
-## Let's get started!
-**If you want to try the Educator Experience**
-
-1. Turn on **Device A**.
-2. Connect **Device A** to your school's Wi-Fi network or connect with a local Ethernet connection.
-3. Log in using the **Teacher Username** and **Teacher Password** included in the **Credentials Sheet** located in your kit.
-4. Click the Educator image or follow the instructions in [Get started for Educators](educator-tib-get-started.md).
-
-    [![Get started for Educators](images/teacher_rotated.png)](educator-tib-get-started.md)
-    
-**If you want to try the IT Administrator Experience**
-
-1. Set up **Device A** first.  Setup **Device B** after you have completed setup of **Device A**.
-2. Turn on **Device A**.
-3. Connect **Device A** to your school's Wi-Fi network or connect with a local Ethernet connection.
-4. Log in using the **Administrator Username** and **Administrator Password** included in the **Credentials Sheet** located in your kit.
-5. Please immediately register both devices with your hardware manufacturer to activate the manufacturer's warranty.
-6. Click the IT Administrator image or follow the instructions in [Get started for IT Admins](itadmin-tib-get-started.md).
-
-    [![Get started for IT Admins](images/itadmin_rotated.png)](itadmin-tib-get-started.md)
-
-<!--
-Choose your role to get started.
-
-| **[Educator](educator-tib-get-started.md)** | **[IT Administrator](itadmin-tib-get-started.md)** |
-| :---: | :---: | 
-| [![Get started for Educators](images/teacher_rotated.png)](educator-tib-get-started.md) | [![Get started for IT Admins](images/itadmin_rotated.png)](itadmin-tib-get-started.md) |
 
 </br>
--->
-> [!NOTE]
-> If you run into any problems while following the steps in this guide, or you have questions about Microsoft Education, see [Microsoft Education Trial in a Box support](support-options.md).
 
-<br/>
+<!-- hiding placeholder
-<br/>
+<center><iframe width="560" height="315" src="https://aka.ms/edu-welcome" frameborder="3" allow="autoplay; encrypted-media" allowfullscreen></iframe></center>
-<br/>
+-->
-<br/>
+
-<br/>
+</br>
-<br/>
+
-<a name="footnote1"></a><sup>1</sup> <small>Devices must be configured for educational use by applying **[SetEduPolicies](https://docs.microsoft.com/en-us/education/windows/configure-windows-for-education#setedupolicies)** using the Set up School PCs app.</small><br/>
+| ![Get started for Educators](images/teacher_rotated_resized.png) | ![Get started for IT Admins](images/itadmin_rotated_resized.png) |
-<a name="footnote2"></a><sup>2</sup> <small>Streamlined for security and superior performance. Windows 10 S works exclusively with apps from the Microsoft Store. Some accessories and apps compatible with Windows 10 may not work, and performance may vary. Certain default settings, features, and apps cannot be changed.  </small><br/>
+| :---: | :---: | 
+| <span style="font-size: 1.5em">**Educator**</span></br>Enhance students of all abilities by unleashing their creativity, collaboration, and improving problem-solving skills. </br>[Get started](educator-tib-get-started.md) | <span style="font-size: 1.5em">**IT Admin**</span></br>Quickly implement and deploy a full cloud infrastructure that's secure and easy to manage. </br> [Get started](itadmin-tib-get-started.md) |
+
+
+

education/trial-in-a-box/itadmin-tib-get-started.md

@@ -1,5 +1,5 @@
 ---
-title: Get started for IT Admins
+title: IT Admin Trial in a Box Guide
 description: Try out Microsoft 365 Education to implement a full cloud infrastructure for your school, manage devices and apps, and configure and deploy policies to your Windows 10 devices.
 keywords: education, Microsoft 365 Education, trial, full cloud IT solution, school, deploy, setup, manage, Windows 10, Intune for Education, Office 365 for Education, Microsoft Store for Education
 ms.prod: w10
@@ -14,43 +14,60 @@ ms.author: celested
 ms.date: 12/11/2017
 ---
 
-# Get started for IT Admins
+# IT Admin Trial in a Box Guide
 
-Hello, IT administrators! In this guide, we'll show you how to quickly and easily try out Microsoft Education, which consists of all the new and existing cloud services and tools you'll need for a full IT cloud solution for your school.
+![Welcome, IT Admins!](images/Welcome-IT-Admins.png)
 
-![Complete these 5 easy IT admin tasks](images/msedu_tib_adminsteps_nologo.png)
+<span style="font-size: 1.5em">Learn how to quickly deploy and manage devices for your school in 5 quick steps.</span>
 
-## Try out Microsoft Education in 5 easy steps
+|  |  |
+| :---: |:--- |
+| [![Log in to Device A](images/admin-TIB-setp-1-v3.png)](#it-task1) | [Log in](#it-task1) to **Device A** with your IT Admin credentials and connect to your school's network. |
+| [![Configure Device B with Set up School PCs](images/admin-TIB-setp-2-v3.png)](#it-task2) | [Configure Device B](#it-task2) with the Set up School PCs app. |
+| [![Configure Intune for Education](images/admin-TIB-setp-3-v3.png)](#it-task3) | [Express configure Intune for Education](#it-task3) to manage devices, users, and policies. |
+| [![Buy and deploy apps](images/admin-TIB-setp-4-v3.png)](#it-task4) | [Buy apps from the Microsoft Store for Education](#it-task4) and deploy them to manage devices in your tenant. |
+| [![Create custom folders](images/admin-TIB-setp-5-v3.png)](#it-task5) | [Create custom folders](#it-task5) that will appear on each managed device's **Start** menu. |
+|  |  |
 
-1. [Log in with your IT admin credentials](#task1)
+</br>
-2. [Configure a new device with Set up School PCs](#task2)
+To get the most out of Microsoft Education, we've pre-configured your tenant for you so you don't need to set it up. A tenant is representative of an organization. It is a dedicated instance of the Azure AD service that an organization receives and owns when it signs up for a Microsoft cloud service such as Azure, Microsoft Intune, or Office 365. We've also pre-populated the tenant with fictitious Student Information System (SIS) data so you can work with this as you follow the guide.
-3. [Go through Intune for Education express configuration](#task3)
-> [!NOTE]
-> It may take some time before some apps are pushed down to your device from Intune for Education. Check again later if you don't see some of the apps you provisioned for the user.
-4. [Buy an app from Microsoft Store for Education and deploy it to devices in your tenant](#task4)
-5. [Add new folders to all devices in your tenant](#task5)
 
-> [!NOTE]
+If you run into any problems while following the steps in this guide, or you have questions about Trial in a Box or Microsoft Education, see [Microsoft Education Trial in a Box Support](support-options.md).
-> To get the most out of Microsoft Education, we've pre-configured your tenant for you so you don't need to set it up. We've also pre-populated the tenant with fictitious Student Information System (SIS) data so you can work with this as you follow the guide.
 
-If you run into any problems while following the steps in this guide, or you have questions about Microsoft Education, see [Microsoft Education support](support-options.md).
+</br>
+<!-- hiding placeholder
+<center><iframe width="560" height="315" src="https://aka.ms/EDU-IT-Admin-Setup" frameborder="3" allow="autoplay; encrypted-media" allowfullscreen></iframe></center>
+-->
 
-## <a name="task1"></a>1. Log in
+</br>
+
+![Log in to Device A](images/admin-TIB-setp-1-jump.png) 
+## <a name="it-task1"></a>1. Log in to Device A with your IT Admin credentials and connect to the school network
 To try out the IT admin tasks, start by logging in as an IT admin.
 
-1. If you're logged in to **Device A** with the teacher account, log off.
+1. Log in to **Device A** using the **Administrator Username** and **Administrator Password** included in the **Credentials Sheet** located in your kit.
-2. Use the IT admin credentials included in your Trial in a Box to log in to the device.
+2. Connect to your school's Wi-Fi network or connect with a local Ethernet connection.
+3. Note the serial numbers on the Trial in a Box devices and register both devices with the hardware manufacturer to activate the manufacturer's warranty.
 
-## <a name="task2"></a>2. Configure a new device with Set up School PCs
+</br>
-Quickly set up **Device B** using the **Set up School PCs** app. A PC that's been set up using the app is tailored to provide students with the tools they need for learning while removing apps and features that they don't need.
+
+![Configure Device B with Set up School PCs](images/admin-TIB-setp-2-jump.png) 
+## <a name="it-task2"></a>2. Configure Device B with Set up School PCs
+Now you're ready to learn how to configure a brand new device. You will start on **Device A** by downloading and running the Set up School PCs app. Then, you will configure **Device B**.
 
 If you've previously used Set up School PCs to provision student devices, you can follow the instructions in this section to quickly configure **Device B**. Otherwise, we recommend you follow the instructions in [Use the Set up School PCs app](https://docs.microsoft.com/en-us/education/windows/use-set-up-school-pcs-app) for more detailed information, including tips for successfully running Set up School PCs.
 
 ### Download, install, and get ready
 
-1. Download the latest <a href="https://educationstore.microsoft.com/en-us/store/details/set-up-school-pcs/9nblggh4ls40" target="_blank">Set up School PCs app from the Microsoft Store for Education</a>. 
+1. From the **Start** menu, find and then click **Microsoft Store** to launch the Store.
-2. Install the app on the Trial in a Box **Device A**, or install the app on your work PC.
+
-3. Make sure you're connected to your school's network.
+    ![Microsoft Store from the Start menu](images/start_microsoft_store.png)
+
+2. Search for the **Set up School PCs** app.
+
+    ![Set up School PCs on Microsoft Store](images/microsoft_store_suspc_install.png)
+
+3. Click **Install**.
 
 ### Create the provisioning package
 
@@ -63,27 +80,19 @@ If you've previously used Set up School PCs to provision student devices, you ca
 4. In **Let's get you signed in**, choose your Trial in a Box admin account. If you don't see it on the list, follow these steps:
     1. Select **Work or school account > Use another account** and then enter your Trial in a Box admin account email and password. 
     2. Click **Accept**.
-5. Follow the instructions in the app to select your school's wireless network, or add one manually. 
 
-    > [!NOTE]
+5. Add a short name that Set up School PCs will use as a prefix to identify and easily manage the group of devices, apps, and other settings through Intune for Education.
-    > For Trial in a Box, we recommend plugging in an Ethernet or wired connection to your device.
-
-6. Add a short name that Set up School PCs will use as a prefix to identify and easily manage the group of devices, apps, and other settings through Intune for Education.
   
     > [!NOTE]  
     > The name must be five (5) characters or less. Set up School PCs automatically appends `_%SERIAL%` to the prefix that you specify. `_%SERIAL%` ensures that all device names are unique. For example, if you add *Math4* as the prefix, the device names will be *Math4* followed by a random string of letters and numbers. 
 
-7. In **Configure student PC settings**, you can specify other settings for the student PC.
+6. In **Configure student PC settings**, you can specify other settings for the student PC.
 
-    We recommend these settings:
+    We recommend checking the highlighted settings below:
 
-    ![Configure student PC settings](images/suspc_configure_pcsettings2.png)
+    ![Configure student PC settings](images/suspc_configure_pcsettings_selected.png)
-
-  - **Remove apps pre-installed by the device manufacturer** installs only the base Windows 10 image.
-
-      > [!NOTE]  
-      > Don't select this option. This will reset the machine and the provisioning process will take longer (about 30 minutes).
 
+  - **Remove apps pre-installed by the device manufacturer** - If you select this option, this will reset the machine and the provisioning process will take longer (about 30 minutes).
   - **Allow local storage (not recommended for shared devices)** lets students save files to the **Desktop** and **Documents** folder on the student PC.
   - **Optimize device for a single student, instead of a shared cart or lab** optimizes the device for use by a single student (1:1). 
     - Set up School PCs will change some account management logic so that it sets the expiration time for an account to 180 days (without requiring sign-in). 
@@ -92,7 +101,7 @@ If you've previously used Set up School PCs to provision student devices, you ca
   - **Enable Windows 10 Automatic Redeployment** enables IT admins to quickly remove personal files, apps, and settings, and reset Windows 10 devices from the lock screen any time and apply original settings and management enrollment the student PC is returned to a fully configured or known approved state. For more info, see [Windows Automatic Redeployment](https://docs.microsoft.com/en-us/education/windows/windows-automatic-redeployment).
   - **Lock screen background** shows the default backgroudn used for student PCs provisioned by Set up School PCs. Select **Browse** to change the default.
 
-8. **Set up the Take a Test app** configures the device for taking quizzes and high-stakes assessments by some providers like Smarter Balanced. Windows will lock down the student PC so that students can't access anything else while taking the test.
+7. **Set up the Take a Test app** configures the device for taking quizzes and high-stakes assessments by some providers like Smarter Balanced. Windows will lock down the student PC so that students can't access anything else while taking the test.
 
     ![Configure the Take a Test app](images/suspc_takeatest.png)
 
@@ -104,36 +113,37 @@ If you've previously used Set up School PCs to provision student devices, you ca
 
   3. Enter the assessment URL. 
 
-9. **Add recommended apps** lets you choose from a set of recommended Microsoft Store apps to provision. The recommended apps include the following:
+8. **Add recommended apps** lets you choose from a set of recommended Microsoft Store apps to provision. 
-  * **Office 365 for Windows 10 S (Education Preview)** - This is perfect for the Trial in a Box PCs. If you try to install this app on other editions of Windows 10, setup will fail.
+
+    ![Recommended apps in Set up School PCs package configuration](images/suspc_configure_recommended_apps.png)
+
+    The recommended apps include the following:
+    * **Office 365 for Windows 10 S (Education Preview)** - This is optional, but works well for the Trial in a Box PCs. If you try to install this app on other editions of Windows 10, setup will fail. Also note that if you select **Office 365 for Windows 10 S (Education Preview)**, it will take about 30-45 minutes longer for Set up School PCs to create the provisioning package as the app downloads Office 365 for Windows 10 S (Education Preview) from the Microsoft Store.
     * **Minecraft: Education Edition** - Don't select this. This is already provisioned as part of your tenant.
     * **Other apps fit for the classroom** - Optional. Choose other recommended apps to install on the PC.
 
-10. **Review package summary**. 
+9. **Review package summary**. 
 
     To change any of the settings, select the page or section (such as **Sign-in** or **Settings**) to go back to that page and make your changes.
 
     ![Select the section or page name to make a change](images/suspc_review_summary.png)
 
-11. Accept the summary and then insert a USB drive in **Device A**. Use the USB drive that came in the Trial in a Box accessories box to save the provisioning package.
+10. Accept the summary and then insert a USB drive in **Device A**. Use the USB drive that came in the Trial in a Box accessories box to save the provisioning package.
-12. Select the drive and then **Save** to create the provisioning package. 
+11. Select the drive and then **Save** to create the provisioning package. 
 
     The provisioning package on your USB drive will be named SetUpSchoolPCs_*ABCDE* (Expires *MM-DD-YYYY*).ppkg, where *ABCDE* is the device name you added (if any), and *MM-DD-YYYY* is the month, day, and year when the package will expire.
     
     > [!NOTE]
-    > If you selected **Office 365 for Windows 10 S (Education Preview)**, it will take longer for Set up School PCs to create the provisioning package. During this time, you can jump ahead to task 3, [Intune for Education express configuration](#task3), and then finish the rest of task 2 afterwards.
+    > If you selected **Office 365 for Windows 10 S (Education Preview)**, this step will take about 30-45 minutes. You can jump ahead to task 3, [Express configure Intune for Education to manage devices, users, and policies](#task3), and then finish the rest of task 2 afterwards.
 
-13. Follow the instructions in the **Get the student PCs ready** page to start setting up **Device B**. 
+12. Follow the instructions in the **Get the student PCs ready** page to start setting up **Device B**. 
-14. Follow the instructions in the **Install the package** page to apply the provisioning package to **Device B**. For more guidance, you can follow the steps in [Apply the provisioning package](#apply-the-provisioning-package).
+13. Follow the instructions in the **Install the package** page to apply the provisioning package to **Device B**. For more guidance, you can follow the steps in [Apply the provisioning package](#apply-the-provisioning-package).
 
     Select **Create new package** if you need to create a new provisioning package. Otherwise, remove the USB drive.
 
 ### Apply the provisioning package
 A provisioning package is a method for applying settings to Windows 10 without needing to reimage the device. 
 
-> [!NOTE]
-> We recommend connecting **Device B** to an Ethernet or wired connection for the best provisioning experience.
-
 **Set up Device B using the Set up School PCs provisioning package**
 
 1. Start with **Device B** turned off or with the PC on the first-run setup screen. In Windows 10 S Fall Creators Update, the first-run setup screen says **Let's start with region. Is this right?**. 
@@ -149,7 +159,10 @@ A provisioning package is a method for applying settings to Windows 10 without n
 
 You can complete the rest of the IT admin tasks using **Device A**.
 
-## <a name="task3"></a>3. Go through Intune for Education express configuration
+</br>
+
+![Express configure Intune for Education](images/admin-TIB-setp-3-jump.png) 
+## <a name="it-task3"></a>3. Express configure Intune for Education to manage devices, users, and policies
 Intune for Education provides an **Express configuration** option so you can get going right away. We'll use that option here.
 
 1. Log into the <a href="https://intuneeducation.portal.azure.com/" target="_blank">Intune for Education console</a>. 
@@ -177,7 +190,10 @@ Intune for Education provides an **Express configuration** option so you can get
 8. Click **Next** and review the list of apps and settings you selected to apply.
 9. Click **Save** and then click **All done** to go back to the dashboard.
 
-## <a name="task4"></a>4. Buy and deploy apps
+</br>
+
+![Find apps from the Microsoft Store for Education](images/admin-TIB-setp-4-jump.png) 
+## <a name="it-task4"></a>4. Find apps from the Microsoft Store for Education and deploy them to managed devices in your tenant
 The Microsoft Store for Education is where you can shop for more apps for your school.
 
 1. In Intune for Education, select **Apps**. 
@@ -208,7 +224,10 @@ The Microsoft Store for Education is where you can shop for more apps for your s
     > [!NOTE]  
     > Sync happens automatically, but it may take up to 36 hours for your organization's private store and 12 hours for Intune for Education to sync all your purchased apps.
 
-## <a name="task5"></a>5. Add new folders to all devices in your tenant
+</br>
+
+![Create custom folders that appear on managed devices](images/admin-TIB-setp-5-jump.png) 
+## <a name="it-task5"></a>5. Create custom folders that will appear on each managed device's Start menu
 Update settings for all devices in your tenant by adding the **Documents** and **Downloads** folders to all devices managed in Intune for Education.
 
 1. Go to the <a href="https://intuneeducation.portal.azure.com/" target="_blank">Intune for Education console</a>.
@@ -219,12 +238,19 @@ Update settings for all devices in your tenant by adding the **Documents** and *
 
 4. **Save** your changes.
 
-## <a name="othertasks"></a>Other tasks
+## <a name="othertasks"></a>Verify correct device setup and other IT admin tasks
-Looking for other IT admin tasks to try? 
+Follow these instructions to confirm if you configured your tenant correctly and the right apps and settings were applied to all users or devices on your tenant:
+
 * [Verify correct device setup](https://docs.microsoft.com/en-us/education/get-started/finish-setup-and-other-tasks#verify-correct-device-setup) 
+
     1. Confirm that the apps you bought from the Microsoft Store for Education appear in the Windows Start screen's **Recently added** section.
+
+        > [!NOTE]
+        > It may take some time before the apps appear on your devices. When you select **Start**, some apps may show up under **Recently added** while others may say that **Add is in progress**. Sync happens automatically, but it may take up to 24 hours for your organization's private store and 12 hours for Intune for Education to sync all your purchased apps down to your devices. 
+
     2. Confirm that the folders you added, if you chose to customize the Windows interface from Intune for Education, appear in the Start menu.
     3. If you added **Office 365 for Windows 10 S (Education Preview)** to the package and provisioned **Device B** with it, you need to click on one of the Office apps in the **Start** menu to complete app registration. 
+
 * [Verify the device is Azure AD joined](https://docs.microsoft.com/en-us/education/get-started/finish-setup-and-other-tasks#verify-the-device-is-azure-ad-joined) - Confirm that your devices are being managed in Intune for Education.
 * [Add more users](https://docs.microsoft.com/en-us/education/get-started/finish-setup-and-other-tasks#add-more-users) - Go to the Office 365 admin center to add more users.
 * Get app updates (including updates for Office 365 for Windows 10 S)
@@ -233,6 +259,8 @@ Looking for other IT admin tasks to try?
     3. In the **Downloads and updates** page, click **Get updates**.
 * [Try the BYOD scenario](https://docs.microsoft.com/en-us/education/get-started/finish-setup-and-other-tasks#connect-other-devices-to-your-cloud-infrastructure) 
 
+
 ## Get more info
-[Microsoft Education documentation and resources](https://docs.microsoft.com/education/)
+* Learn more at <a href="https://www.microsoft.com/education" target="_blank">microsoft.com/education</a>
-[Microsoft Education Trial in a Box](index.md)
+* Find out if your school is eligible for a device trial at <a href="https://aka.ms/EDUTrialInABox" target="_blank">aka.ms/EDUTrialInABox</a>
+* <a href="https://www.microsoft.com/en-us/education/devices/default.aspx" target="_blank">Buy Windows 10 devices</a>

education/trial-in-a-box/support-options.md

@@ -1,5 +1,5 @@
 ---
-title: Microsoft Education Trial in a Box support
+title: Microsoft Education Trial in a Box Support
 description: Need help or have a question about using Microsoft Education Trial in a Box? Start here. 
 keywords: support, troubleshooting, education, Microsoft 365 Education, full cloud IT solution, school, deploy, setup, manage, Windows 10, Intune for Education, Office 365 for Education, Microsoft Store for Education, Set up School PCs
 ms.prod: w10
@@ -14,13 +14,10 @@ ms.author: celested
 ms.date: 12/11/2017
 ---
 
-# Microsoft Education Trial in a Box support
+# Microsoft Education Trial in a Box Support
 Need help or have a question about using Microsoft Education? Start here.
 
-## Troubleshooting tips
+## 1. Confirm your admin contact information is current
-
-### Update your admin contact info
-Update your admin contact info in the Office 365 admin center to help recover your account if you lose access.
 
 1. Go to the <a href="https://portal.office.com/adminportal/home" target="_blank">Office 365 admin center</a> and sign in with your Office 365 admin credentials.
 2. In the admin center dashboard, select your profile on the upper righthand corner and select **My account** from the options.
@@ -31,25 +28,15 @@ Update your admin contact info in the Office 365 admin center to help recover yo
 
   ![Complete your contact details](images/o365_adminaccountinfo.png)
 
-### Recover your password
+4. Click **Save**.
-Forget your password? Follow these steps to recover it.
 
-1. Go to <a href="https://portal.office.com/" target="_blank">https://portal.office.com</a>
+## 2. Request a call back
-2. Select **Can't access your account** and follow the prompts to get back into your account.
 
-  ![Recover your account](images/officeportal_cantaccessaccount.png)
+1. Click the **Need help?** button in the lower right-hand corner of the Office 365 console.
-
-## Microsoft Education support
-When you need help setting up your device or have a question about using Microsoft Education, follow these steps.
-
-1. Go to the <a href="https://portal.office.com/adminportal/home" target="_blank">Office 365 admin center</a> and sign in with your Office 365 admin credentials.
-2. Select **Need help?** at the bottom of the page.
 
   ![Select Need help to get support](images/o365_needhelp.png)
 
-3. Choose how you want to get help.
+  You will see a sidebar window open up on the right-hand side of the screen.
-  * To see available solutions or answers to your question, type your question in the **Need help?** field and select **Get help** to see a list of available solutions including articles.
-  * To talk directly to a support representative, in **Let us call you**, enter the phone number where you can be reached. This section also shows you the expected wait time.
 
   ![Option to have a support representative call you](images/o365_needhelp_callingoption.png)
 
@@ -57,5 +44,23 @@ When you need help setting up your device or have a question about using Microso
 
   ![Track your support tickets](images/o365_needhelp_supporttickets.png)
 
+2. Click the **question button** ![Question button](images/o365_needhelp_questionbutton.png) in the top navigation of the sidebar window.
+3. In the field below **Need help?**, enter a description of your help request.
+4. Click the **Get help button**.
+5. In the **Let us call you** section, enter a phone number where you can be reached.
+6. Click the **Call me** button.
+7. A Microsoft Education support representative will call you back.
+
+## Forgot your password?
+Forget your password? Follow these steps to recover it.
+
+1. Go to <a href="https://portal.office.com/" target="_blank">https://portal.office.com</a>
+2. Select **Can't access your account** and follow the prompts to get back into your account.
+
+  ![Recover your account](images/officeportal_cantaccessaccount.png)
+
+
+
+
 ## Get more info
 [Microsoft Education Trial in a Box](index.md)

windows/access-protection/credential-guard/credential-guard-manage.md

@@ -7,7 +7,7 @@ ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: high
 author: brianlic-msft
-ms.date: 08/17/2017
+ms.date: 01/12/2018
 ---
 
 # Manage Windows Defender Credential Guard
@@ -123,9 +123,9 @@ DG_Readiness_Tool_v3.2.ps1 -Ready
 
 > [!NOTE]
 
-For client machines that are running Windows 10 1703, LSAIso is running whenever Virtualization based security is enabled for other features.
+For client machines that are running Windows 10 1703, LsaIso.exe is running whenever virtualization-based security is enabled for other features.
 
--   If Windows Defender Credential Guard is enabled on a device after it's joined to a domain, the user and device secrets may already be compromised. We recommend that Windows Defender Credential Guard should be enabled before the PC is joined to a domain.
+-   We recommend enabling Windows Defender Credential Guard before a device is joined to a domain. If Windows Defender Credential Guard is enabled after domain join, the user and device secrets may already be compromised. In other words, enabling Credential Guard will not help to secure a device or identity that has already been compromised, which is why we recommend turning on Credential Guard as early as possible.  
 
 -   You should perform regular reviews of the PCs that have Windows Defender Credential Guard enabled. This can be done with security audit policies or WMI queries. Here's a list of WinInit event IDs to look for:
     -   **Event ID 13** Windows Defender Credential Guard (LsaIso.exe) was started and will protect LSA credentials.

windows/access-protection/credential-guard/credential-guard-requirements.md

@@ -7,7 +7,7 @@ ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: high
 author: brianlic-msft
-ms.date: 08/17/2017
+ms.date: 01/12/2018
 ---
 
 # Windows Defender Credential Guard: Requirements
@@ -73,6 +73,8 @@ Applications will prompt and expose credentials to risk if they require:
 
 Applications may cause performance issues when they attempt to hook the isolated Windows Defender Credential Guard process. 
 
+Services or protocols that rely on Kerberos, such as file shares, remote desktop, or BranchCache, continue to work and are not affected by Windows Defender Credential Guard. 
+
 See this video: [Credentials Protected by Windows Defender Credential Guard](https://mva.microsoft.com/en-us/training-courses/deep-dive-into-credential-guard-16651?l=pdc37LJyC_1204300474)
 
 

windows/access-protection/remote-credential-guard.md

@@ -6,7 +6,7 @@ ms.mktglfcycl: explore
 ms.sitesec: library
 ms.pagetype: security
 author: brianlic-msft
-ms.date: 08/28/2017
+ms.date: 01/12/2018
 ---
 #  Protect Remote Desktop credentials with Windows Defender Remote Credential Guard
 
@@ -162,7 +162,7 @@ mstsc.exe /remoteGuard
 
 - Windows Defender Remote Credential Guard does not support compound authentication. For example, if you’re trying to access a file server from a remote host that requires a device claim, access will be denied.
 
-- Windows Defender Remote Credential Guard cannot be used to connect to a device that is not domain-joined to Active Directory, for example, remote hosts joined to Azure Active Directory. 
+- Windows Defender Remote Credential Guard can be used only when connecting to a device that is joined to a Windows Server Active Directory domain, including AD domain-joined servers that run as Azure virtual machines (VMs). Windows Defender Remote Credential Guard cannot be used when connecting to remote devices joined to Azure Active Directory. 
 
 - Remote Desktop Credential Guard only works with the RDP protocol.
 

windows/application-management/manage-windows-mixed-reality.md

@@ -25,9 +25,9 @@ Windows 10, version 1709 (also known as the Fall Creators Update), introduces [W
 
 To enable users to download the Windows Mixed Reality software, enterprises using WSUS can approve Windows Mixed Reality package by unblocking the following KBs:
   
-- KB4016509
+- KB4016509: FeatureOnDemandOasis - Windows 10 version 1703 for x64-based Systems
-- KB3180030
+- KB3180030: language packs
-- KB3197985
+- KB3197985: language packs
  
 Enterprises devices running Windows 10, version 1709, will not be able to install Windows Mixed Reality Feature on Demand (FOD) directly from WSUS. Instead, use one of the following options to install Windows Mixed Reality software:
 

windows/client-management/mdm/azure-ad-and-microsoft-intune-automatic-mdm-enrollment-in-the-new-portal.md

@@ -0,0 +1,11 @@
+# Azure AD and Microsoft Intune: Automatic MDM enrollment in the new Portal 
+
+Go to your Azure AD Blade, select the Mobility (MDM and MAM) and there should be the Microsoft Intune "App" Visible, select the Microsoft Intune and configure the Blade 
+
+![How to get to the Blade](images/azure-mdm-intune.png) 
+
+Configure the Blade                                                                      
+
+![Configure the Blade](images/azure-intune-configure-scope.png) 
+
+Select all for allow all users to enroll a Device and make it Intune ready, or Some, then you can add a Group of Users. 

windows/client-management/mdm/cm-cellularentries-csp.md

@@ -192,6 +192,7 @@ The following diagram shows the CM\_CellularEntries configuration service provid
 -   Purchase - 95522B2B-A6D1-4E40-960B-05E6D3F962AB  
 -   Administrative - 2FFD9261-C23C-4D27-8DCF-CDE4E14A3364  
 -   Application - 52D7654A-00A8-4140-806C-087D66705306
+-   eSIM provisioning - A36E171F-2377-4965-88FE-1F53EB4B47C0
 
 ## Additional information
 

windows/client-management/mdm/configuration-service-provider-reference.md

@@ -2442,7 +2442,7 @@ You can download the DDF files for various CSPs from the links below:
 The following list shows the configuration service providers supported in Windows Holographic editions.
 
 | Configuration service provider        | Windows Holographic edition      | Windows Holographic for Business edition |
-|-------------------------------------------------------------------------------------------------------|-------------------------------------|-------------------------------------------|
+|--------|--------|------------|
 | [Application CSP](application-csp.md)   | ![check mark](images/checkmark.png) | ![check mark](images/checkmark.png)       |
 | [AppLocker CSP](applocker-csp.md)      | ![cross mark](images/crossmark.png) | ![check mark](images/checkmark.png)       |
 | [CertificateStore CSP](certificatestore-csp.md)    | ![check mark](images/checkmark.png) | ![check mark](images/checkmark.png)|
@@ -2456,6 +2456,7 @@ The following list shows the configuration service providers supported in Window
 | [DMClient CSP](dmclient-csp.md)    | ![check mark](images/checkmark.png) | ![check mark](images/checkmark.png)       |
 | [EnterpriseModernAppManagement CSP](enterprisemodernappmanagement-csp.md) | ![cross mark](images/crossmark.png) | ![check mark](images/checkmark.png)       |
 | [NodeCache CSP](nodecache-csp.md)  | ![check mark](images/checkmark.png) | ![check mark](images/checkmark.png)       |
+[PassportForWork CSP](passportforwork-csp.md) | ![cross mark](images/crossmark.png) | ![check mark](images/checkmark.png) |
 | [Policy CSP](policy-configuration-service-provider.md)    | ![cross mark](images/crossmark.png) | ![check mark](images/checkmark.png)       |
 | [RootCATrustedCertificates CSP](rootcacertificates-csp.md)   | ![cross mark](images/crossmark.png) | ![check mark](images/checkmark.png)       |
 | [Update CSP](update-csp.md)     | ![cross mark](images/crossmark.png) | ![check mark](images/checkmark.png)       |

windows/client-management/mdm/mdm-enrollment-of-windows-devices.md

@@ -112,7 +112,7 @@ All Windows devices can be connected to an Azure AD domain. These devices can be
 
     If the tenant is a cloud-only tenant, this page will change to show the organization's custom branding, and you will be able to enter your password directly on this page. If the tenant is part of a federated domain, you will be redirected to the organization's on-premises federation server, such as Active Directory Federation Services (AD FS) for authentication.
 
-    Based on IT policy, you may also be prompted to provide a second factor of authentication at this point. If your Azure AD tenant has auto-enrollment configured, your device will also be enrolled into MDM during this flow. For more information, see [this blog post](https://blogs.technet.microsoft.com/enterprisemobility/2015/08/14/windows-10-azure-ad-and-microsoft-intune-automatic-mdm-enrollment-powered-by-the-cloud/). If your tenant is not configured for auto-enrollment, you will have to go through the enrollment flow a second time to connect your device to MDM. After you complete the flow, your device will be connected to your organization’s Azure AD domain.
+    Based on IT policy, you may also be prompted to provide a second factor of authentication at this point. If your Azure AD tenant has auto-enrollment configured, your device will also be enrolled into MDM during this flow. For more information, see [these steps](azure-ad-and-microsoft-intune-automatic-mdm-enrollment-in-the-new-portal.md). If your tenant is not configured for auto-enrollment, you will have to go through the enrollment flow a second time to connect your device to MDM. After you complete the flow, your device will be connected to your organization’s Azure AD domain.
 
     ![azure ad signin](images/unifiedenrollment-rs1-13.png)
 

windows/client-management/mdm/mobile-device-enrollment.md

@@ -82,7 +82,7 @@ Value: DisableRegistration
 The following scenarios do not allow MDM enrollments:
 
 -   Built-in administrator accounts on Windows desktop cannot enroll into MDM.
--   Prior to Windows 10, version 1709, standard users on Windows desktop cannot enroll into MDM via the Work access page in **Settings**. Only admin users can enroll. To enroll a standard user into MDM, we recommend using a provisioning package or joining the device to Azure AD from **Settings** -> **System** -> **About**. Starting in Windows 10, version 1709, standard users can enroll in MDM.
+-   Standard users cannot enroll in MDM. Only admin users can enroll.
 -   Windows 8.1 devices enrolled into MDM via enroll-on-behalf-of (EOBO) can upgrade to Windows 10, but the enrollment is not supported. We recommend performing a server initiated unenroll to remove these enrollments and then enrolling after the upgrade to Windows 10 is completed.
 
 ## Enrollment migration

windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md

@@ -10,7 +10,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 01/08/2018
+ms.date: 01/12/2018
 ---
 
 # What's new in MDM enrollment and management
@@ -1037,6 +1037,7 @@ For details about Microsoft mobile device management protocols for Windows 10 s
 <li>DeviceGuard/EnableVirtualizationBasedSecurity</li>
 <li>DeviceGuard/RequirePlatformSecurityFeatures</li>
 <li>DeviceGuard/LsaCfgFlags</li>
+<li>DeviceLock/MinimumPasswordAge</li>
 <li>ExploitGuard/ExploitProtectionSettings</li>
 <li>Games/AllowAdvancedGamingServices</li>
 <li>Handwriting/PanelDefaultModeDocked</li>
@@ -1085,8 +1086,10 @@ For details about Microsoft mobile device management protocols for Windows 10 s
 <li>Education/PrinterNames</li>
 <li>Search/AllowCloudSearch</li>
 <li>Security/ClearTPMIfNotReady</li>
+<li>Settings/AllowOnlineTips</li>
 <li>Start/HidePeopleBar</li>
 <li>Storage/AllowDiskHealthModelUpdates</li>
+<li>System/DisableEnterpriseAuthProxy </li>
 <li>System/LimitEnhancedDiagnosticDataWindowsAnalytics</li>
 <li>Update/AllowAutoWindowsUpdateDownloadOverMeteredNetwork</li>
 <li>Update/DisableDualScan</li>
@@ -1402,6 +1405,7 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
 <ul>
 <li>AccountPoliciesAccountLockoutPolicy/AccountLockoutDuration</li>
 <li>AccountPoliciesAccountLockoutPolicy/AccountLockoutThreshold</li>
+<li>Browser/AlwaysEnableBooksLibrary</li>
 <li>Browser/EnableExtendedBooksTelemetry</li>
 <li>Browser/UseSharedFolderForBooks</li>
 <li>AccountPoliciesAccountLockoutPolicy/ResetAccountLockoutCounterAfter</li>
@@ -1452,6 +1456,7 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
 <li>LocalPoliciesSecurityOptions/UserAccountControl_UseAdminApprovalMode</li> 
 <li>Search/AllowCortanaInAAD</li>
 <li>Search/DoNotUseWebResults</li>
+<li>Security/ConfigureWindowsPasswords</li>
 <li>SystemServices/ConfigureHomeGroupListenerServiceStartupMode</li>
 <li>SystemServices/ConfigureHomeGroupProviderServiceStartupMode</li>
 <li>SystemServices/ConfigureXboxAccessoryManagementServiceStartupMode</li>
@@ -1460,6 +1465,7 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
 <li>SystemServices/ConfigureXboxLiveNetworkingServiceStartupMode</li>
 <li>TaskScheduler/EnableXboxGameSaveTask</li>
 <li>TextInput/EnableTouchKeyboardAutoInvokeInDesktopMode</li>
+<li>Update/ConfigureFeatureUpdateUninstallPeriod</li>
 <li>UserRights/AccessCredentialManagerAsTrustedCaller</li>
 <li>UserRights/AccessFromNetwork</li>
 <li>UserRights/ActAsPartOfTheOperatingSystem</li> 
@@ -1495,6 +1501,12 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
 <li>WindowsDefenderSecurityCenter/HideSecureBoot</li>
 <li>WindowsDefenderSecurityCenter/HideTPMTroubleshooting</li> 
 </ul>
+<p>Added the following policies the were added in Windows 10, version 1709</p>
+<ul>
+<li>DeviceLock/MinimumPasswordAge</li>
+<li>Settings/AllowOnlineTips</li>
+<li>System/DisableEnterpriseAuthProxy </li>
+</ul>
 </tbody>
 </table>
 

windows/client-management/mdm/passportforwork-csp.md

@@ -54,6 +54,7 @@ The following diagram shows the PassportForWork configuration service provider i
 
 <a href="" id="tenantid-policies-excludesecuritydevices--only-for---device-vendor-msft-"></a>***TenantId*/Policies/ExcludeSecurityDevices** (only for ./Device/Vendor/MSFT)  
 <p style="margin-left: 20px">Added in Windows 10, version 1703. Root node for excluded security devices.
+<p style="margin-left: 20px">*Not supported on Windows Holographic and Windows Holographic for Business.*
 
 <a href="" id="tenantid-policies-excludesecuritydevices-tpm12--only-for---device-vendor-msft-"></a>***TenantId*/Policies/ExcludeSecurityDevices/TPM12** (only for ./Device/Vendor/MSFT)  
 <p style="margin-left: 20px">Added in Windows 10, version 1703. Some Trusted Platform Modules (TPMs) are compliant only with the older 1.2 revision of the TPM specification defined by the Trusted Computing Group (TCG).
@@ -178,27 +179,37 @@ This cloud service encrypts a recovery secret, which is stored locally on the cl
 
 <a href="" id="tenantid-policies-remote--only-for---device-vendor-msft-"></a>***TenantId*/Policies/Remote** (only for ./Device/Vendor/MSFT)  
 <p style="margin-left: 20px">Interior node for defining remote Windows Hello for Business policies. This node was added in Windows 10, version 1511.
+<p style="margin-left: 20px">*Not supported on Windows Holographic and Windows Holographic for Business.*
 
 <a href="" id="tenantid-policies-remote-useremotepassport--only-for---device-vendor-msft-"></a>***TenantId*/Policies/Remote/UseRemotePassport** (only for ./Device/Vendor/MSFT)  
 <p style="margin-left: 20px">Boolean value used to enable or disable the use of remote Windows Hello for Business. Remote Windows Hello for Business provides the ability for a portable, registered device to be usable as a companion device for desktop authentication. Remote Windows Hello for Business requires that the desktop be Azure AD joined and that the companion device has a Windows Hello for Business PIN. This node was added in Windows 10, version 1511.
 
 <p style="margin-left: 20px">Default value is false. If you set this policy to true, Remote Windows Hello for Business will be enabled and a portable, registered device can be used as a companion device for desktop authentication. If you set this policy to false, Remote Windows Hello for Business will be disabled.
 
+
+
 <p style="margin-left: 20px">Supported operations are Add, Get, Delete, and Replace.
 
+<p style="margin-left: 20px">*Not supported on Windows Holographic and Windows Holographic for Business.*
+
 <a href="" id="usebiometrics"></a>**UseBiometrics**  
 <p style="margin-left: 20px">This node is deprecated. Use **Biometrics/UseBiometrics** node instead.
 
 <a href="" id="biometrics--only-for---device-vendor-msft-"></a>**Biometrics** (only for ./Device/Vendor/MSFT)  
 <p style="margin-left: 20px">Node for defining biometric settings. This node was added in Windows 10, version 1511.
+<p style="margin-left: 20px">*Not supported on Windows Holographic and Windows Holographic for Business.*
 
 <a href="" id="biometrics-usebiometrics--only-for---device-vendor-msft-"></a>**Biometrics/UseBiometrics** (only for ./Device/Vendor/MSFT)  
 <p style="margin-left: 20px">Boolean value used to enable or disable the use of biometric gestures, such as face and fingerprint, as an alternative to the PIN gesture for Windows Hello for Business. Users must still configure a PIN if they configure biometric gestures to use in case of failures. This node was added in Windows 10, version 1511.
 
 <p style="margin-left: 20px">Default value is false. If you set this policy to true, biometric gestures are enabled for use with Windows Hello for Business. If you set this policy to false, biometric gestures are disabled for use with Windows Hello for Business.
 
+
+
 <p style="margin-left: 20px">Supported operations are Add, Get, Delete, and Replace.
 
+<p style="margin-left: 20px">*Not supported on Windows Holographic and Windows Holographic for Business.*
+
 <a href="" id="biometrics-facialfeaturesuseenhancedantispoofing--only-for---device-vendor-msft-"></a>**Biometrics/FacialFeaturesUseEnhancedAntiSpoofing** (only for ./Device/Vendor/MSFT)  
 <p style="margin-left: 20px">Boolean value used to enable or disable enhanced anti-spoofing for facial feature recognition on Windows Hello face authentication. This node was added in Windows 10, version 1511.
 
@@ -208,8 +219,12 @@ This cloud service encrypts a recovery secret, which is stored locally on the cl
 
 <p style="margin-left: 20px">Note that enhanced anti-spoofing for Windows Hello face authentication is not required on unmanaged devices.
 
+
+
 <p style="margin-left: 20px">Supported operations are Add, Get, Delete, and Replace.
 
+<p style="margin-left: 20px">*Not supported on Windows Holographic and Windows Holographic for Business.*
+
 ## Examples
 
 <p style="margin-left: 20px">Here's an example for setting Windows Hello for Business and setting the PIN policies. It also turns on the use of biometrics and TPM.

windows/client-management/mdm/policy-configuration-service-provider.md

@@ -7,7 +7,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 11/17/2017
+ms.date: 01/12/2018
 ---
 
 # Policy CSP
@@ -950,6 +950,9 @@ The following diagram shows the Policy configuration service provider in tree fo
   <dd>
     <a href="./policy-csp-devicelock.md#devicelock-mindevicepasswordlength" id="devicelock-mindevicepasswordlength">DeviceLock/MinDevicePasswordLength</a>
   </dd>
+  <dd>
+    <a href="./policy-csp-devicelock.md#devicelock-minimumpasswordage" id="devicelock-minimumpasswordage">DeviceLock/MinimumPasswordAge</a>
+  </dd>
   <dd>
     <a href="./policy-csp-devicelock.md#devicelock-preventlockscreenslideshow" id="devicelock-preventlockscreenslideshow">DeviceLock/PreventLockScreenSlideShow</a>
   </dd>
@@ -2550,6 +2553,9 @@ The following diagram shows the Policy configuration service provider in tree fo
   <dd>
     <a href="./policy-csp-security.md#security-cleartpmifnotready" id="security-cleartpmifnotready">Security/ClearTPMIfNotReady</a>
   </dd>
+  <dd>
+    <a href="#./policy-csp-security.mdsecurity-configurewindowspasswords" id="security.mdsecurity-configurewindowspasswords">Security/ConfigureWindowsPasswords</a>
+  </dd>
   <dd>
     <a href="./policy-csp-security.md#security-preventautomaticdeviceencryptionforazureadjoineddevices" id="security-preventautomaticdeviceencryptionforazureadjoineddevices">Security/PreventAutomaticDeviceEncryptionForAzureADJoinedDevices</a>
   </dd>
@@ -2582,6 +2588,9 @@ The following diagram shows the Policy configuration service provider in tree fo
   <dd>
     <a href="./policy-csp-settings.md#settings-allowlanguage" id="settings-allowlanguage">Settings/AllowLanguage</a>
   </dd>
+  <dd>
+    <a href="./policy-csp-settings.md#settings-allowonlinetips" id="settings-allowonlinetips">Settings/AllowOnlineTips</a>
+  </dd>
   <dd>
     <a href="./policy-csp-settings.md#settings-allowpowersleep" id="settings-allowpowersleep">Settings/AllowPowerSleep</a>
   </dd>
@@ -2903,6 +2912,9 @@ The following diagram shows the Policy configuration service provider in tree fo
   <dd>
     <a href="./policy-csp-update.md#update-branchreadinesslevel" id="update-branchreadinesslevel">Update/BranchReadinessLevel</a>
   </dd>
+  <dd>
+    <a href="./policy-csp-update.md#update-configurefeatureupdateuninstallperiod" id="update-configurefeatureupdateuninstallperiod">Update/ConfigureFeatureUpdateUninstallPeriod</a>
+  </dd>
   <dd>
     <a href="./policy-csp-update.md#update-deferfeatureupdatesperiodindays" id="update-deferfeatureupdatesperiodindays">Update/DeferFeatureUpdatesPeriodInDays</a>
   </dd>
@@ -3785,6 +3797,7 @@ The following diagram shows the Policy configuration service provider in tree fo
 -   [Privacy/PublishUserActivities](#privacy-publishuseractivities)  
 -   [Security/RequireProvisioningPackageSignature](#security-requireprovisioningpackagesignature)  
 -   [Security/RequireRetrieveHealthCertificateOnBoot](#security-requireretrievehealthcertificateonboot)  
+-   [Start/StartLayout](#start-startlayout)
 -   [System/AllowFontProviders](#system-allowfontproviders)  
 -   [System/AllowLocation](#system-allowlocation)  
 -   [System/AllowTelemetry](#system-allowtelemetry)  

windows/client-management/mdm/policy-csp-browser.md

@@ -1009,6 +1009,30 @@ The following list shows the supported values:
 <!--StartPolicy-->
 <a href="" id="browser-alwaysenablebookslibrary"></a>**Browser/AlwaysEnableBooksLibrary**  
 
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 
@@ -1022,14 +1046,14 @@ The following list shows the supported values:
 <!--StartDescription-->
 <p style="margin-left: 20px">
 
-<p style="margin-left: 20px">This is only a placeholder.
+<p style="margin-left: 20px">Added in Windows 10, next majot update. Always show the Books Library in Microsoft Edge
 
 <!--EndDescription-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
--   0 - TBD.
+-   0 (default) - Disable. Use default visibility of the Books Library. The Library will be only visible in countries or regions where it’s available.
--   1 - TBD.
+-   1 - Enable. Always show the Books Library, regardless of countries or region of activation.
 
 <!--/SupportedValues-->
 <!--EndPolicy-->
@@ -1242,14 +1266,16 @@ The following list shows the supported values:
 
 <!--EndScope-->
 <!--StartDescription-->
-This setting allows organizations to send extended telemetry on book usage from the Books Library.
+This policy setting lets you decide how much data to send to Microsoft about the book you're reading from the Books tab in Microsoft Edge.
+
+If you enable this setting, Microsoft Edge sends additional telemetry data, on top of the basic telemetry data, from the Books tab. If you disable or don't configure this setting, Microsoft Edge only sends basic telemetry data, depending on your device configuration.
 
 <!--EndDescription-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
--   0 (default) - Disable. Telemetry does not contain the ProductId in regular books telemetry events.
+-   0 (default) - Disable. No additional telemetry.
--   1 - Enable. Activating this setting allows Microsoft Edge to send the ProductId of Store books purchased from the Store through the telemetry for regular books telemetry events.
+-   1 - Enable. Additional telemetry for schools.
 
 
 <!--/SupportedValues-->

windows/client-management/mdm/policy-csp-deliveryoptimization.md

@@ -287,7 +287,7 @@ Added in Windows 10, next major update. This policy allows you to delay the use
 
 After the max delay has reached, the download will resume using HTTP, either downloading the entire payload or complementing the bytes that could not be downloaded from Peers.
 
-Value of 0 equals "unlimited" which means the download will not progress unless a peer source is found. Note that a download that is waiting for peer sources, will appear to be stuck for the end user.
+Note that a download that is waiting for peer sources, will appear to be stuck for the end user.
 
 The recommended value is 1 minute (60).
 
@@ -1049,46 +1049,8 @@ Note that downloads from LAN peers will not be throttled even when this policy i
 <!--StartPolicy-->
 <a href="" id="deliveryoptimization-dopercentagemaxdownloadbandwidth"></a>**DeliveryOptimization/DOPercentageMaxDownloadBandwidth**  
 
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>Mobile Enterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartScope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-<hr/>
-
-<!--EndScope-->
 <!--StartDescription-->
-> [!NOTE]
+This policy is deprecated. Use [DOPercentageMaxForeDownloadBandwidth](#deliveryoptimization-dopercentagemaxforedownloadbandwidth) and [DOPercentageMaxBackDownloadBandwidth](#deliveryoptimization-dopercentagemaxbackdownloadbandwidth) policies instead.
-> This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile.
-
- 
-<p style="margin-left: 20px">Added in Windows 10, version 1607. Specifies the maximum download bandwidth that Delivery Optimization uses across all concurrent download activities as a percentage of available download bandwidth.
-
-<p style="margin-left: 20px">The default value 0 (zero) means that Delivery Optimization dynamically adjusts to use the available bandwidth for downloads.
 
 <!--EndDescription-->
 <!--EndPolicy-->

windows/client-management/mdm/policy-csp-devicelock.md

@@ -6,11 +6,13 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 12/14/2017
+ms.date: 01/12/2018
 ---
 
 # Policy CSP - DeviceLock
 
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 
 
 <hr/>
@@ -61,6 +63,9 @@ ms.date: 12/14/2017
   <dd>
     <a href="#devicelock-mindevicepasswordlength">DeviceLock/MinDevicePasswordLength</a>
   </dd>
+  <dd>
+    <a href="#devicelock-minimumpasswordage">DeviceLock/MinimumPasswordAge</a>
+  </dd>
   <dd>
     <a href="#devicelock-preventlockscreenslideshow">DeviceLock/PreventLockScreenSlideShow</a>
   </dd>
@@ -115,7 +120,6 @@ ms.date: 12/14/2017
 > [!NOTE]
 > This policy must be wrapped in an Atomic command.
 
-
 <!--EndDescription-->
 <!--SupportedValues-->
 The following list shows the supported values:
@@ -918,6 +922,60 @@ The number of authentication failures allowed before the device will be wiped. A
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
+<a href="" id="devicelock-minimumpasswordage"></a>**DeviceLock/MinimumPasswordAge**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartScope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--EndScope-->
+<!--StartDescription-->
+This security setting determines the period of time (in days) that a password must be used before the user can change it. You can set a value between 1 and 998 days, or you can allow changes immediately by setting the number of days to 0.
+
+The minimum password age must be less than the Maximum password age, unless the maximum password age is set to 0, indicating that passwords will never expire. If the maximum password age is set to 0, the minimum password age can be set to any value between 0 and 998.
+
+Configure the minimum password age to be more than 0 if you want Enforce password history to be effective. Without a minimum password age, users can cycle through passwords repeatedly until they get to an old favorite. The default setting does not follow this recommendation, so that an administrator can specify a password for a user and then require the user to change the administrator-defined password when the user logs on. If the password history is set to 0, the user does not have to choose a new password. For this reason, Enforce password history is set to 1 by default.
+
+<!--EndDescription-->
+<!--SupportedValues-->
+
+<!--/SupportedValues-->
+<!--Example-->
+
+<!--/Example-->
+<!--Validation-->
+
+<!--/Validation-->
+<!--EndPolicy-->
+<hr/>
+<!--StartPolicy-->
 <a href="" id="devicelock-preventlockscreenslideshow"></a>**DeviceLock/PreventLockScreenSlideShow**  
 
 <!--StartSKU-->

windows/client-management/mdm/policy-csp-security.md

@@ -6,11 +6,13 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 12/14/2017
+ms.date: 01/16/2018
 ---
 
 # Policy CSP - Security
 
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 
 
 <hr/>
@@ -37,6 +39,9 @@ ms.date: 12/14/2017
   <dd>
     <a href="#security-cleartpmifnotready">Security/ClearTPMIfNotReady</a>
   </dd>
+  <dd>
+    <a href="#security-configurewindowspasswords">Security/ConfigureWindowsPasswords</a>
+  </dd>
   <dd>
     <a href="#security-preventautomaticdeviceencryptionforazureadjoineddevices">Security/PreventAutomaticDeviceEncryptionForAzureADJoinedDevices</a>
   </dd>
@@ -352,6 +357,63 @@ The following list shows the supported values:
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
+<a href="" id="security-configurewindowspasswords"></a>**Security/ConfigureWindowsPasswords**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td></td>
+	<td></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartScope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--EndScope-->
+<!--StartDescription-->
+Added in Windows 10, next major update. Configures the use of passwords for Windows features.
+
+> [!Note]
+> This policy is only supported in Windows 10 S.
+
+<!--EndDescription-->
+<!--SupportedValues-->
+The following list shows the supported values:
+
+-  0 -Disallow passwords (Asymmetric credentials will be promoted to replace passwords on Windows features)
+-  1- Allow passwords (Passwords continue to be allowed to be used for Windows features)
+-  2- Default (Feature defaults as per SKU and device capabilities. Windows 10 S devices will exhibit "Disallow passwords" default, and all other devices will default to "Allow passwords")
+<!--/SupportedValues-->
+<!--Example-->
+
+<!--/Example-->
+<!--Validation-->
+
+<!--/Validation-->
+<!--EndPolicy-->
+<hr/>
+<!--StartPolicy-->
 <a href="" id="security-preventautomaticdeviceencryptionforazureadjoineddevices"></a>**Security/PreventAutomaticDeviceEncryptionForAzureADJoinedDevices**  
 
 <!--StartSKU-->

windows/client-management/mdm/policy-csp-settings.md

@@ -6,11 +6,13 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 12/14/2017
+ms.date: 12/19/2017
 ---
 
 # Policy CSP - Settings
 
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 
 
 <hr/>
@@ -34,6 +36,9 @@ ms.date: 12/14/2017
   <dd>
     <a href="#settings-allowlanguage">Settings/AllowLanguage</a>
   </dd>
+  <dd>
+    <a href="#settings-allowonlinetips">Settings/AllowOnlineTips</a>
+  </dd>
   <dd>
     <a href="#settings-allowpowersleep">Settings/AllowPowerSleep</a>
   </dd>
@@ -313,6 +318,57 @@ The following list shows the supported values:
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
+<a href="" id="settings-allowonlinetips"></a>**Settings/AllowOnlineTips**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup></sup>3</td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup></sup>3</td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup></sup>3</td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup></sup>3</td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartScope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--EndScope-->
+<!--StartDescription-->
+Enables or disables the retrieval of online tips and help for the Settings app.
+
+If disabled, Settings will not contact Microsoft content services to retrieve tips and help content.
+<!--EndDescription-->
+<!--SupportedValues-->
+
+<!--/SupportedValues-->
+<!--Example-->
+
+<!--/Example-->
+<!--Validation-->
+
+<!--/Validation-->
+<!--EndPolicy-->
+<hr/>
+<!--StartPolicy-->
 <a href="" id="settings-allowpowersleep"></a>**Settings/AllowPowerSleep**  
 
 <!--StartSKU-->

windows/client-management/mdm/policy-csp-update.md

@@ -57,6 +57,9 @@ ms.date: 12/19/2017
   <dd>
     <a href="#update-branchreadinesslevel">Update/BranchReadinessLevel</a>
   </dd>
+  <dd>
+    <a href="#update-configurefeatureupdateuninstallperiod">Update/ConfigureFeatureUpdateUninstallPeriod</a>
+  </dd>
   <dd>
     <a href="#update-deferfeatureupdatesperiodindays">Update/DeferFeatureUpdatesPeriodInDays</a>
   </dd>
@@ -751,6 +754,42 @@ The following list shows the supported values:
 -  16 {0x10} - (default) Semi-annual Channel (Targeted). Device gets all applicable feature updates from Semi-annual Channel (Targeted).
 -  32 {0x20} - Semi-annual Channel. Device gets feature updates from Semi-annual Channel.
 
+<!--/SupportedValues-->
+<!--EndPolicy-->
+<hr/>
+<!--StartPolicy-->
+<a href="" id="update-configurefeatureupdateuninstallperiod"></a>**Update/ConfigureFeatureUpdateUninstallPeriod**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, next major update. Enable IT admin to configure feature update uninstall period. Values range 2 - 60 days. Default is 10 days.
+
+<!--EndDescription-->
+<!--SupportedValues-->
+
 <!--/SupportedValues-->
 <!--EndPolicy-->
 <hr/>
@@ -2393,7 +2432,7 @@ Supported values are 2, 4, 8, 12, or 24 (hours).
 
 <!--EndScope-->
 <!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1703. For devices in a cart, this policy skips the check for battery level to ensure that the reboot will happen at ScheduledInstallTime.
+<p style="margin-left: 20px">Added in Windows 10, version 1703. For devices in a cart, this policy skips all restart checks to ensure that the reboot will happen at ScheduledInstallTime.
 
 <p style="margin-left: 20px">The following list shows the supported values:
 

windows/configuration/TOC.md

@@ -55,6 +55,7 @@
 ### [Use Group Policy and mobile device management (MDM) settings to configure Cortana in your organization](cortana-at-work/cortana-at-work-policy-settings.md)
 ### [Send feedback about Cortana at work back to Microsoft](cortana-at-work/cortana-at-work-feedback.md)
 ## [Configure access to Microsoft Store](stop-employees-from-using-microsoft-store.md)
+## [Accessibility information for IT Pros](windows-10-accessibility-for-ITPros.md)
 ## [Provisioning packages for Windows 10](provisioning-packages/provisioning-packages.md)
 ### [How provisioning works in Windows 10](provisioning-packages/provisioning-how-it-works.md)
 ### [Introduction to configuration service providers (CSPs)](provisioning-packages/how-it-pros-can-use-configuration-service-providers.md)

windows/configuration/basic-level-windows-diagnostic-events-and-fields.md

@@ -1563,7 +1563,7 @@ The following fields are available:
 - **IsPortableOperatingSystem**  Retrieves whether OS is running Windows-To-Go
 - **IsSecureBootEnabled**  Retrieves whether Boot chain is signed under UEFI.
 - **LanguagePacks**  The list of language packages installed on the device.
-- **LicenseStateReason**  Retrieves why (or how) a system is licensed or unlicensed.  The HRESULT may indicate an error code that indicates a key blocked error, or it may indicate that we are running an OS License granted by the MS store.
+- **LicenseStateReason**  Retrieves why (or how) a system is licensed or unlicensed.  The HRESULT may indicate an error code that indicates a key blocked error, or it may indicate that we are running an OS License granted by the Microsoft Store.
 - **OA3xOriginalProductKey**  Retrieves the License key stamped by the OEM to the machine.
 - **OSEdition**  Retrieves the version of the current OS.
 - **OSInstallDateTime**  Retrieves the date the OS was installed using ISO 8601 (Date part) == yyyy-mm-dd

windows/configuration/customize-windows-10-start-screens-by-using-group-policy.md

@@ -35,7 +35,7 @@ This topic describes how to update Group Policy settings to display a customized
 ## Operating system requirements
 
 
-Start and taskbar layout control using Group Policy is supported in Windows 10 Enterprise and Windows 10 Education, version 1607. Start and taskbar layout control is supported in Windows 10 Pro in Windows 10, version 1703.
+In Windows 10, version 1607, Start and taskbar layout control using Group Policy is supported in Windows 10 Enterprise and Windows 10 Education. In Windows 10, version 1703, Start and taskbar layout control using Group Policy is also supported in Windows 10 Pro.
 
 The GPO can be configured from any computer on which the necessary ADMX and ADML files (StartMenu.admx and StartMenu.adml) for Windows 10 are installed. In Group Policy, ADMX files are used to define Registry-based policy settings in the Administrative Templates category. To find out how to create a central store for Administrative Templates files, see [article 929841, written for Windows Vista and still applicable](https://go.microsoft.com/fwlink/p/?LinkId=691687) in the Microsoft Knowledge Base.
 

windows/configuration/index.md

@@ -8,7 +8,7 @@ ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: high
 author: jdeckerms
-ms.date: 10/17/2017
+ms.date: 01/15/2018
 ---
 
 # Configure Windows 10
@@ -33,6 +33,7 @@ Enterprises often need to apply custom configurations to devices for their users
 | [Configure Start, taskbar, and lock screen](start-taskbar-lockscreen.md) | A standard, customized Start layout can be useful on devices that are common to multiple users and devices that are locked down for specialized purposes. Configuring the taskbar allows the organization to pin useful apps for their employees and to remove apps that are pinned by default. |
 | [Cortana integration in your business or enterprise](cortana-at-work/cortana-at-work-overview.md) | The world’s first personal digital assistant helps users get things done, even at work. Cortana includes powerful configuration options specifically to optimize for unique small to medium-sized business and enterprise environments.  |
 | [Configure access to Microsoft Store](stop-employees-from-using-the-windows-store.md) | IT Pros can configure access to Microsoft Store for client computers in their organization. For some organizations, business policies require blocking access to Microsoft Store. |
+| [Accessibility information for IT Pros](windows-10-accessibility-for-ITPros.md) | Windows 10 includes accessibility features that benefit all users. These features make it easier to customize the computer and give users with different abilities options to improve their experience with Windows. This topic helps IT administrators learn about built-in accessibility features. |
 | [Provisioning packages for Windows 10](provisioning-packages/provisioning-packages.md) | Learn how to use the Windows Configuration Designer and provisioning packages to easily configure multiple devices. |
 | [Lockdown features from Windows Embedded 8.1 Industry](lockdown-features-windows-10.md) | Many of the lockdown features available in Windows Embedded 8.1 Industry have been modified in some form for Windows 10. |
 | [Change history for Configure Windows 10](change-history-for-configure-windows-10.md) | This topic lists new and updated topics in the Configure Windows 10 documentation for Windows 10 and Windows 10 Mobile. |

windows/configuration/provisioning-packages/provisioning-script-to-install-app.md

@@ -138,7 +138,7 @@ This is an example script with logging that shows how to run a powershell script
 set LOGFILE=%SystemDrive%\my_powershell_script.log
 echo Running my_powershell_script.ps1 in system context >> %LOGFILE%
 echo Executing "PsExec.exe -accepteula -i -s cmd.exe /c powershell.exe my_powershell_script.ps1" >> %LOGFILE%
-PsExec.exe -accepteula -i -s cmd.exe /c powershell.exe my_powershell_script.ps1' >> %LOGFILE%
+PsExec.exe -accepteula -i -s cmd.exe /c 'powershell.exe my_powershell_script.ps1' >> %LOGFILE%
 echo result: %ERRORLEVEL% >> %LOGFILE%
 ```
 

windows/configuration/windows-10-accessibility-for-ITPros.md

@@ -0,0 +1,86 @@
+---
+title: Windows 10 accessibility information for IT Pros (Windows 10)
+description:  
+ms.prod: W10
+ms.mktglfcycl: manage
+ms.sitesec: library
+author: jaimeo
+ms.localizationpriority: high
+ms.date: 01/12/2018
+---
+
+# Accessibility information for IT Professionals 
+Microsoft is dedicated to making its products and services accessible and usable for everyone. Windows 10 includes accessibility features that benefit all users. These features make it easier to customize the computer and give users with different abilities options to improve their experience with Windows. 
+This topic helps IT administrators learn about built-in accessibility features, and includes a few recommendations for how to support people in your organization who use these features.
+
+## General recommendations
+-	**Be aware of Ease of Access settings** – Understand how people in your organization might use these settings. Help people in your organization learn how they can customize Windows 10. 
+-	**Do not block settings** – Avoid using Group Policy or MDM settings that override Ease of Access settings. 
+-	**Encourage choice** – Allow people in your organization to customize their computers based on their needs. That might mean installing an add-on for their browser, or a non-Microsoft assistive technology.
+
+## Vision
+
+| Accessibility feature | Description |
+|---------------------------|------------|
+| [Use Narrator to use devices without a screen](https://support.microsoft.com/help/22798/windows-10-narrator-get-started) | Narrator describes Windows and apps and enables you to control devices by using a keyboard, controller, or with a range of gestures on touch-supported devices.|
+| [Create accessible apps](https://developer.microsoft.com/windows/accessible-apps) | You can develop accessible apps just like Mail, Groove, and Store that work well with Narrator and other leading screen readers.|
+| Use keyboard shortcuts for [Windows](https://support.microsoft.com/help/12445/windows-keyboard-shortcuts), [Narrator](https://support.microsoft.com/en-us/help/22806), and [Magnifier](https://support.microsoft.com/en-us/help/13810) | Get the most out of Windows with shortcuts for apps and desktops.|
+| Get closer with [Magnifier](https://support.microsoft.com/help/11542/windows-use-magnifier) | Magnifier enlarges all or part of your screen and offers a variety of configuration settings.|
+| [Cursor and pointer adjustments](https://support.microsoft.com/help/27928/windows-10-make-windows-easier-to-see) | Changing the size or color of pointers or adding trails or touch feedback make it easier to follow the mouse.|
+| [Have Cortana assist](https://support.microsoft.com/help/17214/windows-10-what-is) | Cortana can handle a variety of tasks for you, including setting reminders, opening apps, finding facts, and sending emails and texts.|
+| [Dictate text and commands](https://support.microsoft.com/help/17208/windows-10-use-speech-recognition) | Windows includes speech recognition that lets you tell it what to do.|
+| [Customize the size](https://support.microsoft.com/help/27928/windows-10-make-windows-easier-to-see) of screen items | You can adjust the size of text, icons, and other screen items to make them easier to see.|
+| [Improve contrast](https://support.microsoft.com/help/27928/windows-10-make-windows-easier-to-see) | A number of high-contrast themes are available to suit your needs.|
+| [Simplify for focus](https://support.microsoft.com/help/27930) | Reducing animations and turning off background images and transparency can minimize distractions.|
+| [Keep notifications around longer](https://support.microsoft.com/help/27933/windows-10-make-windows-easier-to-hear) | If notifications aren't staying visible long enough for you to notice them, you can increase the time a notification will be displayed up to five minutes.|
+| [Read in Braille](https://support.microsoft.com/help/4004263) | Narrator supports braille displays from more than 35 manufacturers using more than 40 languages and multiple braille variants.|
+
+## Hearing
+
+| Accessibility feature | Description |
+|---------------------------|------------|
+| [Transcribe with Translator](https://www.skype.com/en/features/skype-translator) | Translator can transcribe voice to text so you won’t miss what’s being said. |
+| [Use Skype for sign language](https://www.skype.com/en/) | Skype is available on a variety of platforms and devices, so you don’t have to worry about whether your co-workers, friends and family can communicate with you.|
+| [Get visual notifications for sounds](https://support.microsoft.com/help/27933/windows-10-make-windows-easier-to-hear) | You can replace audible alerts with visual alerts.|
+| [Keep notifications around longer](https://support.microsoft.com/help/27933/windows-10-make-windows-easier-to-hear)|If notifications aren't staying visible long enough for you to notice them, you can increase the time a notification will be displayed up to five minutes.|
+| [Read spoken words with closed captioning](https://support.microsoft.com/help/21055/windows-10-closed-caption-settings) | You can customize things like color, size, and background transparency to suit your needs and tastes.|
+| [Switch to mono audio](https://support.microsoft.com/help/27933/) | Sending all sounds to both left and right channels is helpful for those with partial hearing loss or deafness in one ear.|
+
+## Physical
+
+| Accessibility feature | Description|
+|---------------------------|------------|
+| [Have Cortana assist](https://support.microsoft.com/help/17214/windows-10-what-is) | Cortana can handle a variety of tasks for you, including setting reminders, opening apps, finding facts, and sending emails and texts.|
+| [Dictate text and commands](https://support.microsoft.com/help/17208/windows-10-use-speech-recognition) | Windows includes speech recognition that lets you tell it what to do.|
+| Use the On-Screen Keyboard (OSK) | Instead of relying on a physical keyboard, you can use the [On-Screen Keyboard](https://support.microsoft.com/help/10762/windows-use-on-screen-keyboard) to type and enter data and select keys with a mouse or othet pointing device. Additionally, the OSK offers [word prediction and completion](https://support.microsoft.com/help/10762/windows-use-on-screen-keyboard).|
+| [Live Tiles](https://support.microsoft.com/help/17176/windows-10-organize-your-apps)| Because Live Tiles display constantly updated information for many apps, you don't have to bother actually opening them. You can arrange, resize, and move tiles as needed.| 
+| [Keyboard assistance features](https://support.microsoft.com/help/27936)| You can personalize your keyboard to ignore repeated keys and do other helpful things if you have limited control of your hands.|
+| [Mouse Keys](https://support.microsoft.com/help/27936)|If a mouse is difficult to use, you can control the pointer by using your numeric keypad.|
+
+## Cognition
+
+| Accessibility feature | Description|
+|---------------------------|------------|
+| [Simplify for focus](https://support.microsoft.com/help/27930) | Reducing animations and turning off background images and transparency can minimize distractions.|
+| Use the On-Screen Keyboard (OSK) | Instead of relying on a physical keyboard, you can use the [On-Screen Keyboard](https://support.microsoft.com/help/10762/windows-use-on-screen-keyboard) to type and enter data and select keys with a mouse or othet pointing device. Additionally, the OSK offers [word prediction and completion](https://support.microsoft.com/help/10762/windows-use-on-screen-keyboard).|
+| [Dictate text and commands](https://support.microsoft.com/help/17208/windows-10-use-speech-recognition) | Windows includes speech recognition that lets you tell it what to do.|
+| [Use fonts that are easier to read](https://www.microsoft.com/download/details.aspx?id=50721) | Fluent Sitka Small and Fluent Calibri are fonts that address "visual crowding" by adding character and enhance word and line spacing. |
+| [Edge Reading View](https://support.microsoft.com/help/17204/windows-10-take-your-reading-with-you) | Clears distracting content from web pages so you can stay focused on what you really want to read. |
+| [Edge includes an e-book reader](https://support.microsoft.com/help/4014945) | The Microsoft Edge e-book reader includes options to increase text spacing and read text aloud to help make it easier for everyone to read and enjoy text, including people with learning differences like dyslexia and English language learners. |
+
+
+
+## Assistive technology devices built into Windows 10
+| Assistive technology | How it helps |
+|---------------------------|------------|
+| [Hear text read aloud with Narrator](https://support.microsoft.com/help/17173) | Narrator reads text on your PC screen aloud and describes events, such as notifications or calendar appointments, so you can use your PC without a display.|
+| [Use Speech Recognition]( https://support.microsoft.com/help/17208 ) | Narrator reads text on your PC screen aloud and describes events, such as notifications or calendar appointments, so you can use your PC without a display.|
+| [Save time with keyboard shortcuts]( https://support.microsoft.com/help/17189) | Keyboard shortcuts for apps and desktops.|
+
+## Additional resources
+[Windows accessibility](https://www.microsoft.com/Accessibility/windows)
+
+[Designing accessible software]( https://msdn.microsoft.com/windows/uwp/accessibility/designing-inclusive-software)
+ 
+[Inclusive Design](https://www.microsoft.com/design/inclusive)
+

windows/deployment/planning/windows-10-enterprise-faq-itpro.md

@@ -43,6 +43,7 @@ For many devices, drivers will be automatically installed in Windows 10 and ther
     - [HP driver pack](http://www8.hp.com/us/en/ads/clientmanagement/drivers-pack.html)
     - [Dell driver packs for enterprise client OS deployment](http://en.community.dell.com/techcenter/enterprise-client/w/wiki/2065.dell-command-deploy-driver-packs-for-enterprise-client-os-deployment)
     - [Lenovo Configuration Manager and MDT package index](https://support.lenovo.com/us/en/documents/ht074984)
+    - [Panasonic Driver Pack for Enterprise](http://pc-dl.panasonic.co.jp/itn/drivers/driver_packages.html)
 
 ### Where can I find out if an application or device is compatible with Windows 10?
 

windows/device-security/applocker/understanding-applocker-rule-exceptions.md

@@ -20,7 +20,9 @@ This topic describes the result of applying AppLocker rule exceptions to rule co
 
 You can apply AppLocker rules to individual users or a group of users. If you apply a rule to a group of users, all users in that group are affected by that rule. If you need to allow a subset of a user group to use an app, you can create a special rule for that subset.
 
-For example, the rule "Allow Everyone to run Windows except Registry Editor" allows everyone in the organization to run Windows but does not allow anyone to run Registry Editor. The effect of this rule would prevent users such as help desk personnel from running a program that is necessary for their support tasks. To resolve this problem, create a second rule that applies to the Helpdesk user group: "Allow Helpdesk to run Registry Editor." If you create a deny rule that does not allow any users to run Registry Editor, the deny rule will override the second rule that allows the Helpdesk user group to run Registry Editor.
+For example, the rule "Allow Everyone to run Windows except Registry Editor" allows Everyone to run Windows binaries, but does not allow anyone to run Registry Editor (by adding %WINDIR%\regedit.exe as a Path Exception of the rule).  
+The effect of this rule would prevent users such as Helpdesk personnel from running the Registry Editor, a program that is necessary for their support tasks.  
+To resolve this problem, create a second rule that applies to the Helpdesk user group: "Allow Helpdesk to run Registry Editor" and add %WINDIR%\regedit.exe as an allowed path. If you create a deny rule that does not allow any users to run Registry Editor, the deny rule will override the second rule that allows the Helpdesk user group to run Registry Editor.
 
 ## Related topics
 

windows/device-security/bitlocker/bitlocker-basic-deployment.md

@@ -523,7 +523,7 @@ Decryption with Windows PowerShell cmdlets is straightforward, similar to manage
 Using the Disable-BitLocker command, they can remove all protectors and encryption at the same time without the need for additional commands. An example of this command is:
 
 ``` syntax
-DisableBitLocker
+Disable-BitLocker
 ```
 If a user did not want to input each mount point individually, using the `-MountPoint` parameter in an array can sequence the same command into one line without requiring additional user input. An example command is:
 

windows/threat-protection/windows-defender-application-guard/reqs-wd-app-guard.md

@@ -32,7 +32,7 @@ Your environment needs the following hardware to run Windows Defender Applicatio
 |Input/Output Memory Management Unit (IOMMU) support|Not required, but strongly recommended|
 
 ## Software requirements
-Your environment needs the following hardware to run Windows Defender Application Guard.
+Your environment needs the following software to run Windows Defender Application Guard.
 
 |Software|Description|
 |--------|-----------|

windows/threat-protection/windows-defender-exploit-guard/customize-exploit-protection.md

@@ -82,11 +82,11 @@ Disable Win32k system calls | Prevents an app from using the Win32k system call
 Do not allow child processes | Prevents an app from creating child processes. | App-level only | [!include[Check mark yes](images/svg/check-yes.svg)]
 Export address filtering (EAF) | Detects dangerous operations being resolved by malicious code. Can optionally validate access by modules commonly used by exploits. | App-level only | [!include[Check mark yes](images/svg/check-yes.svg)]
 Import address filtering (IAF) | Detects dangerous operations being resolved by malicious code. | App-level only | [!include[Check mark yes](images/svg/check-yes.svg)]
-Simulate execution (SimExec) | Ensures that calls to sensitive APIs return to legitimate callers. Only configurable for 32-bit (x86) applications. | App-level only | [!include[Check mark yes](images/svg/check-yes.svg)]
+Simulate execution (SimExec) | Ensures that calls to sensitive APIs return to legitimate callers. Only configurable for 32-bit (x86) applications. Not compatible with ACG | App-level only | [!include[Check mark yes](images/svg/check-yes.svg)]
-Validate API invocation (CallerCheck) | Ensures that sensitive APIs are invoked by legitimate callers. Only configurable for 32-bit (x86) applications. | App-level only | [!include[Check mark yes](images/svg/check-yes.svg)]
+Validate API invocation (CallerCheck) | Ensures that sensitive APIs are invoked by legitimate callers. Only configurable for 32-bit (x86) applications. Not compatible with ACG | App-level only | [!include[Check mark yes](images/svg/check-yes.svg)]
 Validate handle usage | Causes an exception to be raised on any invalid handle references. | App-level only | [!include[Check mark no](images/svg/check-no.svg)]
 Validate image dependency integrity | Enforces code signing for Windows image dependency loading. | App-level only | [!include[Check mark yes](images/svg/check-yes.svg)]
-Validate stack integrity (StackPivot) | Ensures that the stack has not been redirected for sensitive APIs. | App-level only | [!include[Check mark yes](images/svg/check-yes.svg)]
+Validate stack integrity (StackPivot) | Ensures that the stack has not been redirected for sensitive APIs. Not compatible with ACG | App-level only | [!include[Check mark yes](images/svg/check-yes.svg)]
 
 >[!IMPORTANT]
 >If you add an app to the **Program settings** section and configure individual mitigation settings there, they will be honored above the configuration for the same mitigations specified in the **System settings** section. The following matrix and examples help to illustrate how defaults work:

windows/threat-protection/windows-defender-exploit-guard/network-protection-exploit-guard.md

@@ -95,5 +95,5 @@ You can review the Windows event log to see events that are created when Network
 
 Topic | Description 
 ---|---
-[Evaluate Network protection](evaluate-network-protection.md) | Undertake aa quick scenario that demonstrate how the feature works, and what events would typically be created.
+[Evaluate Network protection](evaluate-network-protection.md) | Undertake a quick scenario that demonstrate how the feature works, and what events would typically be created.
 [Enable Network protection](enable-network-protection.md) | Use Group Policy, PowerShell, or MDM CSPs to enable and manage the Network protection feature in your network.