fixing merge conflict

browsers/edge/Index.md

@@ -16,6 +16,8 @@ localizationpriority: high
 - Windows 10
 - Windows 10 Mobile
 
+>Learn more about what features and functionality are supported in each Windows edition at [Compare Windows 10 Editions](https://www.microsoft.com/en-us/WindowsForBusiness/Compare).
+
 Microsoft Edge is the new, default web browser for Windows 10, helping you to experience modern web standards, better performance, improved security, and increased reliability. Microsoft Edge also introduces new features like Web Note, Reading View, and Cortana that you can use along with your normal web browsing abilities.
 
 Microsoft Edge lets you stay up-to-date through the Windows Store and to manage your enterprise through Group Policy or your mobile device management (MDM) tools.

education/windows/school-get-minecraft.md

@@ -20,6 +20,12 @@ When you sign up for early access to [Minecraft Education Edition](http://educat
 
 ## Add Minecraft to your Windows Store for Business 
 
+You can start with the Minecraft: Education Edition trial to get individual copies of the app. For more information, see [Minecraft: Education Edition - individual copies](#individual-copies). 
+
+If you’ve been approved and are part of the Enrollment for Education Solutions program, you can purchase a volume license for Minecraft: Education Edition. For more information, see [Minecraft: Education Edition - volume license](#volume-license)
+
+### <a href="" id="individual-copies"></a>Minecraft: Education Edition - individual copies
+
 1. Go to [http://education.minecraft.net/](http://education.minecraft.net/) and select **Get the app**.
 
     ![Click Get the app](images/it-get-app.png) 
@@ -42,15 +48,33 @@ When you sign up for early access to [Minecraft Education Edition](http://educat
 
     ![Get Minecraft app in Store](images/minecraft-get-the-app.png)
 
-## Distribute Minecraft
+Now that the app is in your Store for Business inventory, you can choose how to distribute Minecraft. For more information on distribution options, see [Distribute Minecraft](#distribute-minecraft).
+
+### <a href="" id="volume-license"></a>Minecraft: Education Edition - volume license
+
+Qualified education institutions can purchase Minecraft: Education Edition volume licenses through their Microsoft channel partner. Schools need to be part of the Enrollment for Education Solutions program. Educational institutions should work with their channel partner to determine which Minecraft: Education Edition licensing offer is best for their institution. The process looks like this: 
+
+- Your channel partner will submit and process your volume license order, your licenses will be shown on [Volume Licensing Service Center](https://www.microsoft.com/Licensing/servicecenter/default.aspx), and the copies will be available in [Windows Store for Business](https://www.microsoft.com/business-store) inventory. 
+- You’ll receive an email with a link to Windows Store for Business. 
+- Sign in to [Windows Store for Business](https://www.microsoft.com/business-store) to distribute and manage the Minecraft: Education Edition licenses. For more information on distribution options, see [Distribute Minecraft](#distribute-minecraft)
+
+## <a href="" id="distribute-minecraft"></a>Distribute Minecraft
 
 After Minecraft Education Edition is added to your Windows Store for Business, you have three options:
 
 - You can install the app on your PC.
-- You can assign the app to others.  
+- You can assign the app to others. 
-- You can download the app to distribute. 
+- You can download the app to distribute.
 
-![App distribution options](images/mc-install-for-me-admin.png)
+Admins can also add Minecraft: Education Edition to the private store. This allows people in your organization to install the app from the private store. For more information, see [Distribute apps using your private store](https://technet.microsoft.com/itpro/windows/manage/distribute-apps-from-your-private-store). 
+
+Here's the page you'll see for individual copies of **Minecraft: Education Edition**. 
+
+![App distribution options - individual copies](images/mc-install-for-me-admin.png)
+
+Here's the page you'll see for volume licensed copies of of **Minecraft: Education Edition**.
+
+![App distribution options - individual copies](images/wsfb-minecraft-vl.png)
 
 ### Install for me
 You can install the app on your PC. This gives you a chance to test the app and know how you might help others in your organization use the app.   
@@ -81,22 +105,22 @@ Enter email addresses for your students, and each student will get an email with
 
 **To finish Minecraft install (for students)**
 
-Students will receive an email with a link that will install the app on their PC.
+1. Students will receive an email with a link that will install the app on their PC.</br>
 
-![Email with Get the app link](images/minecraft-student-install-email.png)
+    ![Email with Get the app link](images/minecraft-student-install-email.png)
 
-1. Click **Get the app** to start the app install in Windows Store app. 
+2. Click **Get the app** to start the app install in Windows Store app. 
-2. In Windows Store app, click **Install**. 
+3. In Windows Store app, click **Install**. 
 
-     ![Windows Store app with Minecraft page](images/minecraft-in-windows-store-app.png)
+    ![Windows Store app with Minecraft page](images/minecraft-in-windows-store-app.png)
 
-After installing the app, students can find Minecraft: Education Edition in Windows Store app under **My Library**.
+    After installing the app, students can find Minecraft: Education Edition in Windows Store app under **My Library**.
 
-![Windows Store app showing access to My Library](images/minecraft-private-store.png) 
+    ![Windows Store app showing access to My Library](images/minecraft-private-store.png) 
 
-When students click **My Libarary** they'll find apps assigned to them.
+    When students click **My Libarary** they'll find apps assigned to them.
 
-![My Library for example student](images/minecraft-my-library.png) 
+    ![My Library for example student](images/minecraft-my-library.png) 
 
 ### Download for others
 Download for others allows teachers or IT admins to download a packages that they can install on student PCs. This will install Minecraft: Education Edition on the PC, and allows anyone with a Windows account to use the app on that PC. This option is best for younger students, and for shared computers. Choose this option when:
@@ -157,7 +181,7 @@ Minecraft: Education Edition adds a new role for teachers: **Basic Purchaser**.
 - Acquire and manage the app
 - Info on Support page (including links to documentation and access to support through customer service)
 
-![assign roles to manage Minecraft permissions](images/minecraft-perms.png)
+    ![assign roles to manage Minecraft permissions](images/minecraft-perms.png)
 
 **To assign Basic Purchaser role**
 
@@ -178,7 +202,7 @@ Minecraft: Education Edition adds a new role for teachers: **Basic Purchaser**.
     
     ![Permission page for Windows Store for Business](images/minecraft-assign-roles-2.png)
 
-## Private store
+## <a href="" id="private-store"></a>Private store
 
 When you create you Windows Store for Business account, you'll have a set of apps included for free in your private store. Apps in your private store are available for all people in your organization to install and use. 
 
@@ -191,7 +215,12 @@ These apps will automatically be in your private store:
 - Fresh Paint
 - Minecraft: Education Edition
 
-As an admin, you can remove any of these apps from the private store if you'd prefer to control how apps are distributed. 
+As an admin, you can remove any of these apps from the private store if you'd prefer to control how apps are distributed.  
+
+## Need more copies of Minecraft: Education Edition?
+You can purchase more licenses by working with your channel partner. Licenses are available at a lower rate than the price for individual copies that are available through Windows Store for Business. Individual copies are also available through Windows Store for Business. 
+
+If you’ve purchased a volume license, be sure to let other basic purchasers in your organization know about the volume license. That should help prevent unnecessary purchases of individual copies.
 
 ## Learn more
 

mdop/uev-v2/security-considerations-for-ue-v-2x-both-uevv2.md

@@ -33,143 +33,36 @@ Because settings packages might contain personal information, you should take ca
 
     1.  Set the following share-level SMB permissions for the setting storage location folder.
 
-        <table>
+        | User account | Recommended permissions |
-        <colgroup>
+        | - | - |
-        <col width="50%" />
+        | Everyone | No permissions |
-        <col width="50%" />
+        |Security group of UE-V | Full control |
-        </colgroup>
-        <thead>
-        <tr class="header">
-        <th align="left">User account</th>
-        <th align="left">Recommended permissions</th>
-        </tr>
-        </thead>
-        <tbody>
-        <tr class="odd">
-        <td align="left"><p>Everyone</p></td>
-        <td align="left"><p>No permissions</p></td>
-        </tr>
-        <tr class="even">
-        <td align="left"><p>Security group of UE-V</p></td>
-        <td align="left"><p>Full control</p></td>
-        </tr>
-        </tbody>
-        </table>
-
-         
 
     2.  Set the following NTFS file system permissions for the settings storage location folder.
 
-        <table>
+        | User account | Recommended permissions | Folder |
-        <colgroup>
+        | - | - | - |
-        <col width="33%" />
+        | Creator/Owner | No permissions | No permissions |
-        <col width="33%" />
+        | Domain Admins | Full control | This folder, subfolders, and files |
-        <col width="33%" />
+        | Security group of UE-V users | List folder/read data, create folders/append data | This folder only |
-        </colgroup>
+        | Everyone | Remove all permissions | No permissions |
-        <thead>
-        <tr class="header">
-        <th align="left">User account</th>
-        <th align="left">Recommended permissions</th>
-        <th align="left">Folder</th>
-        </tr>
-        </thead>
-        <tbody>
-        <tr class="odd">
-        <td align="left"><p>Creator/Owner</p></td>
-        <td align="left"><p>No permissions</p></td>
-        <td align="left"><p>No permissions</p></td>
-        </tr>
-        <tr class="even">
-        <td align="left"><p>Domain Admins</p></td>
-        <td align="left"><p>Full control</p></td>
-        <td align="left"><p>This folder, subfolders, and files</p></td>
-        </tr>
-        <tr class="odd">
-        <td align="left"><p>Security group of UE-V users</p></td>
-        <td align="left"><p>List folder/read data, create folders/append data</p></td>
-        <td align="left"><p>This folder only</p></td>
-        </tr>
-        <tr class="even">
-        <td align="left"><p>Everyone</p></td>
-        <td align="left"><p>Remove all permissions</p></td>
-        <td align="left"><p>No permissions</p></td>
-        </tr>
-        </tbody>
-        </table>
-
-         
 
     3.  Set the following share-level SMB permissions for the settings template catalog folder.
 
-        <table>
+        | User account | Recommend permissions |
-        <colgroup>
+        | - | - |
-        <col width="50%" />
+        | Everyone | No permissions |
-        <col width="50%" />
+        | Domain computers | Read permission Levels |
-        </colgroup>
+        | Administrators | Read/write permission levels |
-        <thead>
-        <tr class="header">
-        <th align="left">User account</th>
-        <th align="left">Recommend permissions</th>
-        </tr>
-        </thead>
-        <tbody>
-        <tr class="odd">
-        <td align="left"><p>Everyone</p></td>
-        <td align="left"><p>No permissions</p></td>
-        </tr>
-        <tr class="even">
-        <td align="left"><p>Domain computers</p></td>
-        <td align="left"><p>Read permission Levels</p></td>
-        </tr>
-        <tr class="odd">
-        <td align="left"><p>Administrators</p></td>
-        <td align="left"><p>Read/write permission levels</p></td>
-        </tr>
-        </tbody>
-        </table>
-
          
-
     4.  Set the following NTFS permissions for the settings template catalog folder.
 
-        <table>
+        | User account | Recommended permissions | Apply to |
-        <colgroup>
+        | - | - | - |
-        <col width="33%" />
+        | Creator/Owner | Full control | This folder, subfolders, and files |
-        <col width="33%" />
+        | Domain Computers | List folder contents and Read permissions | This folder, subfolders, and files|
-        <col width="33%" />
+        | Everyone| No permissions| No permissions|
-        </colgroup>
+        | Administrators| Full Control| This folder, subfolders, and files|
-        <thead>
-        <tr class="header">
-        <th align="left">User account</th>
-        <th align="left">Recommended permissions</th>
-        <th align="left">Apply to</th>
-        </tr>
-        </thead>
-        <tbody>
-        <tr class="odd">
-        <td align="left"><p>Creator/Owner</p></td>
-        <td align="left"><p>Full control</p></td>
-        <td align="left"><p>This folder, subfolders, and files</p></td>
-        </tr>
-        <tr class="even">
-        <td align="left"><p>Domain Computers</p></td>
-        <td align="left"><p>List folder contents and Read permissions</p></td>
-        <td align="left"><p>This folder, subfolders, and files</p></td>
-        </tr>
-        <tr class="odd">
-        <td align="left"><p>Everyone</p></td>
-        <td align="left"><p>No permissions</p></td>
-        <td align="left"><p>No permissions</p></td>
-        </tr>
-        <tr class="even">
-        <td align="left"><p>Administrators</p></td>
-        <td align="left"><p>Full Control</p></td>
-        <td align="left"><p>This folder, subfolders, and files</p></td>
-        </tr>
-        </tbody>
-        </table>
-
-         
 
 ### Use Windows Server as of Windows Server 2003 to host redirected file shares
 

windows/keep-secure/block-untrusted-fonts-in-enterprise.md

@@ -12,6 +12,12 @@ localizationpriority: high
 ---
 
 # Block untrusted fonts in an enterprise
+**Applies to:**
+
+-   Windows 10
+
+>Learn more about what features and functionality are supported in each Windows edition at [Compare Windows 10 Editions](https://www.microsoft.com/en-us/WindowsForBusiness/Compare).
+
 To help protect your company from attacks which may originate from untrusted or attacker controlled font files, we’ve created the Blocking Untrusted Fonts feature. Using this feature, you can turn on a global setting that stops your employees from loading untrusted fonts processed using the Graphics Device Interface (GDI) onto your network. Untrusted fonts are any font installed outside of the `%windir%/Fonts` directory. Blocking untrusted fonts helps prevent both remote (web-based or email-based) and local EOP attacks that can happen during the font file-parsing process.
 
 ## What does this mean for me?

windows/keep-secure/bypass-traverse-checking.md

@@ -14,6 +14,8 @@ author: brianlic-msft
 **Applies to**
 -   Windows 10
 
+>Learn more about what features and functionality are supported in each Windows edition at [Compare Windows 10 Editions](https://www.microsoft.com/en-us/WindowsForBusiness/Compare).
+
 Describes the best practices, location, values, policy management, and security considerations for the **Bypass traverse checking** security policy setting.
 
 ## Reference

windows/keep-secure/credential-guard.md

@@ -15,7 +15,7 @@ author: brianlic-msft
 -   Windows 10
 -   Windows Server 2016
 
-Introduced in Windows 10 Enterprise, Credential Guard uses virtualization-based security to isolate secrets so that only privileged system software can access them. Unauthorized access to these secrets can lead to credential theft attacks, such as Pass-the-Hash or Pass-The-Ticket. Credential Guard prevents these attacks by protecting NTLM password hashes and Kerberos Ticket Granting Tickets.
+Introduced in Windows 10 Enterprise and Windows Server 2016, Credential Guard uses virtualization-based security to isolate secrets so that only privileged system software can access them. Unauthorized access to these secrets can lead to credential theft attacks, such as Pass-the-Hash or Pass-The-Ticket. Credential Guard prevents these attacks by protecting NTLM password hashes and Kerberos Ticket Granting Tickets.
 
 Credential Guard offers the following features and solutions:
 
@@ -91,7 +91,7 @@ The PC must meet the following hardware and software requirements to use Credent
 <td>TPM 2.0</td>
 </tr>
 <tr>
-<td>Windows 10 version 1511 or later</td>
+<td>Windows 10 version 1511, Windows Server 2016, or later</td>
 <td>TPM 2.0 or TPM 1.2</td>
 </tr>
 </table>
@@ -114,7 +114,7 @@ The PC must meet the following hardware and software requirements to use Credent
 </tr>
 <tr class="even">
 <td align="left"><p>Virtual machine</p></td>
-<td align="left"><p>For PCs running Windows 10, version 1607, you can run Credential Guard on a Generation 2 virtual machine.</p></td>
+<td align="left"><p>For PCs running Windows 10, version 1607 or Windows Server 2016, you can run Credential Guard on a Generation 2 virtual machine.</p></td>
 </tr>
 </tr>
 <tr class="even">
@@ -169,7 +169,7 @@ First, you must add the virtualization-based security features. You can do this
 > You can also add these features to an online image by using either DISM or Configuration Manager.
 
 
-In Windows 10, version 1607, Isolated User Mode is included with Hyper-V and does not need to be installed separately. If you're running a version of Windows 10 that's earlier than Windows 10, version 1607, you can run the following command to install Isolated User Mode:
+In Windows 10, version 1607 and Windows Server 2016, Isolated User Mode is included with Hyper-V and does not need to be installed separately. If you're running a version of Windows 10 that's earlier than Windows 10, version 1607, you can run the following command to install Isolated User Mode:
 
 ``` syntax
 dism /image:<WIM file name> /Enable-Feature /FeatureName:IsolatedUserMode

windows/keep-secure/implement-microsoft-passport-in-your-organization.md

@@ -144,6 +144,10 @@ The following table lists the Group Policy settings that you can configure for H
 ## MDM policy settings for Windows Hello for Business
 
 The following table lists the MDM policy settings that you can configure for Windows Hello for Business use in your workplace. These MDM policy settings use the [PassportForWork configuration service provider (CSP)](http://go.microsoft.com/fwlink/p/?LinkId=692070).
+
+>[!IMPORTANT]
+>Starting in Windows 10, version 1607, all devices only have one PIN associated with Windows Hello for Business. This means that any PIN on a device will be subject to the policies specified in the PassportForWork CSP. The values specified take precedence over any complexity rules set via Exchange ActiveSync (EAS) or the DeviceLock CSP. 
+
 <table>
 <tr>
 <th colspan="2">Policy</th>

windows/keep-secure/protect-enterprise-data-using-wip.md

@@ -16,6 +16,7 @@ localizationpriority: high
 
 -   Windows 10, version 1607
 -   Windows 10 Mobile
+
 >Learn more about what features and functionality are supported in each Windows edition at [Compare Windows 10 Editions](https://www.microsoft.com/en-us/WindowsForBusiness/Compare).
 
 With the increase of employee-owned devices in the enterprise, there’s also an increasing risk of accidental data leak through apps and services, like email, social media, and the public cloud, which are outside of the enterprise’s control. For example, when an employee sends the latest engineering pictures from their personal email account, copies and pastes product info into a tweet, or saves an in-progress sales report to their public cloud storage.

windows/manage/TOC.md

@@ -16,6 +16,7 @@
 ### [Customize Windows 10 Start and taskbar with Group Policy](customize-windows-10-start-screens-by-using-group-policy.md)
 ### [Customize Windows 10 Start and taskbar with ICD and provisioning packages](customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md)
 ### [Customize Windows 10 Start with mobile device management (MDM)](customize-windows-10-start-screens-by-using-mobile-device-management.md)
+## [Create mandatory user profiles](mandatory-user-profile.md)
 ## [Lock down Windows 10](lock-down-windows-10.md)
 ### [Lockdown features from Windows Embedded 8.1 Industry](lockdown-features-windows-10.md)
 ### [Set up a shared or guest PC with Windows 10](set-up-shared-or-guest-pc.md)

windows/manage/change-history-for-manage-and-update-windows-10.md

@@ -17,10 +17,12 @@ This topic lists new and updated topics in the [Manage and update Windows 10](in
 
 | New or changed topic | Description |
 | --- | --- |
+| [Create mandatory user profiles](mandatory-user-profile.md) | New |
 | [Configure Windows 10 taskbar](configure-windows-10-taskbar.md) | Updated sample XML for combined Start and taskbar layout; added note to explain the difference between applying taskbar configuration by Group Policy and by provisioning package |
 | [Set up a kiosk on Windows 10 Pro, Enterprise, or Education](set-up-a-kiosk-for-windows-10-for-desktop-editions.md) | Updated instructions for exiting assigned access mode. |
 | Application development for Windows as a service  |  Topic moved to MSDN: [Application development for Windows as a service](https://msdn.microsoft.com/windows/uwp/get-started/application-development-for-windows-as-a-service)
 
+
 ## RELEASE: Windows 10, version 1607
 
 The topics in this library have been updated for Windows 10, version 1607 (also known as the Anniversary Update). The following new topics have been added: 

windows/manage/configure-windows-telemetry-in-your-organization.md

@@ -31,9 +31,10 @@ To frame a discussion about telemetry, it is important to understand Microsoft
 
 This article applies to Windows and Windows Server telemetry only. Other Microsoft or third-party apps, such as System Center Configuration Manager, System Center Endpoint Protection, or System Center Data Protection Manager, might send data to their cloud services in ways that are inconsistent with this guide. Their publishers are responsible for notifying users of their privacy policies, telemetry controls, and so on. This article describes the types of telemetry we may gather, the ways you might manage it in your organization, and some examples of how telemetry can provide you with valuable insights into your enterprise deployments. Microsoft uses the data to quickly identify and address issues affecting its customers.
 
-
 Use this article to make informed decisions about how you might configure telemetry in your organization. Telemetry is a term that means different things to different people and organizations. For the purpose of this article, we discuss telemetry as system data that is uploaded by the Connected User Experience and Telemetry component. The telemetry data is used to help keep Windows devices secure by identifying malware trends and other threats and to help Microsoft improve the quality of Windows and Microsoft services.
 
+We are always striving to improve our documentation and welcome your feedback. You can provide feedback by contacting telmhelp@microsoft.com.
+
 ## Overview
 
 In previous versions of Windows and Windows Server, Microsoft used telemetry to check for updated or new Windows Defender signatures, check whether Windows Update installations were successful, gather reliability information through the Reliability Analysis Component (RAC), and gather reliability information through the Windows Customer Experience Improvement Program (CEIP) on Windows. In Windows 10 and Windows Server 2016, you can control telemetry streams by using the Privacy option in Settings, Group Policy, or MDM.

windows/manage/diagnostics-for-mdm-devices.md

@@ -1,102 +0,0 @@
----
-title: Diagnostics for Windows 10 devices  (Windows 10)
-description: Device Policy State log in Windows 10, Version 1607, collects info about policies.
-keywords: ["mdm", "udiag", "device policy", "mdmdiagnostics"]
-ms.prod: W10
-ms.mktglfcycl: manage
-ms.sitesec: library
-author: jdeckerMS
----
-
-# Diagnostics for Windows 10 devices  
-
-**Applies to**
-
--   Windows 10
--   Windows 10 Mobile
-
-(which SKUs?)
-
-(this isn't really MDM-managed only, is it? It can be done locally/email?)
-
-Two new diagnostic tools for Windows 10, version 1607, help IT administrators diagnose and resolve issues with remote devices enrolled in mobile device management (MDM): the [Device Policy State Log](#device-policy-state-log) and [UDiag](#udiag). Windows 10 for desktop editions and Windows 10 Mobile make it simple for users to export log files that you can then analyze with these tools.
-
-## Export management log files
-
-Go to **Settings > Accounts > Work access > Export your management log files**.
-
-![Export your management log files](images/export-mgt-desktop.png)
-
-- On desktop devices, the file is saved to C:/Users/Public/Public Documents/MDMDiagnostics/MDMDiagReport.xml
-- On phones, the file is saved to *phone*/Documents/MDMDiagnostics/MDMDiagReport.xml
-
-The MDMDiagReport.xml can be used with [Device Policy State Log](#device-policy-state-log) and [UDiag](#udiag) to help you resolve issues.
-
-## Device Policy State Log
-
-The Device Policy State Log collects information on the state of policies applied to the device to help you determine which sources are applying policies or configurations to the device. Help desk personnel can use this log to diagnose and resolve issues with a remote device. 
-
-After you obtain the management log file from the user's device, run the mdmReportGenerator.ps1 script on log to create report. (download mdmReportGenerator.ps1 and mdmDiagnoseHelpers.psm1) This PowerShell script asks you to enter the name of the management log file and a name for the report that it will create, as shown in the following example:
-
-![Enter file name for input and output](images/mdm-diag-report-powershell.png)
-
-The script produces the report in html format. There are two sections to the report, Configuration and Policy Information. 
-
- The configuration section lists the GUID of the sources that are applying configurations to the device.  
-
- ![Configuration source Exachange ActiveSync](images/config-source.png)
-
-The policy information section displays information about the specific policies that are being enforced and on the device.  For each policy, you will see the Area grouping, the Policy name, its default and current value, and the configuration source. You can compare the configuration source GUID in the policy information section to the GUIDs in the configuration section to identify the source of the policy.
-
-![Policies applied by a configuration source](images/config-policy.png)
-
-
-## UDiag
-
-The UDiag tool applies rules to Event Tracing for Windows (ETW) files to help determine the root cause of an issue. 
-
-(download UDiag)
-
-To analyze MDMDiagReport.xml using UDiag
-1. Open UDiag, and select Device Management.
-2. Select your source for the log files ("cab of logs" or "directory of logs")
-
-Investigating log content, identifying patterns, and adding a root cause analysis to the database (Advanced users/providers) 
-
-1. While at the 'Root Causes List' panel, click the 'Diagnose' button at the bottom. 
-2. You will then be brought to the Diagnosis panel where you can investigate and tag root causes from the content
-  - Evidence Groups: When a set of logs are loaded into UDiag, the contents are processed (e.g. ETW) and organized into evidence groups. 
-  - Decision Tree View: This view shows the loaded decision tree for the current topic/topic area. When a decision node is selected, a user can modify the regular expression and add/edit/delete an RCA for that node. Any RCA matches found in the current log set will have an 'RCA' label that is either Red or Yellow.
-  - Evidence View: Selecting an evidence group loads its content into this evidence view. Use this view to investigate issues and determine root causes. Drag and drop lines from the Evidence View into the Decision Tree View, to build your root cause analysis pattern. ([Learn more about techniques for root cause analysis.](https://technet.microsoft.com/en-us/library/cc543298.aspx))
-
-
-
- 	
-
-	Can admin pull logs without user action? [DK] Yes via the diagnostic log CSP
-
-	
-
-	"Run PowerShell script to process the file" – is that the user doing it? How can this workflow work in an enterprise where employees aren't computer-savvy? [DK] This is intended to be done by the help desk guy.  
-
-	Where did (user|admin) get mdmReportGenerator.ps1?  [DK] Publishing on DLC later this summer
-
-	In Viewing the report, how does the admin make sense of the source GUIDs? [DK] Correlates the value in the table with the entries at the top of the page. 
-
-	UDiag – where does admin get this? [DK] Publishing on DLC later this summer
-
-	Can admins create custom rule sets? [DK] Right now, no.  but open to feedback on this.
-
-	
-
-Link to [Diagnose MDM failures in Windows 10](https://msdn.microsoft.com/en-us/library/windows/hardware/mt632120%28v=vs.85%29.aspx)
-
-[Diagnostics capability for devices managed by any MDM provider.](https://microsoft.sharepoint.com/teams/osg_core_ens/mgmt/OSMan Wiki/MDM Diagnostics - Generating and Processing Log files.aspx)
-
-[Redstone spec](https://microsoft.sharepoint.com/teams/specstore/_layouts/15/WopiFrame.aspx?sourcedoc=%7b7E8742A2-03A1-451C-BA07-F2573B044CBF%7d&file=DM%20-%20MDM%20Diagnostics-RS.docx&action=default&DefaultItemOpen=1)
-
-## Related topics
-
-[DiagnosticLog CSP](https://msdn.microsoft.com/en-us/library/windows/hardware/mt219118.aspx)
-
-[Diagnose MDM failures in Windows 10](https://msdn.microsoft.com/en-us/library/windows/hardware/mt632120.aspx)

windows/manage/index.md

@@ -30,11 +30,9 @@ Learn about managing and updating Windows 10.
 </tr>
 <tr class="odd">
 <td align="left"><p>[Cortana integration in your business or enterprise](manage-cortana-in-enterprise.md)</p></td>
-<td align="left"><p>The world’s first personal digital assistant helps get things done, even at work. Cortana includes powerful configuration options specifically to optimize for unique small to medium-sized business and enterprise environments.</p></td>
+<td align="left"><p>The world’s first personal digital assistant helps users get things done, even at work. Cortana includes powerful configuration options specifically to optimize for unique small to medium-sized business and enterprise environments.</p></td></tr>
-</tr>
+<tr><td align="left"><p>[Manage corporate devices](manage-corporate-devices.md)</p></td>
-<tr class="even">
+<td align="left"><p>You can use the same management tools to manage all device types running Windows 10: desktops, laptops, tablets, and phones. And your current management tools, such as Group Policy, Windows Management Instrumentation (WMI), PowerShell scripts, Orchestrator runbooks, System Center tools, and so on, will continue to work for Windows 10 on desktop editions.</p></td>
-<td align="left"><p>[Manage corporate devices](manage-corporate-devices.md)</p></td>
-<td align="left"><p>You can use the same management tools to manage all device types running Windows 10 : desktops, laptops, tablets, and phones. And your current management tools, such as Group Policy, Windows Management Instrumentation (WMI), PowerShell scripts, Orchestrator runbooks, System Center tools, and so on, will continue to work for Windows 10 on desktop editions.</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>[Windows Spotlight on the lock screen](windows-spotlight.md)</p></td>
@@ -44,6 +42,7 @@ Learn about managing and updating Windows 10.
 <td align="left"><p>[Manage Windows 10 Start layout options](windows-10-start-layout-options-and-policies.md)</p></td>
 <td align="left"><p>Organizations might want to deploy a customized Start screen and menu to devices running Windows 10 Enterprise or Windows 10 Education. A standard Start layout can be useful on devices that are common to multiple users and devices that are locked down for specialized purposes.</p></td>
 </tr>
+<tr><td><p>[Create mandatory user profiles](mandatory-user-profile.md)</p></td><td><p>Mandatory user profiles are useful when standardization is important, such as on a kiosk device or in educational settings.</p></td></tr>
 <tr class="odd">
 <td align="left"><p>[Lock down Windows 10](lock-down-windows-10.md)</p></td>
 <td align="left"><p>Enterprises often need to manage how people use corporate devices. Windows 10 provides a number of features and methods to help you lock down specific parts of a Windows 10 device.</p></td>
@@ -56,10 +55,7 @@ Learn about managing and updating Windows 10.
 <td align="left"><p>[Configure devices without MDM](configure-devices-without-mdm.md)</p></td>
 <td align="left"><p>Create a runtime provisioning package to apply settings, profiles, and file assets to a device running Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, Windows 10 Mobile, or Windows 10 Mobile Enterprise.</p></td>
 </tr>
-<tr class="even">
+<tr><td>[Windows 10 servicing options](introduction-to-windows-10-servicing.md)</td><td>This article describes the new servicing options available in Windows 10, Windows 10 Mobile, and Windows 10 IoT Core (IoT Core) and how they enable enterprises to keep their devices current with the latest feature upgrades. It also covers related topics, such as how enterprises can make better use of Windows Update, and what the new servicing options mean for support lifecycles.</td></tr>
-<td align="left"><p>[Windows 10 servicing options](introduction-to-windows-10-servicing.md)</p></td>
-<td align="left"><p>This article describes the new servicing options available in Windows 10, Windows 10 Mobile, and Windows 10 IoT Core (IoT Core) and how they enable enterprises to keep their devices current with the latest feature upgrades. It also covers related topics, such as how enterprises can make better use of Windows Update, and what the new servicing options mean for support lifecycles.</p></td>
-</tr>
 <tr class="even">
 <td align="left"><p>[Application Virtualization for Windows (App-V)](appv-for-windows.md)</p></td>
 <td align="left"><p>When you deploy Application Virtualization (App-V) in your orgnazation, you can deliver Win32 applications to users as virtual applications. Virtual applications are installed on centrally managed servers and delivered to users as a service – in real time and on as as-needed basis. Users launch virtual applications from familiar access points, including the Windows Store, and interact with them as if they were installed locally.</p></td>

windows/manage/manage-cortana-in-enterprise.md

@@ -15,6 +15,8 @@ localizationpriority: high
 -   Windows 10
 -   Windows 10 Mobile
 
+>Learn more about what features and functionality are supported in each Windows edition at [Compare Windows 10 Editions](https://www.microsoft.com/en-us/WindowsForBusiness/Compare).
+
 The world’s first personal digital assistant helps users get things done, even at work. Cortana includes powerful configuration options specifically to optimize for unique small to medium-sized business and enterprise environments.
 
 ## Cortana integration with Office 365

windows/manage/manage-wifi-sense-in-enterprise.md

@@ -17,6 +17,8 @@ localizationpriority: medium
 -   Windows 10
 -   Windows 10 Mobile
 
+>Learn more about what features and functionality are supported in each Windows edition at [Compare Windows 10 Editions](https://www.microsoft.com/en-us/WindowsForBusiness/Compare).
+
 Wi-Fi Sense learns about open Wi-Fi hotspots your Windows PC or Windows phone connects to by collecting information about the network, like whether the open Wi-Fi network has a high-quality connection to the Internet. By using that information from your device and from other Wi-Fi Sense customers' devices too, Wi-Fi Sense builds a database of these high-quality networks. When you’re in range of one of these Wi-Fi hotspots, you automatically get connected to it.
 
 The initial settings for Wi-Fi Sense are determined by the options you chose when you first set up your PC with Windows 10.

windows/manage/mandatory-user-profile.md

@@ -0,0 +1,171 @@
+---
+title: Create mandatory user profiles (Windows 10)
+description: A mandatory user profile is a special type of pre-configured roaming user profile that administrators can use to specify settings for users.
+keywords: [".man","ntuser"]
+ms.prod: w10
+ms.mktglfcycl: manage
+ms.sitesec: library
+author: jdeckerMS
+---
+
+# Create mandatory user profiles
+
+
+**Applies to**
+
+-   Windows 10
+
+> [!NOTE]
+> When a mandatory profile is applied to a PC running Windows 10, version 1511, some features such as Universal Windows Platform (UWP) apps, the Start menu, Cortana, and Search, will not work correctly. This will be fixed in a future update. 
+
+A mandatory user profile is a roaming user profile that has been pre-configured by an administrators to specify settings for users. Settings commonly defined in a mandatory profile include (but are not limited to): icons that appear on the desktop, desktop backgrounds, user preferences in Control Panel, printer selections, and more. Configuration changes made during a user's session that are normally saved to a roaming user profile are not saved when a mandatory user profile is assigned. 
+
+Mandatory user profiles are useful when standardization is important, such as on a kiosk device or in educational settings. Only system administrators can make changes to mandatory user profiles. 
+
+When the server that stores the mandatory profile is unavailable, such as when the user is not connected to the corporate network, users with mandatory profiles can sign in with the locally cached copy of the mandatory profile, if one exists. Otherwise, the user will be signed in with a temporary profile. 
+
+User profiles become mandatory profiles when the administrator renames the NTuser.dat file (the registry hive) of each user's profile in the file system of the profile server from `NTuser.dat` to `NTuser.man`. The `.man` extension causes the user profile to be a read-only profile.
+
+<span id="extension"/>
+## Profile extension for each Windows version
+
+The name of the folder in which you store the mandatory profile must use the correct extension for the operating system it will be applied to. The following table lists the correct extension for each operating system version.
+
+| Client operating system version | Server operating system version | Profile extension |
+| --- | --- | --- |
+| Windows XP | Windows Server 2003 </br>Windows Server 2003 R2 | none |
+| Windows Vista</br>Windows 7 | Windows Server 2008</br>Windows Server 2008 R2 | v2 |
+| Windows 8 | Windows Server 2012 | v3 |
+| Windows 8.1 | Windows Server 2012 R2 | v4 |
+| Windows 10, versions 1507 and 1511 | Windows Server 2016 | v5 |
+| Windows 10, version 1607 (also known as the Anniversary Update) | N/A | v6 |
+
+For more information, see [Deploy Roaming User Profiles, Appendix B](https://technet.microsoft.com/library/jj649079.aspx) and [Roaming user profiles versioning in Windows 10 and Windows Server Technical Preview](https://support.microsoft.com/kb/3056198).
+
+## How to create a mandatory user profile
+
+First, you create a default user profile with the customizations that you want, run Sysprep with CopyProfile set to **True** in the answer file, copy the customized default user profile to a network share, and then you rename the profile to make it mandatory.
+
+**To create a default user profile**
+
+1. Sign in to a computer running Windows 10 as a member of the local Administrator group. Do not use a domain account.
+
+   > [!NOTE] 
+   > Use a lab or extra computer running a clean installation of Windows 10 to create a default user profile. Do not use a computer that is required for business (that is, a production computer). This process removes all domain accounts from the computer, including user profile folders. 
+ 
+2. Configure the computer settings that you want to include in the user profile. For example, you can configure settings for the desktop background, uninstall default apps, install line-of-business apps, and so on. 
+
+   >[!NOTE]
+   >Unlike previous versions of Windows, you cannot apply a Start and taskbar layout using a mandatory profile. For alternative methods for customizing the Start menu and taskbar, see [Related topics](#related-topics).
+
+3. [Create an answer file (Unattend.xml)](https://msdn.microsoft.com/library/windows/hardware/dn915085.aspx) that sets the [CopyProfile](https://msdn.microsoft.com/library/windows/hardware/dn922656.aspx) parameter to **True**. The CopyProfile parameter causes Sysprep to copy the currently signed-on user’s profile folder to the default user profile. You can use [Windows System Image Manager](https://msdn.microsoft.com/library/windows/hardware/dn922445.aspx), which is part of the Windows Assessment and Deployment Kit (ADK) to create the Unattend.xml file. 
+ 
+3. Use the [Remove-AppxProvisionedPackage](https://technet.microsoft.com/library/dn376476%28v=wps.620%29.aspx) cmdlet in Windows PowerShell to uninstall the following applications: 
+ 
+     - Microsoft.windowscommunicationsapps_8wekyb3d8bbwe
+     - Microsoft.BingWeather_8wekyb3d8bbwe
+     - Microsoft.DesktopAppInstaller_8wekyb3d8bbwe
+     - Microsoft.Getstarted_8wekyb3d8bbwe
+     - Microsoft.Windows.Photos_8wekyb3d8bbwe
+     - Microsoft.WindowsCamera_8wekyb3d8bbwe
+     - Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe
+     - Microsoft.WindowsStore_8wekyb3d8bbwe
+     - Microsoft.XboxApp_8wekyb3d8bbwe
+     - Microsoft.XboxIdentityProvider_8wekyb3d8bbwe
+     - Microsoft.ZuneMusic_8wekyb3d8bbwe 
+     
+     >[!NOTE]
+     >Uninstalling these apps will decrease sign-in time. If your deployment needs any of these apps, you can leave them installed.
+
+3. At a command prompt, type the following command and press **ENTER**.
+
+    `sysprep /oobe /reboot /generalize /unattend:unattend.xml` 
+
+    (Sysprep.exe is located at: C:\Windows\System32\sysprep. By default, Sysprep looks for unattend.xml in this same folder.)
+    
+    >[!TIP]
+    >If you receive an error message that says "Sysprep was not able to validate your Windows installation", open %WINDIR%\System32\Sysprep\Panther\setupact.log and look for an entry like the following:
+    
+    >![Microsoft Bing Translator package](images/sysprep-error.png)
+    
+    >Use the [Remove-AppxProvisionedPackage](https://technet.microsoft.com/library/dn376476%28v=wps.620%29.aspx) cmdlet in Windows PowerShell to uninstall the app that is listed in the log.
+  
+5. The sysprep process reboots the PC and starts at the first-run experience screen. Complete the set up, and then sign in to the computer using an account that has local administrator privileges.
+
+6. Right-click Start, go to **Control Panel** (view by large or small icons) > **System** > **Advanced system settings**, and click **Settings** in the **User Profiles** section.
+    
+7. In **User Profiles**, click **Default Profile**, and then click **Copy To**.
+
+   ![Example of UI](images/copy-to.png)
+
+8. In **Copy To**, under **Permitted to use**, click **Change**.
+
+   ![Example of UI](images/copy-to-change.png)
+   
+9. In **Select User or Group**, in the **Enter the object name to select** field, type `everyone`, click **Check Names**, and then click **OK**.
+
+10. In **Copy To**, in the **Copy profile to** field, enter the path and folder name where you want to store the mandatory profile. The folder name must use the correct [extension](#extension) for the operating system version. For example, the folder name must end with “.v6” to identify it as a user profile folder for Windows 10, version 1607.
+
+   - If the device is joined to the domain and you are signed in with an account that has permissions to write to a shared folder on the network, you can enter the shared folder path.
+   - If the device is not joined to the domain, you can save the profile locally and then copy it to the shared folder location.  
+   
+   ![Example of UI](images/copy-to-path.png) 
+
+9. Click **OK** to copy the default user profile.
+
+
+**To make the user profile mandatory**
+
+ 
+3. In File Explorer, open the folder where you stored the copy of the profile.
+
+    >[!NOTE]
+    >If the folder is not displayed, click **View** > **Options** > **Change folder and search options**. On the **View** tab, select **Show hidden files and folders**, clear **Hide protected operating system files**, click **Yes** to confirm that you want to show operating system files, and then click **OK** to save your changes.
+
+1. Rename `Ntuser.dat` to `Ntuser.man`. 
+
+## How to apply a mandatory user profile to users
+
+In a domain, you modify properties for the user account to point to the mandatory profile in a shared folder residing on the server.
+
+**To apply a mandatory user profile to users**
+
+1. Open **Active Directory Users and Computers** (dsa.msc).
+
+2. Navigate to the user account that you will assign the mandatory profile to.
+
+3. Right-click the user name and open **Properties**.
+
+4. On the **Profile** tab, in the **Profile path** field, enter the path to the shared folder without the extension. For example, if the folder name is \\\\*server*\profile.v6, you would enter \\\\*server*\profile.
+
+5. Click **OK**.
+
+It may take some time for this change to replicate to all domain controllers.
+
+
+
+## Apply policies to improve sign-in time
+
+When a user is configured with a mandatory profile, Windows 10 starts as though it was the first sign-in each time the user signs in. To improve sign-in performance for users with mandatory user profiles, apply the following Group Policy settings.
+
+- Computer Configuration > Administrative Templates > System > Logon > **Show first sign-in animation** = Disabled
+- Computer Configuration > Administrative Templates > Windows Components > Search > **Allow Cortana** = Disabled
+- Computer Configuration > Administrative Templates > Windows Components > Cloud Content > **Turn off Microsoft consumer experience** = Enabled
+
+
+
+
+
+
+
+
+
+## Related topics
+
+- [Manage Windows 10 Start layout and taskbar options](windows-10-start-layout-options-and-policies.md)
+- [Lock down Windows 10 to specific apps](lock-down-windows-10-to-specific-apps.md)
+- [Windows Spotlight on the lock screen](windows-spotlight.md)
+- [Configure devices without MDM](configure-devices-without-mdm.md)
+
+
+

windows/plan/change-history-for-plan-for-windows-10-deployment.md

@@ -14,6 +14,7 @@ author: TrudyHa
 This topic lists new and updated topics in the [Plan for Windows 10 deployment](index.md) documentation for [Windows 10 and Windows 10 Mobile](../index.md).
 
 
+
 ## RELEASE: Windows 10, version 1607
 
 The topics in this library have been updated for Windows 10, version 1607 (also known as the Anniversary Update).

windows/plan/index.md

@@ -15,11 +15,11 @@ Windows 10 provides new deployment capabilities, scenarios, and tools by buildi
 ## In this section
 |Topic |Description |
 |------|------------|
-|[Windows 10 servicing options](windows-10-servicing-options.md) |Windows 10 provides a new model for organizations to deploy and upgrade Windows by providing updates to features and capabilities through a continual process. |
+| [Windows 10 servicing overview](windows-10-servicing-options.md) | Windows 10 provides a new model for organizations to deploy and upgrade Windows by providing updates to features and capabilities through a continual process. |
 |[Windows 10 deployment considerations](windows-10-deployment-considerations.md) |There are new deployment options in Windows 10 that help you simplify the deployment process and automate migration of existing settings and applications. |
 |[Windows 10 compatibility](windows-10-compatibility.md) |Windows 10 will be compatible with most existing PC hardware; most devices running Windows 7, Windows 8, or Windows 8.1 will meet the requirements for Windows 10. |
 |[Windows 10 infrastructure requirements](windows-10-infrastructure-requirements.md) |There are specific infrastructure requirements to deploy and manage Windows 10 that should be in place prior to significant Windows 10 deployments within your organization. |
-|[Windows Update for Business](windows-update-for-business.md) |Get an overview of how you can implement and deploy a Windows Update for Business solution and how to maintain enrolled systems. |
+| [Windows Update for Business](windows-update-for-business.md) | Get an overview of how you can implement and deploy a Windows Update for Business solution and how to maintain enrolled systems. |
 |[Windows To Go: feature overview](windows-to-go-overview.md) |Windows To Go is a feature in Windows 10 Enterprise and Windows 10 Education that enables the creation of a Windows To Go workspace that can be booted from a USB-connected external drive on PCs. |
 |[Application Compatibility Toolkit (ACT) Technical Reference](act-technical-reference.md) |The Microsoft® Application Compatibility Toolkit (ACT) helps you determine whether the applications, devices, and computers in your organization are compatible with versions of the Windows® operating system. |
 |[Change history for Plan for Windows 10 deployment](change-history-for-plan-for-windows-10-deployment.md) |This topic lists new and updated topics in the Plan for Windows 10 deployment documentation for [Windows 10 and Windows 10 Mobile](../index.md). |
@@ -36,8 +36,3 @@ Windows 10 provides new deployment capabilities, scenarios, and tools by buildi
  
 
  
-
-
-
-
-