**Computer Configuration\\Administrative Templates\\Windows Components\\App Package Deployment\\**
Also, the users must be signed in with a school or work account. | | --- - + ### ADMX info and settings diff --git a/browsers/edge/includes/allow-sideloading-extensions-include.md b/browsers/edge/includes/allow-sideloading-extensions-include.md index bb8637ba79..db295e9481 100644 --- a/browsers/edge/includes/allow-sideloading-extensions-include.md +++ b/browsers/edge/includes/allow-sideloading-extensions-include.md @@ -18,7 +18,7 @@ ms:topic: include | Group Policy | MDM | Registry | Description | Most restricted | |----------------------------|:---:|:--------:|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:------------------------------------------------:| -| Disabled or not configured | 0 | 0 | Prevented. Disabling does not prevent sideloading of extensions using Add-AppxPackage via PowerShell. To prevent this, you must enable the **Allows development of Windows Store apps and installing them from an integrated development environment (IDE)** group policy, which you can find:
**Computer Configuration\\Administrative Templates\\Windows Components\\App Package Deployment\\**
For the MDM setting, set the **ApplicationManagement/AllowDeveloperUnlock** policy to 1 (enabled). |  | +| Disabled or not configured | 0 | 0 | Prevented. Disabling does not prevent sideloading of extensions using Add-AppxPackage via PowerShell. To prevent this, you must enable the **Allows development of Windows Store apps and installing them from an integrated development environment (IDE)** group policy, which you can find:
**Computer Configuration\\Administrative Templates\\Windows Components\\App Package Deployment\\**
For the MDM setting, set the **ApplicationManagement/AllowDeveloperUnlock** policy to 1 (enabled). |  |
| Enabled
**(default)** | 1 | 1 | Allowed. | |
---
diff --git a/browsers/edge/includes/allow-tab-preloading-include.md b/browsers/edge/includes/allow-tab-preloading-include.md
index f04593891f..f1f79bda9c 100644
--- a/browsers/edge/includes/allow-tab-preloading-include.md
+++ b/browsers/edge/includes/allow-tab-preloading-include.md
@@ -18,7 +18,7 @@ ms:topic: include
| Group Policy | MDM | Registry | Description | Most restricted |
|--------------------------------------------|:---:|:--------:|-------------------------------------------|:------------------------------------------------:|
-| Disabled | 0 | 0 | Prevented. |  |
+| Disabled | 0 | 0 | Prevented. |  |
| Enabled or not configured
**(default)** | 1 | 1 | Allowed. Preload Start and New Tab pages. | |
---
diff --git a/browsers/edge/includes/always-enable-book-library-include.md b/browsers/edge/includes/always-enable-book-library-include.md
index b248006ae5..f1953cf341 100644
--- a/browsers/edge/includes/always-enable-book-library-include.md
+++ b/browsers/edge/includes/always-enable-book-library-include.md
@@ -19,7 +19,7 @@ ms:topic: include
| Group Policy | MDM | Registry | Description | Most restricted |
|---------------------------------------------|:---:|:--------:|-----------------------------------------------------------------------|:------------------------------------------------:|
-| Disabled or not configured
**(default)** | 0 | 0 | Show the Books Library only in countries or regions where supported. |  |
+| Disabled or not configured
**(default)** | 0 | 0 | Show the Books Library only in countries or regions where supported. |  |
| Enabled | 1 | 1 | Show the Books Library, regardless of the device’s country or region. | |
---
diff --git a/browsers/edge/includes/configure-additional-search-engines-include.md b/browsers/edge/includes/configure-additional-search-engines-include.md
index 42bd2950bd..4845c13f9d 100644
--- a/browsers/edge/includes/configure-additional-search-engines-include.md
+++ b/browsers/edge/includes/configure-additional-search-engines-include.md
@@ -18,7 +18,7 @@ ms:topic: include
| Group Policy | MDM | Registry | Description | Most restricted |
|---------------------------------------------|:---:|:--------:|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:------------------------------------------------:|
-| Disabled or not configured
**(default)** | 0 | 0 | Prevented. Use the search engine specified in App settings.
If you enabled this policy and now want to disable it, all previously configured search engines get removed. |  |
+| Disabled or not configured
**(default)** | 0 | 0 | Prevented. Use the search engine specified in App settings.
If you enabled this policy and now want to disable it, all previously configured search engines get removed. |  | | Enabled | 1 | 1 | Allowed. Add up to five additional search engines and set any one of them as the default.
For each search engine added you must specify a link to the OpenSearch XML file that contains, at a minimum, the short name and URL template (HTTPS) of the search engine. For more information about creating the OpenSearch XML file, see [Search provider discovery](https://developer.microsoft.com/en-us/microsoft-edge/platform/documentation/dev-guide/browser/search-provider-discovery/). | |
---
diff --git a/browsers/edge/includes/configure-adobe-flash-click-to-run-include.md b/browsers/edge/includes/configure-adobe-flash-click-to-run-include.md
index 4b312f4e12..8815d323d1 100644
--- a/browsers/edge/includes/configure-adobe-flash-click-to-run-include.md
+++ b/browsers/edge/includes/configure-adobe-flash-click-to-run-include.md
@@ -19,7 +19,7 @@ ms:topic: include
| Group Policy | MDM | Registry | Description | Most restricted |
|--------------------------------------------|:---:|:--------:|--------------------------------------------------------------------------|:------------------------------------------------:|
| Disabled | 0 | 0 | Load and run Adobe Flash content automatically. | |
-| Enabled or not configured
**(default)** | 1 | 1 | Do not load or run Adobe Flash content and require action from the user. |  |
+| Enabled or not configured
**(default)** | 1 | 1 | Do not load or run Adobe Flash content and require action from the user. |  |
---
diff --git a/browsers/edge/includes/configure-autofill-include.md b/browsers/edge/includes/configure-autofill-include.md
index 463319afbe..b151c79f48 100644
--- a/browsers/edge/includes/configure-autofill-include.md
+++ b/browsers/edge/includes/configure-autofill-include.md
@@ -19,7 +19,7 @@ ms:topic: include
| Group Policy | MDM | Registry | Description | Most restricted |
|---------------------------------|:-----:|:--------:|-----------------------------------|:------------------------------------------------:|
| Not configured
**(default)** | Blank | Blank | Users can choose to use Autofill. | |
-| Disabled | 0 | no | Prevented. |  |
+| Disabled | 0 | no | Prevented. |  |
| Enabled | 1 | yes | Allowed. | |
---
diff --git a/browsers/edge/includes/configure-browser-telemetry-for-m365-analytics-include.md b/browsers/edge/includes/configure-browser-telemetry-for-m365-analytics-include.md
index 9b5202659a..47a1913697 100644
--- a/browsers/edge/includes/configure-browser-telemetry-for-m365-analytics-include.md
+++ b/browsers/edge/includes/configure-browser-telemetry-for-m365-analytics-include.md
@@ -29,7 +29,7 @@ ms:topic: include
| Group Policy | MDM | Registry | Description | Most restricted |
|---------------------------------------------|:---:|:--------:|-----------------------------------------|:------------------------------------------------:|
-| Disabled or not configured
**(default)** | 0 | 0 | No data collected or sent |  |
+| Disabled or not configured
**(default)** | 0 | 0 | No data collected or sent |  |
| Enabled | 1 | 1 | Send intranet history only | |
| Enabled | 2 | 2 | Send Internet history only | |
| Enabled | 3 | 3 | Send both intranet and Internet history | |
diff --git a/browsers/edge/includes/configure-cookies-include.md b/browsers/edge/includes/configure-cookies-include.md
index a4b9740cfc..763646944e 100644
--- a/browsers/edge/includes/configure-cookies-include.md
+++ b/browsers/edge/includes/configure-cookies-include.md
@@ -18,7 +18,7 @@ ms:topic: include
| Group Policy | MDM | Registry | Description | Most restricted |
|---------------------------------------------|:---:|:--------:|-----------------------------------------------|:------------------------------------------------:|
-| Enabled | 0 | 0 | Block all cookies from all sites. |  |
+| Enabled | 0 | 0 | Block all cookies from all sites. |  |
| Enabled | 1 | 1 | Block only coddies from third party websites. | |
| Disabled or not configured
**(default)** | 2 | 2 | Allow all cookies from all sites. | |
diff --git a/browsers/edge/includes/configure-do-not-track-include.md b/browsers/edge/includes/configure-do-not-track-include.md
index 0270133a94..42afad9fa1 100644
--- a/browsers/edge/includes/configure-do-not-track-include.md
+++ b/browsers/edge/includes/configure-do-not-track-include.md
@@ -20,7 +20,7 @@ ms:topic: include
|---------------------------------|:-----:|:--------:|---------------------------------------------------------------------------------------------------------|:------------------------------------------------:|
| Not configured
**(default)** | Blank | Blank | Do not send tracking information but let users choose to send tracking information to sites they visit. | |
| Disabled | 0 | 0 | Never send tracking information. | |
-| Enabled | 1 | 1 | Send tracking information. |  |
+| Enabled | 1 | 1 | Send tracking information. |  |
---
diff --git a/browsers/edge/includes/configure-kiosk-mode-supported-values-include.md b/browsers/edge/includes/configure-kiosk-mode-supported-values-include.md
index cfbcfccd50..3578afcf88 100644
--- a/browsers/edge/includes/configure-kiosk-mode-supported-values-include.md
+++ b/browsers/edge/includes/configure-kiosk-mode-supported-values-include.md
@@ -11,7 +11,7 @@ ms:topic: include
| | |
|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| **Single-app**
**Digital/interactive signage**
Displays a specific site in full-screen mode, running Microsoft Edge InPrivate protecting user data.
***Example.*** Use digital signage for things like a rotating advertisement or menu.
***Example.*** Use interactive signage for things like a building business directory or restaurant order/pay station.
**Policy setting** = Not configured (0 default)
|
Public browsing
Runs a limited multi-tab version of Microsoft Edge, protecting user data. Microsoft Edge is the only app users can use on the device, preventing them from customizing Microsoft Edge. Users can only browse publically or end their browsing session.
The single-app public browsing mode is the only kiosk mode that has an End session button. Microsoft Edge also resets the session after a specified time of user inactivity. Both restart Microsoft Edge and clear the user’s session.
Example. A public library or hotel concierge desk are two examples of public browsing that provides access to Microsoft Edge and other apps.
Policy setting = Enabled (1) | -| **Multi-app**
**Normal browsing**
Runs a full-version of Microsoft Edge with all browsing features and preserves the user data and state between sessions.
Some features may not work depending on what other apps you have configured in assigned access. For example, installing extensions or books from the Microsoft store are not allowed if the store is not available. Also, if Internet Explorer 11 is set up in assigned access, you can enable [EnterpriseModeSiteList](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-enterprisemodesitelist) to automatically switch users to Internet Explorer 11 for sites that need backward compatibility support.
**Policy setting** = Not configured (0 default) |
Public browsing
Runs a multi-tab version of Microsoft Edge InPrivate with a tailored experience for kiosks that runs in full-screen mode. Users can open and close Microsoft Edge and launch other apps if allowed by assigned access. Instead of an End session button to clear their browsing session, the user closes Microsoft Edge normally.
In this configuration, Microsoft Edge can interact with other applications. For example, if Internet Explorer 11 is set up in multi-app assigned access, you can enable [EnterpriseModeSiteList](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-enterprisemodesitelist) to automatically switch users to Internet Explorer 11 for sites that need backward compatibility support.
Example. A public library or hotel concierge desk are two examples of public browsing that provides access to Microsoft Edge and other apps.
Policy setting = Enabled (1) | +| **Single-app**
**Digital/interactive signage**
Displays a specific site in full-screen mode, running Microsoft Edge InPrivate protecting user data.
***Example.*** Use digital signage for things like a rotating advertisement or menu.
***Example.*** Use interactive signage for things like a building business directory or restaurant order/pay station.
**Policy setting** = Not configured (0 default)
|
Public browsing
Runs a limited multi-tab version of Microsoft Edge, protecting user data. Microsoft Edge is the only app users can use on the device, preventing them from customizing Microsoft Edge. Users can only browse publically or end their browsing session.
The single-app public browsing mode is the only kiosk mode that has an End session button. Microsoft Edge also resets the session after a specified time of user inactivity. Both restart Microsoft Edge and clear the user’s session.
Example. A public library or hotel concierge desk are two examples of public browsing that provides access to Microsoft Edge and other apps.
Policy setting = Enabled (1) | +| **Multi-app**
**Normal browsing**
Runs a full-version of Microsoft Edge with all browsing features and preserves the user data and state between sessions.
Some features may not work depending on what other apps you have configured in assigned access. For example, installing extensions or books from the Microsoft store are not allowed if the store is not available. Also, if Internet Explorer 11 is set up in assigned access, you can enable [EnterpriseModeSiteList](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-enterprisemodesitelist) to automatically switch users to Internet Explorer 11 for sites that need backward compatibility support.
**Policy setting** = Not configured (0 default) |
Public browsing
Runs a multi-tab version of Microsoft Edge InPrivate with a tailored experience for kiosks that runs in full-screen mode. Users can open and close Microsoft Edge and launch other apps if allowed by assigned access. Instead of an End session button to clear their browsing session, the user closes Microsoft Edge normally.
In this configuration, Microsoft Edge can interact with other applications. For example, if Internet Explorer 11 is set up in multi-app assigned access, you can enable [EnterpriseModeSiteList](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-enterprisemodesitelist) to automatically switch users to Internet Explorer 11 for sites that need backward compatibility support.
Example. A public library or hotel concierge desk are two examples of public browsing that provides access to Microsoft Edge and other apps.
Policy setting = Enabled (1) |
---
diff --git a/browsers/edge/includes/configure-password-manager-include.md b/browsers/edge/includes/configure-password-manager-include.md
index ab0e78ca5b..35cba0ce23 100644
--- a/browsers/edge/includes/configure-password-manager-include.md
+++ b/browsers/edge/includes/configure-password-manager-include.md
@@ -19,7 +19,7 @@ ms:topic: include
| Group Policy | MDM | Registry | Description | Most restricted |
|--------------------------|:-----:|:--------:|--------------------------------------------------------|:------------------------------------------------:|
| Not configured | Blank | Blank | Users can choose to save and manage passwords locally. | |
-| Disabled | 0 | no | Not allowed. |  |
+| Disabled | 0 | no | Not allowed. |  |
| Enabled
**(default)** | 1 | yes | Allowed. | |
---
diff --git a/browsers/edge/includes/configure-pop-up-blocker-include.md b/browsers/edge/includes/configure-pop-up-blocker-include.md
index 5355cbae5f..1595f8fc6f 100644
--- a/browsers/edge/includes/configure-pop-up-blocker-include.md
+++ b/browsers/edge/includes/configure-pop-up-blocker-include.md
@@ -20,7 +20,7 @@ ms:topic: include
|---------------------------|:-----:|:--------:|-------------------------------------------------|:------------------------------------------------:|
| Not configured | Blank | Blank | Users can choose to use Pop-up Blocker. | |
| Disabled
**(default)** | 0 | 0 | Turned off. Allow pop-up windows to open. | |
-| Enabled | 1 | 1 | Turned on. Prevent pop-up windows from opening. |  |
+| Enabled | 1 | 1 | Turned on. Prevent pop-up windows from opening. |  |
---
diff --git a/browsers/edge/includes/configure-search-suggestions-address-bar-include.md b/browsers/edge/includes/configure-search-suggestions-address-bar-include.md
index f12debc9ab..e81aff3cec 100644
--- a/browsers/edge/includes/configure-search-suggestions-address-bar-include.md
+++ b/browsers/edge/includes/configure-search-suggestions-address-bar-include.md
@@ -19,7 +19,7 @@ ms:topic: include
| Group Policy | MDM | Registry | Description | Most restricted |
|---------------------------------|:-----:|:--------:|---------------------------------------------|:------------------------------------------------:|
| Not configured
**(default)** | Blank | Blank | Users can choose to see search suggestions. | |
-| Disabled | 0 | 0 | Prevented. Hide the search suggestions. |  |
+| Disabled | 0 | 0 | Prevented. Hide the search suggestions. |  |
| Enabled | 1 | 1 | Allowed. Show the search suggestions. | |
---
diff --git a/browsers/edge/includes/configure-windows-defender-smartscreen-include.md b/browsers/edge/includes/configure-windows-defender-smartscreen-include.md
index fcc95b0d57..0deb5b8f82 100644
--- a/browsers/edge/includes/configure-windows-defender-smartscreen-include.md
+++ b/browsers/edge/includes/configure-windows-defender-smartscreen-include.md
@@ -20,13 +20,13 @@ ms:topic: include
|----------------|:-----:|:--------:|-----------------------------------------------------------------------------------------------|:------------------------------------------------:|
| Not configured | Blank | Blank | Users can choose to use Windows Defender SmartScreen. | |
| Disabled | 0 | 0 | Turned off. Do not protect users from potential threats and prevent users from turning it on. | |
-| Enabled | 1 | 1 | Turned on. Protect users from potential threats and prevent users from turning it off. |  |
+| Enabled | 1 | 1 | Turned on. Protect users from potential threats and prevent users from turning it off. |  |
---
To verify Windows Defender SmartScreen is turned off (disabled):
1. Click or tap **More** (…) and select **Settings** > **View Advanced settings**.
-2. Verify the setting **Help protect me from malicious sites and download with SmartScreen Filter** is disabled.
 +2. Verify the setting **Help protect me from malicious sites and download with SmartScreen Filter** is disabled.
 ### ADMX info and settings diff --git a/browsers/edge/includes/disable-lockdown-of-start-pages-include.md b/browsers/edge/includes/disable-lockdown-of-start-pages-include.md index e240862638..d5eaa236e5 100644 --- a/browsers/edge/includes/disable-lockdown-of-start-pages-include.md +++ b/browsers/edge/includes/disable-lockdown-of-start-pages-include.md @@ -18,7 +18,7 @@ ms:topic: include | Group Policy | MDM | Registry | Description | Most restricted | |----------------|:---:|:--------:|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:------------------------------------------------:| -| Not configured | 0 | 0 | Locked. Start pages configured in either the Configure Open Microsoft Edge With policy and Configure Start Pages policy are not editable. |  | +| Not configured | 0 | 0 | Locked. Start pages configured in either the Configure Open Microsoft Edge With policy and Configure Start Pages policy are not editable. |  | | Enabled | 1 | 1 | Unlocked. Users can make changes to all configured start pages.
When you enable this policy and define a set of URLs in the Configure Start Pages policy, Microsoft Edge uses the URLs defined in the Configure Open Microsoft Edge With policy. | |
---
diff --git a/browsers/edge/includes/do-not-sync-include.md b/browsers/edge/includes/do-not-sync-include.md
index 96aa814d4b..255d83e1be 100644
--- a/browsers/edge/includes/do-not-sync-include.md
+++ b/browsers/edge/includes/do-not-sync-include.md
@@ -19,7 +19,7 @@ ms:topic: include
| Group Policy | MDM | Registry | Description | Most restricted |
|---------------------------------------------|:---:|:--------:|--------------------------------------------------------------------------------------|:------------------------------------------------:|
| Disabled or not configured
**(default)** | 0 | 0 | Allowed/turned on. Users can choose what to sync to their device. | |
-| Enabled | 2 | 2 | Prevented/turned off. Disables the *Sync your Settings* toggle and prevents syncing. |  |
+| Enabled | 2 | 2 | Prevented/turned off. Disables the *Sync your Settings* toggle and prevents syncing. |  |
---
diff --git a/browsers/edge/includes/keep-fav-sync-ie-edge-include.md b/browsers/edge/includes/keep-fav-sync-ie-edge-include.md
index 7e9bb90bc1..dc17580d47 100644
--- a/browsers/edge/includes/keep-fav-sync-ie-edge-include.md
+++ b/browsers/edge/includes/keep-fav-sync-ie-edge-include.md
@@ -19,7 +19,7 @@ ms:topic: include
| Group Policy | MDM | Registry | Description | Most restricted |
|---------------------------------------------|:---:|:--------:|------------------------|:------------------------------------------------:|
| Disabled or not configured
**(default)** | 0 | 0 | Turned off/not syncing | |
-| Enabled | 1 | 1 | Turned on/syncing |  |
+| Enabled | 1 | 1 | Turned on/syncing |  |
---
diff --git a/browsers/edge/includes/prevent-access-about-flag-include.md b/browsers/edge/includes/prevent-access-about-flag-include.md
index d6ca2253e6..cf2adc30cc 100644
--- a/browsers/edge/includes/prevent-access-about-flag-include.md
+++ b/browsers/edge/includes/prevent-access-about-flag-include.md
@@ -19,7 +19,7 @@ ms:topic: include
| Group Policy | MDM | Registry | Description | Most restricted |
|---------------------------------------------|:---:|:--------:|-------------|:------------------------------------------------:|
| Disabled or not configured
**(default)** | 0 | 0 | Allowed | |
-| Enabled | 1 | 1 | Prevented |  |
+| Enabled | 1 | 1 | Prevented |  |
---
diff --git a/browsers/edge/includes/prevent-bypassing-win-defender-files-include.md b/browsers/edge/includes/prevent-bypassing-win-defender-files-include.md
index a16217ae07..077eca88ab 100644
--- a/browsers/edge/includes/prevent-bypassing-win-defender-files-include.md
+++ b/browsers/edge/includes/prevent-bypassing-win-defender-files-include.md
@@ -19,7 +19,7 @@ ms:topic: include
| Group Policy | MDM | Registry | Description | Most restricted |
|---------------------------------------------|:---:|:--------:|---------------------------------------------------------------------------------------------------|:------------------------------------------------:|
| Disabled or not configured
**(default)** | 0 | 0 | Allowed/turned off. Users can ignore the warning and continue to download the unverified file(s). | |
-| Enabled | 1 | 1 | Prevented/turned on. |  |
+| Enabled | 1 | 1 | Prevented/turned on. |  |
---
diff --git a/browsers/edge/includes/prevent-bypassing-win-defender-sites-include.md b/browsers/edge/includes/prevent-bypassing-win-defender-sites-include.md
index beca20210f..95d1c0a7ec 100644
--- a/browsers/edge/includes/prevent-bypassing-win-defender-sites-include.md
+++ b/browsers/edge/includes/prevent-bypassing-win-defender-sites-include.md
@@ -19,7 +19,7 @@ ms:topic: include
| Group Policy | MDM | Registry | Description | Most restricted |
|---------------------------------------------|:---:|:--------:|----------------------------------------------------------------------------|:------------------------------------------------:|
| Disabled or not configured
**(default)** | 0 | 0 | Allowed/turned off. Users can ignore the warning and continue to the site. | |
-| Enabled | 1 | 1 | Prevented/turned on. |  |
+| Enabled | 1 | 1 | Prevented/turned on. |  |
---
diff --git a/browsers/edge/includes/prevent-certificate-error-overrides-include.md b/browsers/edge/includes/prevent-certificate-error-overrides-include.md
index a0a47406eb..5957d7ca37 100644
--- a/browsers/edge/includes/prevent-certificate-error-overrides-include.md
+++ b/browsers/edge/includes/prevent-certificate-error-overrides-include.md
@@ -18,7 +18,7 @@ ms:topic: include
| Group Policy | MDM | Registry | Description | Most restricted |
|---------------------------------------------|:---:|:--------:|---------------------------------------------------------------------------------|:------------------------------------------------:|
| Disabled or not configured
**(default)** | 0 | 0 | Allowed/turned on. Override the security warning to sites that have SSL errors. | |
-| Enabled | 1 | 1 | Prevented/turned on. |  |
+| Enabled | 1 | 1 | Prevented/turned on. |  |
---
diff --git a/browsers/edge/includes/prevent-changes-to-favorites-include.md b/browsers/edge/includes/prevent-changes-to-favorites-include.md
index 71476b4e98..30a902cbbf 100644
--- a/browsers/edge/includes/prevent-changes-to-favorites-include.md
+++ b/browsers/edge/includes/prevent-changes-to-favorites-include.md
@@ -19,7 +19,7 @@ ms:topic: include
| Group Policy | MDM | Registry | Description | Most restricted |
|---------------------------------------------|:---:|:--------:|-----------------------------------------------------------------------------------|:------------------------------------------------:|
| Disabled or not configured
**(default)** | 0 | 0 | Allowed/unlocked. Users can add, import, and make changes to the Favorites list. | |
-| Enabled | 1 | 1 | Prevented/locked down. |  |
+| Enabled | 1 | 1 | Prevented/locked down. |  |
---
diff --git a/browsers/edge/includes/prevent-first-run-webpage-open-include.md b/browsers/edge/includes/prevent-first-run-webpage-open-include.md
index e28cd73fb5..50e5ffbe36 100644
--- a/browsers/edge/includes/prevent-first-run-webpage-open-include.md
+++ b/browsers/edge/includes/prevent-first-run-webpage-open-include.md
@@ -19,7 +19,7 @@ ms:topic: include
| Group Policy | MDM | Registry | Description | Most restricted |
|---------------------------------------------|:---:|:--------:|--------------------------------------|:------------------------------------------------:|
| Disabled or not configured
**(default)** | 0 | 0 | Allowed. Load the First Run webpage. | |
-| Enabled | 1 | 1 | Prevented. |  |
+| Enabled | 1 | 1 | Prevented. |  |
---
diff --git a/browsers/edge/includes/prevent-live-tile-pinning-start-include.md b/browsers/edge/includes/prevent-live-tile-pinning-start-include.md
index 36535b4ccc..86777ec60f 100644
--- a/browsers/edge/includes/prevent-live-tile-pinning-start-include.md
+++ b/browsers/edge/includes/prevent-live-tile-pinning-start-include.md
@@ -19,7 +19,7 @@ ms:topic: include
| Group Policy | MDM | Registry | Description | Most restricted |
|---------------------------------------------|:---:|:--------:|--------------------------------------|:------------------------------------------------:|
| Disabled or not configured
**(default)** | 0 | 0 | Collect and send Live Tile metadata. | |
-| Enabled | 1 | 1 | Do not collect data. |  |
+| Enabled | 1 | 1 | Do not collect data. |  |
---
diff --git a/browsers/edge/includes/prevent-localhost-address-for-webrtc-include.md b/browsers/edge/includes/prevent-localhost-address-for-webrtc-include.md
index 8314edbe14..d66fd0ae7d 100644
--- a/browsers/edge/includes/prevent-localhost-address-for-webrtc-include.md
+++ b/browsers/edge/includes/prevent-localhost-address-for-webrtc-include.md
@@ -19,7 +19,7 @@ ms:topic: include
| Group Policy | MDM | Registry | Description | Most restricted |
|---------------------------------------------|:---:|:--------:|---------------------------------------|:------------------------------------------------:|
| Disabled or not configured
**(default)** | 0 | 0 | Allowed. Show localhost IP addresses. | |
-| Enabled | 1 | 1 | Prevented. |  |
+| Enabled | 1 | 1 | Prevented. |  |
---
diff --git a/browsers/edge/includes/provision-favorites-include.md b/browsers/edge/includes/provision-favorites-include.md
index 33df41bb77..5fb77898e4 100644
--- a/browsers/edge/includes/provision-favorites-include.md
+++ b/browsers/edge/includes/provision-favorites-include.md
@@ -23,7 +23,7 @@ ms:topic: include
| Group Policy | Description | Most restricted |
|---------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:------------------------------------------------:|
| Disabled or not configured
**(default)** | Users can customize the favorites list, such as adding folders, or adding and removing favorites. | |
-| Enabled | Define a default list of favorites in Microsoft Edge. In this case, the Save a Favorite, Import settings, and context menu options (such as Create a new folder) are turned off.
To define a default list of favorites, do the following:
To define a default list of favorites, do the following:
Enabling this policy opens all intranet sites in IE11 automatically, even if the users have Microsoft Edge as their default browser.
**Computer Configuration\\Administrative Templates\\Windows Components\\File Explorer\\Set a default associations configuration file**
A message opens stating that the page needs to open in IE. At the same time, the page opens in IE11 automatically; in a new frame if it is not yet running, or in a new tab.
Specify a link to the OpenSearch XML file that contains, at a minimum, the short name and the URL template (HTTPS) of the search engine. For more information about creating the OpenSearch XML file, see [Search provider discovery](https://docs.microsoft.com/microsoft-edge/dev-guide/browser/search-provider-discovery). Use this format to specify the link you want to add.
If you want your users to use the default Microsoft Edge settings for each market, then set the string to **EDGEDEFAULT**.
If you would like your users to use Microsoft Bing as the default search engine, then set the string to **EDGEBING**. |  | +| Enabled | 1 | 1 | Use the policy-set search engine specified in the OpenSearch XML file, preventing users from making changes.
Specify a link to the OpenSearch XML file that contains, at a minimum, the short name and the URL template (HTTPS) of the search engine. For more information about creating the OpenSearch XML file, see [Search provider discovery](https://docs.microsoft.com/microsoft-edge/dev-guide/browser/search-provider-discovery). Use this format to specify the link you want to add.
If you want your users to use the default Microsoft Edge settings for each market, then set the string to **EDGEDEFAULT**.
If you would like your users to use Microsoft Bing as the default search engine, then set the string to **EDGEBING**. |  |
---
diff --git a/browsers/edge/includes/show-message-opening-sites-ie-include.md b/browsers/edge/includes/show-message-opening-sites-ie-include.md
index fe01511d36..bb626be0cf 100644
--- a/browsers/edge/includes/show-message-opening-sites-ie-include.md
+++ b/browsers/edge/includes/show-message-opening-sites-ie-include.md
@@ -21,7 +21,7 @@ ms:topic: include
| Group Policy | MDM | Registry | Description | Most restricted |
|---------------------------------------------|:---:|:--------:|--------------------------------------------------------------------------------------------------------------------------|:------------------------------------------------:|
-| Disabled or not configured
**(default)** | 0 | 0 | No additional message displays. |  |
+| Disabled or not configured
**(default)** | 0 | 0 | No additional message displays. |  |
| Enabled | 1 | 1 | Show an additional message stating that a site has opened in IE11. | |
| Enabled | 2 | 2 | Show an additional message with a *Keep going in Microsoft Edge* link to allow users to open the site in Microsoft Edge. | |
diff --git a/browsers/includes/import-into-the-enterprise-mode-site-list-mgr-include.md b/browsers/includes/import-into-the-enterprise-mode-site-list-mgr-include.md
index 4f722ff9f5..9116168ca3 100644
--- a/browsers/includes/import-into-the-enterprise-mode-site-list-mgr-include.md
+++ b/browsers/includes/import-into-the-enterprise-mode-site-list-mgr-include.md
@@ -10,7 +10,7 @@ ms:topic: include
If you need to replace your entire site list because of errors, or simply because it’s out of date, you can import your exported Enterprise Mode site list using the Enterprise Mode Site List Manager.
->[!IMPORTANT]
+>[!IMPORTANT]
>Importing your file overwrites everything that’s currently in the tool, so make sure it’s what want to do.
1. In the Enterprise Mode Site List Manager, click **File \> Import**.
diff --git a/devices/hololens/hololens-install-localized.md b/devices/hololens/hololens-install-localized.md
index 44e729c92f..0d3b2aecfb 100644
--- a/devices/hololens/hololens-install-localized.md
+++ b/devices/hololens/hololens-install-localized.md
@@ -17,7 +17,7 @@ manager: dansimp
In order to switch to the Chinese or Japanese version of HoloLens, you’ll need to download the build for the language on a PC and then install it on your HoloLens using the Windows Device Recovery Tool (WDRT).
->[!IMPORTANT]
+>[!IMPORTANT]
>Installing the Chinese or Japanese builds of HoloLens using WDRT will delete existing data, like personal files and settings, from your HoloLens.
diff --git a/devices/surface-hub/admin-group-management-for-surface-hub.md b/devices/surface-hub/admin-group-management-for-surface-hub.md
index f3e0e2e1ba..8125113887 100644
--- a/devices/surface-hub/admin-group-management-for-surface-hub.md
+++ b/devices/surface-hub/admin-group-management-for-surface-hub.md
@@ -37,7 +37,7 @@ Note that the local admin account information is not backed by any directory ser
### Domain join the device to Active Directory (AD)
-You can domain join the Surface Hub to your AD domain to allow users from a specified security group to configure settings. During first run, choose to use [Active Directory Domain Services](first-run-program-surface-hub.md#a-href-iduse-active-directoryause-active-directory-domain-services). You'll need to provide credentials that are capable of joining the domain of your choice, and the name of an existing security group. Anyone who is a member of that security group can enter their credentials and unlock Settings.
+You can domain join the Surface Hub to your AD domain to allow users from a specified security group to configure settings. During first run, choose to use [Active Directory Domain Services](first-run-program-surface-hub.md#use-active-directory-domain-services). You'll need to provide credentials that are capable of joining the domain of your choice, and the name of an existing security group. Anyone who is a member of that security group can enter their credentials and unlock Settings.
#### What happens when you domain join your Surface Hub?
Surface Hubs use domain join to:
@@ -53,7 +53,7 @@ Surface Hub does not support applying group policies or certificates from the do
### Azure Active Directory (Azure AD) join the device
-You can Azure AD join the Surface Hub to allow IT pros from your Azure AD tenant to configure settings. During first run, choose to use [Microsoft Azure Active Directory](first-run-program-surface-hub.md#a-href-iduse-microsoft-azureause-microsoft-azure-active-directory). You will need to provide credentials that are capable of joining the Azure AD tenant of your choice. After you successfully Azure AD join, the appropriate people will be granted admin rights on the device.
+You can Azure AD join the Surface Hub to allow IT pros from your Azure AD tenant to configure settings. During first run, choose to use [Microsoft Azure Active Directory](first-run-program-surface-hub.md#use-microsoft-azure-active-directory). You will need to provide credentials that are capable of joining the Azure AD tenant of your choice. After you successfully Azure AD join, the appropriate people will be granted admin rights on the device.
By default, all **global administrators** will be given admin rights on an Azure AD joined Surface Hub. With **Azure AD Premium** or **Enterprise Mobility Suite (EMS)**, you can add additional administrators:
1. In the [Azure classic portal](https://manage.windowsazure.com/), click **Active Directory**, and then click the name of your organization's directory.
diff --git a/devices/surface/surface-enterprise-management-mode.md b/devices/surface/surface-enterprise-management-mode.md
index 5dfb51b75b..9244515eb1 100644
--- a/devices/surface/surface-enterprise-management-mode.md
+++ b/devices/surface/surface-enterprise-management-mode.md
@@ -29,7 +29,7 @@ There are two administrative options you can use to manage SEMM and enrolled Sur
The primary workspace of SEMM is Microsoft Surface UEFI Configurator, as shown in Figure 1. Microsoft Surface UEFI Configurator is a tool that is used to create Windows Installer (.msi) packages or WinPE images that are used to enroll, configure, and unenroll SEMM on a Surface device. These packages contain a configuration file where the settings for UEFI are specified. SEMM packages also contain a certificate that is installed and stored in firmware and used to verify the signature of configuration files before UEFI settings are applied.
-
+
*Figure 1. Microsoft Surface UEFI Configurator*
@@ -51,7 +51,7 @@ You can download Microsoft Surface UEFI Configurator from the [Surface Tools for
Surface UEFI configuration packages are the primary mechanism to implement and manage SEMM on Surface devices. These packages contain a configuration file of UEFI settings specified during creation of the package in Microsoft Surface UEFI Configurator and a certificate file, as shown in Figure 2. When a configuration package is run for the first time on a Surface device that is not already enrolled in SEMM, it provisions the certificate file in the device’s firmware and enrolls the device in SEMM. When enrolling a device in SEMM, you will be prompted to confirm the operation by providing the last two digits of the SEMM certificate thumbprint before the certificate file is stored and the enrollment can complete. This confirmation requires that a user be present at the device at the time of enrollment to perform the confirmation.
-
+
*Figure 2. Secure a SEMM configuration package with a certificate*
@@ -64,11 +64,11 @@ After a device is enrolled in SEMM, the configuration file is read and the setti
You can use Surface UEFI settings to enable or disable the operation of individual components, such as cameras, wireless communication, or docking USB port (as shown in Figure 3), and configure advanced settings (as shown in Figure 4).
-
+
*Figure 3. Enable or disable devices in Surface UEFI with SEMM*
-
+
*Figure 4. Configure advanced settings with SEMM*
@@ -102,13 +102,13 @@ You can configure the following advanced settings with SEMM:
>[!NOTE]
>When you create a SEMM configuration package, two characters are shown on the **Successful** page, as shown in Figure 5.
-
+
*Figure 5. Display of the last two characters of the certificate thumbprint on the Successful page*
These characters are the last two characters of the certificate thumbprint and should be written down or recorded. The characters are required to confirm enrollment in SEMM on a Surface device, as shown in Figure 6.
-
+
*Figure 6. Enrollment confirmation in SEMM with the SEMM certificate thumbprint*
@@ -134,7 +134,7 @@ A Surface UEFI reset package is used to perform only one task — to unenroll a
In some scenarios, it may be impossible to use a Surface UEFI reset package. (For example, if Windows becomes unusable on the Surface device.) In these scenarios you can unenroll the Surface device from SEMM through the **Enterprise Management** page of Surface UEFI (shown in Figure 7) with a Recovery Request operation.
-
+
*Figure 7. Initiate a SEMM recovery request on the Enterprise Management page*
diff --git a/education/windows/autopilot-reset.md b/education/windows/autopilot-reset.md
index 92f671930d..2c11c122c4 100644
--- a/education/windows/autopilot-reset.md
+++ b/education/windows/autopilot-reset.md
@@ -77,7 +77,7 @@ Autopilot Reset is a two-step process: trigger it and then authenticate. Once yo
2. Sign in with the admin account credentials. If you created a provisioning package, plug in the USB drive and trigger Autopilot Reset.
->[!IMPORTANT]
+>[!IMPORTANT]
>To reestablish Wi-Fi connectivity after reset, make sure the **Connect automatically** box is checked for the device's wireless network connection.
Once Autopilot Reset is triggered, the reset process starts.
diff --git a/education/windows/deploy-windows-10-in-a-school.md b/education/windows/deploy-windows-10-in-a-school.md
index db25071667..1f7820db7b 100644
--- a/education/windows/deploy-windows-10-in-a-school.md
+++ b/education/windows/deploy-windows-10-in-a-school.md
@@ -1055,6 +1055,7 @@ Prior to deployment of Windows 10, ensure that you complete the tasks listed in
| | Notify the students and faculty about the deployment. |
+
### Perform the deployment
Use the Deployment Wizard to deploy Windows 10. The LTI deployment process is almost fully automated: You provide only minimal information to the Deployment Wizard at the beginning of the process. After the wizard collects the necessary information, the remainder of the process is fully automated.
diff --git a/education/windows/set-up-students-pcs-to-join-domain.md b/education/windows/set-up-students-pcs-to-join-domain.md
index 22ee5f98f0..3842e9d435 100644
--- a/education/windows/set-up-students-pcs-to-join-domain.md
+++ b/education/windows/set-up-students-pcs-to-join-domain.md
@@ -28,7 +28,7 @@ Follow the steps in [Provision PCs with common settings for initial deployment (
1. In the **Account Management** step:
- > [!WARNING]
+ > [!WARNING]
> If you don't create a local administrator account and the device fails to enroll in Active Directory for any reason, you will have to reimage the device and start over. As a best practice, we recommend:
> - Use a least-privileged domain account to join the device to the domain.
> - Create a temporary administrator account to use for debugging or reprovisioning if the device fails to enroll successfully.
diff --git a/mdop/appv-v5/how-to-deploy-the-app-v-50-server-using-a-script.md b/mdop/appv-v5/how-to-deploy-the-app-v-50-server-using-a-script.md
index fdaab43d4a..3132a01373 100644
--- a/mdop/appv-v5/how-to-deploy-the-app-v-50-server-using-a-script.md
+++ b/mdop/appv-v5/how-to-deploy-the-app-v-50-server-using-a-script.md
@@ -21,8 +21,8 @@ In order to complete the **appv\_server\_setup.exe** Server setup successfully u
Use the following tables for more information about installing the App-V 5.0 server using the command line.
->[!NOTE]
->The information in the following tables can also be accessed using the command line by typing the following command:
+>[!NOTE]
+> The information in the following tables can also be accessed using the command line by typing the following command:
>```
> appv\_server\_setup.exe /?
>```
diff --git a/mdop/appv-v5/how-to-sequence-a-new-application-with-app-v-51-beta-gb18030.md b/mdop/appv-v5/how-to-sequence-a-new-application-with-app-v-51-beta-gb18030.md
index d836a5126f..5143059379 100644
--- a/mdop/appv-v5/how-to-sequence-a-new-application-with-app-v-51-beta-gb18030.md
+++ b/mdop/appv-v5/how-to-sequence-a-new-application-with-app-v-51-beta-gb18030.md
@@ -71,7 +71,7 @@ ms.date: 06/16/2016
3. On the **Prepare Computer** page, review the issues that could cause the package creation to fail or could cause the package to contain unnecessary data. You should resolve all potential issues before you continue. After making any corrections, click **Refresh** to display the updated information. After you have resolved all potential issues, click **Next**.
- > [!IMPORTANT]
+ > [!IMPORTANT]
> If you are required to disable virus scanning software, you should first scan the computer that runs the sequencer in order to ensure that no unwanted or malicious files could be added to the package.
@@ -102,7 +102,7 @@ If the application does not have an associated installer file and you plan to ru
7. On the **Installation** page, when the sequencer and application installer are ready you can proceed to install the application so that the sequencer can monitor the installation process.
- > [!IMPORTANT]
+ > [!IMPORTANT]
> You should always install applications to a secure location and make sure no other users are logged on to the computer running the sequencer during monitoring.
@@ -143,7 +143,7 @@ Click **Next**.
13. On the **Target OS** page, specify the operating systems that can run this package. To allow all supported operating systems in your environment to run this package, select **Allow this package to run on any operating system**. To configure this package to run only on specific operating systems, select **Allow this package to run only on the following operating systems** and select the operating systems that can run this package. Click **Next**.
- > [!IMPORTANT]
+ > [!IMPORTANT]
> Make sure that the operating systems you specify here are supported by the application you are sequencing.
@@ -152,7 +152,7 @@ Click **Next**.
To save the package immediately, select **Save the package now** (default). Add optional **Comments** to be associated with the package. Comments are useful for identifying the program version and other information about the package.
- > [!IMPORTANT]
+ > [!IMPORTANT]
> The system does not support non-printable characters in **Comments** and **Descriptions**.
@@ -165,7 +165,7 @@ The default **Save Location** is also displayed on this page. To change the defa
The package is now available in the sequencer.
- > [!IMPORTANT]
+ > [!IMPORTANT]
> After you have successfully created a virtual application package, you cannot run the virtual application package on the computer that is running the sequencer.
@@ -187,7 +187,7 @@ On the computer that runs the sequencer, click **All Programs**, and then Click
3. On the **Prepare Computer** page, review the issues that might cause the package creation to fail or could cause the package to contain unnecessary data. You should resolve all potential issues before you continue. After making any corrections, click **Refresh** to display the updated information. After you have resolved all potential issues, click **Next**.
- > [!IMPORTANT]
+ > [!IMPORTANT]
> If you are required to disable virus scanning software, you should first scan the computer that runs the sequencer in order to ensure that no unwanted or malicious files could be added to the package.
@@ -229,7 +229,7 @@ On the computer that runs the sequencer, click **All Programs**, and then Click
To save the package immediately, select **Save the package now**. Optionally, add a **Description** that will be associated with the package. Descriptions are useful for identifying the version and other information about the package.
- > [!IMPORTANT]
+ > [!IMPORTANT]
> The system does not support non-printable characters in Comments and Descriptions.
@@ -246,7 +246,7 @@ The default **Save Location** is also displayed on this page. To change the defa
3. On the **Prepare Computer** page, review the issues that could cause the package creation to fail or could cause the package to contain unnecessary data. You should resolve all potential issues before you continue. After making any corrections, click **Refresh** to display the updated information. After you have resolved all potential issues, click **Next**.
- > [!IMPORTANT]
+ > [!IMPORTANT]
> If you are required to disable virus scanning software, you should first scan the computer that runs the App-V 5.0 Sequencer in order to ensure that no unwanted or malicious files can be added to the package.
@@ -271,7 +271,7 @@ The default **Save Location** is also displayed on this page. To change the defa
To save the package immediately, select **Save the package now**. Optionally, add a **Description** to be associated with the package. Descriptions are useful for identifying the program version and other information about the package.
- > [!IMPORTANT]
+ > [!IMPORTANT]
> The system does not support non-printable characters in Comments and Descriptions.
@@ -284,7 +284,7 @@ The default **Save Location** is also displayed on this page. To change the defa
The package is now available in the sequencer. To edit the package properties, click **Edit \[Package Name\]**.
- > [!IMPORTANT]
+ > [!IMPORTANT]
> After you have successfully created a virtual application package, you cannot run the virtual application package on the computer that is running the sequencer.
diff --git a/mdop/dart-v10/getting-started-with-dart-10.md b/mdop/dart-v10/getting-started-with-dart-10.md
index 0fc0d27b12..634c9a9c74 100644
--- a/mdop/dart-v10/getting-started-with-dart-10.md
+++ b/mdop/dart-v10/getting-started-with-dart-10.md
@@ -19,8 +19,8 @@ ms.date: 08/30/2016
Microsoft Diagnostics and Recovery Toolset (DaRT) 10 requires thorough planning before you deploy it or use its features. If you are new to this product, we recommend that you read the documentation carefully. Before you deploy the product to a production environment, we also recommend that you validate your deployment plan in a test network environment. You might also consider taking a class about relevant technologies.
->[!NOTE]
->A downloadable version of this administrator’s guide is not available. However, you can click **Download PDF** at the bottom of the Table of Contents pane to get a PDF version of this guide.
+>[!NOTE]
+> A downloadable version of this administrator’s guide is not available. However, you can click **Download PDF** at the bottom of the Table of Contents pane to get a PDF version of this guide.
>
>Additional information about this product can also be found on the [Diagnostics and Recovery Toolset documentation download page.](https://www.microsoft.com/download/details.aspx?id=27754)
diff --git a/smb/cloud-mode-business-setup.md b/smb/cloud-mode-business-setup.md
index c2d50ddd02..e85552bb33 100644
--- a/smb/cloud-mode-business-setup.md
+++ b/smb/cloud-mode-business-setup.md
@@ -252,7 +252,7 @@ Now that you have Azure AD Premium and have it properly configured, you can conf
You can read this blog post to learn how you can combine login, Azure AD Join, and Intune MDM enrollment into an easy step so that you can bring your devices into a managed state that complies with the policies for your organization. We will use this blog post as our guide for this part of the walkthrough.
-> [!IMPORTANT]
+> [!IMPORTANT]
> We will use the classic Azure portal instead of the new portal to configure automatic MDM enrollment with Intune.
**To enable automatic MDM enrollment**
diff --git a/windows/application-management/app-v/appv-about-appv.md b/windows/application-management/app-v/appv-about-appv.md
index f52c78ba07..91926ff30c 100644
--- a/windows/application-management/app-v/appv-about-appv.md
+++ b/windows/application-management/app-v/appv-about-appv.md
@@ -51,7 +51,7 @@ The changes in App-V for Windows 10, version 1607 impact existing implementation
* The App-V client is installed on user devices automatically with Windows 10, version 1607, and no longer has to be deployed separately. Performing an in-place upgrade to Windows 10, version 1607, on user devices automatically installs the App-V client.
* In previous releases of App-V, the application sequencer was included in the Microsoft Desktop Optimization Pack. Although you’ll need to use the new application sequencer to create new virtualized applications, existing virtualized applications will continue to work. The App-V application sequencer is available from the [Windows 10 Assessment and Deployment Kit (ADK)](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit).
- >[!NOTE]
+ > [!NOTE]
>If you're already using App-V 5.x, you don't need to redeploy the App-V server components, as they haven't changed since App-V 5.0's release.
For more information about how to configure an existing App-V installation after upgrading user devices to Windows 10, see [Upgrading to App-V for Windows 10 from an existing installation](../app-v/appv-upgrading-to-app-v-for-windows-10-from-an-existing-installation.md) and [Migrating to App-V for Windows 10 from a previous version](../app-v/appv-migrating-to-appv-from-a-previous-version.md).
diff --git a/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md b/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md
index f852b68c53..45588fbda9 100644
--- a/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md
+++ b/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md
@@ -411,14 +411,14 @@ The process then configures the client for package or connection group additions
5. Remove objects that are not published to the target (user or machine).
- >[!NOTE]
+ > [!NOTE]
>This will not perform a package deletion but rather remove integration points for the specific target (user or machine) and remove user catalog files (machine catalog files for globally published).
6. Invoke background load mounting based on client configuration.
7. Packages that already have publishing information for the machine or user are immediately restored.
- >[!NOTE]
+ > [!NOTE]
>This condition occurs as a product of removal without unpublishing with background addition of the package.
This completes an App-V package add for the publishing refresh process. The next step is publishing the package to a specific target (machine or user).
@@ -447,7 +447,7 @@ During the Publishing Refresh operation, the specific publishing operation, **Pu
2. Store backup information in the user’s registry and roaming profile (Shortcut Backups).
- >[!NOTE]
+ > [!NOTE]
>This enables restore extension points if the package is unpublished.
3. Run scripts targeted for publishing timing.
diff --git a/windows/application-management/app-v/appv-configure-access-to-packages-with-the-management-console.md b/windows/application-management/app-v/appv-configure-access-to-packages-with-the-management-console.md
index 318d7bb572..a4d1d3bb4f 100644
--- a/windows/application-management/app-v/appv-configure-access-to-packages-with-the-management-console.md
+++ b/windows/application-management/app-v/appv-configure-access-to-packages-with-the-management-console.md
@@ -34,8 +34,8 @@ Use the following procedure to configure access to virtualized packages.
1. Using the format **mydomain** \\ **groupname**, enter the name or part of the name of an Active Directory group object, then select **Check**.
- >[!NOTE]
- >Ensure that you provide an associated domain name for the group that you are searching for.
+ > [!NOTE]
+ > Ensure that you provide an associated domain name for the group that you are searching for.
3. Grant access to the package by first selecting the desired group, then selecting **Grant Access**. The newly added group is displayed in the **AD entities with access** pane.
diff --git a/windows/application-management/app-v/appv-connection-group-file.md b/windows/application-management/app-v/appv-connection-group-file.md
index 11bb4e3d26..16d0bd518e 100644
--- a/windows/application-management/app-v/appv-connection-group-file.md
+++ b/windows/application-management/app-v/appv-connection-group-file.md
@@ -93,7 +93,7 @@ You can use the connection group file to configure each connection group by usin
- Specify runtime priorities for connection groups. To edit priority by using the App-V Management Console, select the connection group and then select **Edit**.
- >[!NOTE]
+ > [!NOTE]
>A package only requires priority if it's associated with more than one connection group.
- Specify package precedence within the connection group.
diff --git a/windows/application-management/app-v/appv-convert-a-package-created-in-a-previous-version-of-appv.md b/windows/application-management/app-v/appv-convert-a-package-created-in-a-previous-version-of-appv.md
index 27efb333f1..b6228dd6cd 100644
--- a/windows/application-management/app-v/appv-convert-a-package-created-in-a-previous-version-of-appv.md
+++ b/windows/application-management/app-v/appv-convert-a-package-created-in-a-previous-version-of-appv.md
@@ -18,7 +18,7 @@ ms.topic: article
You can use the package converter utility to upgrade virtual application packages created by previous versions of App-V. This section will tell you how to convert existing virtual application packages for upgrade.
->[!NOTE]
+>[!NOTE]
>If you are running a computer with a 64-bit architecture, you must use the x86 version of Windows PowerShell.
The package converter can only directly convert packages created by an App-V sequencer version 4.5 or later. Packages created with an App-V version earlier than 4.5 must be upgraded to at least App-V 4.5 before conversion.
@@ -54,8 +54,8 @@ The App-V package converter will save the App-V 4.6 installation root folder and
Additionally, the package converter optimizes performance of packages in App-V for Windows 10 by setting the package to stream fault the App-V package. This is more performant than the primary feature block and fully downloading the package. The flag **DownloadFullPackageOnFirstLaunch** allows you to convert the package and set the package to be fully downloaded by default.
- >[!NOTE]
- >Before you specify the output directory, you must create the output directory.
+> [!NOTE]
+ >Before you specify the output directory, you must create the output directory.
### Advanced Conversion Tips
diff --git a/windows/application-management/app-v/appv-create-a-custom-configuration-file-with-the-management-console.md b/windows/application-management/app-v/appv-create-a-custom-configuration-file-with-the-management-console.md
index fe5b518593..098316aee4 100644
--- a/windows/application-management/app-v/appv-create-a-custom-configuration-file-with-the-management-console.md
+++ b/windows/application-management/app-v/appv-create-a-custom-configuration-file-with-the-management-console.md
@@ -30,11 +30,8 @@ You can create a dynamic user configuration file with the App-V Management Conso
4. Select **Advanced**, and then select **Export Configuration**. Enter a file name and select **Save**. Now you can edit the file to configure a package for a user.
- >[!NOTE]
- >If you want to export a configuration while running on Windows Server, make sure to disable the IE Enhanced Security Configuration setting. If this setting is enabled and set to block downloads, you won't be able to download anything from the App-V Server.
-
-
-
+ > [!NOTE]
+ > If you want to export a configuration while running on Windows Server, make sure to disable the IE Enhanced Security Configuration setting. If this setting is enalbed and set to block downloads, you won't be able to download anything from the App-V Server.
## Related topics
diff --git a/windows/application-management/app-v/appv-create-a-package-accelerator.md b/windows/application-management/app-v/appv-create-a-package-accelerator.md
index edd86cbce5..e16200acad 100644
--- a/windows/application-management/app-v/appv-create-a-package-accelerator.md
+++ b/windows/application-management/app-v/appv-create-a-package-accelerator.md
@@ -53,7 +53,7 @@ Use the following procedure to create a package accelerator.
6. On the **Gathering Information** page, review the files that you couldn't find in the location specified by the **Installation Files** page. If the files displayed are not required, select **Remove these files**, then select **Next**. If the files are required, select **Previous** and copy the required files to the directory specified on the **Installation Files** page.
- >[!NOTE]
+ > [!NOTE]
>You must either remove the unrequired files or select **Previous** and locate the required files to advance to the next page of this wizard.
7. On the **Select Files** page, carefully review the detected files. Clear any file the package accelerator doesn't need to run successfully and select only the files that the application requires. When you're done, select **Next**.
diff --git a/windows/application-management/app-v/appv-create-a-virtual-application-package-package-accelerator.md b/windows/application-management/app-v/appv-create-a-virtual-application-package-package-accelerator.md
index 9d287e1b55..936ec0bf29 100644
--- a/windows/application-management/app-v/appv-create-a-virtual-application-package-package-accelerator.md
+++ b/windows/application-management/app-v/appv-create-a-virtual-application-package-package-accelerator.md
@@ -40,7 +40,7 @@ Use the following procedure to create a virtual application package with the App
Alternatively, if you have already copied the installation files to a directory on this computer, select **Make New Folder**, browse to the folder that contains the installation files, then select **Next**.
- >[!NOTE]
+ > [!NOTE]
>You can specify the following types of supported installation files:
> - Windows Installer files (**.msi**)
> - Cabinet files (.cab)
diff --git a/windows/application-management/app-v/appv-create-and-use-a-project-template.md b/windows/application-management/app-v/appv-create-and-use-a-project-template.md
index 92d3b64795..5e2bef4061 100644
--- a/windows/application-management/app-v/appv-create-and-use-a-project-template.md
+++ b/windows/application-management/app-v/appv-create-and-use-a-project-template.md
@@ -27,7 +27,7 @@ You must first create and save a project template, including a virtual app packa
1. On the device running the App-V Sequencer, select **Start**, select **All Programs**, select **Microsoft Application Virtualization**, and then select **Microsoft Application Virtualization Sequencer**.
- >[!NOTE]
+ > [!NOTE]
>If the virtual app package is currently open in the App-V Sequencer console, skip to Step 3 of this procedure.
2. On the **File** menu, select **Open**, select **Edit Package**, browse for the virtual app package that includes the settings you want to save with the App-V Project Template, and then select **Edit** to change any of the settings or info included in the file.
diff --git a/windows/application-management/app-v/appv-creating-and-managing-virtualized-applications.md b/windows/application-management/app-v/appv-creating-and-managing-virtualized-applications.md
index b80b894483..66e540afb8 100644
--- a/windows/application-management/app-v/appv-creating-and-managing-virtualized-applications.md
+++ b/windows/application-management/app-v/appv-creating-and-managing-virtualized-applications.md
@@ -31,7 +31,7 @@ You can use the App-V Sequencer to perform the following tasks:
- Upgrade existing packages. You can expand an existing package onto the computer running the sequencer and then upgrade the application to create a newer version.
- Edit configuration information associated with an existing package. For example, you can add a shortcut or modify a file type association.
- >[!NOTE]
+ > [!NOTE]
>You must create shortcuts and save them to an available network location to allow roaming. If a shortcut is created and saved in a private location, the package must be published locally to the computer running the App-V client.
- Convert existing virtual packages.
diff --git a/windows/application-management/app-v/appv-deploy-the-appv-server.md b/windows/application-management/app-v/appv-deploy-the-appv-server.md
index 9f1b448fb1..79a0d77597 100644
--- a/windows/application-management/app-v/appv-deploy-the-appv-server.md
+++ b/windows/application-management/app-v/appv-deploy-the-appv-server.md
@@ -54,7 +54,7 @@ ms.topic: article
| You are using a custom database name. | Select **Custom configuration** and type the database name. This setting allows you to configure the algorithm and cipher strength used by BitLocker Drive Encryption. This setting is applied when you turn on BitLocker. Changing the encryption method has no effect if the drive is already encrypted, or if encryption is in progress. If you want to disable this policy use the following SyncML: This setting allows you to configure whether BitLocker requires additional authentication each time the computer starts and whether you are using BitLocker with or without a Trusted Platform Module (TPM). This setting is applied when you turn on BitLocker. If you want to use BitLocker on a computer without a TPM, set the "ConfigureNonTPMStartupKeyUsage_Name" data. In this mode either a password or a USB drive is required for start-up. When using a startup key, the key information used to encrypt the drive is stored on the USB drive, creating a USB key. When the USB key is inserted the access to the drive is authenticated and the drive is accessible. If the USB key is lost or unavailable or if you have forgotten the password then you will need to use one of the BitLocker recovery options to access the drive. On a computer with a compatible TPM, four types of authentication methods can be used at startup to provide added protection for encrypted data. When the computer starts, it can use only the TPM for authentication, or it can also require insertion of a USB flash drive containing a startup key, the entry of a 6-digit to 20-digit personal identification number (PIN), or both. If you enable this policy setting, users can configure advanced startup options in the BitLocker setup wizard. If you disable or do not configure this setting, users can configure only basic options on computers with a TPM. Sample value for this node to enable this policy is: This setting allows you to configure a minimum length for a Trusted Platform Module (TPM) startup PIN. This setting is applied when you turn on BitLocker. The startup PIN must have a minimum length of 6 digits and can have a maximum length of 20 digits. This setting lets you configure the entire recovery message or replace the existing URL that are displayed on the pre-boot key recovery screen when the OS drive is locked.
@@ -437,7 +437,7 @@ The following diagram shows the BitLocker configuration service provider in tree
- 'yy' = string of max length 900.
- 'zz' = string of max length 500.
-> [!Note]
+> [!NOTE]
> When you enable SystemDrivesRecoveryMessage, you must specify values for all three settings (pre-boot recovery screen, recovery message, and recovery URL), otherwise it will fail (500 return status). For example, if you only specify values for message and URL, you will get a 500 return status.
Disabling the policy will let the system choose the default behaviors. If you want to disable this policy use the following SyncML: Data type is string. Supported operations are Add, Get, Replace, and Delete. This setting allows you to control how BitLocker-protected operating system drives are recovered in the absence of the required startup key information. This setting is applied when you turn on BitLocker. This setting allows you to control how BitLocker-protected fixed data drives are recovered in the absence of the required credentials. This setting is applied when you turn on BitLocker. This setting determines whether BitLocker protection is required for fixed data drives to be writable on a computer. This setting configures whether BitLocker protection is required for a computer to be able to write data to a removable data drive. Allows the admin to disable the warning prompt for other disk encryption on the user machines that are targeted when the RequireDeviceEncryption policy is also set to 1. Optional. Type: String. Specifies the network protocol of the connection. Available values are "IPv4", "IPv6", "IPv4v6", and "IPv4v6xlat". If a value is not specified, the default value is "IPv4".
-> [!Warning]
+> [!WARNING]
> Do not use IPv6 or IPv4v6xlat on a device or network that does not support IPv6. Data functionality will not work. In addition, the device will not be able to connect to a roaming network that does not support IPv6 unless you configure roaming connections with an IPType of IPv4v6.
@@ -149,7 +149,7 @@ The following diagram shows the CM\_CellularEntries configuration service provid
To allow MMS when data is set to OFF, set both ExemptFromDisablePolicy and UseRequiresMappingsPolicy to "1". This indicates that the connection is a dedicated MMS connection and that it should not be disabled when all other connections are disabled. As a result, MMS can be sent and received when data is set to OFF. Note that sending MMS while roaming is still not allowed.
-> [!Important]
+> [!IMPORTANT]
> Do not set ExemptFromDisablePolicy to "1", ExemptFromRoaming to "1", or UseRequiresMappingsPolicy to "1" for general purpose connections.
To avoid UX inconsistency with certain value combinations of ExemptFromDisablePolicy and AllowMmsIfDataIsOff, when you do not set ExemptFromDisablePolicy to 1 (default is 0), you should:
@@ -168,12 +168,11 @@ The following diagram shows the CM\_CellularEntries configuration service provid
**IdleDisconnectTimeout**
Optional. Type: Int. Specifies how long an on-demand connection can be unused before Connection Manager tears the connection down. This value is specified in seconds. Valid value range is 5 to 60 seconds. If not specified, the default is 30 seconds.
-> [!Important]
+> [!IMPORTANT]
> You must specify the IdleDisconnectTimeout value when updating an on-demand connection to ensure that the desired value is still configured. If it is not specified, the default value of 30 seconds may be used.
->
->
->
-> [!Note]
+
+
+> [!NOTE]
> If tear-down/activation requests occur too frequently, this value should be set to greater than 5 seconds.
diff --git a/windows/client-management/mdm/data-structures-windows-store-for-business.md b/windows/client-management/mdm/data-structures-windows-store-for-business.md
index 52f529971f..2f914399ba 100644
--- a/windows/client-management/mdm/data-structures-windows-store-for-business.md
+++ b/windows/client-management/mdm/data-structures-windows-store-for-business.md
@@ -1078,7 +1078,7 @@ Specifies the properties of the publisher details.
architectures collection of ProductArchitecture collection of ProductArchitectures Added in Windows 10 version 1703. Returns a base64-encoded string of the hardware parameters of a device.
-> [!Note]
+> [!NOTE]
> This node contains a raw blob used to identify a device in the cloud. It's not meant to be human readable by design and you cannot parse the content to get any meaningful hardware information.
Supported operation is Get.
diff --git a/windows/client-management/mdm/enable-admx-backed-policies-in-mdm.md b/windows/client-management/mdm/enable-admx-backed-policies-in-mdm.md
index bfee22a337..93d47b013b 100644
--- a/windows/client-management/mdm/enable-admx-backed-policies-in-mdm.md
+++ b/windows/client-management/mdm/enable-admx-backed-policies-in-mdm.md
@@ -61,7 +61,7 @@ See [Support Tip: Ingesting Office ADMX-backed policies using Microsoft Intune](
In this example you configure **Enable App-V Client** to **Enabled**.
-> [!Note]
+> [!NOTE]
> The \ payload must be XML encoded. To avoid encoding, you can use CData if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). If you are using Intune, select String as the data type.
``` syntax
@@ -223,7 +223,7 @@ See [Support Tip: Ingesting Office ADMX-backed policies using Microsoft Intune](
Here is the example for **AppVirtualization/PublishingAllowServer2**:
-> [!Note]
+> [!NOTE]
> The \ payload must be XML encoded. To avoid encoding, you can use CData if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). If you are using Intune, select String as the data type.
``` syntax
diff --git a/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md b/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md
index c6cbf4062b..b7418aa88c 100644
--- a/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md
+++ b/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md
@@ -21,7 +21,7 @@ Requirements:
- The enterprise AD must be [registered with Azure Active Directory (Azure AD)](azure-active-directory-integration-with-mdm.md)
- The device should not already be enrolled in Intune using the classic agents (devices managed using agents will fail enrollment with `error 0x80180026`)
-> [!Tip]
+> [!TIP]
> [How to configure automatic registration of Windows domain-joined devices with Azure Active Directory](https://docs.microsoft.com/azure/active-directory/active-directory-conditional-access-automatic-device-registration-setup)
To verify if the device is Azure AD registered, run `dsregcmd /status` from the command line.
@@ -32,7 +32,7 @@ Here is a partial screenshot of the result:
The auto-enrollment relies of the presence of an MDM service and the Azure Active Directory registration for the PC. Starting in Windows 10, version 1607, once the enterprise has registered its AD with Azure AD, a Windows PC that is domain joined is automatically AAD registered.
-> [!Note]
+> [!NOTE]
> In Windows 10, version 1709, the enrollment protocol was updated to check whether the device is domain-joined. For details, see [\[MS-MDE2\]: Mobile Device Enrollment Protocol Version 2](https://msdn.microsoft.com/library/mt221945.aspx). For examples, see section 4.3.1 RequestSecurityToken of the MS-MDE2 protocol documentation.
When the auto-enrollment Group Policy is enabled, a task is created in the background that initiates the MDM enrollment. The task will use the existing MDM service configuration from the Azure Active Directory information of the user. If multi-factor authentication is required, the user will get a prompt to complete the authentication. Once the enrollment is configured, the user can check the status in the Settings page.
@@ -109,7 +109,7 @@ Requirements:
- Enterprise AD must be integrated with Azure AD.
- Ensure that PCs belong to same computer group.
->[!IMPORTANT]
+>[!IMPORTANT]
>If you do not see the policy, it may be because you don’t have the ADMX installed for Windows 10, version 1803 or version 1809. To fix the issue, follow these steps:
> 1. Download:
> 1803 -->[Administrative Templates (.admx) for Windows 10 April 2018 Update (1803)](https://www.microsoft.com/en-us/download/details.aspx?id=56880) or
@@ -128,7 +128,7 @@ Requirements:
4. Filter using Security Groups.
5. Enforce a GPO link.
->[!NOTE]
+> [!NOTE]
> Version 1903 (March 2019) is actually on the Insider program and doesn't yet contain a downloadable version of Templates (version 1903).
### Related topics
diff --git a/windows/client-management/mdm/enterpriseassignedaccess-csp.md b/windows/client-management/mdm/enterpriseassignedaccess-csp.md
index 0416e3badf..81b663c8f4 100644
--- a/windows/client-management/mdm/enterpriseassignedaccess-csp.md
+++ b/windows/client-management/mdm/enterpriseassignedaccess-csp.md
@@ -41,7 +41,7 @@ Supported operations are Add, Delete, Get and Replace.
The Apps and Settings sections of lockdown XML constitute an Allow list. Any app or setting that is not specified in AssignedAccessXML will not be available on the device to users. The following table describes the entries in lockdown XML.
-> [!Important]
+> [!IMPORTANT]
> When using the AssignedAccessXml in the EnterpriseAssignedAccess CSP through an MDM, the XML must use escaped characters, such as \< instead of < because it is embedded in an XML. The examples provided in the topic are formatted for readability.
When using the AssignedAccessXml in a provisioning package using the Windows Configuration Designer tool, do not use escaped characters.
@@ -268,7 +268,7 @@ Here is an example for Windows 10, version 1703.
Starting in Windows 10, version 1511, you can specify the following quick action settings in the lockdown XML file. The following list shows the quick action settings and settings page dependencies (group and page).
-> [!Note]
+> [!NOTE]
> Only Windows 10, versions 1511 and 1607, the dependent settings group and pages are automatically added when the quick action item is specified in the lockdown XML. In Windows 10, version 1703, Quick action settings no longer require any dependencies from related group or page.
Custom3 Allows the user to decrypt files. If this is set to 0 (Not Allowed), then the user will not be able to remove protection from enterprise content through the operating system or the application user experiences.
-> [!Important]
+> [!IMPORTANT]
> Starting in Windows 10, version 1703, AllowUserDecryption is no longer supported.
The following list shows the supported values:
diff --git a/windows/client-management/mdm/enterprisedataprotection-ddf-file.md b/windows/client-management/mdm/enterprisedataprotection-ddf-file.md
index ba56cffc06..e8be030aee 100644
--- a/windows/client-management/mdm/enterprisedataprotection-ddf-file.md
+++ b/windows/client-management/mdm/enterprisedataprotection-ddf-file.md
@@ -16,7 +16,7 @@ ms.date: 12/05/2017
The following topic shows the OMA DM device description framework (DDF) for the EnterpriseDataProtection configuration service provider.
-> [!Important]
+> [!IMPORTANT]
> Starting in Windows 10, version 1703, AllowUserDecryption is no longer supported.
Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
diff --git a/windows/client-management/mdm/enterprisemodernappmanagement-csp.md b/windows/client-management/mdm/enterprisemodernappmanagement-csp.md
index cdadc5ca2d..dd5bf30333 100644
--- a/windows/client-management/mdm/enterprisemodernappmanagement-csp.md
+++ b/windows/client-management/mdm/enterprisemodernappmanagement-csp.md
@@ -167,7 +167,7 @@ Supported operations are Get and Delete.
**AppManagement/AppStore/ReleaseManagement**
Added in Windows 10, version 1809. Interior node for the managing updates through the Microsoft Store. These settings allow the IT admin to specify update channels for apps that they want their users to use for receiving updates. It allows the IT admin to assign a specific release to a smaller group for testing before the large deployment to the rest of the organization.
-> [!Note]
+> [!NOTE]
> ReleaseManagement settings only apply to updates through the Microsoft Store.
**AppManagement/AppStore/ReleaseManagement/_ReleaseManagementKey_**
diff --git a/windows/client-management/mdm/index.md b/windows/client-management/mdm/index.md
index 02f521dce2..781e0924d0 100644
--- a/windows/client-management/mdm/index.md
+++ b/windows/client-management/mdm/index.md
@@ -29,7 +29,7 @@ Third-party MDM servers can manage Windows 10 by using the MDM protocol. The bu
With Windows 10, version 1809, Microsoft is also releasing a Microsoft MDM security baseline that functions like the Microsoft GP-based security baseline. You can easily integrate this baseline into any MDM to support IT pros’ operational needs, addressing security concerns for modern cloud-managed devices.
->[!NOTE]
+> [!NOTE]
>Intune support for the MDM security baseline is coming soon.
The MDM security baseline includes policies that cover the following areas:
diff --git a/windows/client-management/mdm/mdm-enrollment-of-windows-devices.md b/windows/client-management/mdm/mdm-enrollment-of-windows-devices.md
index 60126c6e01..5c703305c7 100644
--- a/windows/client-management/mdm/mdm-enrollment-of-windows-devices.md
+++ b/windows/client-management/mdm/mdm-enrollment-of-windows-devices.md
@@ -364,7 +364,8 @@ Starting in Windows 10, version 1709, clicking the **Info** button will show a l
-> [Note] Starting in Windows 10, version 1709, the **Manage** button is no longer available.
+> [NOTE]
+> Starting in Windows 10, version 1709, the **Manage** button is no longer available.
### Disconnect
diff --git a/windows/client-management/mdm/networkproxy-csp.md b/windows/client-management/mdm/networkproxy-csp.md
index cef8282c08..740ba6664e 100644
--- a/windows/client-management/mdm/networkproxy-csp.md
+++ b/windows/client-management/mdm/networkproxy-csp.md
@@ -15,7 +15,7 @@ manager: dansimp
The NetworkProxy configuration service provider (CSP) is used to configure a proxy server for ethernet and Wi-Fi connections. These settings do not apply to VPN connections. This CSP was added in Windows 10, version 1703.
-> [!Note]
+> [!NOTE]
> In Windows 10 Mobile, the NetworkProxy CSP only works in ethernet connections. Use the WiFi CSP to configure per-network proxy for Wi-Fi connections in mobile devices.
How the settings work:
@@ -40,7 +40,7 @@ Added in Windows 10, version 1803. When set to 0, it enables proxy configuration
Supported operations are Add, Get, Replace, and Delete.
-> [!Note]
+> [!NOTE]
> Per user proxy configuration setting is not supported.
**AutoDetect**
diff --git a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
index 414ac9ccd1..9d93c34396 100644
--- a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
+++ b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
@@ -1108,7 +1108,7 @@ For details about Microsoft mobile device management protocols for Windows 10 s
Added following deep link parameters to the table: This node executes a reboot of the device. RebootNow triggers a reboot within 5 minutes to allow the user to wrap up any active work. The supported operations are Execute and Get. \"Close other apps, error code: 0XA00F4243.” or or AMD Ryzen™ or AMD Ryzen™ Threadripper™ configured in SATA or NVMe RAID mode. “A driver is installed that causes stability problems on Windows. This driver will be disabled. Check with your software/driver provider for an updated version that runs on this version of Windows.”
The database name must be unique, or the installation will fail.|
8. On the **Configure** page, accept the default value, **Use this local computer**.
- >[!NOTE]
+ > [!NOTE]
>If you're installing the Management server and Management database side-by-side, the appropriate options are selected by default and cannot be changed.
9. On the initial **Create New Reporting Database** page, configure the **Microsoft SQL Server instance** and **Reporting Server database** by selecting the appropriate option below.
@@ -64,7 +64,7 @@ ms.topic: article
| You are using a custom database name. | Select **Custom configuration** and type the database name.
The database name must be unique, or the installation will fail.|
10. On the **Configure** page, accept the default value: **Use this local computer**.
- >[!NOTE]
+ > [!NOTE]
>If you're installing the Management server and Management database side-by-side, the appropriate options are selected by default and cannot be changed.
11. On the **Configure** (Management Server Configuration) page, specify the following:
diff --git a/windows/application-management/app-v/appv-deploying-microsoft-office-2013-with-appv.md b/windows/application-management/app-v/appv-deploying-microsoft-office-2013-with-appv.md
index 44920d8d72..ea9f0906f7 100644
--- a/windows/application-management/app-v/appv-deploying-microsoft-office-2013-with-appv.md
+++ b/windows/application-management/app-v/appv-deploying-microsoft-office-2013-with-appv.md
@@ -110,7 +110,7 @@ The XML file included in the Office Deployment Tool specifies the product detail
```
- >[!NOTE]
+ > [!NOTE]
>The configuration XML is a sample XML file. This file includes lines that are commented out. You can “uncomment” these lines to customize additional settings with the file.
The previous example of an XML configuration file specifies that Office 2013 ProPlus 32-bit edition, including Visio ProPlus, will be downloaded in English to the \\\\server\\Office 2013, which is the location where Office applications will be saved to. Note that the Product ID of the applications will not affect the final licensing of Office. Office 2013 App-V packages with various licensing can be created from the same applications by specifying licensing in a later stage. For more information, see [Customizable attributes and elements of the XML file](#customizable-attributes-and-elements-of-the-xml-file), later in this topic.
@@ -206,7 +206,7 @@ After you download the Office 2013 applications through the Office Deployment To
An example of when to use this parameter is if you create different packages for different users. For example, you can create a package with just Office 2013 for some users, and create another package with Office 2013 and Visio 2013 for another set of users.
- >[!NOTE]
+ > [!NOTE]
>Even if you use unique package IDs, you can still deploy only one App-V package to a single device.
2. Use the **/packager** command to convert the Office applications to an Office 2013 App-V package.
@@ -231,7 +231,7 @@ After you download the Office 2013 applications through the Office Deployment To
* **App-V Packages**, which contains an Office 2013 App-V package and two deployment configuration files.
* **WorkingDir**
- >[!NOTE]
+ > [!NOTE]
>To troubleshoot any issues, see the log files in the %temp% directory (default).
3. Verify that the Office 2013 App-V package works correctly:
diff --git a/windows/application-management/app-v/appv-deploying-microsoft-office-2016-with-appv.md b/windows/application-management/app-v/appv-deploying-microsoft-office-2016-with-appv.md
index d38f80fbd5..74b0b27728 100644
--- a/windows/application-management/app-v/appv-deploying-microsoft-office-2016-with-appv.md
+++ b/windows/application-management/app-v/appv-deploying-microsoft-office-2016-with-appv.md
@@ -111,7 +111,7 @@ The XML file included in the Office Deployment Tool specifies the product detail
```
- >[!NOTE]
+ > [!NOTE]
>The configuration XML is a sample XML file. The file includes lines that are commented out. You can “uncomment” these lines to customize additional settings with the file. To uncomment these lines, remove the `````` from the end of the line.
The previous example of an XML configuration file specifies that Office 2016 ProPlus 32-bit edition, including Visio ProPlus, will be downloaded in English to the \\\\server\\Office2016 location where Office applications will be saved. Note that the Product ID of the applications will not affect Office's final licensing. You can create Office 2016 App-V packages with various licensing from the same applications by specifying licensing in a later stage. The following table summarizes the XML file's customizable attributes and elements:
@@ -190,7 +190,7 @@ After you download the Office 2016 applications through the Office Deployment To
An example of when to use this parameter is if you create different packages for different users. For example, you can create a package with just Office 2016 for some users, and create another package with Office 2016 and Visio 2016 for another set of users.
- >[!NOTE]
+ > [!NOTE]
>Even if you use unique package IDs, you can still deploy only one App-V package to a single device.
2. Use the /packager command to convert the Office applications to an Office 2016 App-V package.
@@ -215,7 +215,7 @@ After you download the Office 2016 applications through the Office Deployment To
* **App-V Packages**—contains an Office 2016 App-V package and two deployment configuration files.
* **WorkingDir**
- >[!NOTE]
+ > [!NOTE]
>To troubleshoot any issues, see the log files in the %temp% directory (default).
3. Verify that the Office 2016 App-V package works correctly:
@@ -359,7 +359,7 @@ To upgrade an Office 2016 package, use the Office Deployment Tool. To upgrade a
1. Create a new Office 2016 package through the Office Deployment Tool that uses the most recent Office 2016 application software. The most recent Office 2016 bits can always be obtained through the download stage of creating an Office 2016 App-V Package. The newly created Office 2016 package will have the most recent updates and a new Version ID. All packages created using the Office Deployment Tool have the same lineage.
- >[!NOTE]
+ > [!NOTE]
>Office App-V packages have two Version IDs:
>* An Office 2016 App-V Package Version ID that is unique across all packages created using the Office Deployment Tool.
>* A second App-V Package Version ID, formatted as X.X.X.X, in the AppX manifest that will only change if there is a new version of Office itself. For example, if a new Office 2016 release with upgrades is available, and a package is created through the Office Deployment Tool to incorporate these upgrades, the X.X.X.X version ID will change to reflect the new version of Office. The App-V server will use the X.X.X.X version ID to differentiate this package and recognize that it contains new upgrades to the previously published package, and as a result, publish it as an upgrade to the existing Office 2016 package.
diff --git a/windows/application-management/app-v/appv-deploying-the-appv-server.md b/windows/application-management/app-v/appv-deploying-the-appv-server.md
index 0827190013..ae16a7025e 100644
--- a/windows/application-management/app-v/appv-deploying-the-appv-server.md
+++ b/windows/application-management/app-v/appv-deploying-the-appv-server.md
@@ -35,7 +35,7 @@ App-V offers the following five server components, each of which serves a specif
* **Management server.** Use the App-V management server and console to manage your App-V infrastructure. See [Administering App-V with the management console](appv-administering-virtual-applications-with-the-management-console.md) for more information about the management server.
- >[!NOTE]
+ > [!NOTE]
>If you are using App-V with your electronic software distribution solution, you don’t need to use the management server and console. However, you may want to take advantage of the reporting and streaming capabilities in App-V.
* **Management database.** Use the App-V management database to facilitate database pre-deployments for App-V management. For more information about the management database, see [How to deploy the App-V server](appv-deploy-the-appv-server.md).
* **Publishing server.** Use the App-V publishing server to host and stream virtual applications. The publishing server supports the HTTP and HTTPS protocols and does not require a database connection. To learn how to configure the publishing server, see [How to install the App-V publishing server](appv-install-the-publishing-server-on-a-remote-computer.md).
diff --git a/windows/application-management/app-v/appv-dynamic-configuration.md b/windows/application-management/app-v/appv-dynamic-configuration.md
index bccfcac237..61c8be02a4 100644
--- a/windows/application-management/app-v/appv-dynamic-configuration.md
+++ b/windows/application-management/app-v/appv-dynamic-configuration.md
@@ -428,7 +428,7 @@ The body of the deployment configuration file includes two sections:
```
-User Configuration: see [Dynamic User Configuration](appv-dynamic-configuration.md#dynamic-user-configuration) for more information about this section.
+User Configuration: see [Dynamic User Configuration](#dynamic-user-configuration-file) for more information about this section.
Machine Configuration: The Machine Configuration section of the Deployment Configuration File configures information that can only be set for an entire machine, not a specific user on the computer, like the HKEY\_LOCAL\_MACHINE registry keys in the Virtual Registry. This element can have the following four subsections.
diff --git a/windows/application-management/app-v/appv-install-the-management-and-reporting-databases-on-separate-computers.md b/windows/application-management/app-v/appv-install-the-management-and-reporting-databases-on-separate-computers.md
index ab69c602ad..30f57f3cb7 100644
--- a/windows/application-management/app-v/appv-install-the-management-and-reporting-databases-on-separate-computers.md
+++ b/windows/application-management/app-v/appv-install-the-management-and-reporting-databases-on-separate-computers.md
@@ -33,7 +33,7 @@ Use the following procedure to install the database server and management server
* If you are using a custom database name, select **Custom configuration** and enter the database name.
7. On the next **Create new management server database** page, select **Use a remote computer**, then enter the remote machine account using the following format: ```Domain\MachineAccount```.
- >[!NOTE]
+ > [!NOTE]
>If you plan to deploy the management server on the same computer you must select **Use this local computer**. Specify the user name for the management server **Install Administrator** using the following format: ```Domain\AdministratorLoginName```. After that, select **Next**.
8. To start the installation, select **Install**.
@@ -49,7 +49,7 @@ Use the following procedure to install the database server and management server
* If you're using a custom database name, select **Custom configuration** and enter the database name.
7. On the next **Create new management server database** page, select **Use a remote computer**, and enter the remote machine account using the following format: ```Domain\MachineAccount```.
- >[!NOTE]
+ > [!NOTE]
>If you plan to deploy the reporting server on the same computer you must select **Use this local computer**. Specify the user name for the reporting server **Install Administrator** using the following format: Domain\\AdministratorLoginName. After that, select **Next**.
8. To start the installation, select **Install**.
@@ -68,7 +68,7 @@ Use the following procedure to install the database server and management server
* The App-V Reporting Database scripts and instructions readme are located in the following folder: **InstallationExtractionLocation** \\ **Database Scripts** \\ **Reporting Database**.
4. For each database, copy the scripts to a share and modify them following the instructions in the readme file.
- >[!NOTE]
+ > [!NOTE]
>For more information about modifying the required SIDs contained in the scripts see, [How to Install the App-V Databases and Convert the Associated Security Identifiers by Using Windows PowerShell](appv-install-the-appv-databases-and-convert-the-associated-security-identifiers-with-powershell.md).
5. Run the scripts on the computer running Microsoft SQL Server.
diff --git a/windows/application-management/app-v/appv-install-the-management-server-on-a-standalone-computer.md b/windows/application-management/app-v/appv-install-the-management-server-on-a-standalone-computer.md
index a1a2580c13..314545131f 100644
--- a/windows/application-management/app-v/appv-install-the-management-server-on-a-standalone-computer.md
+++ b/windows/application-management/app-v/appv-install-the-management-server-on-a-standalone-computer.md
@@ -25,7 +25,7 @@ To install the management server on a standalone computer and connect it to the
5. On the **Installation Location** page, accept the default location, then select **Next**.
6. On the **Configure Existing Management Database** page, select **Use a remote SQL Server**, then enter the computer running Microsoft SQL's machine name, such as ```SqlServerMachine```.
- >[!NOTE]
+ > [!NOTE]
>If the Microsoft SQL Server is deployed on the same server, select **Use local SQL Server**. For the SQL Server Instance, select **Use the default instance**. If you are using a custom Microsoft SQL Server instance, you must select **Use a custom instance**, then enter the instance's name. Specify the **SQL Server Database name** that this management server will use, such as ```AppvManagement```.
7. On the **Configure management server configuration** page, specify the following items:
* The AD group or account that will connect to the management console for administrative purposes for example **MyDomain\\MyUser** or **MyDomain\\AdminGroup**. The account or AD group you specify will be enabled to manage the server through the management console. You can add additional users or groups using the management console after installation
diff --git a/windows/application-management/app-v/appv-install-the-reporting-server-on-a-standalone-computer.md b/windows/application-management/app-v/appv-install-the-reporting-server-on-a-standalone-computer.md
index 66ae70f8bd..a0a7912e96 100644
--- a/windows/application-management/app-v/appv-install-the-reporting-server-on-a-standalone-computer.md
+++ b/windows/application-management/app-v/appv-install-the-reporting-server-on-a-standalone-computer.md
@@ -30,7 +30,7 @@ Use the following procedure to install the reporting server on a standalone comp
5. On the **Installation location** page, accept the default location and select **Next**.
6. On the **Configure existing reporting database** page, select **Use a remote SQL Server**, then enter the machine name of the computer running Microsoft SQL Server. For example, you can name your computer **SqlServerMachine**.
- >[!NOTE]
+ > [!NOTE]
>If the Microsoft SQL Server is deployed on the same server, select **Use local SQL Server**. For the SQL Server instance, select **Use the default instance**. If you're using a custom Microsoft SQL Server instance, select **Use a custom instance**, then enter the name of your custom instance. Specify the **SQL Server Database name** that this reporting server will use; for example, you can name the server **AppvReporting**.
7. On the **Configure reporting server configuration** page.
diff --git a/windows/application-management/app-v/appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md b/windows/application-management/app-v/appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md
index 2e1a1e5f64..f0f0b0ad03 100644
--- a/windows/application-management/app-v/appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md
+++ b/windows/application-management/app-v/appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md
@@ -32,8 +32,8 @@ Get-AppvClientPackage –Name "ContosoApplication" -Version 2
Use the **Add-AppvClientPackage** cmdlet to add a package to a computer.
->[!IMPORTANT]
->This example only adds a package. It does not publish the package to the user or the computer.
+> [!IMPORTANT]
+> This example only adds a package. It does not publish the package to the user or the computer.
For example:
@@ -59,8 +59,8 @@ Publish-AppvClientPackage "ContosoApplication" -Global
## Publish a package to a specific user
->[!NOTE]
->You must use App-V 5.0 SP2 Hotfix Package 5 or later to use this parameter.
+> [!NOTE]
+> You must use App-V 5.0 SP2 Hotfix Package 5 or later to use this parameter.
An administrator can publish a package to a specific user by specifying the optional *–UserSID* parameter with the **Publish-AppvClientPackage** cmdlet, where *-UserSID* represents the end user’s security identifier (SID).
@@ -99,8 +99,8 @@ Unpublish-AppvClientPackage "ContosoApplication"
## Unpublish a package for a specific user
->[!NOTE]
->You must use App-V 5.0 SP2 Hotfix Package 5 or later to use this parameter.
+> [!NOTE]
+> You must use App-V 5.0 SP2 Hotfix Package 5 or later to use this parameter.
An administrator can unpublish a package for a specific user by using the optional *-UserSID* parameter with the **Unpublish-AppvClientPackage** cmdlet, where *-UserSID* represents the end user’s security identifier (SID).
@@ -127,8 +127,8 @@ For example:
Remove-AppvClientPackage "ContosoApplication"
```
->[!NOTE]
->App-V cmdlets have been assigned to variables for the previous examples for clarity only; assignment is not a requirement. Most cmdlets can be combined as displayed in [Add and publish a package](appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md#add-and-publish-a-package). For a detailed tutorial, see [App-V 5.0 Client PowerShell Deep Dive](https://blogs.technet.microsoft.com/appv/2012/12/03/app-v-5-0-client-powershell-deep-dive/).
+> [!NOTE]
+> App-V cmdlets have been assigned to variables for the previous examples for clarity only; assignment is not a requirement. Most cmdlets can be combined as displayed in [Add and publish a package](appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md#add-and-publish-a-package). For a detailed tutorial, see [App-V 5.0 Client PowerShell Deep Dive](https://blogs.technet.microsoft.com/appv/2012/12/03/app-v-5-0-client-powershell-deep-dive/).
## Enable only administrators to publish or unpublish packages
diff --git a/windows/application-management/app-v/appv-planning-for-high-availability-with-appv.md b/windows/application-management/app-v/appv-planning-for-high-availability-with-appv.md
index 178c952b5a..e6167f8707 100644
--- a/windows/application-management/app-v/appv-planning-for-high-availability-with-appv.md
+++ b/windows/application-management/app-v/appv-planning-for-high-availability-with-appv.md
@@ -87,7 +87,7 @@ Use the following steps to modify the connection string to include ```failover p
2. Navigate to **HKEY\_LOCAL\_MACHINE** \\ **Software** \\ **Microsoft** \\ **AppV** \\ **Server** \\ **ManagementService**.
3. Modify the **MANAGEMENT\_SQL\_CONNECTION\_STRING** value with the ```failover partner =
diff --git a/windows/client-management/mdm/devdetail-csp.md b/windows/client-management/mdm/devdetail-csp.md
index 1fe3abbba1..bba2dcace6 100644
--- a/windows/client-management/mdm/devdetail-csp.md
+++ b/windows/client-management/mdm/devdetail-csp.md
@@ -188,7 +188,7 @@ Value type is string. Supported operation is Get.
**Ext/DeviceHardwareData**
@@ -376,7 +376,7 @@ Buttons | The following list identifies the hardware buttons on the device that
-> [!Note]
+> [!NOTE]
> Lock down of the Start button only prevents the press and hold event.
>
> Custom buttons are hardware buttons that can be added to devices by OEMs.
@@ -400,7 +400,7 @@ Buttons example:
```
The Search and custom buttons can be remapped or configured to open a specific application. Button remapping takes effect for the device and applies to all users.
-> [!Note]
+> [!NOTE]
> The lockdown settings for a button, per user role, will apply regardless of the button mapping.
>
> Button remapping can enable a user to open an application that is not in the Allow list. Use button lock down to prevent application access for a user role.
@@ -498,7 +498,7 @@ Entry | Description
----------- | ------------
MenuItems | Use **DisableMenuItems** to prevent use of the context menu, which is displayed when a user presses and holds an application in the All Programs list. You can include this entry in the default profile and in any additional user role profiles that you create.
-> [!Important]
+> [!IMPORTANT]
> If **DisableMenuItems** is not included in a profile, users of that profile can uninstall apps.
MenuItems example:
@@ -513,12 +513,12 @@ Entry | Description
----------- | ------------
Tiles | **Turning-on tile manipulation** - By default, under Assigned Access, tile manipulation is turned off (blocked) and only available if enabled in the user’s profile. If tile manipulation is enabled in the user’s profile, they can pin/unpin, move, and resize tiles based on their preferences. When multiple people use one device and you want to enable tile manipulation for multiple users, you must enable it for each user in their user profile.
-> [!Important]
+> [!IMPORTANT]
> If a device is turned off then back on, the tiles reset to their predefined layout. If a device has only one profile, the only way to reset the tiles is to turn off then turn on the device. If a device has multiple profiles, the device resets the tiles to the predefined layout based on the logged-in user’s profile.
The following sample file contains configuration for enabling tile manipulation.
-> [!Note]
+> [!NOTE]
> Tile manipulation is disabled when you don’t have a `Microsoft.XboxApp_8wekyb3d8bbwe!Microsoft.XboxApp
-
-
-
-
-
-
-
-
-
-
-
-
-
+
\ No newline at end of file
diff --git a/windows/client-management/mdm/enterprisedataprotection-csp.md b/windows/client-management/mdm/enterprisedataprotection-csp.md
index 725444b2b6..c55d311f85 100644
--- a/windows/client-management/mdm/enterprisedataprotection-csp.md
+++ b/windows/client-management/mdm/enterprisedataprotection-csp.md
@@ -71,7 +71,7 @@ The following diagram shows the EnterpriseDataProtection CSP in tree format.
**Settings/AllowUserDecryption**
- Connecting your Windows 10-based device to work using a deep link
+Connecting your Windows 10-based device to work using a deep link
@@ -4378,7 +4378,7 @@ The following diagram shows the Policy configuration service provider in tree fo
- [CredentialsDelegation/RemoteHostAllowsDelegationOfNonExportableCredentials](./policy-csp-credentialsdelegation.md#credentialsdelegation-remotehostallowsdelegationofnonexportablecredentials)
- [CredentialsUI/DisablePasswordReveal](./policy-csp-credentialsui.md#credentialsui-disablepasswordreveal)
- [CredentialsUI/EnumerateAdministrators](./policy-csp-credentialsui.md#credentialsui-enumerateadministrators)
-- [Cryptography/AllowFipsAlgorithmPolicy](./policy-csp-cryptography.md#cryptography-allowfipsalgorithmpolicy)
+- [Cryptography/AllowFipsAlgorithmPolicy](./policy-csp-cryptography.md#cryptographyallowfipsalgorithmpolicy)
- [DataUsage/SetCost4G](./policy-csp-datausage.md#datausage-setcost4g)
- [Defender/AllowArchiveScanning](./policy-csp-defender.md#defender-allowarchivescanning)
- [Defender/AllowBehaviorMonitoring](./policy-csp-defender.md#defender-allowbehaviormonitoring)
@@ -5243,8 +5243,8 @@ The following diagram shows the Policy configuration service provider in tree fo
- [Camera/AllowCamera](#camera-allowcamera)
- [Cellular/ShowAppCellularAccessUI](#cellular-showappcellularaccessui)
-- [Cryptography/AllowFipsAlgorithmPolicy](#cryptography-allowfipsalgorithmpolicy)
-- [Cryptography/TLSCipherSuites](#cryptography-tlsciphersuites)
+- [Cryptography/AllowFipsAlgorithmPolicy](#cryptographyallowfipsalgorithmpolicy)
+- [Cryptography/TLSCipherSuites](#cryptographytlsciphersuites)
- [Defender/AllowArchiveScanning](#defender-allowarchivescanning)
- [Defender/AllowBehaviorMonitoring](#defender-allowbehaviormonitoring)
- [Defender/AllowCloudProtection](#defender-allowcloudprotection)
diff --git a/windows/client-management/mdm/policy-csp-applicationmanagement.md b/windows/client-management/mdm/policy-csp-applicationmanagement.md
index 5c136c592b..501d0053d0 100644
--- a/windows/client-management/mdm/policy-csp-applicationmanagement.md
+++ b/windows/client-management/mdm/policy-csp-applicationmanagement.md
@@ -600,7 +600,7 @@ For this policy to work, the Windows apps need to declare in their manifest that
```
-> [!Note]
+> [!NOTE]
> This policy only works on modern apps.
diff --git a/windows/client-management/mdm/policy-csp-bits.md b/windows/client-management/mdm/policy-csp-bits.md
index 22f4c98cec..3f2e17ff8d 100644
--- a/windows/client-management/mdm/policy-csp-bits.md
+++ b/windows/client-management/mdm/policy-csp-bits.md
@@ -456,7 +456,7 @@ ADMX Info:
This policy setting specifies the number of days a pending BITS job can remain inactive before the job is considered abandoned. By default BITS will wait 90 days before considering an inactive job abandoned. After a job is determined to be abandoned, the job is deleted from BITS and any downloaded files for the job are deleted from the disk.
-> [!Note]
+> [!NOTE]
> Any property changes to the job or any successful download action will reset this timeout.
Value type is integer. Default is 90 days.
diff --git a/windows/client-management/mdm/policy-csp-browser.md b/windows/client-management/mdm/policy-csp-browser.md
index 1ba7caf16f..b49fa49949 100644
--- a/windows/client-management/mdm/policy-csp-browser.md
+++ b/windows/client-management/mdm/policy-csp-browser.md
@@ -3807,7 +3807,7 @@ Most restricted value: 0
[!INCLUDE [keep-favorites-in-sync-between-ie-and-edge-shortdesc](../../../browsers/edge/shortdesc/keep-favorites-in-sync-between-ie-and-edge-shortdesc.md)]
-> [!NOTE]
+> [!NOTE]
> This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.
diff --git a/windows/client-management/mdm/policy-csp-controlpolicyconflict.md b/windows/client-management/mdm/policy-csp-controlpolicyconflict.md
index 54c61771de..544682f5b4 100644
--- a/windows/client-management/mdm/policy-csp-controlpolicyconflict.md
+++ b/windows/client-management/mdm/policy-csp-controlpolicyconflict.md
@@ -66,7 +66,7 @@ manager: dansimp
Added in Windows 10, version 1803. This policy allows the IT admin to control which policy will be used whenever both the MDM policy and its equivalent Group Policy (GP) are set on the device.
-> [!Note]
+> [!NOTE]
> MDMWinsOverGP only applies to policies in Policy CSP. It does not apply to other MDM settings with equivalent GP settings that are defined on other configuration service providers.
This policy is used to ensure that MDM policy wins over GP when policy is configured on MDM channel. The default value is 0. The MDM policies in Policy CSP will behave as described if this policy value is set 1.
diff --git a/windows/client-management/mdm/policy-csp-cryptography.md b/windows/client-management/mdm/policy-csp-cryptography.md
index b7e7fa115c..f5e69f33b7 100644
--- a/windows/client-management/mdm/policy-csp-cryptography.md
+++ b/windows/client-management/mdm/policy-csp-cryptography.md
@@ -19,14 +19,14 @@ manager: dansimp
## Cryptography policies
-* [Cryptography/AllowFipsAlgorithmPolicy](#CryptographyAllowFipsAlgorithmPolicy)
-* [Cryptography/TLSCipherSuites](#CryptographyTLSCipherSuites)
-* [Cryptography/Microsoft Surface Hub](#Cryptography-policies-supported-by-Microsoft-Surface-Hub)
+* [Cryptography/AllowFipsAlgorithmPolicy](#cryptographyallowfipsalgorithmpolicy)
+* [Cryptography/TLSCipherSuites](#cryptographytlsciphersuites)
+* [Cryptography/Microsoft Surface Hub](#cryptography-policies-supported-by-microsoft-surface-hub)
-# Cryptography/AllowFipsAlgorithmPolicy
+## Cryptography/AllowFipsAlgorithmPolicy
@@ -68,7 +68,7 @@ The following list shows the supported values:
-# Cryptography/TLSCipherSuites
+## Cryptography/TLSCipherSuites
|Home|Pro|Business |Enterprise |Education |Mobile |Mobile Enterprise |
@@ -103,7 +103,7 @@ Footnote:
-# Cryptography policies supported by Microsoft Surface Hub
+## Cryptography policies supported by Microsoft Surface Hub
- [Cryptography/AllowFipsAlgorithmPolicy](#cryptography-allowfipsalgorithmpolicy)
- [Cryptography/TLSCipherSuites](#cryptography-tlsciphersuites)
diff --git a/windows/client-management/mdm/policy-csp-defender.md b/windows/client-management/mdm/policy-csp-defender.md
index 536b67fd62..6c4364711f 100644
--- a/windows/client-management/mdm/policy-csp-defender.md
+++ b/windows/client-management/mdm/policy-csp-defender.md
@@ -1244,7 +1244,7 @@ If this setting is on, Windows Defender Antivirus will be more aggressive when i
For more information about specific values that are supported, see the Windows Defender Antivirus documentation site.
-> [!Note]
+> [!NOTE]
> This feature requires the "Join Microsoft MAPS" setting enabled in order to function.
@@ -1315,7 +1315,7 @@ The typical cloud check timeout is 10 seconds. To enable the extended cloud chec
For example, if the desired timeout is 60 seconds, specify 50 seconds in this setting, which will enable the extended cloud check feature, and will raise the total time to 60 seconds.
-> [!Note]
+> [!NOTE]
> This feature depends on three other MAPS settings the must all be enabled- "Configure the 'Block at First Sight' feature; "Join Microsoft MAPS"; "Send file samples when further analysis is required".
diff --git a/windows/client-management/mdm/policy-csp-dmaguard.md b/windows/client-management/mdm/policy-csp-dmaguard.md
index 46b9b17b84..a09166cd5b 100644
--- a/windows/client-management/mdm/policy-csp-dmaguard.md
+++ b/windows/client-management/mdm/policy-csp-dmaguard.md
@@ -73,7 +73,7 @@ Device memory sandboxing allows the OS to leverage the I/O Memory Management Uni
This policy only takes effect when Kernel DMA Protection is supported and enabled by the system firmware. Kernel DMA Protection is a platform feature that cannot be controlled via policy or by end user. It has to be supported by the system at the time of manufacturing. To check if the system supports Kernel DMA Protection, please check the Kernel DMA Protection field in the Summary page of MSINFO32.exe.
-> [!Note]
+> [!NOTE]
> This policy does not apply to 1394/Firewire, PCMCIA, CardBus, or ExpressCard devices.
Supported values:
diff --git a/windows/client-management/mdm/policy-csp-internetexplorer.md b/windows/client-management/mdm/policy-csp-internetexplorer.md
index 7e8466865c..2dd7208a08 100644
--- a/windows/client-management/mdm/policy-csp-internetexplorer.md
+++ b/windows/client-management/mdm/policy-csp-internetexplorer.md
@@ -2227,7 +2227,7 @@ Value - A number indicating the zone with which this site should be associated f
If you disable or do not configure this policy, users may choose their own site-to-zone assignments.
-> [!Note]
+> [!NOTE]
> This policy is a list that contains the site and index value.
The list is a set of pairs of strings. Each string is seperated by F000. Each pair of strings is stored as a registry name and value. The registry name is the site and the value is an index. The index has to be sequential. See an example below.
diff --git a/windows/client-management/mdm/policy-csp-kioskbrowser.md b/windows/client-management/mdm/policy-csp-kioskbrowser.md
index df19d6da30..a554e4f361 100644
--- a/windows/client-management/mdm/policy-csp-kioskbrowser.md
+++ b/windows/client-management/mdm/policy-csp-kioskbrowser.md
@@ -88,7 +88,7 @@ These policies currently only apply to Kiosk Browser app. Kiosk Browser is a Mic
Added in Windows 10, version 1803. List of exceptions to the blocked website URLs (with wildcard support). This is used to configure URLs kiosk browsers are allowed to navigate to, which are a subset of the blocked URLs.
-> [!Note]
+> [!NOTE]
> This policy only applies to the Kiosk Browser app in Microsoft Store.
@@ -134,7 +134,7 @@ Added in Windows 10, version 1803. List of exceptions to the blocked website URL
Added in Windows 10, version 1803. List of blocked website URLs (with wildcard support). This is used to configure blocked URLs kiosk browsers cannot navigate to.
-> [!Note]
+> [!NOTE]
> This policy only applies to the Kiosk Browser app in Microsoft Store.
@@ -180,7 +180,7 @@ Added in Windows 10, version 1803. List of blocked website URLs (with wildcard s
Added in Windows 10, version 1803. Configures the default URL kiosk browsers to navigate on launch and restart.
-> [!Note]
+> [!NOTE]
> This policy only applies to the Kiosk Browser app in Microsoft Store.
@@ -269,7 +269,7 @@ Shows the Kiosk Browser's end session button. When the policy is enabled, the Ki
Added in Windows 10, version 1803. Enable/disable kiosk browser's home button.
-> [!Note]
+> [!NOTE]
> This policy only applies to the Kiosk Browser app in Microsoft Store.
@@ -315,7 +315,7 @@ Added in Windows 10, version 1803. Enable/disable kiosk browser's home button.
Added in Windows 10, version 1803. Enable/disable kiosk browser's navigation buttons (forward/back).
-> [!Note]
+> [!NOTE]
> This policy only applies to the Kiosk Browser app in Microsoft Store.
@@ -363,7 +363,7 @@ Added in Windows 10, version 1803. Amount of time in minutes the session is idle
The value is an int 1-1440 that specifies the amount of minutes the session is idle until the kiosk browser restarts in a fresh state. The default value is empty which means there is no idle timeout within the kiosk browser.
-> [!Note]
+> [!NOTE]
> This policy only applies to the Kiosk Browser app in Microsoft Store.
diff --git a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md
index b730a05ff6..56074ef05e 100644
--- a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md
+++ b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md
@@ -692,7 +692,7 @@ GP Info:
-> [!Warning]
+> [!WARNING]
> Starting in the version 1809 of Windows, this policy is deprecated.
Domain member: Digitally encrypt or sign secure channel data (always)
@@ -762,7 +762,7 @@ GP Info:
-> [!Warning]
+> [!WARNING]
> Starting in the version 1809 of Windows, this policy is deprecated.
Domain member: Digitally encrypt secure channel data (when possible)
@@ -829,7 +829,7 @@ GP Info:
-> [!Warning]
+> [!WARNING]
> Starting in the version 1809 of Windows, this policy is deprecated.
Domain member: Disable machine account password changes
diff --git a/windows/client-management/mdm/policy-csp-notifications.md b/windows/client-management/mdm/policy-csp-notifications.md
index c6d8e5217d..6ab4145877 100644
--- a/windows/client-management/mdm/policy-csp-notifications.md
+++ b/windows/client-management/mdm/policy-csp-notifications.md
@@ -81,7 +81,7 @@ If you disable or do not configure this policy setting, the client computer will
No reboots or service restarts are required for this policy setting to take effect.
-> [!Warning]
+> [!WARNING]
> This policy is designed for zero exhaust. This policy may cause some MDM processes to break because WNS notification is used by the MDM server to send real time tasks to the device, such as remote wipe, unenroll, remote find, and mandatory app installation. When this policy is set to disallow WNS, those real time processes will no longer work and some time-sensitive actions such as remote wipe when the device is stolen or unenrollment when the device is compromised will not work.
diff --git a/windows/client-management/mdm/policy-csp-privacy.md b/windows/client-management/mdm/policy-csp-privacy.md
index 8b9c744102..c3e7ac8ff4 100644
--- a/windows/client-management/mdm/policy-csp-privacy.md
+++ b/windows/client-management/mdm/policy-csp-privacy.md
@@ -318,7 +318,7 @@ manager: dansimp
Allows or disallows the automatic acceptance of the pairing and privacy user consent dialog when launching apps.
-> [!Note]
+> [!NOTE]
> There were issues reported with the previous release of this policy and a fix was added in Windows 10, version 1709.
diff --git a/windows/client-management/mdm/policy-csp-system.md b/windows/client-management/mdm/policy-csp-system.md
index cd2c32f688..37d3ec11fe 100644
--- a/windows/client-management/mdm/policy-csp-system.md
+++ b/windows/client-management/mdm/policy-csp-system.md
@@ -444,7 +444,7 @@ This MDM setting corresponds to the EnableFontProviders Group Policy setting. If
This setting is used by lower-level components for text display and fond handling and has not direct effect on web browsers, which may download web fonts used in web content.
-> [!Note]
+> [!NOTE]
> Reboot is required after setting the policy; alternatively you can stop and restart the FontCache service.
diff --git a/windows/client-management/mdm/policy-csp-update.md b/windows/client-management/mdm/policy-csp-update.md
index 2531787f7f..b4e71bc3a6 100644
--- a/windows/client-management/mdm/policy-csp-update.md
+++ b/windows/client-management/mdm/policy-csp-update.md
@@ -1896,7 +1896,7 @@ For Quality Updates, this policy specifies the deadline in days before automatic
The system will reboot on or after the specified deadline. The reboot is prioritized over any configured Active Hours and any existing system and user busy checks.
-> [!Note]
+> [!NOTE]
> If Update/EngagedDeadline is the only policy set (Update/EngagedRestartTransitionSchedule and Update/EngagedRestartSnoozeSchedule are not set), the behavior goes from reboot required -> engaged behavior -> forced reboot after deadline is reached with a 3-day snooze period.
Value type is integer. Default is 14.
@@ -3786,7 +3786,7 @@ Options:
- 1 – Turn off all notifications, excluding restart warnings
- 2 – Turn off all notifications, including restart warnings
-> [!Important]
+> [!IMPORTANT]
> If you choose not to get update notifications and also define other Group policies so that devices aren’t automatically getting updates, neither you nor device users will be aware of critical security, quality, or feature updates, and your devices may be at risk.
@@ -3847,7 +3847,7 @@ ADMX Info:
-> [!Important]
+> [!IMPORTANT]
> Starting in Windows 10, version 1703 this policy is not supported in Windows 10 Mobile Enteprise and IoT Mobile.
Allows the device to check for updates from a WSUS server instead of Microsoft Update. This is useful for on-premises MDMs that need to update devices that cannot connect to the Internet.
@@ -3939,7 +3939,7 @@ To use this setting, you must set two server name values: the server from which
Value type is string and the default value is an empty string, "". If the setting is not configured, and if Automatic Updates is not disabled by policy or user preference, the Automatic Updates client connects directly to the Windows Update site on the Internet.
-> [!Note]
+> [!NOTE]
> If the "Configure Automatic Updates" Group Policy is disabled, then this policy has no effect.
> If the "Alternate Download Server" Group Policy is not set, it will use the WSUS server by default to download updates.
> This policy is not supported on Windows RT. Setting this policy will not have any effect on Windows RT PCs.
diff --git a/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md b/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md
index 0e523a9d77..d55f8c79fb 100644
--- a/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md
+++ b/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md
@@ -436,7 +436,7 @@ Valid values:
Added in Windows 10, version 1709. Use this policy if you want Windows Defender Security Center to only display notifications which are considered critical. If you disable or do not configure this setting, Windows Defender Security Center will display critical and non-critical notifications to users.
-> [!Note]
+> [!NOTE]
> If Suppress notification is enabled then users will not see critical or non-critical messages.
Value type is integer. Supported operations are Add, Get, Replace and Delete.
diff --git a/windows/client-management/mdm/reboot-csp.md b/windows/client-management/mdm/reboot-csp.md
index 227a21008a..71315bdf56 100644
--- a/windows/client-management/mdm/reboot-csp.md
+++ b/windows/client-management/mdm/reboot-csp.md
@@ -29,7 +29,7 @@ The following diagram shows the Reboot configuration service provider management
**RebootNow**
> %SystemRoot%\MEMORY.DMP
@@ -187,19 +187,19 @@ The Performance Monitor log is located in the path: C:\PERFLOGS
#### Use memory dump to collect data for the physical computer that's running in a frozen state
-> [!Warning]
+> [!WARNING]
> Follow the steps in this section carefully. Serious problems might occur if you modify the registry incorrectly. Before you modify it, [back up the registry for restoration](https://support.microsoft.com/help/322756) in case problems occur.
If the physical computer is still running in a frozen state, follow these steps to enable and collect memory dump:
1. Make sure that the computer is set up to get a complete memory dump file and that you can access it through the network. To do this, follow these steps:
- > [!Note]
+ > [!NOTE]
> If it isn't possible to access the affected computer through the network, try to generate a memory dump file through NMI interruption. The result of the action may not collect a memory dump file if some of the following settings aren't qualified.
1. Try to access the desktop of the computer by any means.
- > [!Note]
+ > [!NOTE]
> In case accessing the operating system isn't possible, try to access Registry Editor on the computer remotely in order to check the type of memory dump file and page file with which the computer is currently configured.
2. From a remote computer that is preferably in the same network and subnet, go to **Registry Editor** \> **Connect Network Registry**. Then, connect to the concerned computer, and verify the following settings:
@@ -218,7 +218,7 @@ If the physical computer is still running in a frozen state, follow these steps
If the page file is customized, the size will be reflected in the registry, such as ‘?:\pagefile.sys 1024 1124’ where 1024 is the initial size and 1124 is the max size.
- > [!Note]
+ > [!NOTE]
> If the size isn't reflected in the Registry, try to access an Administrative share where the page file is located (such as \\\\**ServerName**\C$).
3. Make sure that there's a paging file (pagefile.sys) on the system drive of the computer, and it's at least 100 MB over the installed RAM.
@@ -244,7 +244,7 @@ If the physical computer is still running in a frozen state, follow these steps
4. Restart the computer.
3. When the computer exhibits the problem, hold down the right **CTRL** key, and press the **Scroll Lock** key two times to generate a memory dump.
- > [!Note]
+ > [!NOTE]
> By default, the dump file is located in the path: %SystemRoot%\MEMORY.DMP
### Use Pool Monitor to collect data for the physical computer that is no longer frozen
@@ -267,7 +267,7 @@ To debug the virtual machines on Hyper-V, run the following cmdlet in Windows Po
Debug-VM -Name "VM Name" -InjectNonMaskableInterrupt -ComputerName Hostname
```
-> [!Note]
+> [!NOTE]
> This method is applicable only to Windows 8, Windows Server 2012, and later versions of Windows virtual machines. For the earlier versions of Windows, see methods 1 through 4 that are described earlier in this section.
#### VMware
diff --git a/windows/configuration/customize-windows-10-start-screens-by-using-group-policy.md b/windows/configuration/customize-windows-10-start-screens-by-using-group-policy.md
index 95610629f1..5caeb82469 100644
--- a/windows/configuration/customize-windows-10-start-screens-by-using-group-policy.md
+++ b/windows/configuration/customize-windows-10-start-screens-by-using-group-policy.md
@@ -28,7 +28,7 @@ In Windows 10 Pro, Enterprise, and Education, you can use a Group Policy Object
This topic describes how to update Group Policy settings to display a customized Start and taskbar layout when the users sign in. By creating a domain-based GPO with these settings, you can deploy a customized Start and taskbar layout to users in a domain.
->[!WARNING]
+>[!WARNING]
>When a full Start layout is applied with this method, the users cannot pin, unpin, or uninstall apps from Start. Users can view and open all apps in the **All Apps** view, but they cannot pin any apps to Start. When a partial Start layout is applied, the contents of the specified tile groups cannot be changed, but users can move those groups, and can also create and customize their own groups. When you apply a taskbar layout, users will still be able to pin and unpin apps, and change the order of pinned apps.
@@ -49,14 +49,14 @@ Three features enable Start and taskbar layout control:
- The [Export-StartLayout](https://docs.microsoft.com/powershell/module/startlayout/export-startlayout?view=win10-ps) cmdlet in Windows PowerShell exports a description of the current Start layout in .xml file format.
- >[!NOTE]
+ >[!NOTE]
>To import the layout of Start to a mounted Windows image, use the [Import-StartLayout](https://docs.microsoft.com/powershell/module/startlayout/import-startlayout) cmdlet.
- [You can modify the Start .xml file](configure-windows-10-taskbar.md) to include `Trend Micro OfficeScan and Worry-Free Business Security AV software not compatible
Upgrade block: Microsoft and Trend Micro identified a compatibility issue with the Trend Micro business endpoint security solutions OfficeScan and Worry-Free Business Security.
See details >OS Build 17763.134
November 13, 2018
KB4467708Resolved February 01, 2019
09:00 AM PTUnable to access hotspots with third-party applications
Third-party applications may have difficulty authenticating hotspots.
See details >OS Build 17763.253
January 08, 2019
KB4480116Resolved
KB4476976January 22, 2019
02:00 PM PTUnable to use Seek bar in Windows Media Player
Users may not be able to use the Seek bar in Windows Media Player when playing specific files.
See details >OS Build 17763.55
October 09, 2018
KB4464330Resolved
KB4471332December 11, 2018
10:00 AM PTAudio stops working after installing Intel audio driver
Upgrade block: Windows 10 audio stops working after installing Intel Smart Sound Technology driver (version 09.21.00.3755).
See details >OS Build 17763.134
November 13, 2018
KB4467708Resolved
KB4468550December 07, 2018
10:00 AM PTF5 VPN clients losing network connectivity
Back to topOS Build 17763.134
November 13, 2018
KB4467708Resolved
KB4482887Resolved:
March 01, 2019
10:00 AM PT
Opened:
November 13, 2018
10:00 AM PTIssues with lock screen and Microsoft Edge tabs for certain AMD Radeon video cards
Back to topOS Build 17763.134
November 13, 2018
KB4467708Resolved
KB4487044Resolved:
February 12, 2019
10:00 AM PT
Opened:
November 13, 2018
10:00 AM PTTrend Micro OfficeScan and Worry-Free Business Security AV software not compatible
Back to topOS Build 17763.134
November 13, 2018
KB4467708Resolved Resolved:
February 01, 2019
09:00 AM PT
Opened:
November 13, 2018
10:00 AM PTAudio stops working after installing Intel audio driver
Back to topOS Build 17763.134
November 13, 2018
KB4467708Resolved
KB4468550Resolved:
December 07, 2018
10:00 AM PT
Opened:
November 13, 2018
10:00 AM PT
"
@@ -107,16 +105,6 @@ sections:
Summary Originating update Status Last updated Some applications may fail to run as expected on clients of AD FS 2016
Some applications may fail to run as expected on clients of Active Directory Federation Services 2016 (AD FS 2016)
See details >OS Build 14393.2941
April 25, 2019
KB4493473Mitigated June 07, 2019
04:25 PM PTOpening Internet Explorer 11 may fail
Internet Explorer 11 may fail to open if Default Search Provider is not set or is malformed.
See details >OS Build 14393.2999
May 23, 2019
KB4499177Mitigated June 05, 2019
07:51 PM PTSome applications may fail to run as expected on clients of AD FS 2016
Some applications may fail to run as expected on clients of Active Directory Federation Services 2016 (AD FS 2016)
See details >OS Build 14393.2941
April 25, 2019
KB4493473Mitigated June 04, 2019
05:55 PM PTDevices running Windows Server 2016 with Hyper-V seeing Bitlocker error 0xC0210000
Some devices running Windows Server with Hyper-V enabled may start into Bitlocker recovery with error 0xC0210000
See details >OS Build 14393.2969
May 14, 2019
KB4494440Mitigated May 23, 2019
09:57 AM PTCluster service may fail if the minimum password length is set to greater than 14
The cluster service may fail to start with the error “2245 (NERR_PasswordTooShort)” if the Group Policy “Minimum Password Length” is configured with greater than 14 characters.
See details >OS Build 14393.2639
November 27, 2018
KB4467684Mitigated April 25, 2019
02:00 PM PTIssue using PXE to start a device from WDS
There may be issues using the Preboot Execution Environment (PXE) to start a device from a Windows Deployment Services (WDS) server configured to use Variable Window Extension.
See details >OS Build 14393.2848
March 12, 2019
KB4489882Mitigated April 25, 2019
02:00 PM PT
"
diff --git a/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml b/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml
index dabae3539b..f3ada14b3b 100644
--- a/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml
+++ b/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml
@@ -75,8 +75,6 @@ sections:
Details Originating update Status History Some applications may fail to run as expected on clients of AD FS 2016
Back to topOS Build 14393.2941
April 25, 2019
KB4493473Mitigated Last updated:
June 07, 2019
04:25 PM PT
Opened:
June 04, 2019
05:55 PM PTOpening Internet Explorer 11 may fail
Back to topOS Build 14393.2999
May 23, 2019
KB4499177Mitigated Last updated:
June 05, 2019
07:51 PM PT
Opened:
June 05, 2019
05:49 PM PTSome applications may fail to run as expected on clients of AD FS 2016
Back to topOS Build 14393.2941
April 25, 2019
KB4493473Mitigated Last updated:
June 04, 2019
05:55 PM PT
Opened:
June 04, 2019
05:55 PM PTWindows 10, version 1809 update history may show an update installed twice
Some customers are reporting that KB4494441 installed twice on their device
See details >OS Build 17763.503
May 14, 2019
KB4494441Resolved May 16, 2019
02:37 PM PTLayout and cell size of Excel sheets may change when using MS UI Gothic
When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel.
See details >OS Build 17763.475
May 03, 2019
KB4495667Resolved
KB4494441May 14, 2019
10:00 AM PTZone transfers over TCP may fail
Zone transfers between primary and secondary DNS servers over the Transmission Control Protocol (TCP) may fail.
See details >OS Build 17763.475
May 03, 2019
KB4495667Resolved
KB4494441May 14, 2019
10:00 AM PTLatest cumulative update (KB 4495667) installs automatically
Reports that the optional cumulative update (KB 4495667) installs automatically.
See details >OS Build 17763.475
May 03, 2019
KB4495667Resolved May 08, 2019
03:37 PM PTSystem may be unresponsive after restart if ArcaBit antivirus software installed
After further investigation ArcaBit has confirmed this issue is not applicable to Windows 10, version 1809
See details >OS Build 17763.437
April 09, 2019
KB4493509Resolved May 08, 2019
03:30 PM PTWindows 10, version 1809 update history may show an update installed twice
Back to topOS Build 17763.503
May 14, 2019
KB4494441Resolved Resolved:
May 16, 2019
02:37 PM PT
Opened:
May 14, 2019
02:56 PM PTLayout and cell size of Excel sheets may change when using MS UI Gothic
Back to topOS Build 17763.475
May 03, 2019
KB4495667Resolved
KB4494441Resolved:
May 14, 2019
10:00 AM PT
Opened:
May 10, 2019
10:35 AM PTZone transfers over TCP may fail
Back to topOS Build 17763.475
May 03, 2019
KB4495667Resolved
KB4494441Resolved:
May 14, 2019
10:00 AM PT
Opened:
May 14, 2019
01:19 PM PTLatest cumulative update (KB 4495667) installs automatically
Back to topOS Build 17763.475
May 03, 2019
KB4495667Resolved Resolved:
May 08, 2019
03:37 PM PT
Opened:
May 05, 2019
12:01 PM PT
"
diff --git a/windows/release-information/status-windows-10-1903.yml b/windows/release-information/status-windows-10-1903.yml
index d00e89505d..4a95d4db9f 100644
--- a/windows/release-information/status-windows-10-1903.yml
+++ b/windows/release-information/status-windows-10-1903.yml
@@ -22,7 +22,7 @@ sections:
Details Originating update Status History System may be unresponsive after restart if ArcaBit antivirus software installed
Back to topOS Build 17763.437
April 09, 2019
KB4493509Resolved Resolved:
May 08, 2019
03:30 PM PT
Opened:
April 09, 2019
10:00 AM PT
"
@@ -74,7 +74,7 @@ sections:
Current status as of June 6, 2019:
-
Note follow @WindowsUpdate to find out when new content is published to the release information dashboard.
Note follow @WindowsUpdate to find out when new content is published to the release information dashboard.Intel Audio displays an intcdaud.sys notification
Microsoft and Intel have identified an issue with a range of Intel Display Audio device drivers that may result in battery drain.
See details >OS Build 18362.116
May 21, 2019
KB4505057Mitigated May 21, 2019
04:47 PM PTCannot launch Camera app
Microsoft and Intel have identified an issue affecting Intel RealSense SR300 or Intel RealSense S200 camera apps.
See details >OS Build 18362.116
May 21, 2019
KB4505057Mitigated May 21, 2019
04:47 PM PTIntermittent loss of Wi-Fi connectivity
Some older devices may experience loss of Wi-Fi connectivity due to an outdated Qualcomm driver.
See details >OS Build 18362.116
May 21, 2019
KB4505057Mitigated May 21, 2019
04:46 PM PTOlder versions of BattlEye anti-cheat software incompatible
Microsoft and BattlEye have identified a compatibility issue with some games that use older versions of BattlEye anti-cheat software.
See details >OS Build 18362.116
May 21, 2019
KB4505057Resolved June 06, 2019
01:33 PM PTOlder versions of BattlEye anti-cheat software incompatible
Microsoft and BattlEye have identified a compatibility issue with some games that use older versions of BattlEye anti-cheat software.
See details >OS Build 18362.116
May 21, 2019
KB4505057Resolved June 07, 2019
04:26 PM PTDuplicate folders and documents showing in user profile directory
If known folders (e.g. Desktop, Documents, or Pictures folders) are redirected, an empty folder with that same name may be created.
See details >OS Build 18362.116
May 21, 2019
KB4505057Resolved
KB4497935May 29, 2019
02:00 PM PTAMD RAID driver incompatibility
Installation process may stop when trying to install Windows 10, version 1903 update on computers that run certain versions of AMD RAID drivers.
See details >OS Build 18362.116
May 21, 2019
KB4505057Resolved June 06, 2019
11:06 AM PTError attempting to update with external USB device or memory card attached
PCs with an external USB device or SD memory card attached may get error: \"This PC can't be upgraded to Windows 10.\"
See details >OS Build 18362.116
May 21, 2019
KB4505057Resolved
KB4497935May 29, 2019
02:00 PM PTIntel Audio displays an intcdaud.sys notification
Back to topOS Build 18362.116
May 21, 2019
KB4505057Mitigated Last updated:
May 21, 2019
04:47 PM PT
Opened:
May 21, 2019
07:22 AM PTCannot launch Camera app
Back to topOS Build 18362.116
May 21, 2019
KB4505057Mitigated Last updated:
May 21, 2019
04:47 PM PT
Opened:
May 21, 2019
07:20 AM PTIntermittent loss of Wi-Fi connectivity
Back to topOS Build 18362.116
May 21, 2019
KB4505057Mitigated Last updated:
May 21, 2019
04:46 PM PT
Opened:
May 21, 2019
07:13 AM PTOlder versions of BattlEye anti-cheat software incompatible
Back to topOS Build 18362.116
May 21, 2019
KB4505057Resolved Resolved:
June 06, 2019
01:33 PM PT
Opened:
May 21, 2019
07:34 AM PTOlder versions of BattlEye anti-cheat software incompatible
Back to topOS Build 18362.116
May 21, 2019
KB4505057Resolved Resolved:
June 07, 2019
04:26 PM PT
Opened:
May 21, 2019
07:34 AM PTDuplicate folders and documents showing in user profile directory
Back to topOS Build 18362.116
May 21, 2019
KB4505057Resolved
KB4497935Resolved:
May 29, 2019
02:00 PM PT
Opened:
May 21, 2019
07:16 AM PTAMD RAID driver incompatibility
Back to topOS Build 18362.116
May 21, 2019
KB4505057Resolved Resolved:
June 06, 2019
11:06 AM PT
Opened:
May 21, 2019
07:12 AM PTError attempting to update with external USB device or memory card attached
Back to topOS Build 18362.116
May 21, 2019
KB4505057Resolved
KB4497935Resolved:
May 29, 2019
02:00 PM PT
Opened:
May 21, 2019
07:38 AM PT
Summary Originating update Status Last updated IE11 may stop working when loading or interacting with Power BI reports
Power BI reports that contain line charts with markers may cause Internet Explorer 11 to stop working
See details >May 14, 2019
KB4499164Mitigated June 07, 2019
02:57 PM PTSystem may be unresponsive after restart with certain McAfee antivirus products
Devices with McAfee Endpoint Security Threat Prevention 10.x, Host Intrusion Prevention 8.0, or VirusScan Enterprise 8.8 may be slow or unresponsive at startup.
See details >April 09, 2019
KB4493472Mitigated April 25, 2019
02:00 PM PTUnable to access some gov.uk websites
gov.uk websites that don’t support “HSTS” may not be accessible
See details >May 14, 2019
KB4499164Resolved
KB4505050May 18, 2019
02:00 PM PTSystem may be unresponsive after restart if ArcaBit antivirus software installed
Devices with ArcaBit antivirus software installed may become unresponsive upon restart.
See details >April 09, 2019
KB4493472Resolved May 14, 2019
01:23 PM PT
+ "
+
- title: May 2019
- items:
- type: markdown
diff --git a/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml b/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml
index e76412be72..8d3e9cc582 100644
--- a/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml
+++ b/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml
@@ -60,6 +60,7 @@ sections:
- type: markdown
text: "Details Originating update Status History IE11 may stop working when loading or interacting with Power BI reports
Back to topMay 14, 2019
KB4499164Mitigated Last updated:
June 07, 2019
02:57 PM PT
Opened:
June 07, 2019
02:57 PM PT
Summary Originating update Status Last updated IE11 may stop working when loading or interacting with Power BI reports
Power BI reports that contain line charts with markers may cause Internet Explorer 11 to stop working
See details >May 14, 2019
KB4499151Mitigated June 07, 2019
02:57 PM PTJapanese IME doesn't show the new Japanese Era name as a text input option
If previous dictionary updates are installed, the Japanese input method editor (IME) doesn't show the new Japanese Era name as a text input option.
See details >April 25, 2019
KB4493443Mitigated May 15, 2019
05:53 PM PTIssue using PXE to start a device from WDS
There may be issues using the Preboot Execution Environment (PXE) to start a device from a Windows Deployment Services (WDS) server configured to use Variable Window Extension.
See details >March 12, 2019
KB4489881Mitigated April 25, 2019
02:00 PM PTCertain operations performed on a Cluster Shared Volume may fail
Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”.
See details >January 08, 2019
KB4480963Mitigated April 25, 2019
02:00 PM PT
+ "
+
- title: May 2019
- items:
- type: markdown
diff --git a/windows/release-information/status-windows-server-2012.yml b/windows/release-information/status-windows-server-2012.yml
index e98321c34c..878f02de70 100644
--- a/windows/release-information/status-windows-server-2012.yml
+++ b/windows/release-information/status-windows-server-2012.yml
@@ -60,6 +60,7 @@ sections:
- type: markdown
text: "Details Originating update Status History IE11 may stop working when loading or interacting with Power BI reports
Back to topMay 14, 2019
KB4499151Mitigated Last updated:
June 07, 2019
02:57 PM PT
Opened:
June 07, 2019
02:57 PM PT
->[!NOTE]
+>[!NOTE]
> If policy is not configured to explicitly require letters or special characters, users will be restricted to creating a numeric PIN.
diff --git a/windows/security/identity-protection/hello-for-business/hello-planning-guide.md b/windows/security/identity-protection/hello-for-business/hello-planning-guide.md
index cca50b7fcd..97ceac8319 100644
--- a/windows/security/identity-protection/hello-for-business/hello-planning-guide.md
+++ b/windows/security/identity-protection/hello-for-business/hello-planning-guide.md
@@ -247,7 +247,7 @@ If you use modern management for both domain and non-domain joined devices, writ
Windows Hello for Business is a feature exclusive to Windows 10. Some deployments and features are available using earlier versions of Windows 10. Others need the latest versions.
If box **1a** on your planning worksheet reads **cloud only**, write **N/A** in box **3a** on your planning worksheet. Optionally, you may write **1511 or later** in box **3b** on your planning worksheet if you plan to manage non-domain joined devices.
->[!NOTE]
+>[!NOTE]
>Azure Active Directory joined devices without modern management automatically enroll in Windows Hello for Business using the default policy settings. Use modern management to adjust policy settings to match the business needs of your organization.
Write **1511 or later** in box **3a** on your planning worksheet if any of the following are true.
diff --git a/windows/security/identity-protection/installing-digital-certificates-on-windows-10-mobile.md b/windows/security/identity-protection/installing-digital-certificates-on-windows-10-mobile.md
index c4d3f73cb4..a181ec72c9 100644
--- a/windows/security/identity-protection/installing-digital-certificates-on-windows-10-mobile.md
+++ b/windows/security/identity-protection/installing-digital-certificates-on-windows-10-mobile.md
@@ -31,7 +31,7 @@ Certificates in Windows 10 Mobile are primarily used for the following purposes
- For installation and licensing of applications (from the Windows Phone Store or a custom company distribution site).
->[!WARNING]
+>[!WARNING]
>In Windows 10, Version 1607, if you have multiple certificates provisioned on the device and the Wi-Fi profile provisioned does not have a strict filtering criteria, you may see connection failures when connecting to Wi-Fi. [Learn more about this known issue in Version 1607](https://go.microsoft.com/fwlink/p/?LinkId=786764)
## Install certificates using Microsoft Edge
@@ -45,6 +45,7 @@ The Windows 10 Mobile certificate installer supports .cer, .p7b, .pem, and .pfx
## Install certificates using mobile device management (MDM)
Windows 10 Mobile supports root, CA, and client certificate to be configured via MDM. Using MDM, an administrator can directly add, delete, or query root and CA certificates, and configure the device to enroll a client certificate with a certificate enrollment server that supports Simple Certificate Enrollment Protocol (SCEP). SCEP enrolled client certificates are used by Wi-Fi, VPN, email, and browser for certificate-based client authentication. An MDM server can also query and delete SCEP enrolled client certificate (including user installed certificates), or trigger a new enrollment request before the current certificate is expired.
+
>[!WARNING]
>Do not use SCEP for encryption certificates for S/MIME. You must use a PFX certificate profile to support S/MIME on Windows 10 Mobile. For instructions on creating a PFX certificate profile in Microsoft Intune, see [Enable access to company resources using certificate profiles with Microsoft Intune](https://go.microsoft.com/fwlink/p/?LinkID=718216).
@@ -72,5 +73,4 @@ Windows 10 Mobile supports root, CA, and client certificate to be configured vi
## Related topics
-[Configure S/MIME](configure-s-mime.md)
-
+[Configure S/MIME](configure-s-mime.md)
\ No newline at end of file
diff --git a/windows/security/identity-protection/windows-credential-theft-mitigation-guide-abstract.md b/windows/security/identity-protection/windows-credential-theft-mitigation-guide-abstract.md
index 5c4e5fc232..701083c55c 100644
--- a/windows/security/identity-protection/windows-credential-theft-mitigation-guide-abstract.md
+++ b/windows/security/identity-protection/windows-credential-theft-mitigation-guide-abstract.md
@@ -31,7 +31,7 @@ This guide explains how credential theft attacks occur and the strategies and co
- Respond to suspicious activity
- Recover from a breach
-
+
## Attacks that steal credentials
diff --git a/windows/security/information-protection/bitlocker/bitlocker-and-adds-faq.md b/windows/security/information-protection/bitlocker/bitlocker-and-adds-faq.md
index 26fd5e8431..144180cd40 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-and-adds-faq.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-and-adds-faq.md
@@ -39,7 +39,7 @@ For more info, see [BitLocker Group Policy settings](bitlocker-group-policy-sett
The BitLocker Windows Management Instrumentation (WMI) interface does allow administrators to write a script to back up or synchronize an online client's existing recovery information; however, BitLocker does not automatically manage this process. The manage-bde command-line tool can also be used to manually back up recovery information to AD DS. For example, to back up all of the recovery information for the C: drive to AD DS, you would use the following command from an elevated command prompt: **manage-bde -protectors -adbackup C:**.
-> [!IMPORTANT]
+> [!IMPORTANT]
> Joining a computer to the domain should be the first step for new computers within an organization. After computers are joined to a domain, storing the BitLocker recovery key to AD DS is automatic (when enabled in Group Policy).
## Is there an event log entry recorded on the client computer to indicate the success or failure of the Active Directory backup?
diff --git a/windows/security/information-protection/bitlocker/bitlocker-key-management-faq.md b/windows/security/information-protection/bitlocker/bitlocker-key-management-faq.md
index 349af8295f..fa1f49ee5d 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-key-management-faq.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-key-management-faq.md
@@ -58,7 +58,7 @@ For older hardware, where a PIN may be needed, it’s recommended to enable [enh
BitLocker is designed to make the encrypted drive unrecoverable without the required authentication. When in recovery mode, the user needs the recovery password or recovery key to unlock the encrypted drive.
-> [!IMPORTANT]
+> [!IMPORTANT]
> Store the recovery information in AD DS, along with your Microsoft Account, or another safe location.
## Can the USB flash drive that is used as the startup key also be used to store the recovery key?
diff --git a/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md b/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md
index 8775e52fb9..fb326e7977 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md
@@ -46,7 +46,7 @@ For Windows PCs and Windows Phones that enroll using **Connect to work or school
## Managing servers
-Servers are often installed, configured, and deployed using PowerShell, so the recommendation is to also use [PowerShell to enable BitLocker on a server](bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md#a-href-idbkmk-blcmdletsabitlocker-cmdlets-for-windows-powershell), ideally as part of the initial setup. BitLocker is an Optional Component (OC) in Windows Server, so follow the directions in [BitLocker: How to deploy on Windows Server 2012 and later](bitlocker-how-to-deploy-on-windows-server.md) to add the BitLocker OC.
+Servers are often installed, configured, and deployed using PowerShell, so the recommendation is to also use [PowerShell to enable BitLocker on a server](bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md#bitlocker-cmdlets-for-windows-powershell), ideally as part of the initial setup. BitLocker is an Optional Component (OC) in Windows Server, so follow the directions in [BitLocker: How to deploy on Windows Server 2012 and later](bitlocker-how-to-deploy-on-windows-server.md) to add the BitLocker OC.
The Minimal Server Interface is a prerequisite for some of the BitLocker administration tools. On a [Server Core](https://docs.microsoft.com/windows-server/get-started/getting-started-with-server-core) installation, you must add the necessary GUI components first. The steps to add shell components to Server Core are described in [Using Features on Demand with Updated Systems and Patched Images](https://blogs.technet.microsoft.com/server_core/2012/11/05/using-features-on-demand-with-updated-systems-and-patched-images/) and [How to update local source media to add roles and features](https://blogs.technet.microsoft.com/joscon/2012/11/14/how-to-update-local-source-media-to-add-roles-and-features/).
@@ -135,6 +135,6 @@ PS C:\> Enable-BitLocker -MountPoint "C:" -EncryptionMethod XtsAes256 -UsedSpace
**Powershell**
-[BitLocker cmdlets for Windows PowerShell](bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md#a-href-idbkmk-blcmdletsabitlocker-cmdlets-for-windows-powershell)
+[BitLocker cmdlets for Windows PowerShell](bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md#bitlocker-cmdlets-for-windows-powershell)
[Surface Pro Specifications](https://www.microsoft.com/surface/support/surface-pro-specs)
diff --git a/windows/security/information-protection/bitlocker/bitlocker-overview-and-requirements-faq.md b/windows/security/information-protection/bitlocker/bitlocker-overview-and-requirements-faq.md
index 054d1aedf7..dd0439236b 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-overview-and-requirements-faq.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-overview-and-requirements-faq.md
@@ -40,7 +40,7 @@ Yes, BitLocker supports multifactor authentication for operating system drives.
For requirements, see [System requirements](bitlocker-overview.md#system-requirements).
-> [!NOTE]
+> [!NOTE]
> Dynamic disks are not supported by BitLocker. Dynamic data volumes will not be displayed in the Control Panel. Although the operating system volume will always be displayed in the Control Panel, regardless of whether it is a Dynamic disk, if it is a dynamic disk it is cannot be protected by BitLocker.
## Why are two partitions required? Why does the system drive have to be so large?
diff --git a/windows/security/information-protection/bitlocker/bitlocker-security-faq.md b/windows/security/information-protection/bitlocker/bitlocker-security-faq.md
index 0a3788fac9..a12e4c3b02 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-security-faq.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-security-faq.md
@@ -39,6 +39,6 @@ BitLocker on operating system drives in its basic configuration (with a TPM but
Most operating systems use a shared memory space and rely on the operating system to manage physical memory. A TPM is a hardware component that uses its own internal firmware and logic circuits for processing instructions, thus shielding it from external software vulnerabilities. Attacking the TPM requires physical access to the computer. Additionally, the tools and skills necessary to attack hardware are often more expensive, and usually are not as available as the ones used to attack software. And because each TPM is unique to the computer that contains it, attacking multiple TPM computers would be difficult and time-consuming.
-> [!NOTE]
+> [!NOTE]
> Configuring BitLocker with an additional factor of authentication provides even more protection against TPM hardware attacks.
diff --git a/windows/security/information-protection/bitlocker/bitlocker-upgrading-faq.md b/windows/security/information-protection/bitlocker/bitlocker-upgrading-faq.md
index db58b1db22..de4112e3d5 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-upgrading-faq.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-upgrading-faq.md
@@ -40,6 +40,6 @@ Users need to suspend BitLocker for Non-Microsoft software updates, such as:
- TPM firmware updates
- Non-Microsoft application updates that modify boot components
-> [!NOTE]
+> [!NOTE]
> If you have suspended BitLocker, you can resume BitLocker protection after you have installed the upgrade or update. Upon resuming protection, BitLocker will reseal the encryption key to the new values of the measured components that changed as a part of the upgrade or update. If these types of upgrades or updates are applied without suspending BitLocker, your computer will enter recovery mode when restarting and will require a recovery key or password to access the computer.
diff --git a/windows/security/information-protection/bitlocker/bitlocker-using-with-other-programs-faq.md b/windows/security/information-protection/bitlocker/bitlocker-using-with-other-programs-faq.md
index a8069a69e9..8c25c57e76 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-using-with-other-programs-faq.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-using-with-other-programs-faq.md
@@ -78,7 +78,7 @@ Limited BitLocker functionality is available in Safe Mode. BitLocker-protected d
Both fixed and removable data drives can be locked by using the Manage-bde command-line tool and the –lock command.
-> [!NOTE]
+> [!NOTE]
> Ensure all data is saved to the drive before locking it. Once locked, the drive will become inaccessible.
The syntax of this command is:
diff --git a/windows/security/information-protection/encrypted-hard-drive.md b/windows/security/information-protection/encrypted-hard-drive.md
index aa97e1a83e..cf637532f1 100644
--- a/windows/security/information-protection/encrypted-hard-drive.md
+++ b/windows/security/information-protection/encrypted-hard-drive.md
@@ -41,7 +41,7 @@ Encrypted Hard Drives are supported natively in the operating system through the
- **API**: API support for applications to manage Encrypted Hard Drives independently of BitLocker Drive Encryption (BDE)
- **BitLocker support**: Integration with the BitLocker Control Panel provides a seamless BitLocker end user experience.
->[!WARNING]
+>[!WARNING]
>Self-Encrypting Hard Drives and Encrypted Hard Drives for Windows are not the same type of device. Encrypted Hard Drives for Windows require compliance for specific TCG protocols as well as IEEE 1667 compliance; Self-Encrypting Hard Drives do not have these requirements. It is important to confirm the device type is an Encrypted Hard Drive for Windows when planning for deployment.
If you are a storage device vendor who is looking for more info on how to implement Encrypted Hard Drive, see the [Encrypted Hard Drive Device Guide](https://msdn.microsoft.com/library/windows/hardware/dn653989.aspx).
@@ -63,7 +63,7 @@ For an Encrypted Hard Drive used as a **startup drive**:
- The computer must have the Compatibility Support Module (CSM) disabled in UEFI.
- The computer must always boot natively from UEFI.
->[!WARNING]
+>[!WARNING]
>All Encrypted Hard Drives must be attached to non-RAID controllers to function properly.
## Technical overview
@@ -83,9 +83,9 @@ Configuration of Encrypted Hard Drives as startup drives is done using the same
There are three related Group Policy settings that help you manage how BitLocker uses hardware-based envryption and which encryption algorithms to use. If these settings are not configured or disabled on systems that are equipped with encrypted drives, BitLocker uses software-based encryption:
-- [Configure use of hardware-based encryption for fixed data drives](bitlocker/bitlocker-group-policy-settings.md#a-href-idbkmk-hdefxdaconfigure-use-of-hardware-based-encryption-for-fixed-data-drives)
-- [Configure use of hardware-based encryption for removable data drives](bitlocker/bitlocker-group-policy-settings.md#a-href-idbkmk-hderddaconfigure-use-of-hardware-based-encryption-for-removable-data-drives)
-- [Configure use of hardware-based encryption for operating system drives](bitlocker/bitlocker-group-policy-settings.md#a-href-idbkmk-hdeosdaconfigure-use-of-hardware-based-encryption-for-operating-system-drives)
+- [Configure use of hardware-based encryption for fixed data drives](bitlocker/bitlocker-group-policy-settings.md#bkmk-hdefxd)
+- [Configure use of hardware-based encryption for removable data drives](bitlocker/bitlocker-group-policy-settings.md#configure-use-of-hardware-based-encryption-for-removable-data-drives)
+- [Configure use of hardware-based encryption for operating system drives](bitlocker/bitlocker-group-policy-settings.md#configure-use-of-hardware-based-encryption-for-operating-system-drives)
## Encrypted Hard Drive Architecture
@@ -107,4 +107,4 @@ Many Encrypted Hard Drive devices come pre-configured for use. If reconfiguratio
1. Open Disk Management (diskmgmt.msc)
2. Initialize the disk and select the appropriate partition style (MBR or GPT)
3. Create one or more volumes on the disk.
-4. Use the BitLocker setup wizard to enable BitLocker on the volume.
+4. Use the BitLocker setup wizard to enable BitLocker on the volume.
\ No newline at end of file
diff --git a/windows/security/information-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate.md b/windows/security/information-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate.md
index 2636b5b98e..7bde4e34bf 100644
--- a/windows/security/information-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate.md
+++ b/windows/security/information-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate.md
@@ -90,7 +90,7 @@ It's possible that you might revoke data from an unenrolled device only to later
To start Robocopy in S mode, open Task Manager. Click **File** > **Run new task**, type the command, and click **Create this task with administrative privileges**.
- 
+ 
If the employee performed a clean installation and there is no user profile, you need to recover the keys from the System Volume folder in each drive. Type:
diff --git a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md
index 00d2cad395..fef2b942c2 100644
--- a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md
+++ b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md
@@ -97,7 +97,7 @@ Select **Store apps**, type the app product name and publisher, and click **OK**
- **Publisher**: `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US`
- **Product Name**: `Microsoft.MicrosoftPowerBIForWindows`
-
+
To add multiple Store apps, click the ellipsis **…**.
diff --git a/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md b/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md
index af4c35b94e..441e6d2b75 100644
--- a/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md
+++ b/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md
@@ -71,7 +71,7 @@ Microsoft has made a concerted effort to enlighten several of our more popular a
- Microsoft Remote Desktop
->[!NOTE]
+>[!NOTE]
>Microsoft Visio and Microsoft Project are not enlightended apps and need to be exempted from WIP policy. If they are allowed, there is a risk of data loss. For example, if a device is workplace-joined and managed and the user leaves the company, metadata files that the apps rely on remain encrypted and the apps stop functioining.
## List of WIP-work only apps from Microsoft
diff --git a/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md b/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md
index 2a2cd6a8bf..1ea71b62ad 100644
--- a/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md
+++ b/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md
@@ -46,7 +46,7 @@ Protecting authorized removable storage with Windows Defender Antivirus requires
- If real-time protection is enabled, files are scanned before they are accessed and executed. The scanning scope includes all files, including those on mounted removable devices such as USB drives. You can optionally [run a PowerShell script to perform a custom scan](https://aka.ms/scanusb) of a USB drive after it is mounted, so that Windows Defender Antivirus starts scanning all files on a removable device once the removable device is attached. However, we recommend enabling real-time protection for improved scanning performance, especially for large storage devices.
- If scheduled scans are used, then you need to disable the DisableRemovableDriveScanning setting (enabled by default) to scan the removable device during a full scan. Removable devices are scanned during a quick or custom scan regardless of the DisableRemovableDriveScanning setting.
->[!NOTE]
+>[!NOTE]
>We recommend enabling real-time monitoring for scanning. In Intune, you can enable real-time monitoring for Windows 10 in **Device Restrictions** > **Configure** > **Windows Defender Antivirus** > **Real-time monitoring**.
Summary Originating update Status Last updated IE11 may stop working when loading or interacting with Power BI reports
Power BI reports that contain line charts with markers may cause Internet Explorer 11 to stop working
See details >May 14, 2019
KB4499171Mitigated June 07, 2019
02:57 PM PTJapanese IME doesn't show the new Japanese Era name as a text input option
If previous dictionary updates are installed, the Japanese input method editor (IME) doesn't show the new Japanese Era name as a text input option.
See details >April 25, 2019
KB4493462Mitigated May 15, 2019
05:53 PM PTIssue using PXE to start a device from WDS
There may be issues using the Preboot Execution Environment (PXE) to start a device from a Windows Deployment Services (WDS) server configured to use Variable Window Extension.
See details >March 12, 2019
KB4489891Mitigated April 25, 2019
02:00 PM PTCertain operations performed on a Cluster Shared Volume may fail
Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”.
See details >January 08, 2019
KB4480975Mitigated April 25, 2019
02:00 PM PT
+ "
+
- title: May 2019
- items:
- type: markdown
diff --git a/windows/security/identity-protection/credential-guard/additional-mitigations.md b/windows/security/identity-protection/credential-guard/additional-mitigations.md
index 9d212561c9..93d0011f35 100644
--- a/windows/security/identity-protection/credential-guard/additional-mitigations.md
+++ b/windows/security/identity-protection/credential-guard/additional-mitigations.md
@@ -75,7 +75,7 @@ Run the following command:
CertReq -EnrollCredGuardCert MachineAuthentication
```
-> [!NOTE]
+> [!NOTE]
> You must restart the device after enrolling the machine authentication certificate.
##### How a certificate issuance policy can be used for access control
@@ -126,7 +126,7 @@ Authentication policies have the following requirements:
11. Click **OK** to create the authentication policy.
12. Close Active Directory Administrative Center.
-> [!NOTE]
+> [!NOTE]
> When the authentication policy enforces policy restrictions, users will not be able to sign on using devices that do not have a certificate with the appropriate issuance policy deployed. This applies to both local and remote sign on scenarios. Therefore, it is strongly recommended to first only audit policy restrictions to ensure you don't have unexpected failures.
##### Discovering authentication failures due to authentication policies
@@ -327,7 +327,7 @@ write-host "There are no issuance policies which are not mapped to groups"
}
}
```
-> [!NOTE]
+> [!NOTE]
> If you're having trouble running this script, try replacing the single quote after the ConvertFrom-StringData parameter.
#### Link an issuance policy to a group
@@ -609,5 +609,5 @@ write-host $tmp -Foreground Red
}
```
-> [!NOTE]
+> [!NOTE]
> If you're having trouble running this script, try replacing the single quote after the ConvertFrom-StringData parameter.
diff --git a/windows/security/identity-protection/credential-guard/credential-guard-not-protected-scenarios.md b/windows/security/identity-protection/credential-guard/credential-guard-not-protected-scenarios.md
index a2e1958009..2e1a83d9b7 100644
--- a/windows/security/identity-protection/credential-guard/credential-guard-not-protected-scenarios.md
+++ b/windows/security/identity-protection/credential-guard/credential-guard-not-protected-scenarios.md
@@ -100,7 +100,7 @@ Run the following command:
CertReq -EnrollCredGuardCert MachineAuthentication
```
-> [!NOTE]
+> [!NOTE]
> You must restart the device after enrolling the machine authentication certificate.
##### How a certificate issuance policy can be used for access control
@@ -151,7 +151,7 @@ Authentication policies have the following requirements:
11. Click **OK** to create the authentication policy.
12. Close Active Directory Administrative Center.
-> [!NOTE]
+> [!NOTE]
> When the authentication policy enforces policy restrictions, users will not be able to sign on using devices that do not have a certificate with the appropriate issuance policy deployed. This applies to both local and remote sign on scenarios. Therefore, it is strongly recommended to first only audit policy restrictions to ensure you don't have unexpected failures.
##### Discovering authentication failures due to authentication policies
@@ -356,7 +356,7 @@ write-host "There are no issuance policies which are not mapped to groups"
}
}
```
-> [!NOTE]
+> [!NOTE]
> If you're having trouble running this script, try replacing the single quote after the ConvertFrom-StringData parameter.
#### Link an issuance policy to a group
@@ -638,7 +638,7 @@ write-host $tmp -Foreground Red
}
```
-> [!NOTE]
+> [!NOTE]
> If you're having trouble running this script, try replacing the single quote after the ConvertFrom-StringData parameter.
## See also
diff --git a/windows/security/identity-protection/credential-guard/credential-guard-scripts.md b/windows/security/identity-protection/credential-guard/credential-guard-scripts.md
index b6c7e284af..0b6d13f777 100644
--- a/windows/security/identity-protection/credential-guard/credential-guard-scripts.md
+++ b/windows/security/identity-protection/credential-guard/credential-guard-scripts.md
@@ -209,7 +209,7 @@ write-host "There are no issuance policies which are not mapped to groups"
}
}
```
-> [!NOTE]
+> [!NOTE]
> If you're having trouble running this script, try replacing the single quote after the ConvertFrom-StringData parameter.
## Link an issuance policy to a group
@@ -491,5 +491,5 @@ write-host $tmp -Foreground Red
}
```
-> [!NOTE]
+> [!NOTE]
> If you're having trouble running this script, try replacing the single quote after the ConvertFrom-StringData parameter.
diff --git a/windows/security/identity-protection/enterprise-certificate-pinning.md b/windows/security/identity-protection/enterprise-certificate-pinning.md
index c6f6c2f100..6747177c1d 100644
--- a/windows/security/identity-protection/enterprise-certificate-pinning.md
+++ b/windows/security/identity-protection/enterprise-certificate-pinning.md
@@ -26,7 +26,7 @@ ms.reviewer:
Enterprise certificate pinning is a Windows feature for remembering, or “pinning,” a root issuing certificate authority or end entity certificate to a given domain name.
Enterprise certificate pinning helps reduce man-in-the-middle attacks by enabling you to protect your internal domain names from chaining to unwanted certificates or to fraudulently issued certificates.
->[!NOTE]
+>[!NOTE]
> External domain names, where the certificate issued to these domains is issued by a public certificate authority, are not ideal for enterprise certificate pinning.
Windows Certificate APIs (CertVerifyCertificateChainPolicy and WinVerifyTrust) are updated to check if the site’s server authentication certificate chain matches a restricted set of certificates.
diff --git a/windows/security/identity-protection/hello-for-business/feature-multifactor-unlock.md b/windows/security/identity-protection/hello-for-business/feature-multifactor-unlock.md
index c33567fa7c..3923238254 100644
--- a/windows/security/identity-protection/hello-for-business/feature-multifactor-unlock.md
+++ b/windows/security/identity-protection/hello-for-business/feature-multifactor-unlock.md
@@ -273,7 +273,7 @@ This example configures an IPConfig signal type using Ipv4Prefix, Ipv4DnsServer,
#### Example 2
This example configures an IpConfig signal type using a dnsSuffix element and a bluetooth signal for phones. This configuration is wrapped for reading. Once properly formatted, the entire XML contents must be a single line. This example implies that either the ipconfig **or** the Bluetooth rule must evaluate to true, for the resulting signal evaluation to be true.
->[!NOTE]
+>[!NOTE]
>Separate each rule element using a comma.
```
diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md
index fc0ae7661b..3d74e8a3b3 100644
--- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md
+++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md
@@ -382,7 +382,7 @@ $deSCP.Properties["keywords"].Add("enterpriseDrsName:" + $enrollmentService)
$deSCP.CommitChanges()
```
->[!NOTE]
+>[!NOTE]
> You can save the modified script in notepad and save them as "add-scpadfs.ps1" and the way to run it is just navigating into the script path folder and running .\add-scpAdfs.ps1.
>
diff --git a/windows/security/identity-protection/hello-for-business/hello-manage-in-organization.md b/windows/security/identity-protection/hello-for-business/hello-manage-in-organization.md
index c154697610..e9c7937ed9 100644
--- a/windows/security/identity-protection/hello-for-business/hello-manage-in-organization.md
+++ b/windows/security/identity-protection/hello-for-business/hello-manage-in-organization.md
@@ -294,7 +294,7 @@ The following table lists the MDM policy settings that you can configure for Win
Details Originating update Status History IE11 may stop working when loading or interacting with Power BI reports
Back to topMay 14, 2019
KB4499171Mitigated Last updated:
June 07, 2019
02:57 PM PT
Opened:
June 07, 2019
02:57 PM PT