Merge branch 'master' into MDBranchMachineToDeviceParent

2025-05-16 23:37:22 +00:00 · 2020-05-29 13:53:43 -07:00 · 2020-05-29 13:53:43 -07:00 · 1b79a1d31d
commit 1b79a1d31d
parent 26204aab03 4b6392ceb1
15 changed files with 183 additions and 316 deletions
--- a/.openpublishing.redirection.json
+++ b/.openpublishing.redirection.json
@ -15952,6 +15952,11 @@
 "redirect_document_id": true
 },
 {
 "source_path": "devices/surface/using-the-sda-deployment-share.md",
 "redirect_url": "https://docs.microsoft.com/surface/microsoft-surface-deployment-accelerator",
 "redirect_document_id": true
 },
 {
 "source_path": "windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction-rules-in-windows-10-enterprise-e3.md",
 "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction",
 "redirect_document_id": true
--- a/devices/hololens/hololens-release-notes.md
+++ b/devices/hololens/hololens-release-notes.md
@ -132,7 +132,7 @@ Many Windows apps now support both dark and light modes, and HoloLens 2 customer
 - 3D Viewer 
 - Movies & TV 
-![Dark mode windows tiled](images/hololens-darkmode-tiled-picture.jpg)
+![Dark mode windows tiled](images/DarkMode.jpg)
 ### System voice commands
--- a/devices/hololens/images/DarkMode.jpg
+++ b/devices/hololens/images/DarkMode.jpg
--- a/devices/surface/TOC.md
+++ b/devices/surface/TOC.md
@ -38,7 +38,6 @@
 ### [Enable the Surface Laptop keyboard during MDT deployment](enable-surface-keyboard-for-windows-pe-deployment.md)
 ### [Upgrade Surface devices to Windows 10 with MDT](upgrade-surface-devices-to-windows-10-with-mdt.md)
 ### [Customize the OOBE for Surface deployments](customize-the-oobe-for-surface-deployments.md)
 ### [Using the Surface Deployment Accelerator deployment share](using-the-sda-deployment-share.md)
 ### [Surface System SKU reference](surface-system-sku-reference.md)
 ## Manage
--- a/devices/surface/surface-dock-whats-new.md
+++ b/devices/surface/surface-dock-whats-new.md
@ -8,14 +8,14 @@ ms.sitesec: library
 author: coveminer
 ms.author: greglin
 ms.topic: article
-ms.date: 5/06/2020
+ms.date: 5/29/2020
 ms.reviewer: brrecord
 manager: laurawi
 audience: itpro
 ---
 # What’s new in Surface Dock 2
-Surface Dock 2, the next generation Surface dock, lets users connect external monitors and multiple peripherals to obtain a fully modernized desktop experience from a Surface device. Built to maximize efficiency at the office, in a flexible workspace, or at home, Surface Dock 2 features seven ports, including two front-facing USB-C ports, with 15 watts of fast charging power for phone and accessories. Surface Dock 2 is designed to simplify IT management, enabling admins to automate firmware updates using Windows Update or centralize updates with internal software distribution tools. An extended set of management tools will be released via Windows update upon commercial distribution.
+Surface Dock 2, the next generation Surface dock, lets users connect external monitors and multiple peripherals to obtain a fully modernized desktop experience from a Surface device. Built to maximize efficiency at the office, in a flexible workspace, or at home, Surface Dock 2 features seven ports, including two front-facing USB-C ports, with 15 watts of fast charging power for phone and accessories. Surface Dock 2 is designed to simplify IT management, enabling admins to automate firmware updates using Windows Update or centralize updates with internal software distribution tools. Surface Enterprise Management Mode (SEMM) now enables IT admins to secure ports on Surface Dock 2. For more information, see [Secure Surface Dock 2 ports with Surface Enterprise Management Mode](https://techcommunity.microsoft.com/t5/surface-it-pro-blog/secure-surface-dock-2-ports-with-surface-enterprise-management/ba-p/1418999).
 ## General system requirements
@ -29,7 +29,6 @@ Surface Dock 2, the next generation Surface dock, lets users connect external mo
  - Surface Laptop 2
  - Surface Go
  - Surface Go with LTE Advanced 
  - Surface Studio 2 
  - Surface Pro 7
  - Surface Laptop 3
  - Surface Book 3
@ -86,7 +85,7 @@ Surface Dock 2, the next generation Surface dock, lets users connect external mo
 |Surflink|Yes|Yes|
 |USB-A|2 front facing USB 3.1 Gen 1<br>2 rear facing USB 3.1 Gen 1|2 rear facing USB 3.2 Gen 2 (7.5W power)|
 |Mini Display port|2 rear facing (DP1.2)|None|
-|USB-C|None|2 front facing USB 3.2 Gen 2<br>[15W power]<br>2 rear facing USB 3.2 Gen 2 (DP1.4a)<br>[7.5W power]|
+|USB-C|None|2 front facing USB 3.2 Gen 2<br>(15W power)<br>2 rear facing USB 3.2 Gen 2 (DP1.4a)<br>(7.5W power)|
 |3.5 mm Audio in/out|Yes|Yes|
 |Ethernet|Yes, 1 gigabit|Yes 1 gigabit|
 |DC power in|Yes|Yes|
@ -99,20 +98,18 @@ Surface Dock 2, the next generation Surface dock, lets users connect external mo
 |Wake-on-LAN from Connected Standby<sup>1</sup>|Yes|Yes|
 |Wake-on-LAN from S4/S5 sleep modes|No|Yes|
 |Network PXE boot|Yes|Yes|
-|SEMM host access control|No|Coming in Windows Update<sup>2</sup>|
+|SEMM host access control|No|Yes
-|SEMM port access control<sup>3</sup>|No|Coming in Windows Update|
+|SEMM port access control<sup>2</sup>|No|Yes|
 |Servicing support|MSI|Windows Update or MSI|
 ||||
 1. *Devices must be configured for Wake on LAN via Surface Enterprise Management Mode (SEMM) or Device Firmware Control Interface (DFCI) to wake from Hibernation or Power-Off states. Wake from Hibernation or Power-Off is supported on Surface Pro 7, Surface Laptop 3, Surface Pro X, Surface Book 3, and Surface Go 2.  Software license required for some features. Sold separately.*
-2. *Pending release via Windows Update.*
+2. *Software license required for some features. Sold separately.*
 3. *Software license required for some features. Sold separately.*
 ## Streamlined device management
-Following the public announcement of Surface Dock 2, Surface will release streamlined management functionality via Windows Update enabling IT admins to utilize the following enterprise-grade features:
+Surface has released streamlined management functionality via Windows Update enabling IT admins to utilize the following enterprise-grade features:
 - **Frictionless updates**. Update your docks silently and automatically, with Windows Update or Microsoft Endpoint Configuration Manager, (formerly System Center Configuration Manager - SCCM) or other MSI deployment tools. 
 - **Wake from the network**. Manage and access corporate devices without depending on users to keep their devices powered on. Even when a docked device is in sleep, hibernation, or power off mode, your team can wake from the network for service and management, using Endpoint Configuration Manager or other enterprise management tools.
@ -120,5 +117,6 @@ Following the public announcement of Surface Dock 2, Surface will release stream
 ## Next steps
 - [Secure Surface Dock 2 ports with Surface Enterprise Management Mode](https://techcommunity.microsoft.com/t5/surface-it-pro-blog/secure-surface-dock-2-ports-with-surface-enterprise-management/ba-p/1418999)
 - [Surface Enterprise Management Mode](surface-enterprise-management-mode.md)
 - [Best practice power settings for Surface devices](maintain-optimal-power-settings-on-Surface-devices.md)
--- a/devices/surface/using-the-sda-deployment-share.md
+++ b/devices/surface/using-the-sda-deployment-share.md
@ -1,172 +0,0 @@
 ---
 title: Using the Microsoft Surface Deployment Accelerator deployment share (Surface)
 description: Explore the scenarios where you can use SDA to meet the deployment needs of your organization including Proof of Concept, pilot deployment, as well as import additional drivers and applications.
 keywords: deploy, install, automate, deployment solution
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.pagetype: surface, devices
 ms.sitesec: library
 author: coveminer
 ms.author: greglin
 ms.topic: article
 ms.localizationpriority: medium
 ms.audience: itpro
 ms.reviewer: 
 manager: laurawi
 ---
 # Using the Microsoft Surface Deployment Accelerator deployment share
 With Microsoft Surface Deployment Accelerator (SDA), you can quickly and easily set up a deployment solution that is ready to deploy Windows to Surface devices. The prepared environment is built on powerful deployment technologies available from Microsoft, such as the [Microsoft Deployment Toolkit (MDT)](https://technet.microsoft.com/windows/dn475741), and is capable of immediately performing a deployment after configuration. See [Step-by-Step: Surface Deployment Accelerator](https://technet.microsoft.com/itpro/surface/step-by-step-surface-deployment-accelerator) for a comprehensive walkthrough of using the SDA wizard to set up a deployment share and perform a deployment.
 For more information about SDA and information on how to download SDA, see [Microsoft Surface Deployment Accelerator (SDA)](https://technet.microsoft.com/itpro/surface/microsoft-surface-deployment-accelerator).
 > [!NOTE]
 > SDA is not supported on Surface Pro 7, Surface Pro X, and Surface Laptop 3. For more information refer to [Deploy Surface devices](deploy.md).
 Using SDA provides these primary benefits:
 * With SDA, you can create a ready-to-deploy environment that can deploy to target devices as fast as your download speeds allow. The wizard experience enables you to check a few boxes and then the automated process builds your deployment environment for you.
 * With SDA, you prepare a deployment environment built on the industry leading deployment solution of MDT. With MDT you can scale from a relatively basic deployment of a few Surface devices to a solution capable of deploying to thousands of devices including all of the different makes and models in your organization and all of the applications required by each device and user.
 This article explores four scenarios where you can use SDA to meet the needs of your organization. See [Deploy Windows 10](https://technet.microsoft.com/itpro/windows/deploy/index) to explore the capabilities of MDT and the Windows deployment technologies available from Microsoft in greater detail. 
 ## Perform a Proof of Concept deployment
 One of the primary scenarios for use of SDA is as a Proof of Concept. A *Proof of Concept* (PoC) enables you to test or evaluate the capabilities of a solution or technology. A PoC is often used to illustrate the benefits of the solution or technology to decision makers. For example, if you want to recommend Surface devices as a replacement of older point of sale (POS) systems, you could perform a PoC to demonstrate how Surface devices provide superior computing power, flexibility, and connectivity when compared to alternate options.
 Using SDA to prepare a PoC of Surface devices enables you to very quickly prepare a demonstration of Surface device or devices, which gives you more time for customization or preparation. The flexibility of SDA even lets you import resources, like applications and drivers, from existing MDT deployment infrastructure. See the [Work with existing deployment shares](#work-with-existing-deployment-shares) section later in this article for more information.
 SDA is also an excellent PoC of the capabilities of MDT. SDA demonstrates just how quickly an MDT deployment environment can be prepared and made ready for deployment to devices. It also shows just how flexible and customizable the MDT solution can be, with support for Windows 10 and Windows 8.1, for Microsoft Store and desktop applications, and several models of Surface devices.
 Some recommendations for a successful PoC with SDA are:
 * Keep your SDA deployment environment separate from your production network. This ensures optimal performance and reduces potential for conflicts during your PoC deployment.
 * Use a fresh and updated instance of Windows Server to house your SDA deployment share to maintain the simplicity and performance of the demonstration environment.
 * Test the deployment process before you demonstrate your PoC. This reduces the potential for unexpected situations and keeps the demonstration focused on the deployment process and Surface devices.
 * Use offline files with SDA to further reduce installation times.
 * For help with your PoC, contact [Surface Support](https://www.microsoft.com/surface/support/contact-us-business).
 ## Perform a pilot deployment
 A pilot deployment differs from a PoC. Where a PoC is usually a closed demonstration that is performed prior to the deployment process in order to get approval for the use of certain technologies or solutions, a *pilot deployment* is performed during the deployment process as a limited scope deployment for testing and validation. The focus of a pilot deployment can be as narrow as only a handful of devices, or wide enough to include a significant portion of your organization.
 >[!NOTE]
 >A pilot deployment should not replace the testing process that should be performed regularly in the lab as the deployment environment is built and developed. A deployment solution should be tested in virtual and physical environments as new applications and drivers are added and when task sequences are modified and before a pilot deployment is performed. 
 For example, you are tasked with deploying Surface devices to mobile workers and you want to test the organization’s MDT deployment process by providing a small number of devices to executives. You can use SDA to create an isolated Surface deployment environment and then copy the task sequence, applications, and drivers needed from the production deployment share. This not only enables you to quickly create a Surface deployment, but it also minimizes the risk to the production deployment process used for other types of devices.
 For small organizations, the pilot deployment environment of SDA may suffice as a complete deployment solution. Even if you do not have an existing deployment environment, you can import drivers and applications (covered later in this article) to provide a complete deployment solution based on MDT. Even without previous knowledge of MDT or Windows deployment, you can follow the [Step-by-Step: Surface Deployment Accelerator](https://technet.microsoft.com/itpro/surface/step-by-step-surface-deployment-accelerator) article to get started with a deployment to Surface devices.
 ## Import additional drivers
 The SDA deployment share includes all of the drivers needed for Surface devices. This includes the drivers for the components inside the Surface device, such as the wireless network adapter and the main chipset, as well as drivers for Surface accessories, such as the Surface Dock or Surface USB Ethernet adapters. The SDA deployment share does not, however, include drivers for third-party devices or peripherals.
 For example, you may intend to use your Surface device with a thermal printer, credit card reader, and barcode scanner as a POS terminal. In this scenario, the thermal printer, credit card reader, and barcode scanner will very likely require installation of drivers to operate properly. You could potentially download and install these drivers from Windows Update when each peripheral is connected, or you could install the driver package from the manufacturer manually on each Surface device, but the ideal solution is to have these drivers already present in Windows so that when the peripheral is connected, it will just work.
 Because SDA is built on MDT, adding the drivers to the SDA deployment share is easy and simple. 
 >[!NOTE]
 >The drivers must be in the Setup Information File (.inf) format. If the drivers for your device come as an executable file (.exe), they may need to be extracted or installed to procure the .inf file. Some device drivers come packaged with applications, for example an all-in-one printer bundled with scan software. These applications will need to be installed separately from the drivers.
 To import drivers for a peripheral device:
 1. Download the drivers for your device from the manufacturer web site.
 2. Open the MDT Deployment Workbench.
 3. Expand the **Deployment Shares** node and expand the SDA deployment share.
 4. Expand the **Out-of-Box Drivers** folder.
 5. Select the folder of the Surface model for which you would like to include this driver.
 6. Click **Import Drivers** to start the Import Drivers Wizard, as shown in Figure 1.
   ![Provide the location of your driver files](images/using-sda-driverfiles-fig1.png "Provide the location of your driver files")
   *Figure 1. Provide the location of your driver files*
 7. The Import Drivers Wizard presents a series of steps:
   - **Specify Directory** – Click **Browse** and navigate to the folder where you stored the drivers in Step 1.
   - **Summary** – Review the specified configuration on this page before you click **Next** to begin the import process.
   - **Progress** – While the drivers are imported, a progress bar is displayed on this page.
   - **Confirmation** – When the import process completes, the success of the process is displayed on this page. Click **Finish** to complete the Import Drivers Wizard.
 8. Repeat Steps 5-7 for each Surface model on which you would like to include this driver.
 9. Close the Deployment Workbench.
 After the drivers are imported for the Surface model, the deployment task sequence will automatically select the drivers during the deployment process and include them in the Windows environment. When you connect your device, such as the barcode scanner in the example, Windows should automatically detect the device and you should be able to use it immediately.
 >[!NOTE]
 >You can even import drivers for other computer makes and models to support other devices. See **Step 5: Prepare the drivers repository** in [Deploy a Windows 10 image using MDT 2013 Update 2](https://technet.microsoft.com/itpro/windows/deploy/deploy-a-windows-10-image-using-mdt) for more information about how to import drivers for other makes and models.
 ## Import additional applications
 As with drivers, the SDA deployment share can be pre-configured with apps like the Surface App and Microsoft Office 365. You can also add applications to the SDA deployment share and configure them to be installed on your Surface devices during deployment of Windows. In the ideal scenario, your Surface devices deployed with the SDA deployment share will include all of the applications needed to be ready for your end users.
 In the previous example for including drivers for a POS system, you would also need to include POS software for processing transactions and recording the input from the barcode scanner and credit card reader. To import an application and prepare it for installation on your Surface devices during Windows deployment:
 1. Download the application installation files or locate the installation media for your application.
 2. Determine the command line instruction for silent installation, usually provided by the developer of the application. For Windows Installer files (.msi), see [Standard Installer Command-Line Options](https://msdn.microsoft.com/library/windows/desktop/aa372024) in the Windows Dev Center.
 3. Open the MDT Deployment Workbench.
 4. Expand the **Deployment Shares** node and expand the SDA deployment share.
 5. Expand the **Applications** folder.
 6. Click **New Application** to start the New Application Wizard, as shown in Figure 2.
   ![Provide the command to install your application](images/using-sda-installcommand-fig2.png "Provide the command to install your application")
   *Figure 2: Provide the command to install your application*
 7. Follow the steps of the New Application Wizard:
   - **Application Type** – Click **Application with Source Files**, and then click **Next**.
   - **Details** – Enter a name for the application in the **Application Name** field. Enter publisher, version, and language information in the **Publisher**, **Version**, and **Language** fields if desired. Click **Next**.
   - **Source** – Click **Browse** to navigate to and select the folder with the application installation files procured in Step 1, and then click **Next**.
   - **Destination** – Enter a name for the folder where the application files will be stored in the **Specify the Name of the Directory that Should Be Created** field or click **Next** to accept the default name.
   - **Command Details** – Enter the silent command-line instruction, for example `setup.msi /quiet /norestart`
   - **Summary** – Review the specified configuration on this page before you click **Next** to begin the import process.
   - **Progress** – While the installation files are imported, a progress bar is displayed on this page.
   - **Confirmation** – When the import process completes, the success of the process is displayed on this page. Click **Finish** to complete the New Application Wizard.
 8. Click the **Task Sequences** folder, right-click **1 - Deploy Microsoft Surface**, and then click **Properties**.
 9. Click the **Task Sequence** tab to view the steps that are included in the new task sequence.
 10. Select the **Windows Update (Pre-Application Installation)** step, and then click **Add**.
 11. Hover the mouse over **General** under the **Add** menu, and then click **Install Application**. This will add a new step after the selected step for the installation of a specific application as shown in Figure 3.
    ![A new Install Application step for Sample POS App](images/using-sda-newinstall-fig3.png "A new Install Application step for Sample POS App")
    *Figure 3. A new Install Application step for Sample POS App*
 12. On the **Properties** tab of the new **Install Application** step, enter **Install - Sample POS App** in the **Name** field, where *Sample POS App* is the name of your app.
 13. Click **Install a Single Application**, and then click **Browse** to view available applications that have been imported into the deployment share.
 14. Select your app from the list of applications, and then click **OK**.
 15. Click **OK** to close the task sequence properties.
 16. Close the Deployment Workbench.
 ## Work with existing deployment shares
 One of the many benefits of an MDT deployment share is the simplicity of how deployment resources are stored. The MDT deployment share is, at its core, just a standard network file share. All deployment resources, such as Windows images, application installation files, and drivers, are stored in a share that can be browsed with File Explorer, copied and pasted, and moved just like any other file share, provided that you have the necessary permissions. This makes working with deployment resources extremely easy. MDT even allows you to make it easier by allowing you to open multiple deployment shares from the Deployment Workbench and to transfer or copy resources between them.
 This ability gives SDA some extra capabilities when used in an environment with an existing MDT infrastructure. For example, if you install SDA on an isolated server to prepare a PoC and then log on to your production MDT deployment share from the Deployment Workbench on your SDA server, you can copy applications, drivers, task sequences, and other components into the SDA deployment share that is prepared with Surface apps and drivers. With this process, in a very short amount time, you can have a deployment environment ready to deploy your organization’s precise requirements to Surface devices.
 You can also use this capability in reverse. For example, you can copy the Surface drivers, deployment task sequences, and apps directly into a lab or testing environment following a successful PoC. Using these resources, you can immediately begin to integrate Surface deployment into your existing deployment infrastructure.
--- a/windows/deployment/deploy-whats-new.md
+++ b/windows/deployment/deploy-whats-new.md
@ -25,12 +25,16 @@ ms.topic: article
 This topic provides an overview of new solutions and online content related to deploying Windows 10 in your organization.
 - For an all-up overview of new features in Windows 10, see [What's new in Windows 10](https://docs.microsoft.com/windows/whats-new/index).
 - For a detailed list of changes to Windows 10 ITPro TechNet library content, see [Online content change history](#online-content-change-history).
-## Recent changes
+## Latest news
 [SetupDiag](#setupdiag) is included with Windows 10, version 2004 and later.<br>
 The [Windows ADK for Windows 10, version 2004](https://docs.microsoft.com/windows-hardware/get-started/adk-install) is available.<br>
 New capabilities are available for [Delivery Optimization](#delivery-optimization) and [Windows Update for Business](#windows-update-for-business).<br>
 VPN support is added to [Windows Autopilot](#windows-autopilot)<br>
 An in-place upgrade wizard is available in [Configuration Manager](#microsoft-endpoint-configuration-manager).<br>
 The [Windows ADK](#windows-assessment-and-deployment-kit-adk) for Windows 10, version 2004 is available.<br>
 The Windows 10 deployment and update [landing page](index.yml) has been redesigned, with additional content added and more content coming soon.<br>
 ## The Modern Desktop Deployment Center
@ -47,7 +51,34 @@ See [Deploy Windows 10 with Microsoft 365](deploy-m365.md) for an overview, whic
 ## Windows 10 servicing and support
- [**Delivery Optimization**](https://docs.microsoft.com/windows/deployment/update/waas-delivery-optimization): Improved Peer Efficiency for enterprises and educational institutions with complex networks is enabled with of [new policies](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-deliveryoptimization). This now supports Microsoft 365 Apps for enterprise updates, and Intune content, with Microsoft Endpoint Configuration Manager content coming soon! 
+### Delivery Optimization
 Windows PowerShell cmdlets for Delivery Optimization have been improved:
 - **Get-DeliveryOptimizationStatus** has added the  **-PeerInfo** option for a real-time peak behind the scenes on peer-to-peer activity (for example the peer IP Address, bytes received / sent).
 - **Get-DeliveryOptimizationLogAnalysis** is a new cmdlet that provides a summary of the activity in your DO log (# of downloads, downloads from peers, overall peer efficiency). Use the **-ListConnections** option to for in-depth look at peer-to-peer connections.
 - **Enable-DeliveryOptimizationVerboseLogs** is a new cmdlet that enables a greater level of logging detail to assist in troubleshooting.
 Additional improvements in [Delivery Optimization](https://docs.microsoft.com/windows/deployment/update/waas-delivery-optimization) include:
 - Enterprise network [throttling is enhanced](https://docs.microsoft.com/windows-insider/at-work-pro/wip-4-biz-whats-new#new-download-throttling-options-for-delivery-optimization-build-18917) to optimize foreground vs. background throttling.
 - Automatic cloud-based congestion detection is available for PCs with cloud service support.
 - Improved Peer Efficiency for enterprises and educational institutions with complex networks is enabled with of [new policies](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-deliveryoptimization). This now supports Microsoft 365 Apps for enterprise updates, and Intune content, with Microsoft Endpoint Configuration Manager content coming soon! 
 The following Delivery Optimization policies are removed in the Windows 10, version 2004 release:
 - Percentage of Maximum Download Bandwidth (DOPercentageMaxDownloadBandwidth)
  - Reason: Replaced with separate policies for foreground and background
 - Max Upload Bandwidth (DOMaxUploadBandwidth)
  - Reason: impacts uploads to internet peers only, which isn't used in Enterprises. 
 - Absolute max throttle (DOMaxDownloadBandwidth)
  - Reason: separated to foreground and background
 ### Windows Update for Business
 [Windows Update for Business](https://docs.microsoft.com/windows/deployment/update/waas-manage-updates-wufb) enhancements in this release include:
 - Intune console updates: target version is now available allowing you to specify which version of Windows 10 you want devices to move to. Additionally, this capability enables you to keep devices on their current version until they reach end of service. Check it out in Intune, also available as a Group Policy and Configuration Service Provider (CSP) policy.
 - Validation improvements: To ensure devices and end users stay productive and protected, Microsoft uses safeguard holds to block devices from updating when there are known issues that would impact that device. Also, to better enable IT administrators to validate on the latest release, we have created a new policy that enables admins to opt devices out of the built-in safeguard holds.
 - [**Automatic Restart Sign-on (ARSO)**](https://docs.microsoft.com/windows-insider/at-work-pro/wip-4-biz-whats-new#automatic-restart-and-sign-on-arso-for-enterprises-build-18305): Windows will automatically log on as the user and lock their device in order to complete the update, ensuring that when the user returns and unlocks the device, the update will be completed.  
 - [**Windows Update for Business**](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-Update-for-Business-and-the-retirement-of-SAC-T/ba-p/339523): There will now be a single, common start date for phased deployments (no more SAC-T designation). In addition, there will be a new notification and reboot scheduling experience for end users, the ability to enforce update installation and reboot deadlines, and the ability to provide end user control over reboots for a specific time period. 
 - **Update rollback improvements**: You can now automatically recover from startup failures by removing updates if the startup failure was introduced after the installation of recent driver or quality updates. When a device is unable to start up properly after the recent installation of Quality of driver updates, Windows will now automatically uninstall the updates to get the device back up and running normally.
@ -68,13 +99,16 @@ Windows 10 Enterprise E3 launched in the Cloud Solution Provider (CSP) channel o
 For more information, see [Windows 10 Enterprise E3 in CSP](windows-10-enterprise-e3-overview.md)
 ## Deployment solutions and tools
 ### Windows Autopilot
 [Windows Autopilot](https://docs.microsoft.com/windows/deployment/windows-autopilot/windows-autopilot) streamlines and automates the process of setting up and configuring new devices, with minimal interaction required from the end user. You can also use Windows Autopilot to reset, repurpose and recover devices. 
 With the release of Windows 10, version 2004 you can configure [Windows Autopilot user-driven](https://docs.microsoft.com/windows/deployment/windows-autopilot/user-driven) Hybrid Azure Active Directory join with VPN support. This support is also backported to Windows 10, version 1909 and 1903.
 If you configure the language settings in the Autopilot profile and the device is connected to Ethernet, all scenarios will now skip the language, locale, and keyboard pages.  In previous versions, this was only supported with self-deploying profiles.
 The following Windows Autopilot features are available in Windows 10, version 1903 and later:
 - [Windows Autopilot for white glove deployment](https://docs.microsoft.com/windows/deployment/windows-autopilot/white-glove) is new in Windows 10, version 1903. "White glove" deployment enables partners or IT staff to pre-provision devices so they are fully configured and business ready for your users.
@ -83,6 +117,10 @@ The following Windows Autopilot features are available in Windows 10, version 19
 - Windows Autopilot is self-updating during OOBE. Starting with the Windows 10, version 1903 Autopilot functional and critical updates will begin downloading automatically during OOBE.
 - Windows Autopilot will set the [diagnostics data](https://docs.microsoft.com/windows/privacy/windows-diagnostic-data) level to Full on Windows 10 version 1903 and later during OOBE. 
 ### Microsoft Endpoint Configuration Manager
 An in-place upgrade wizard is available in Configuration Manager. For more information, see [Simplifying Windows 10 deployment with Configuration Manager](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/simplifying-windows-10-deployment-with-configuration-manager/ba-p/1214364).
 ### Windows 10 Subscription Activation
 Windows 10 Education support has been added to Windows 10 Subscription Activation.
@ -91,9 +129,11 @@ With Windows 10, version 1903, you can step-up from Windows 10 Pro Education to
 ### SetupDiag
-[SetupDiag](upgrade/setupdiag.md) is a standalone diagnostic tool that can be used to obtain details about why a Windows 10 upgrade was unsuccessful. 
+[SetupDiag](upgrade/setupdiag.md) is a command-line tool that can help diagnose why a Windows 10 update failed. SetupDiag works by searching Windows Setup log files. When searching log files, SetupDiag uses a set of rules to match known issues.
-SetupDiag version 1.6.0.42 was released on 08/08/2019.
+In Windows 10, version 2004, SetupDiag is now automatically installed.
 During the upgrade process, Windows Setup will extract all its sources files to the **%SystemDrive%\$Windows.~bt\Sources** directory. With Windows 10, version 2004 and later, Windows Setup now also installs SetupDiag.exe to this directory. If there is an issue with the upgrade, SetupDiag is automatically run to determine the cause of the failure. If the upgrade process proceeds normally, this directory is moved under %SystemDrive%\Windows.Old for cleanup.
 ### Upgrade Readiness
@ -129,21 +169,21 @@ There are many benefits to converting the partition style of a disk to GPT, incl
 For more information, see [MBR2GPT.EXE](mbr-to-gpt.md).
 ### Microsoft Deployment Toolkit (MDT)
-MDT build 8456 (12/19/2018) is available, including support for Windows 10, version 1809, and Windows Server 2019.
+MDT version 8456 supports Windows 10, version 2004 and earlier operating systems, including Windows Server 2019. There is currently an issue that causes MDT to incorrectly detect that UEFI is present in Windows 10, version 2004.  This issue is currently under investigation.
 For more information about MDT, see the [MDT resource page](https://docs.microsoft.com/sccm/mdt/).
 For the latest information about MDT, see the [MDT release notes](https://docs.microsoft.com/mem/configmgr/mdt/release-notes).
 ### Windows Assessment and Deployment Kit (ADK)
-The Windows Assessment and Deployment Kit (Windows ADK) contains tools that can be used by IT Pros to deploy Windows. See the following topics:
+The Windows Assessment and Deployment Kit (Windows ADK) contains tools that can be used by IT Pros to deploy Windows.
- [What's new in ADK kits and tools](https://docs.microsoft.com/windows-hardware/get-started/what-s-new-in-kits-and-tools)
+Download the Windows ADK and Windows PE add-on for Windows 10, version 2004 [here](https://docs.microsoft.com/windows-hardware/get-started/adk-install).
 - [Windows ADK for Windows 10 scenarios for IT Pros](windows-adk-scenarios-for-it-pros.md)
 For information about what's new in the ADK, see [What's new in the Windows ADK for Windows 10, version 2004](https://docs.microsoft.com/windows-hardware/get-started/what-s-new-in-kits-and-tools#whats-new-in-the-windows-adk-for-windows-10-version-2004).
 Also see [Windows ADK for Windows 10 scenarios for IT Pros](windows-adk-scenarios-for-it-pros.md).
 ## Testing and validation guidance
@ -157,25 +197,15 @@ For more information, see the following guides:
 - [Deploy Windows 10 in a test lab using Microsoft Deployment Toolkit](windows-10-poc-mdt.md)
 - [Deploy Windows 10 in a test lab using Microsoft Endpoint Configuration Manager](windows-10-poc-sc-config-mgr.md)
 ## Troubleshooting guidance
 [Resolve Windows 10 upgrade errors](upgrade/resolve-windows-10-upgrade-errors.md) was published in October of 2016 and will continue to be updated with new fixes. The topic provides a detailed explanation of the Windows 10 upgrade process and instructions on how to locate, interpret, and resolve specific errors that can be encountered during the upgrade process.
 ## Online content change history
 The following topics provide a change history for Windows 10 ITPro TechNet library content related to deploying and using Windows 10.
 [Change history for Access Protection](/windows/access-protection/change-history-for-access-protection)<br>
 [Change history for Device Security](/windows/device-security/change-history-for-device-security)<br>
 [Change history for Threat Protection](/windows/threat-protection/change-history-for-threat-protection)
 ## Related topics
-[Overview of Windows as a service](update/waas-overview.md)
+[Overview of Windows as a service](update/waas-overview.md)<br>
-<BR>[Windows 10 deployment considerations](planning/windows-10-deployment-considerations.md)
+[Windows 10 deployment considerations](planning/windows-10-deployment-considerations.md)<br>
-<BR>[Windows 10 release information](https://docs.microsoft.com/windows/windows-10/release-information)
+[Windows 10 release information](https://docs.microsoft.com/windows/windows-10/release-information)<br>
-<BR>[Windows 10 Specifications & Systems Requirements](https://www.microsoft.com/windows/windows-10-specifications)
+[Windows 10 Specifications & Systems Requirements](https://www.microsoft.com/windows/windows-10-specifications)<br>
-<BR>[Windows 10 upgrade paths](upgrade/windows-10-upgrade-paths.md)
+[Windows 10 upgrade paths](upgrade/windows-10-upgrade-paths.md)<br>
-<BR>[Windows 10 deployment tools](windows-deployment-scenarios-and-tools.md)
+[Windows 10 deployment tools](windows-deployment-scenarios-and-tools.md)<br>
--- a/windows/deployment/upgrade/setupdiag.md
+++ b/windows/deployment/upgrade/setupdiag.md
@ -28,13 +28,23 @@ ms.topic: article
 ## About SetupDiag
-<I>Current version of SetupDiag: 1.6.0.42</I>
+<I>Current downloadable version of SetupDiag: 1.6.0.42</I>
 >Always be sure to run the most recent version of SetupDiag, so that can access new functionality and fixes to known issues.
 SetupDiag is a standalone diagnostic tool that can be used to obtain details about why a Windows 10 upgrade was unsuccessful. 
 SetupDiag works by examining Windows Setup log files. It attempts to parse these log files to determine the root cause of a failure to update or upgrade the computer to Windows 10. SetupDiag can be run on the computer that failed to update, or you can export logs from the computer to another location and run SetupDiag in offline mode.
 ## SetupDiag in Windows 10, version 2004 and later
 With the release of Windows 10, version 2004, SetupDiag is included with Windows Setup.
 During the upgrade process, Windows Setup will extract all its sources files to the **%SystemDrive%$Windows.~bt\Sources** directory. With Windows 10, version 2004 and later, SetupDiag.exe is also installed to this directory. If there is an issue with the upgrade, SetupDiag will automatically run to determine the cause of the failure.
 If the upgrade process proceeds normally, this directory is moved under **%SystemDrive%\Windows.Old** for cleanup. If this directory is deleted, SetupDiag.exe will also be removed.
 ## Using SetupDiag
 To quickly use SetupDiag on your current computer:
 1. Verify that your system meets the [requirements](#requirements) described below. If needed, install the [.NET framework 4.6](https://www.microsoft.com/download/details.aspx?id=48137).
 2. [Download SetupDiag](https://go.microsoft.com/fwlink/?linkid=870142).
--- a/windows/security/identity-protection/credential-guard/dg-readiness-tool.md
+++ b/windows/security/identity-protection/credential-guard/dg-readiness-tool.md
@ -14,11 +14,13 @@ ms.collection: M365-identity-device-management
 ms.topic: article
 ms.reviewer: 
 ---
 # Windows Defender Device Guard and Windows Defender Credential Guard hardware readiness tool
 ```powershell
-# Script to find out if machine is Device Guard compliant
+# Script to find out if a machine is Device Guard compliant.
-# requires driver verifier on system.
+# The script requires a driver verifier present on the system.
 param([switch]$Capable, [switch]$Ready, [switch]$Enable, [switch]$Disable, $SIPolicyPath, [switch]$AutoReboot, [switch]$DG, [switch]$CG, [switch]$HVCI, [switch]$HLK, [switch]$Clear, [switch]$ResetVerifier)
 $path = "C:\DGLogs\"
@ -774,13 +776,13 @@ function CheckOSArchitecture
 {
    $OSArch = $(gwmi win32_operatingsystem).OSArchitecture.ToLower()
    Log $OSArch
-    if($OSArch.Contains("64-bit"))
+    if($OSArch -match ("^64\-?\s?bit"))
    {
-        LogAndConsoleSuccess "64 bit archictecture"
+        LogAndConsoleSuccess "64 bit architecture"
    }
-    elseif($OSArch.Contains("32-bit"))
+    elseif($OSArch -match ("^32\-?\s?bit"))
    {
-        LogAndConsoleError "32 bit  archictecture"   
+        LogAndConsoleError "32 bit architecture"
        $DGVerifyCrit.AppendLine("32 Bit OS, OS Architecture failure.") | Out-Null
    }
    else
@ -959,7 +961,7 @@ function PrintToolVersion
    LogAndConsole ""
    LogAndConsole "###########################################################################"
    LogAndConsole ""
-    LogAndConsole "Readiness Tool Version 3.7.1 Release. `nTool to check if your device is capable to run Device Guard and Credential Guard."
+    LogAndConsole "Readiness Tool Version 3.7.2 Release. `nTool to check if your device is capable to run Device Guard and Credential Guard."
    LogAndConsole ""
    LogAndConsole "###########################################################################"
    LogAndConsole ""
@ -1182,7 +1184,7 @@ if($Enable)
    if(!$_isRedstone)
    {
        LogAndConsole "OS Not Redstone, enabling IsolatedUserMode separately"
-        #Enable/Disable IOMMU seperately
+        #Enable/Disable IOMMU separately
        ExecuteCommandAndLog 'DISM.EXE /Online /Enable-Feature:IsolatedUserMode /NoRestart'
    }
    $CmdOutput =  DISM.EXE /Online /Enable-Feature:Microsoft-Hyper-V-Hypervisor /All /NoRestart | Out-String
@ -1251,7 +1253,7 @@ if($Disable)
        if(!$_isRedstone)
        {
            LogAndConsole "OS Not Redstone, disabling IsolatedUserMode separately"
-            #Enable/Disable IOMMU seperately
+            #Enable/Disable IOMMU separately
            ExecuteCommandAndLog 'DISM.EXE /Online /disable-Feature /FeatureName:IsolatedUserMode /NoRestart'
        }
        $CmdOutput =  DISM.EXE /Online /disable-Feature /FeatureName:Microsoft-Hyper-V-Hypervisor /NoRestart | Out-String
@ -1371,7 +1373,6 @@ if($Capable)
 }
 # SIG # Begin signature block
 ## REPLACE
 # SIG # End signature block
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md
@ -63,7 +63,7 @@ The Windows Hello for Business deployment depends on an enterprise public key in
 Key trust deployments do not need client issued certificates for on-premises authentication.  Active Directory user accounts are automatically configured for public key mapping by Azure AD Connect synchronizing the public key of the registered Windows Hello for Business credential to an attribute on the user's Active Directory object.
-The minimum required enterprise certificate authority that can be used with Windows Hello for Business is Windows Server 2012, but you can also use a third-party enterprise certification authority. The detailed requirements for the Domain Controller certificate are shown below.
+The minimum required Enterprise certificate authority that can be used with Windows Hello for Business is Windows Server 2012, but you can also use a third-party Enterprise certification authority. The requirements for the domain controller certificate are shown below. For more details, see [Requirements for domain controller certificates from a third-party CA](https://support.microsoft.com/help/291010/requirements-for-domain-controller-certificates-from-a-third-party-ca).
 * The certificate must have a Certificate Revocation List (CRL) distribution point extension that points to a valid CRL.
 * The certificate Subject section should contain the directory path of the server object (the distinguished name).
@ -71,7 +71,7 @@ The minimum required enterprise certificate authority that can be used with Wind
 * Optionally, the certificate Basic Constraints section should contain: [Subject Type=End Entity, Path Length Constraint=None].
 * The certificate Enhanced Key Usage section must contain Client Authentication (1.3.6.1.5.5.7.3.2), Server Authentication (1.3.6.1.5.5.7.3.1), and KDC Authentication (1.3.6.1.5.2.3.5).
 * The certificate Subject Alternative Name section must contain the Domain Name System (DNS) name.  
-* The certificate template must have an extension that has the BMP data value "DomainController".
+* The certificate template must have an extension that has the value "DomainController", encoded as a [BMPstring](https://docs.microsoft.com/windows/win32/seccertenroll/about-bmpstring). If you are using Windows Server Enterprise Certificate Authority, this extension is already included in the domain controller certificate template.
 * The domain controller certificate must be installed in the local computer's certificate store.
--- a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-non-windows.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-non-windows.md
@ -29,7 +29,9 @@ ms.topic: article
 Microsoft Defender ATP provides a centralized security operations experience for Windows as well as non-Windows platforms. You'll be able to see alerts from various supported operating systems (OS) in Microsoft Defender Security Center and better protect your organization's network. 
-You'll need to know the exact Linux distros and macOS versions that are compatible with Microsoft Defender ATP for the integration to work. 
+You'll need to know the exact Linux distros and macOS versions that are compatible with Microsoft Defender ATP for the integration to work. For more information, see:
 - [Microsoft Defender ATP for Linux system requirements](microsoft-defender-atp-linux.md#system-requirements)  
 - [Microsoft Defender ATP for Mac system requirements](microsoft-defender-atp-mac.md#system-requirements).
 ## Onboarding non-Windows devices
 You'll need to take the following steps to onboard non-Windows devices:
--- a/windows/security/threat-protection/security-policy-settings/domain-member-maximum-machine-account-password-age.md
+++ b/windows/security/threat-protection/security-policy-settings/domain-member-maximum-machine-account-password-age.md
@ -14,7 +14,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 06/27/2019
+ms.date: 05/29/2020
 ---
 # Domain member: Maximum machine account password age
@ -42,8 +42,7 @@ For more information, see [Machine Account Password Process](https://techcommuni
 ### Best practices
-1. We recommend that you set **Domain member: Maximum machine account password age** to about 30 days. Setting the value to fewer days can increase replication and affect domain controllers. For example, in Windows NT domains, machine passwords were changed every 7 days. The additional replication churn would affect domain controllers in large organizations that have many computers or slow links between sites. 
+We recommend that you set **Domain member: Maximum machine account password age** to about 30 days. Setting the value to fewer days can increase replication and affect domain controllers. For example, in Windows NT domains, machine passwords were changed every 7 days. The additional replication churn would affect domain controllers in large organizations that have many computers or slow links between sites. 
 2. Some organizations pre-build computers and then store them for later use or ship them to remote locations. When a computer is turned on after being offline more than 30 days, the Netlogon service notices the password age and initiates a secure channel to a domain controller to change it. If the secure channel cannot be established, the computer does not authenticate with the domain. For this reason, some organizations might want to create a special organizational unit (OU) for computers that are prebuilt, and then configure the value for this policy setting to a greater number of days.
 ### Location
--- a/windows/security/threat-protection/windows-defender-application-control/manage-packaged-apps-with-windows-defender-application-control.md
+++ b/windows/security/threat-protection/windows-defender-application-control/manage-packaged-apps-with-windows-defender-application-control.md
@ -14,7 +14,7 @@ author: jsuther1974
 ms.reviewer: isbrahm
 ms.author: dansimp
 manager: dansimp
-ms.date: 05/14/2019
+ms.date: 05/29/2020
 ---
 # Manage Packaged Apps with Windows Defender Application Control 
@ -65,8 +65,10 @@ Below are the list of steps you can follow to block one or more packaged apps in
 1. Get the app identifier for an installed package
   ```powershell
-   $package = Get-AppxPackage -name <example_app>
+   $package = Get-AppxPackage -name *<example_app>*
   ```
   Where the name of the app is surrounded by asterisks, for example &ast;windowsstore&ast;
 2. Make a rule by using the New-CIPolicyRule cmdlet
   ```powershell   
@ -119,9 +121,9 @@ If the app you intend to block is not installed on the system you are using the
 3. Copy the GUID in the URL for the app
    - Example: the GUID for the Microsoft To-Do app is 9nblggh5r558
-    - https://www.microsoft.com/p/microsoft-to-do-list-task-reminder/9nblggh5r558?activetab=pivot:overviewtab 
+    - `https://www.microsoft.com/p/microsoft-to-do-list-task-reminder/9nblggh5r558?activetab=pivot:overviewtab` 
 4. Use the GUID in the following REST query URL to retrieve the identifiers for the app
-   - Example: for the Microsoft To-Do app, the URL would be https://bspmts.mp.microsoft.com/v1/public/catalog/Retail/Products/9nblggh5r558/applockerdata
+   - Example: for the Microsoft To-Do app, the URL would be `https://bspmts.mp.microsoft.com/v1/public/catalog/Retail/Products/9nblggh5r558/applockerdata`
   - The URL will return:
   ```
@ -141,4 +143,4 @@ The method for allowing specific packaged apps is similar to the method outlined
 $Rule = New-CIPolicyRule -Package $package -allow
 ```
-Since a lot of system apps are packaged apps, it is generally advised that customers rely on the sample policies in C:\Windows\schemas\CodeIntegrity\ExamplePolicies to help allow all inbox apps by the Store signature already included in the policies and control apps with deny rules. 
+Since a lot of system apps are packaged apps, it is generally advised that customers rely on the sample policies in `C:\Windows\schemas\CodeIntegrity\ExamplePolicies` to help allow all inbox apps by the Store signature already included in the policies and control apps with deny rules. 
--- a/windows/whats-new/whats-new-windows-10-version-1909.md
+++ b/windows/whats-new/whats-new-windows-10-version-1909.md
@ -60,10 +60,6 @@ An experimental implementation of TLS 1.3 is included in Windows 10, version 190
 ## Virtualization
 ### Containers on Windows
 This update includes 5 fixes to allow the host to run down-level containers on up-level for process (Argon) isolation. Previously [Containers on Windows](https://docs.microsoft.com/virtualization/windowscontainers/) required matched host and container version. This limited Windows containers from supporting mixed-version container pod scenarios.
 ### Windows Sandbox
 [Windows Sandbox](https://techcommunity.microsoft.com/t5/Windows-Kernel-Internals/Windows-Sandbox/ba-p/301849) is an isolated desktop environment where you can install software without the fear of lasting impact to your device. This feature is available in Windows 10, version 1903. In Windows 10, version 1909 you have even more control over the level of isolation.
--- a/windows/whats-new/whats-new-windows-10-version-2004.md
+++ b/windows/whats-new/whats-new-windows-10-version-2004.md
@ -74,7 +74,7 @@ If you configure the language settings in the Autopilot profile and the device i
 ### Microsoft Endpoint Manager
-An in-place upgrade wizard is available in Configuration Manager. For more information, see [Simplifying Windows 10 deployment with Configuraton Manager](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/simplifying-windows-10-deployment-with-configuration-manager/ba-p/1214364).
+An in-place upgrade wizard is available in Configuration Manager. For more information, see [Simplifying Windows 10 deployment with Configuration Manager](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/simplifying-windows-10-deployment-with-configuration-manager/ba-p/1214364).
 Also see [What's new in Microsoft Intune](https://docs.microsoft.com/mem/intune/fundamentals/whats-new).
@ -121,13 +121,9 @@ The following [Delivery Optimization](https://docs.microsoft.com/windows/deploym
 ## Virtualization
 ### Containers on Windows
 This update includes 5 fixes to allow the host to run down-level containers on up-level for process (Argon) isolation. Previously [Containers on Windows](https://docs.microsoft.com/virtualization/windowscontainers/) required matched host and container version. This limited Windows containers from supporting mixed-version container pod scenarios.
 ### Windows Sandbox
-[Windows Sandbox](https://techcommunity.microsoft.com/t5/Windows-Kernel-Internals/Windows-Sandbox/ba-p/301849) is an isolated desktop environment where you can install software without the fear of lasting impact to your device. This feature was released with Windows 10, version 1903. Windows 10, version 2004 includes bugfixes and enables even more control over configuration.
+[Windows Sandbox](https://techcommunity.microsoft.com/t5/Windows-Kernel-Internals/Windows-Sandbox/ba-p/301849) is an isolated desktop environment where you can install software without the fear of lasting impact to your device. This feature was released with Windows 10, version 1903. Windows 10, version 2004 includes bug fixes and enables even more control over configuration.
 [Windows Sandbox configuration](https://docs.microsoft.com/windows/security/threat-protection/windows-sandbox/windows-sandbox-configure-using-wsb-file) includes:
 - MappedFolders now supports a destination folder. Previously no destination could be specified, it was always mapped to the Sandbox desktop.
@ -235,6 +231,7 @@ For information about Desktop Analytics and this release of Windows 10, see [Wha
 ## See Also
 [What’s new in the Windows 10 May 2020 Update](https://blogs.windows.com/windowsexperience/2020/05/27/whats-new-in-the-windows-10-may-2020-update/)<br>
 [What's New in Windows Server](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server): New and updated features in Windows Server.<br>
 [Windows 10 Features](https://www.microsoft.com/windows/features): General information about Windows 10 features.<br>
 [What's New in Windows 10](https://docs.microsoft.com/windows/whats-new/): See what’s new in other versions of Windows 10.<br>