Merge branch 'master' into shared-pc-csp-update

2025-06-20 12:53:38 +00:00 · 2019-01-16 09:52:10 -08:00
parent fe37e9fd9e c1683a3f0c
commit 1b8eb5139f
13 changed files with 772 additions and 342 deletions
--- a/education/get-started/change-history-ms-edu-get-started.md
+++ b/education/get-started/change-history-ms-edu-get-started.md
@ -1,42 +1,42 @@
---
+---
-title: Change history for Microsoft Education Get Started
+title: Change history for Microsoft Education Get Started
-description: New and changed topics in the Microsoft Education get started guide.
+description: New and changed topics in the Microsoft Education get started guide.
-keywords: Microsoft Education get started guide, IT admin, IT pro, school, education, change history
+keywords: Microsoft Education get started guide, IT admin, IT pro, school, education, change history
-ms.prod: w10
+ms.prod: w10
-ms.mktglfcycl: deploy
+ms.mktglfcycl: deploy
-ms.sitesec: library
+ms.sitesec: library
-ms.pagetype: edu
+ms.pagetype: edu
-author: CelesteDG
+author: CelesteDG
-ms.author: celested
+ms.author: celested
-ms.date: 07/07/2017
+ms.date: 07/07/2017
---
+---
-
+
-# Change history for Microsoft Education Get Started
+# Change history for Microsoft Education Get Started
-
+
-This topic lists the changes in the Microsoft Education IT admin get started.
+This topic lists the changes in the Microsoft Education IT admin get started.
-
+
-## July 2017
+## July 2017
-
+
-| New or changed topic | Description |
+| New or changed topic | Description |
-| --- | ---- |
+| --- | ---- |
-| [Get started: Deploy and manage a full cloud IT solution with Microsoft Education](get-started-with-microsoft-education.md) | Broke up the get started guide to highlight each phase in the Microsoft Education deployment and management process. |
+| [Get started: Deploy and manage a full cloud IT solution with Microsoft Education](get-started-with-microsoft-education.md) | Broke up the get started guide to highlight each phase in the Microsoft Education deployment and management process. |
-| [Set up an Office 365 Education tenant](set-up-office365-edu-tenant.md) | New. Shows the video and step-by-step guide on how to set up an Office 365 for Education tenant. |
+| [Set up an Office 365 Education tenant](set-up-office365-edu-tenant.md) | New. Shows the video and step-by-step guide on how to set up an Office 365 for Education tenant. |
-| [Use School Data Sync to import student data](use-school-data-sync.md) | New. Shows the video and step-by-step guide on School Data Sync and sample CSV files to import student data in a trial environment. |
+| [Use School Data Sync to import student data](use-school-data-sync.md) | New. Shows the video and step-by-step guide on School Data Sync and sample CSV files to import student data in a trial environment. |
-| [Enable Microsoft Teams for your school](enable-microsoft-teams.md) | New. Shows how IT admins can enable and deploy Microsoft Teams in schools. |
+| [Enable Microsoft Teams for your school](enable-microsoft-teams.md) | New. Shows how IT admins can enable and deploy Microsoft Teams in schools. |
-| [Configure Microsoft Store for Education](configure-microsoft-store-for-education.md) | New. Shows the video and step-by-step guide on how to accept the services agreement and ensure your Microsoft Store account is associated with Intune for Education. |
+| [Configure Microsoft Store for Education](configure-microsoft-store-for-education.md) | New. Shows the video and step-by-step guide on how to accept the services agreement and ensure your Microsoft Store account is associated with Intune for Education. |
-| [Use Intune for Education to manage groups, apps, and settings](use-intune-for-education.md) | New. Shows the video and step-by-step guide on how to set up Intune for Education, buy apps from the Microsoft Store for Education, and install the apps for all users in your tenant. |
+| [Use Intune for Education to manage groups, apps, and settings](use-intune-for-education.md) | New. Shows the video and step-by-step guide on how to set up Intune for Education, buy apps from the Microsoft Store for Education, and install the apps for all users in your tenant. |
-| [Set up Windows 10 education devices](set-up-windows-10-education-devices.md) | New. Shows options available to you when you need to set up new Windows 10 devices and enroll them to your education tenant. Each option contains a video and step-by-step guide. |
+| [Set up Windows 10 education devices](set-up-windows-10-education-devices.md) | New. Shows options available to you when you need to set up new Windows 10 devices and enroll them to your education tenant. Each option contains a video and step-by-step guide. |
-| [Finish Windows 10 device setup and other tasks](finish-setup-and-other-tasks.md) | New. Shows the video and step-by-step guide on how to finish preparing your Windows 10 devices for use in the classroom. |
+| [Finish Windows 10 device setup and other tasks](finish-setup-and-other-tasks.md) | New. Shows the video and step-by-step guide on how to finish preparing your Windows 10 devices for use in the classroom. |
-
+
-
+
-## June 2017
+## June 2017
-
+
-| New or changed topic | Description |
+| New or changed topic | Description |
-| --- | ---- |
+| --- | ---- |
-| [Get started: Deploy and manage a full cloud IT solution with Microsoft Education](get-started-with-microsoft-education.md) | Includes the following updates:</br></br> - New configuration guidance for IT administrators to deploy Microsoft Teams.</br> - Updated steps for School Data Sync to show the latest workflow and user experience.</br> - Updated steps for Option 2: Try out Microsoft Education in a trial environment. You no longer need the SDS promo code to try SDS in a trial environment. |
+| [Get started: Deploy and manage a full cloud IT solution with Microsoft Education](get-started-with-microsoft-education.md) | Includes the following updates:</br></br> - New configuration guidance for IT administrators to deploy Microsoft Teams.</br> - Updated steps for School Data Sync to show the latest workflow and user experience.</br> - Updated steps for Option 2: Try out Microsoft Education in a trial environment. You no longer need the SDS promo code to try SDS in a trial environment. |
-
+
-## May 2017
+## May 2017
-
+
-| New or changed topic | Description |
+| New or changed topic | Description |
-| --- | ---- |
+| --- | ---- |
-| [Get started: Deploy and manage a full cloud IT solution with Microsoft Education](get-started-with-microsoft-education.md) | New. Learn how to use the new Microsoft Education system to set up a cloud infrastructure for your school, acquire devices and apps, and configure and deploy policies to your Windows 10 devices. |
+| [Get started: Deploy and manage a full cloud IT solution with Microsoft Education](get-started-with-microsoft-education.md) | New. Learn how to use the new Microsoft Education system to set up a cloud infrastructure for your school, acquire devices and apps, and configure and deploy policies to your Windows 10 devices. |
--- a/education/windows/create-tests-using-microsoft-forms.md
+++ b/education/windows/create-tests-using-microsoft-forms.md
@ -1,31 +1,31 @@
---
+---
-title: Create tests using Microsoft Forms
+title: Create tests using Microsoft Forms
-description: Learn how to use Microsoft Forms with the Take a Test app to prevent access to other computers or online resources while completing a test.
+description: Learn how to use Microsoft Forms with the Take a Test app to prevent access to other computers or online resources while completing a test.
-keywords: school, Take a Test, Microsoft Forms
+keywords: school, Take a Test, Microsoft Forms
-ms.prod: w10
+ms.prod: w10
-ms.mktglfcycl: plan
+ms.mktglfcycl: plan
-ms.sitesec: library
+ms.sitesec: library
-ms.pagetype: edu
+ms.pagetype: edu
-author: CelesteDG
+author: CelesteDG
-ms.author: celested
+ms.author: celested
-redirect_url: https://support.microsoft.com/help/4000711/windows-10-create-tests-using-microsoft-forms
+redirect_url: https://support.microsoft.com/help/4000711/windows-10-create-tests-using-microsoft-forms
---
+---
-
+
-# Create tests using Microsoft Forms
+# Create tests using Microsoft Forms
-**Applies to:**
+**Applies to:**
-
+
-   Windows 10   
+-   Windows 10   
-
+
-
+
-For schools that have an Office 365 Education subscription, teachers can use [Microsoft Forms](https://support.office.com/article/What-is-Microsoft-Forms-6b391205-523c-45d2-b53a-fc10b22017c8) to create a test and then require that students use the Take a Test app to block access to other computers or online resources while completing the test created through Microsoft Forms.
+For schools that have an Office 365 Education subscription, teachers can use [Microsoft Forms](https://support.office.com/article/What-is-Microsoft-Forms-6b391205-523c-45d2-b53a-fc10b22017c8) to create a test and then require that students use the Take a Test app to block access to other computers or online resources while completing the test created through Microsoft Forms.
-
+
-To do this, teachers can select a check box to make it a secure test. Microsoft Forms will generate a link that you can use to embed into your OneNote or class website. When students are ready to take a test, they can click on the link to start the test.
+To do this, teachers can select a check box to make it a secure test. Microsoft Forms will generate a link that you can use to embed into your OneNote or class website. When students are ready to take a test, they can click on the link to start the test.
-
+
-Microsoft Forms will perform checks to ensure students are taking the test in a locked down Take a Test session. If not, students are not permitted access to the assessment.
+Microsoft Forms will perform checks to ensure students are taking the test in a locked down Take a Test session. If not, students are not permitted access to the assessment.
-
+
-[Learn how to block Internet access while students complete your form](https://support.office.com/article/6bd7e31d-5be0-47c9-a0dc-c0a74fc48959)
+[Learn how to block Internet access while students complete your form](https://support.office.com/article/6bd7e31d-5be0-47c9-a0dc-c0a74fc48959)
-
+
-
+
-## Related topics
+## Related topics
-
+
-[Take tests in Windows 10](take-tests-in-windows-10.md)
+[Take tests in Windows 10](take-tests-in-windows-10.md)
--- a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
+++ b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
@ -1760,6 +1760,12 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
 ## Change history in MDM documentation
 ### January 2019
 |New or updated topic | Description|
 |--- | ---|
 |[Policy CSP - Storage](policy-csp-storage.md)|Added the following new policies: AllowStorageSenseGlobal, ConfigStorageSenseGlobalCadence, AllowStorageSenseTemporaryFilesCleanup, ConfigStorageSenseRecycleBinCleanupThreshold, ConfigStorageSenseDownloadsCleanupThreshold, and ConfigStorageSenseCloudContentCleanupThreshold.|
 ### December 2018
 |New or updated topic | Description|
--- a/windows/client-management/mdm/policy-csp-storage.md
+++ b/windows/client-management/mdm/policy-csp-storage.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: MariciaAlforque
-ms.date: 08/27/2018
+ms.date: 01/14/2019
 ---
 # Policy CSP - Storage
@ -24,6 +24,21 @@ ms.date: 08/27/2018
  <dd>
    <a href="#storage-allowdiskhealthmodelupdates">Storage/AllowDiskHealthModelUpdates</a>
  </dd>
  <dd>
    <a href="#storage-allowstoragesenseglobal">Storage/AllowStorageSenseGlobal</a>
  </dd>
  <dd>
    <a href="#storage-allowstoragesensetemporaryfilescleanup">Storage/AllowStorageSenseTemporaryFilesCleanup</a>
  </dd>
  <dd>
    <a href="#storage-configstoragesensecloudcontentdehydrationthreshold">Storage/ConfigStorageSenseCloudContentDehydrationThreshold</a>
  </dd>
  <dd>
    <a href="#storage-configstoragesenseglobalcadence">Storage/ConfigStorageSenseGlobalCadence</a>
  </dd>
  <dd>
    <a href="#storage-configstoragesenserecyclebincleanupthreshold">Storage/ConfigStorageSenseRecycleBinCleanupThreshold</a>
  </dd>
  <dd>
    <a href="#storage-enhancedstoragedevices">Storage/EnhancedStorageDevices</a>
  </dd>
@ -73,8 +88,6 @@ ms.date: 08/27/2018
 <!--Description-->
 Added in Windows 10, version 1709.  Allows disk health model updates.
 Value type is integer.
 <!--/Description-->
@ -97,6 +110,420 @@ The following list shows the supported values:
 <hr/>
 <!--Policy-->
 <a href="" id="storage-allowstoragesenseglobal"></a>**Storage/AllowStorageSenseGlobal**  
 <!--SupportedSKUs-->
 <table>
 <tr>
 	<th>Home</th>
 	<th>Pro</th>
 	<th>Business</th>
 	<th>Enterprise</th>
 	<th>Education</th>
 	<th>Mobile</th>
 	<th>Mobile Enterprise</th>
 </tr>
 <tr>
 	<td></td>
 	<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
 	<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
 	<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
 	<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
 	<td></td>
 	<td></td>
 </tr>
 </table>
 <!--/SupportedSKUs-->
 <!--Scope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--/Scope-->
 <!--Description-->
 Storage Sense can automatically clean some of the user’s files to free up disk space. By default, Storage Sense is automatically turned on when the machine runs into low disk space and is set to run whenever the machine runs into storage pressure. This cadence can be changed in Storage settings or set with the Storage/ConfigStorageSenseGlobalCadence group policy.
 If you enable this policy setting without setting a cadence, Storage Sense is turned on for the machine with the default cadence of "during low free disk space." Users cannot disable Storage Sense, but they can adjust the cadence (unless you also configure the Storage/ConfigStorageSenseGlobalCadence group policy).
 If you disable this policy setting, the machine will turn off Storage Sense. Users cannot enable Storage Sense.
 If you do not configure this policy setting, Storage Sense is turned off by default until the user runs into low disk space or the user enables it manually. Users can configure this setting in Storage settings.
 <!--/Description-->
 <!--ADMXMapped-->
 ADMX Info:  
 -   GP English name: *Allow Storage Sense*
 -   GP name: *SS_AllowStorageSenseGlobal*
 -   GP path: *SOFTWARE/Policies/Microsoft/Windows/StorageSense*
 -   GP ADMX file name: *StorageSense.admx*
 <!--/ADMXMapped-->
 <!--SupportedValues-->
 <!--/SupportedValues-->
 <!--Example-->
 <!--/Example-->
 <!--Validation-->
 <!--/Validation-->
 <!--/Policy-->
 <hr/>
 <!--Policy-->
 <a href="" id="storage-allowstoragesensetemporaryfilescleanup"></a>**Storage/AllowStorageSenseTemporaryFilesCleanup**  
 <!--SupportedSKUs-->
 <table>
 <tr>
 	<th>Home</th>
 	<th>Pro</th>
 	<th>Business</th>
 	<th>Enterprise</th>
 	<th>Education</th>
 	<th>Mobile</th>
 	<th>Mobile Enterprise</th>
 </tr>
 <tr>
 	<td></td>
 	<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
 	<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
 	<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
 	<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
 	<td></td>
 	<td></td>
 </tr>
 </table>
 <!--/SupportedSKUs-->
 <!--Scope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--/Scope-->
 <!--Description-->
 When Storage Sense runs, it can delete the user’s temporary files that are not in use.
 If the Storage/AllowStorageSenseGlobal policy is disabled, then this policy does not have any effect.
 If you enable this policy setting, Storage Sense will delete the user’s temporary files that are not in use. Users cannot disable this setting in Storage settings.
 If you disable this policy setting, Storage Sense will not delete the user’s temporary files. Users cannot enable this setting in Storage settings.
 If you do not configure this policy setting, Storage Sense will delete the user’s temporary files by default. Users can configure this setting in Storage settings.
 <!--/Description-->
 <!--ADMXMapped-->
 ADMX Info:  
 -   GP English name: *Allow Storage Sense Temporary Files cleanup*
 -   GP name: *SS_AllowStorageSenseTemporaryFilesCleanup*
 -   GP path: *System/StorageSense*
 -   GP ADMX file name: *StorageSense.admx*
 <!--/ADMXMapped-->
 <!--SupportedValues-->
 <!--/SupportedValues-->
 <!--Example-->
 <!--/Example-->
 <!--Validation-->
 <!--/Validation-->
 <!--/Policy-->
 <hr/>
 <!--Policy-->
 <a href="" id="storage-configstoragesensecloudcontentdehydrationthreshold"></a>**Storage/ConfigStorageSenseCloudContentDehydrationThreshold**  
 <!--SupportedSKUs-->
 <table>
 <tr>
 	<th>Home</th>
 	<th>Pro</th>
 	<th>Business</th>
 	<th>Enterprise</th>
 	<th>Education</th>
 	<th>Mobile</th>
 	<th>Mobile Enterprise</th>
 </tr>
 <tr>
 	<td></td>
 	<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
 	<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
 	<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
 	<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
 	<td></td>
 	<td></td>
 </tr>
 </table>
 <!--/SupportedSKUs-->
 <!--Scope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--/Scope-->
 <!--Description-->
 When Storage Sense runs, it can dehydrate cloud-backed content that hasn’t been opened in a certain amount of days.
 If the Storage/AllowStorageSenseGlobal policy is disabled, then this policy does not have any effect.
 If you enable this policy setting, you must provide the number of days since a cloud-backed file has been opened before Storage Sense will dehydrate it. Supported values are: 0–365.
 If you set this value to zero, Storage Sense will not dehydrate any cloud-backed content. The default value is 0, which never dehydrates cloud-backed content.
 If you disable or do not configure this policy setting, then Storage Sense will not dehydrate any cloud-backed content by default. Users can configure this setting in Storage settings.
 <!--/Description-->
 <!--ADMXMapped-->
 ADMX Info:  
 -   GP English name: *Configure Storage Sense Cloud Content dehydration threshold*
 -   GP name: *SS_ConfigStorageSenseCloudContentDehydrationThreshold*
 -   GP path: *System/StorageSense*
 -   GP ADMX file name: *StorageSense.admx*
 <!--/ADMXMapped-->
 <!--SupportedValues-->
 <!--/SupportedValues-->
 <!--Example-->
 <!--/Example-->
 <!--Validation-->
 <!--/Validation-->
 <!--/Policy-->
 <hr/>
 <!--Policy-->
 <a href="" id="storage-configstoragesensedownloadscleanupthreshold"></a>**Storage/ConfigStorageSenseDownloadsCleanupThreshold**  
 <!--SupportedSKUs-->
 <table>
 <tr>
 	<th>Home</th>
 	<th>Pro</th>
 	<th>Business</th>
 	<th>Enterprise</th>
 	<th>Education</th>
 	<th>Mobile</th>
 	<th>Mobile Enterprise</th>
 </tr>
 <tr>
 	<td></td>
 	<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
 	<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
 	<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
 	<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
 	<td></td>
 	<td></td>
 </tr>
 </table>
 <!--/SupportedSKUs-->
 <!--Scope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--/Scope-->
 <!--Description-->
 When Storage Sense runs, it can delete files in the user’s Downloads folder if they have been there for over a certain amount of days.
 If the Storage/AllowStorageSenseGlobal policy is disabled, then this policy does not have any effect.
 If you enable this policy setting, you must provide the minimum age threshold (in days) of a file in the Downloads folder before Storage Sense will delete it. Supported values are: 0–365.
 If you set this value to zero, Storage Sense will not delete files in the user’s Downloads folder. The default is 0, or never deleting files in the Downloads folder.
 If you disable or do not configure this policy setting, then Storage Sense will not delete files in the user’s Downloads folder by default. Users can configure this setting in Storage settings.
 <!--/Description-->
 <!--ADMXMapped-->
 ADMX Info:  
 -   GP English name: *Configure Storage Storage Downloads cleanup threshold*
 -   GP name: *SS_ConfigStorageSenseDownloadsCleanupThreshold*
 -   GP path: *System/StorageSense*
 -   GP ADMX file name: *StorageSense.admx*
 <!--/ADMXMapped-->
 <!--SupportedValues-->
 <!--/SupportedValues-->
 <!--Example-->
 <!--/Example-->
 <!--Validation-->
 <!--/Validation-->
 <!--/Policy-->
 <hr/>
 <!--Policy-->
 <a href="" id="storage-configstoragesenseglobalcadence"></a>**Storage/ConfigStorageSenseGlobalCadence**  
 <!--SupportedSKUs-->
 <table>
 <tr>
 	<th>Home</th>
 	<th>Pro</th>
 	<th>Business</th>
 	<th>Enterprise</th>
 	<th>Education</th>
 	<th>Mobile</th>
 	<th>Mobile Enterprise</th>
 </tr>
 <tr>
 	<td></td>
 	<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
 	<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
 	<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
 	<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
 	<td></td>
 	<td></td>
 </tr>
 </table>
 <!--/SupportedSKUs-->
 <!--Scope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--/Scope-->
 <!--Description-->
 Storage Sense can automatically clean some of the user’s files to free up disk space.
 If the Storage/AllowStorageSenseGlobal policy is disabled, then this policy does not have any effect.
 If you enable this policy setting, you must provide the desired Storage Sense cadence.
 The following are supported options:
 - 1 – Daily
 - 7 – Weekly
 - 30 – Monthly
 - 0 – During low free disk space
 The default is 0 (during low free disk space).
 If you do not configure this policy setting, then the Storage Sense cadence is set to “during low free disk space” by default. Users can configure this setting in Storage settings.
 <!--/Description-->
 <!--ADMXMapped-->
 ADMX Info:  
 -   GP English name: *Configure Storage Sense cadence*
 -   GP name: *RemovableDisks_DenyWrite_Access_2*
 -   GP path: *SOFTWARE/Policies/Microsoft/Windows/StorageSense*
 -   GP ADMX file name: *StorageSense.admx*
 <!--/ADMXMapped-->
 <!--SupportedValues-->
 <!--/SupportedValues-->
 <!--Example-->
 <!--/Example-->
 <!--Validation-->
 <!--/Validation-->
 <!--/Policy-->
 <hr/>
 <!--Policy-->
 <a href="" id="storage-configstoragesenserecyclebincleanupthreshold"></a>**Storage/ConfigStorageSenseRecycleBinCleanupThreshold**  
 <!--SupportedSKUs-->
 <table>
 <tr>
 	<th>Home</th>
 	<th>Pro</th>
 	<th>Business</th>
 	<th>Enterprise</th>
 	<th>Education</th>
 	<th>Mobile</th>
 	<th>Mobile Enterprise</th>
 </tr>
 <tr>
 	<td></td>
 	<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
 	<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
 	<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
 	<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
 	<td></td>
 	<td></td>
 </tr>
 </table>
 <!--/SupportedSKUs-->
 <!--Scope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--/Scope-->
 <!--Description-->
 When Storage Sense runs, it can delete files in the user’s Recycle Bin if they have been there for over a certain amount of days.
 If the Storage/AllowStorageSenseGlobal policy is disabled, then this policy does not have any effect.
 If you enable this policy setting, you must provide the minimum age threshold (in days) of a file in the Recycle Bin before Storage Sense will delete it. Supported values are: 0–365.
 If you set this value to zero, Storage Sense will not delete files in the user’s Recycle Bin. The default is 30 days.
 If you disable or do not configure this policy setting, Storage Sense will delete files in the user’s Recycle Bin that have been there for over 30 days by default. Users can configure this setting in Storage settings.
 <!--/Description-->
 <!--ADMXMapped-->
 ADMX Info:  
 -   GP English name: *Configure Storage Sense Recycle Bin cleanup threshold*
 -   GP name: *SS_ConfigStorageSenseRecycleBinCleanupThreshold*
 -   GP path: *System/StorageSense*
 -   GP ADMX file name: *StorageSense.admx*
 <!--/ADMXMapped-->
 <!--SupportedValues-->
 <!--/SupportedValues-->
 <!--Example-->
 <!--/Example-->
 <!--Validation-->
 <!--/Validation-->
 <!--/Policy-->
 <hr/>
 <!--Policy-->
 <a href="" id="storage-enhancedstoragedevices"></a>**Storage/EnhancedStorageDevices**  
@ -221,6 +648,9 @@ ADMX Info:
 <!--/Validation-->
 <!--/Policy-->
 <!--/Policies-->
 <hr/>
 Footnote:
--- a/windows/deployment/windows-autopilot/TOC.md
+++ b/windows/deployment/windows-autopilot/TOC.md
@ -18,6 +18,7 @@
 #### [Adding devices](add-devices.md)
 #### [Creating profiles](profiles.md)
 #### [Enrollment status page](enrollment-status.md)
 #### [BitLocker encryption](bitlocker.md)
 ### [Administering Autopilot via Microsoft Store for Business](https://docs.microsoft.com/microsoft-store/add-profile-to-devices#manage-autopilot-deployment-profiles)
 ### [Administering Autopilot via Microsoft Intune](https://docs.microsoft.com/intune/enrollment-autopilot)
 ### [Administering Autopilot via Microsoft 365 Business & Office 365 Admin portal](https://support.office.com/article/Create-and-edit-Autopilot-profiles-5cf7139e-cfa1-4765-8aad-001af1c74faa)
--- a/windows/deployment/windows-autopilot/bitlocker.md
+++ b/windows/deployment/windows-autopilot/bitlocker.md
@ -0,0 +1,40 @@
 ---
 title: Setting the BitLocker encryption algorithm for Autopilot devices
 description: Microsoft Intune provides a comprehensive set of configuration options to manage BitLocker on Windows 10 devices. 
 keywords: Autopilot, BitLocker, encryption, 256-bit, Windows 10
 ms.prod: w10
 ms.technology: Windows
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: deploy
 ms.localizationpriority: medium
 author: greg-lindsay
 ms.author: greg-lindsay
 ---
 # Setting the BitLocker encryption algorithm for Autopilot devices
 With Windows Autopilot, you can configure the BitLocker encryption settings to be applied before automatic encryption is started. This ensures that the default encrytion algorithm is not applied automatically when this is not the desired setting. Other BitLocker policies that must be applied prior to encryption can also be delivered before automatic BitLocker encryption begins. 
 The BitLocker encryption algorithm is used when BitLocker is first enabled, and sets the strength to which full volume encryption should occur. Available encryption algorithms are: AES-CBC 128-bit, AES-CBC 256-bit, XTS-AES 128-bit or XTS-AES 256-bit encryption. The default value is XTS-AES 128-bit encryption. See [BitLocker CSP](https://docs.microsoft.com/en-us/windows/client-management/mdm/bitlocker-csp) for information about the recommended encryption algorithms to use.
 An example of encryption settings is shown below.
   ![BitLocker encryption settings](images/bitlocker-encryption.png)
 Note that a device which is encrypted automatically will need to be decrypted prior to changing the encyption algorithm.
 To ensure the desired BitLocker encryption algorithm is set before automatic encryption occurs for Autopilot devices:
 1. Configure the [encryption method settings](https://docs.microsoft.com/intune/endpoint-protection-windows-10#windows-encryption) in the Windows 10 Endpoint Protection profile to the desired encryption algorithm. 
 2. [Assign the policy](https://docs.microsoft.com/intune/device-profile-assign) to your Autopilot device group. 
    - **IMPORTANT**: The encryption policy must be assigned to **devices** in the group, not users.
 3. Enable the Autopilot [Enrollment Status Page](https://docs.microsoft.com/windows/deployment/windows-autopilot/enrollment-status) (ESP) for these devices. This is a critical step because if the ESP is not enabled, the policy will not apply when the device boots.
 ## Requirements
 Windows 10, version 1809 or later.
 ## See also
 [Bitlocker overview](https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-overview)
--- a/windows/deployment/windows-autopilot/images/bitlocker-encryption.png
+++ b/windows/deployment/windows-autopilot/images/bitlocker-encryption.png
--- a/windows/privacy/windows-endpoints-1809-non-enterprise-editions.md
+++ b/windows/privacy/windows-endpoints-1809-non-enterprise-editions.md
@ -1,159 +1,159 @@
---
+---
-title: Windows 10, version 1809, connection endpoints for non-Enterprise editions
+title: Windows 10, version 1809, connection endpoints for non-Enterprise editions
-description: Explains what Windows 10 endpoints are used in non-Enterprise editions.
+description: Explains what Windows 10 endpoints are used in non-Enterprise editions.
-keywords: privacy, manage connections to Microsoft, Windows 10, Windows Server 2016
+keywords: privacy, manage connections to Microsoft, Windows 10, Windows Server 2016
-ms.prod: w10
+ms.prod: w10
-ms.mktglfcycl: manage
+ms.mktglfcycl: manage
-ms.sitesec: library
+ms.sitesec: library
-ms.localizationpriority: high
+ms.localizationpriority: high
-author: danihalfin
+author: danihalfin
-ms.author: daniha
+ms.author: daniha
-ms.date: 6/26/2018
+ms.date: 6/26/2018
---
+---
-# Windows 10, version 1809, connection endpoints for non-Enterprise editions
+# Windows 10, version 1809, connection endpoints for non-Enterprise editions
-
+
- **Applies to**
+ **Applies to**
-
+
- Windows 10 Home, version 1809
+- Windows 10 Home, version 1809
- Windows 10 Professional, version 1809
+- Windows 10 Professional, version 1809
- Windows 10 Education, version 1809
+- Windows 10 Education, version 1809
-
+
-In addition to the endpoints listed for [Windows 10 Enterprise](manage-windows-1809-endpoints.md), the following endpoints are available on other editions of Windows 10, version 1809.
+In addition to the endpoints listed for [Windows 10 Enterprise](manage-windows-1809-endpoints.md), the following endpoints are available on other editions of Windows 10, version 1809.
-
+
-We used the following methodology to derive these network endpoints:
+We used the following methodology to derive these network endpoints:
-
+
-1.	Set up the latest version of Windows 10 on a test virtual machine using the default settings. 
+1.	Set up the latest version of Windows 10 on a test virtual machine using the default settings. 
-2.	Leave the devices running idle for a week (that is, a user is not interacting with the system/device).
+2.	Leave the devices running idle for a week (that is, a user is not interacting with the system/device).
-3.	Use globally accepted network protocol analyzer/capturing tools and log all background egress traffic.  
+3.	Use globally accepted network protocol analyzer/capturing tools and log all background egress traffic.  
-4.	Compile reports on traffic going to public IP addresses.
+4.	Compile reports on traffic going to public IP addresses.
-5.  The test virtual machine was logged in using a local account and was not joined to a domain or Azure Active Directory.
+5.  The test virtual machine was logged in using a local account and was not joined to a domain or Azure Active Directory.
-6.  All traffic was captured in our lab using a IPV4 network.  Therefore no IPV6 traffic is reported here. 
+6.  All traffic was captured in our lab using a IPV4 network.  Therefore no IPV6 traffic is reported here. 
-
+
-> [!NOTE]
+> [!NOTE]
-> Microsoft uses global load balancers that can appear in network trace-routes. For example, an endpoint for *.akadns.net might be used to load balance requests to an Azure datacenter, which can change over time.
+> Microsoft uses global load balancers that can appear in network trace-routes. For example, an endpoint for *.akadns.net might be used to load balance requests to an Azure datacenter, which can change over time.
-
+
-## Windows 10 Family
+## Windows 10 Family
-
+
-| **Destination** | **Protocol** | **Description** |
+| **Destination** | **Protocol** | **Description** |
-| --- | --- | --- |
+| --- | --- | --- |
-|*.aria.microsoft.com*	| HTTPS |	Office Telemetry
+|*.aria.microsoft.com*	| HTTPS |	Office Telemetry
-|*.dl.delivery.mp.microsoft.com*	| HTTP |	Enables connections to Windows Update.
+|*.dl.delivery.mp.microsoft.com*	| HTTP |	Enables connections to Windows Update.
-|*.download.windowsupdate.com*	| HTTP |	Used to download operating system patches and updates.
+|*.download.windowsupdate.com*	| HTTP |	Used to download operating system patches and updates.
-|*.g.akamai.net	| HTTPS |	Used to check for updates to maps that have been downloaded for offline use.
+|*.g.akamai.net	| HTTPS |	Used to check for updates to maps that have been downloaded for offline use.
-|*.msn.com*	|TLSv1.2/HTTPS |	Windows Spotlight related traffic
+|*.msn.com*	|TLSv1.2/HTTPS |	Windows Spotlight related traffic
-|*.Skype.com	| HTTP/HTTPS |	Skype related traffic
+|*.Skype.com	| HTTP/HTTPS |	Skype related traffic
-|*.smartscreen.microsoft.com*	| HTTPS |	Windows Defender Smartscreen related traffic
+|*.smartscreen.microsoft.com*	| HTTPS |	Windows Defender Smartscreen related traffic
-|*.telecommand.telemetry.microsoft.com*	| HTTPS |	Used by Windows Error Reporting.
+|*.telecommand.telemetry.microsoft.com*	| HTTPS |	Used by Windows Error Reporting.
-|*cdn.onenote.net*	| HTTP |	OneNote related traffic
+|*cdn.onenote.net*	| HTTP |	OneNote related traffic
-|*displaycatalog.mp.microsoft.com*	| HTTPS |	Used to communicate with Microsoft Store.
+|*displaycatalog.mp.microsoft.com*	| HTTPS |	Used to communicate with Microsoft Store.
-|*emdl.ws.microsoft.com*	| HTTP |	Windows Update related traffic
+|*emdl.ws.microsoft.com*	| HTTP |	Windows Update related traffic
-|*geo-prod.do.dsp.mp.microsoft.com*	|TLSv1.2/HTTPS |	Enables connections to Windows Update.
+|*geo-prod.do.dsp.mp.microsoft.com*	|TLSv1.2/HTTPS |	Enables connections to Windows Update.
-|*hwcdn.net*	| HTTP |	Used by the Highwinds Content Delivery Network to perform Windows updates.
+|*hwcdn.net*	| HTTP |	Used by the Highwinds Content Delivery Network to perform Windows updates.
-|*img-prod-cms-rt-microsoft-com.akamaized.net*	| HTTPS |	Used to download image files that are called when applications run (Microsoft Store or Inbox MSN Apps).
+|*img-prod-cms-rt-microsoft-com.akamaized.net*	| HTTPS |	Used to download image files that are called when applications run (Microsoft Store or Inbox MSN Apps).
-|*maps.windows.com*	| HTTPS |	Related to Maps application.
+|*maps.windows.com*	| HTTPS |	Related to Maps application.
-|*msedge.net*	| HTTPS |	Used by OfficeHub to get the metadata of Office apps.
+|*msedge.net*	| HTTPS |	Used by OfficeHub to get the metadata of Office apps.
-|*nexusrules.officeapps.live.com*	| HTTPS |	Office Telemetry
+|*nexusrules.officeapps.live.com*	| HTTPS |	Office Telemetry
-|*photos.microsoft.com*	| HTTPS |	Photos App related traffic
+|*photos.microsoft.com*	| HTTPS |	Photos App related traffic
-|*prod.do.dsp.mp.microsoft.com*	|TLSv1.2/HTTPS |	Used for Windows Update downloads of apps and OS updates.
+|*prod.do.dsp.mp.microsoft.com*	|TLSv1.2/HTTPS |	Used for Windows Update downloads of apps and OS updates.
-|*wac.phicdn.net*	| HTTP |	Windows Update related traffic
+|*wac.phicdn.net*	| HTTP |	Windows Update related traffic
-|*windowsupdate.com*	| HTTP |	Windows Update related traffic
+|*windowsupdate.com*	| HTTP |	Windows Update related traffic
-|*wns.windows.com*	| HTTPS, TLSv1.2 |	Used for the Windows Push Notification Services (WNS).
+|*wns.windows.com*	| HTTPS, TLSv1.2 |	Used for the Windows Push Notification Services (WNS).
-|*wpc.v0cdn.net*	| |	Windows Telemetry related traffic
+|*wpc.v0cdn.net*	| |	Windows Telemetry related traffic
-|auth.gfx.ms/16.000.27934.1/OldConvergedLogin_PCore.js	| |	MSA related
+|auth.gfx.ms/16.000.27934.1/OldConvergedLogin_PCore.js	| |	MSA related
-|evoke-windowsservices-tas.msedge*	| HTTPS |	The following endpoint is used by the Photos app to download configuration files, and to connect to the Office 365 portal's shared infrastructure, including Office Online. To turn off traffic for this endpoint, either uninstall the Photos app or disable the Microsoft Store. If you disable the Microsoft store, other Store apps cannot be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them.
+|evoke-windowsservices-tas.msedge*	| HTTPS |	The following endpoint is used by the Photos app to download configuration files, and to connect to the Office 365 portal's shared infrastructure, including Office Online. To turn off traffic for this endpoint, either uninstall the Photos app or disable the Microsoft Store. If you disable the Microsoft store, other Store apps cannot be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them.
-|fe2.update.microsoft.com*	|TLSv1.2/HTTPS |	Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store.
+|fe2.update.microsoft.com*	|TLSv1.2/HTTPS |	Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store.
-|fe3.*.mp.microsoft.com.* 	|TLSv1.2/HTTPS |	Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store.
+|fe3.*.mp.microsoft.com.* 	|TLSv1.2/HTTPS |	Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store.
-|fs.microsoft.com	| |	Font Streaming (in ENT traffic)
+|fs.microsoft.com	| |	Font Streaming (in ENT traffic)
-|g.live.com*	| HTTPS |	Used by OneDrive
+|g.live.com*	| HTTPS |	Used by OneDrive
-|iriscoremetadataprod.blob.core.windows.net	| HTTPS |	Windows Telemetry
+|iriscoremetadataprod.blob.core.windows.net	| HTTPS |	Windows Telemetry
-|mscrl.micorosoft.com	| |	Certificate Revocation List related traffic.
+|mscrl.micorosoft.com	| |	Certificate Revocation List related traffic.
-|ocsp.digicert.com*	| HTTP |	CRL and OCSP checks to the issuing certificate authorities.
+|ocsp.digicert.com*	| HTTP |	CRL and OCSP checks to the issuing certificate authorities.
-|officeclient.microsoft.com	| HTTPS |	Office related traffic.
+|officeclient.microsoft.com	| HTTPS |	Office related traffic.
-|oneclient.sfx.ms*	| HTTPS |	Used by OneDrive for Business to download and verify app updates.
+|oneclient.sfx.ms*	| HTTPS |	Used by OneDrive for Business to download and verify app updates.
-|purchase.mp.microsoft.com*	| HTTPS |	Used to communicate with Microsoft Store.
+|purchase.mp.microsoft.com*	| HTTPS |	Used to communicate with Microsoft Store.
-|query.prod.cms.rt.microsoft.com*	| HTTPS |	Used to retrieve Windows Spotlight metadata.
+|query.prod.cms.rt.microsoft.com*	| HTTPS |	Used to retrieve Windows Spotlight metadata.
-|ris.api.iris.microsoft.com*	|TLSv1.2/HTTPS |	Used to retrieve Windows Spotlight metadata.
+|ris.api.iris.microsoft.com*	|TLSv1.2/HTTPS |	Used to retrieve Windows Spotlight metadata.
-|ris-prod-atm.trafficmanager.net	| HTTPS |	Azure traffic manager
+|ris-prod-atm.trafficmanager.net	| HTTPS |	Azure traffic manager
-|settings.data.microsoft.com*	| HTTPS |	Used for Windows apps to dynamically update their configuration.
+|settings.data.microsoft.com*	| HTTPS |	Used for Windows apps to dynamically update their configuration.
-|settings-win.data.microsoft.com*	| HTTPS |	Used for Windows apps to dynamically update their configuration.
+|settings-win.data.microsoft.com*	| HTTPS |	Used for Windows apps to dynamically update their configuration.
-|sls.update.microsoft.com*	|TLSv1.2/HTTPS |	Enables connections to Windows Update.
+|sls.update.microsoft.com*	|TLSv1.2/HTTPS |	Enables connections to Windows Update.
-|store*.dsx.mp.microsoft.com*	| HTTPS |	Used to communicate with Microsoft Store.
+|store*.dsx.mp.microsoft.com*	| HTTPS |	Used to communicate with Microsoft Store.
-|storecatalogrevocation.storequality.microsoft.com*	| HTTPS |	Used to revoke licenses for malicious apps on the Microsoft Store.
+|storecatalogrevocation.storequality.microsoft.com*	| HTTPS |	Used to revoke licenses for malicious apps on the Microsoft Store.
-|store-images.s-microsoft.com*	| HTTP |	Used to get images that are used for Microsoft Store suggestions.
+|store-images.s-microsoft.com*	| HTTP |	Used to get images that are used for Microsoft Store suggestions.
-|tile-service.weather.microsoft.com*	| HTTP |	Used to download updates to the Weather app Live Tile.
+|tile-service.weather.microsoft.com*	| HTTP |	Used to download updates to the Weather app Live Tile.
-|tsfe.trafficshaping.dsp.mp.microsoft.com*	|TLSv1.2 |	Used for content regulation.
+|tsfe.trafficshaping.dsp.mp.microsoft.com*	|TLSv1.2 |	Used for content regulation.
-|v10.events.data.microsoft.com	| HTTPS |	Diagnostic Data
+|v10.events.data.microsoft.com	| HTTPS |	Diagnostic Data
-|wdcp.microsoft.*	|TLSv1.2 |	Used for Windows Defender when Cloud-based Protection is enabled.
+|wdcp.microsoft.*	|TLSv1.2 |	Used for Windows Defender when Cloud-based Protection is enabled.
-|wd-prod-cp-us-west-1-fe.westus.cloudapp.azure.com	| HTTPS |	Windows Defender related traffic.
+|wd-prod-cp-us-west-1-fe.westus.cloudapp.azure.com	| HTTPS |	Windows Defender related traffic.
-|www.bing.com*	| HTTP |	Used for updates for Cortana, apps, and Live Tiles.
+|www.bing.com*	| HTTP |	Used for updates for Cortana, apps, and Live Tiles.
-
+
-## Windows 10 Pro
+## Windows 10 Pro
-
+
-| **Destination** | **Protocol** | **Description** |
+| **Destination** | **Protocol** | **Description** |
-| --- | --- | --- |
+| --- | --- | --- |
-| *.e-msedge.net	| HTTPS |	Used by OfficeHub to get the metadata of Office apps. |
+| *.e-msedge.net	| HTTPS |	Used by OfficeHub to get the metadata of Office apps. |
-| *.g.akamaiedge.net	| HTTPS |	Used to check for updates to maps that have been downloaded for offline use. |
+| *.g.akamaiedge.net	| HTTPS |	Used to check for updates to maps that have been downloaded for offline use. |
-| *.s-msedge.net	| HTTPS |	Used by OfficeHub to get the metadata of Office apps. |
+| *.s-msedge.net	| HTTPS |	Used by OfficeHub to get the metadata of Office apps. |
-| *.tlu.dl.delivery.mp.microsoft.com/* | HTTP | Enables connections to Windows Update. |
+| *.tlu.dl.delivery.mp.microsoft.com/* | HTTP | Enables connections to Windows Update. |
-| *geo-prod.dodsp.mp.microsoft.com.nsatc.net	| HTTPS |	Enables connections to Windows Update. |
+| *geo-prod.dodsp.mp.microsoft.com.nsatc.net	| HTTPS |	Enables connections to Windows Update. |
-| arc.msn.com.nsatc.net	| HTTPS |	Used to retrieve Windows Spotlight metadata. |
+| arc.msn.com.nsatc.net	| HTTPS |	Used to retrieve Windows Spotlight metadata. |
-| au.download.windowsupdate.com/* | HTTP | Enables connections to Windows Update. |
+| au.download.windowsupdate.com/* | HTTP | Enables connections to Windows Update. |
-| ctldl.windowsupdate.com/msdownload/update/* | HTTP |	Used to download certificates that are publicly known to be fraudulent. |
+| ctldl.windowsupdate.com/msdownload/update/* | HTTP |	Used to download certificates that are publicly known to be fraudulent. |
-| cy2.licensing.md.mp.microsoft.com.akadns.net	| HTTPS |	Used to communicate with Microsoft Store. |
+| cy2.licensing.md.mp.microsoft.com.akadns.net	| HTTPS |	Used to communicate with Microsoft Store. |
-| cy2.settings.data.microsoft.com.akadns.net	| HTTPS |	Used to communicate with Microsoft Store. |
+| cy2.settings.data.microsoft.com.akadns.net	| HTTPS |	Used to communicate with Microsoft Store. |
-| dm3p.wns.notify.windows.com.akadns.net	| HTTPS |	Used for the Windows Push Notification Services (WNS) |
+| dm3p.wns.notify.windows.com.akadns.net	| HTTPS |	Used for the Windows Push Notification Services (WNS) |
-| fe3.delivery.dsp.mp.microsoft.com.nsatc.net	| HTTPS |	Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store. |
+| fe3.delivery.dsp.mp.microsoft.com.nsatc.net	| HTTPS |	Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store. |
-| g.msn.com.nsatc.net	| HTTPS |	Used to retrieve Windows Spotlight metadata. |
+| g.msn.com.nsatc.net	| HTTPS |	Used to retrieve Windows Spotlight metadata. |
-| ipv4.login.msa.akadns6.net	| HTTPS |	Used for Microsoft accounts to sign in. |
+| ipv4.login.msa.akadns6.net	| HTTPS |	Used for Microsoft accounts to sign in. |
-| location-inference-westus.cloudapp.net	| HTTPS |	Used for location data. |
+| location-inference-westus.cloudapp.net	| HTTPS |	Used for location data. |
-| modern.watson.data.microsoft.com.akadns.net	| HTTPS |	Used by Windows Error Reporting. |
+| modern.watson.data.microsoft.com.akadns.net	| HTTPS |	Used by Windows Error Reporting. |
-| ocsp.digicert.com* |	HTTP | CRL and OCSP checks to the issuing certificate authorities. |
+| ocsp.digicert.com* |	HTTP | CRL and OCSP checks to the issuing certificate authorities. |
-| ris.api.iris.microsoft.com.akadns.net	| HTTPS |	Used to retrieve Windows Spotlight metadata. |
+| ris.api.iris.microsoft.com.akadns.net	| HTTPS |	Used to retrieve Windows Spotlight metadata. |
-| tile-service.weather.microsoft.com/* | HTTP |	Used to download updates to the Weather app Live Tile. |
+| tile-service.weather.microsoft.com/* | HTTP |	Used to download updates to the Weather app Live Tile. |
-| tsfe.trafficshaping.dsp.mp.microsoft.com	| HTTPS |	Used for content regulation. |
+| tsfe.trafficshaping.dsp.mp.microsoft.com	| HTTPS |	Used for content regulation. |
-| vip5.afdorigin-prod-am02.afdogw.com	| HTTPS |	Used to serve office 365 experimentation traffic |
+| vip5.afdorigin-prod-am02.afdogw.com	| HTTPS |	Used to serve office 365 experimentation traffic |
-
+
-
+
-## Windows 10 Education
+## Windows 10 Education
-
+
-| **Destination** | **Protocol** | **Description** |
+| **Destination** | **Protocol** | **Description** |
-| --- | --- | --- |
+| --- | --- | --- |
-| *.b.akamaiedge.net	| HTTPS |	Used to check for updates to maps that have been downloaded for offline use. |
+| *.b.akamaiedge.net	| HTTPS |	Used to check for updates to maps that have been downloaded for offline use. |
-| *.e-msedge.net	| HTTPS |	Used by OfficeHub to get the metadata of Office apps. |
+| *.e-msedge.net	| HTTPS |	Used by OfficeHub to get the metadata of Office apps. |
-| *.g.akamaiedge.net	| HTTPS |	Used to check for updates to maps that have been downloaded for offline use. |
+| *.g.akamaiedge.net	| HTTPS |	Used to check for updates to maps that have been downloaded for offline use. |
-| *.s-msedge.net	| HTTPS |	Used by OfficeHub to get the metadata of Office apps. |
+| *.s-msedge.net	| HTTPS |	Used by OfficeHub to get the metadata of Office apps. |
-| *.telecommand.telemetry.microsoft.com.akadns.net | HTTPS | Used by Windows Error Reporting. |
+| *.telecommand.telemetry.microsoft.com.akadns.net | HTTPS | Used by Windows Error Reporting. |
-| *.tlu.dl.delivery.mp.microsoft.com* | HTTP | Enables connections to Windows Update. |
+| *.tlu.dl.delivery.mp.microsoft.com* | HTTP | Enables connections to Windows Update. |
-| *.windowsupdate.com* | HTTP | Enables connections to Windows Update. |
+| *.windowsupdate.com* | HTTP | Enables connections to Windows Update. |
-| *geo-prod.do.dsp.mp.microsoft.com	| HTTPS |	Enables connections to Windows Update. |
+| *geo-prod.do.dsp.mp.microsoft.com	| HTTPS |	Enables connections to Windows Update. |
-| au.download.windowsupdate.com* | HTTP | Enables connections to Windows Update. |
+| au.download.windowsupdate.com* | HTTP | Enables connections to Windows Update. |
-| cdn.onenote.net/livetile/*	| HTTPS |	Used for OneNote Live Tile. |
+| cdn.onenote.net/livetile/*	| HTTPS |	Used for OneNote Live Tile. |
-| client-office365-tas.msedge.net/*	| HTTPS |	Used to connect to the Office 365 portal’s shared infrastructure, including Office Online. |
+| client-office365-tas.msedge.net/*	| HTTPS |	Used to connect to the Office 365 portal’s shared infrastructure, including Office Online. |
-| config.edge.skype.com/*	| HTTPS |	Used to retrieve Skype configuration values.  |
+| config.edge.skype.com/*	| HTTPS |	Used to retrieve Skype configuration values.  |
-| ctldl.windowsupdate.com/* | HTTP | Used to download certificates that are publicly known to be fraudulent. |
+| ctldl.windowsupdate.com/* | HTTP | Used to download certificates that are publicly known to be fraudulent. |
-| cy2.displaycatalog.md.mp.microsoft.com.akadns.net	| HTTPS |	Used to communicate with Microsoft Store. |
+| cy2.displaycatalog.md.mp.microsoft.com.akadns.net	| HTTPS |	Used to communicate with Microsoft Store. |
-| cy2.licensing.md.mp.microsoft.com.akadns.net	| HTTPS |	Used to communicate with Microsoft Store. |
+| cy2.licensing.md.mp.microsoft.com.akadns.net	| HTTPS |	Used to communicate with Microsoft Store. |
-| cy2.settings.data.microsoft.com.akadns.net	| HTTPS |	Used to communicate with Microsoft Store. |
+| cy2.settings.data.microsoft.com.akadns.net	| HTTPS |	Used to communicate with Microsoft Store. |
-| displaycatalog.mp.microsoft.com/*	| HTTPS |	Used to communicate with Microsoft Store. | 
+| displaycatalog.mp.microsoft.com/*	| HTTPS |	Used to communicate with Microsoft Store. | 
-| download.windowsupdate.com/*	| HTTPS |	Enables connections to Windows Update. |
+| download.windowsupdate.com/*	| HTTPS |	Enables connections to Windows Update. |
-| emdl.ws.microsoft.com/* | HTTP | Used to download apps from the Microsoft Store. |
+| emdl.ws.microsoft.com/* | HTTP | Used to download apps from the Microsoft Store. |
-| fe2.update.microsoft.com/*	| HTTPS |	Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store. |
+| fe2.update.microsoft.com/*	| HTTPS |	Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store. |
-| fe3.delivery.dsp.mp.microsoft.com.nsatc.net	| HTTPS |	Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store. |
+| fe3.delivery.dsp.mp.microsoft.com.nsatc.net	| HTTPS |	Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store. |
-| fe3.delivery.mp.microsoft.com/*	| HTTPS |	Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store. |
+| fe3.delivery.mp.microsoft.com/*	| HTTPS |	Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store. |
-| g.live.com/odclientsettings/*	| HTTPS |	Used by OneDrive for Business to download and verify app updates. |
+| g.live.com/odclientsettings/*	| HTTPS |	Used by OneDrive for Business to download and verify app updates. |
-| g.msn.com.nsatc.net	| HTTPS |	Used to retrieve Windows Spotlight metadata. |
+| g.msn.com.nsatc.net	| HTTPS |	Used to retrieve Windows Spotlight metadata. |
-| ipv4.login.msa.akadns6.net	| HTTPS |	Used for Microsoft accounts to sign in. |
+| ipv4.login.msa.akadns6.net	| HTTPS |	Used for Microsoft accounts to sign in. |
-| licensing.mp.microsoft.com/*	| HTTPS |	Used for online activation and some app licensing. |
+| licensing.mp.microsoft.com/*	| HTTPS |	Used for online activation and some app licensing. |
-| maps.windows.com/windows-app-web-link	| HTTPS |	Link to Maps application |
+| maps.windows.com/windows-app-web-link	| HTTPS |	Link to Maps application |
-| modern.watson.data.microsoft.com.akadns.net	| HTTPS |	Used by Windows Error Reporting. |
+| modern.watson.data.microsoft.com.akadns.net	| HTTPS |	Used by Windows Error Reporting. |
-| ocos-office365-s2s.msedge.net/*	| HTTPS |	Used to connect to the Office 365 portal's shared infrastructure. |
+| ocos-office365-s2s.msedge.net/*	| HTTPS |	Used to connect to the Office 365 portal's shared infrastructure. |
-| ocsp.digicert.com* |	HTTP | CRL and OCSP checks to the issuing certificate authorities. |
+| ocsp.digicert.com* |	HTTP | CRL and OCSP checks to the issuing certificate authorities. |
-| oneclient.sfx.ms/*	| HTTPS |	Used by OneDrive for Business to download and verify app updates. |
+| oneclient.sfx.ms/*	| HTTPS |	Used by OneDrive for Business to download and verify app updates. |
-| settings-win.data.microsoft.com/settings/*	| HTTPS |	Used as a way for apps to dynamically update their configuration. |
+| settings-win.data.microsoft.com/settings/*	| HTTPS |	Used as a way for apps to dynamically update their configuration. |
-| sls.update.microsoft.com/*	| HTTPS |	Enables connections to Windows Update. |
+| sls.update.microsoft.com/*	| HTTPS |	Enables connections to Windows Update. |
-| storecatalogrevocation.storequality.microsoft.com/*	| HTTPS |	Used to revoke licenses for malicious apps on the Microsoft Store. |
+| storecatalogrevocation.storequality.microsoft.com/*	| HTTPS |	Used to revoke licenses for malicious apps on the Microsoft Store. |
-| tile-service.weather.microsoft.com/* | HTTP | Used to download updates to the Weather app Live Tile. |
+| tile-service.weather.microsoft.com/* | HTTP | Used to download updates to the Weather app Live Tile. |
-| tsfe.trafficshaping.dsp.mp.microsoft.com	| HTTPS |	Used for content regulation. |
+| tsfe.trafficshaping.dsp.mp.microsoft.com	| HTTPS |	Used for content regulation. |
-| vip5.afdorigin-prod-ch02.afdogw.com	| HTTPS |	Used to serve office 365 experimentation traffic. |
+| vip5.afdorigin-prod-ch02.afdogw.com	| HTTPS |	Used to serve office 365 experimentation traffic. |
-| watson.telemetry.microsoft.com/Telemetry.Request	| HTTPS |	Used by Windows Error Reporting. |
+| watson.telemetry.microsoft.com/Telemetry.Request	| HTTPS |	Used by Windows Error Reporting. |
-| bing.com/*	| HTTPS |	Used for updates for Cortana, apps, and Live Tiles. |
+| bing.com/*	| HTTPS |	Used for updates for Cortana, apps, and Live Tiles. |
--- a/windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection.md
@ -10,6 +10,7 @@ ms.sitesec: library
 ms.pagetype: security
 author: mjcaparas
 ms.localizationpriority: medium
 ms.date: 12/14/2018
 ---
 # Onboard servers to the Windows Defender ATP service
@ -40,23 +41,7 @@ For a practical guidance on what needs to be in place for licensing and infrastr
 ## Windows Server 2012 R2 and Windows Server 2016
-There are two options to onboard Windows Server 2012 R2 and Windows Server 2016 to Windows Defender ATP:
+To onboard Windows Server 2012 R2 and Windows Server 2016 to Windows Defender ATP, you’ll need to:
 - **Option 1**: Onboard through Azure Security Center 
 - **Option 2**: Onboard through Windows Defender Security Center
 ### Option 1: Onboard servers through Azure Security Center 
 1. In the navigation pane, select **Settings** > **Machine management** > **Onboarding**.
 2. Select **Windows server 2012R2 and 2016** as the operating system.
 3. Click **Go to Azure Security Center to onboard servers**. 
 4. Follow the onboarding steps in Azure Security Center. For more information, see [Windows Defender Advanced Threat Protection with Azure Security Center](https://docs.microsoft.com/azure/security-center/security-center-wdatp).
 ### Option 2: Onboard servers through Windows Defender Security Center
 You'll need to take the following steps if you opt to onboard servers through Windows Defender Security Center.
 - For Windows Server 2012 R2: Configure and update System Center Endpoint Protection clients.
@ -69,18 +54,7 @@ You'll need to take the following steps if you opt to onboard servers through Wi
 >[!TIP]
 > After onboarding the machine, you can choose to run a detection test to verify that it is properly onboarded to the service. For more information, see [Run a detection test on a newly onboarded Windows Defender ATP endpoint](run-detection-test-windows-defender-advanced-threat-protection.md).
-
+### Configure and update System Center Endpoint Protection clients
 #### Turn on Server monitoring from the Windows Defender Security Center portal
 1. In the navigation pane, select **Settings** > **Machine management** > **Onboarding**.
 2. Select **Windows server 2012R2 and 2016** as the operating system.
 3. Select **Onboard Servers through Windows Defender ATP**.
 4. Click **Turn on server monitoring** and confirm that you'd like to proceed with the environment set up. When the set up completes, the **Workspace ID** and **Workspace key** fields are populated with unique values. You'll need to use these values to configure the MMA agent.
 #### Configure and update System Center Endpoint Protection clients
 >[!IMPORTANT]
 >This step is required only if your organization uses System Center Endpoint Protection (SCEP) and you're onboarding Windows Server 2012 R2.
@ -90,8 +64,17 @@ The following steps are required to enable this integration:
 - Install the [January 2017 anti-malware platform update for Endpoint Protection clients](https://support.microsoft.com/help/3209361/january-2017-anti-malware-platform-update-for-endpoint-protection-clie) 
 - Configure the SCEP client Cloud Protection Service membership to the **Advanced** setting
 ### Turn on Server monitoring from the Windows Defender Security Center portal
 1. In the navigation pane, select **Settings** > **Machine management** > **Onboarding**.
 2. Select Windows server 2012, 2012R2 and 2016 as the operating system.
 3. Click **Turn on server monitoring** and confirm that you'd like to proceed with the environment set up. When the set up completes, the **Workspace ID** and **Workspace key** fields are populated with unique values. You'll need to use these values to configure the MMA agent.
 <span id="server-mma"/>
-#### Install and configure Microsoft Monitoring Agent (MMA) to report sensor data to Windows Defender ATP 
+### Install and configure Microsoft Monitoring Agent (MMA) to report sensor data to Windows Defender ATP 
 1.	Download the agent setup file: [Windows 64-bit agent](https://go.microsoft.com/fwlink/?LinkId=828603).
@ -105,7 +88,7 @@ The following steps are required to enable this integration:
 Once completed, you should see onboarded servers in the portal within an hour.
 <span id="server-proxy"/>
-#### Configure server proxy and Internet connectivity settings
+### Configure server proxy and Internet connectivity settings
 - Each Windows server must be able to connect to the Internet using HTTPS. This connection can be direct, using a proxy, or through the [OMS Gateway](https://docs.microsoft.com/azure/log-analytics/log-analytics-oms-gateway).
 - If a proxy or firewall is blocking all traffic by default and allowing only specific domains through or HTTPS scanning (SSL inspection) is enabled, make sure that the following URLs are white-listed to permit communication with Windows Defender ATP service:
@ -125,28 +108,6 @@ Agent Resource    |    Ports
 | winatp-gw-aus.microsoft.com | 443| 
 | winatp-gw-aue.microsoft.com |443 | 
 ## Integration with Azure Security Center
 Windows Defender ATP integrates with Azure Security Center to provide a comprehensive server protection solution. With this integration Azure Security Center can leverage the power of Windows Defender ATP to provide improved threat detection for Windows Servers.
 >[!NOTE]
 >You'll need to have the appropriate license to enable this feature. 
 The following capabilities are included in this integration:
 - Automated onboarding - Windows Defender ATP sensor is automatically enabled on Windows Servers that are onboarded to Azure Security Center. For more information on Azure Security Center onboarding, see [Onboarding to Azure Security Center Standard for enhanced security](https://docs.microsoft.com/azure/security-center/security-center-onboarding).
    >[!NOTE]
    > Automated onboarding is only applicable for Windows Server 2012 R2 and Windows Server 2016.
 - Servers monitored by  Azure Security Center will also be available in Windows Defender ATP - Azure Security Center seamlessly connects to the Windows Defender ATP tenant, providing a single view across clients and servers.  In addition, Windows Defender ATP alerts will be available in the Azure Security Center console.
 - Server investigation -  Azure Security Center customers can access Windows Defender Security Center to perform detailed investigation to uncover the scope of a potential breach
 >[!IMPORTANT]
 >- When you use Azure Security Center to monitor servers, a Windows Defender ATP tenant is automatically created. The Windows Defender ATP data is stored in Europe by default. 
 >- If you use Windows Defender ATP before using Azure Security Center, your data will be stored in the location you specified when you created your tenant even if you integrate with Azure Security Center at a later time.
 ## Windows Server, version 1803 and Windows Server 2019
 To onboard Windows Server, version 1803 or Windows Server 2019, use the same method used when onboarding Windows 10 machines.
@ -182,6 +143,26 @@ Supported tools include:
    If the result is ‘The specified service does not exist as an installed service’, then you'll need to install Windows Defender AV. For more information, see [Windows Defender Antivirus in Windows 10](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10).
 ## Integration with Azure Security Center
 Windows Defender ATP integrates with Azure Security Center to provide a comprehensive server protection solution. With this integration Azure Security Center can leverage the power of Windows Defender ATP to provide improved threat detection for Windows Servers.
 >[!NOTE]
 >You'll need to have the appropriate license to enable this feature. 
 The following capabilities are included in this integration:
 - Automated onboarding - Windows Defender ATP sensor is automatically enabled on Windows Servers that are onboarded to Azure Security Center. For more information on Azure Security Center onboarding, see [Onboarding to Azure Security Center Standard for enhanced security](https://docs.microsoft.com/azure/security-center/security-center-onboarding).
    >[!NOTE]
    > Automated onboarding is only applicable for Windows Server 2012 R2 and Windows Server 2016.
 - Servers monitored by  Azure Security Center will also be available in Windows Defender ATP - Azure Security Center seamlessly connects to the Windows Defender ATP tenant, providing a single view across clients and servers.  In addition, Windows Defender ATP alerts will be available in the Azure Security Center console.
 - Server investigation -  Azure Security Center customers can access Windows Defender Security Center to perform detailed investigation to uncover the scope of a potential breach
 >[!IMPORTANT]
 >- When you use Azure Security Center to monitor servers, a Windows Defender ATP tenant is automatically created. The Windows Defender ATP data is stored in Europe by default. 
 >- If you use Windows Defender ATP before using Azure Security Center, your data will be stored in the location you specified when you created your tenant even if you integrate with Azure Security Center at a later time.
 ## Offboard servers 
 You can offboard Windows Server, version 1803 and Windows 2019 in the same method available for Windows 10 client machines. 
--- a/windows/security/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-available-settings.md
+++ b/windows/security/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-available-settings.md
@ -16,7 +16,10 @@ ms.date: 1/26/2018
 - Windows 10
 - Windows 10 Mobile
-Windows Defender SmartScreen works with Group Policy and mobile device management (MDM) settings to help you manage your organization's computer settings. Based on how you set up Windows Defender SmartScreen, you can show employees a warning page and let them continue to the site, or you can block the site entirely.
+Windows Defender SmartScreen works with Intune, Group Policy, and mobile device management (MDM) settings to help you manage your organization's computer settings. Based on how you set up Windows Defender SmartScreen, you can show employees a warning page and let them continue to the site, or you can block the site entirely.
 See [Windows 10 (and later) settings to protect devices using Intune](https://docs.microsoft.com/en-us/intune/endpoint-protection-windows-10#windows-defender-smartscreen-settings) for the controls you can use in Intune.
 ## Group Policy settings
 SmartScreen uses registry-based Administrative Template policy settings. For more info about Group Policy, see the [Group Policy TechCenter](https://go.microsoft.com/fwlink/p/?LinkId=214514). This site provides links to the latest technical documentation, videos, and downloads for Group Policy.
--- a/windows/whats-new/ltsc/whats-new-windows-10-2015.md
+++ b/windows/whats-new/ltsc/whats-new-windows-10-2015.md
@ -286,20 +286,7 @@ For more information about updating Windows 10, see [Windows 10 servicing optio
 ## Microsoft Edge
-Microsoft Edge takes you beyond just browsing to actively engaging with the web through features like Web Note, Reading View, and Cortana.
+Microsoft Edge is not available in the LTSC release of Windows 10.
 -   **Web Note.** Microsoft Edge lets you annotate, highlight, and call things out directly on webpages.
 -   **Reading view.** Microsoft Edge lets you enjoy and print online articles in a distraction-free layout that's optimized for your screen size. While in reading view, you can also save webpages or PDF files to your reading list, for later viewing.
 -   **Cortana.** Cortana is automatically enabled on Microsoft Edge. Microsoft Edge lets you highlight words for more info and gives you one-click access to things like restaurant reservations and reviews, without leaving the webpage.
 -   **Compatibility and security.** Microsoft Edge lets you continue to use IE11 for sites that are on your corporate intranet or that are included on your Enterprise Mode Site List. You must use IE11 to run older, less secure technology, such as ActiveX controls.
 ### Enterprise guidance
 Microsoft Edge is the default browser experience for Windows 10 and Windows 10 Mobile. However, if you're running web apps that need ActiveX controls, we recommend that you continue to use Internet Explorer 11 for them. If you don't have IE11 installed anymore, you can download it from the Microsoft Store or from the [Internet Explorer 11 download page](https://go.microsoft.com/fwlink/p/?linkid=290956).
 We also recommend that you upgrade to IE11 if you're running any earlier versions of Internet Explorer. IE11 is supported on Windows 7, Windows 8.1, and Windows 10. So any legacy apps that work with IE11 will continue to work even as you migrate to Windows 10.
 [Learn more about using Microsoft Edge in the enterprise](https://technet.microsoft.com/itpro/microsoft-edge/enterprise-guidance-using-microsoft-edge-and-ie11)
 ## See Also
--- a/windows/whats-new/ltsc/whats-new-windows-10-2019.md
+++ b/windows/whats-new/ltsc/whats-new-windows-10-2019.md
@ -30,6 +30,11 @@ The Windows 10 Enterprise LTSC 2019 release is an important release for LTSC use
 >[!IMPORTANT]
 >The LTSC release is [intended for special use devices](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/LTSC-What-is-it-and-when-should-it-be-used/ba-p/293181). Support for LTSC by apps and tools that are designed for the semi-annual channel release of Windows 10 might be limited.
 ## Microsoft Intune
 >[!NOTE]
 >Some features that are described on this page require Microsoft Intune. Currently, information about Microsoft Intune support for LTSC 2019 is pending. 
 ## Security
 This version of Window 10 includes security improvements for threat protection, information protection, and identity protection.
@ -175,12 +180,6 @@ This release enables support for WIP with Files on Demand, allows file encryptio
 The minimum PIN length is being changed from 6 to 4, with a default of 6. For more information, see [BitLocker Group Policy settings](https://docs.microsoft.com/windows/device-security/bitlocker/bitlocker-group-policy-settings#bkmk-unlockpol3).
 ####  Delivering BitLocker policy to AutoPilot devices during OOBE 
 You can choose which encryption algorithm to apply automatic BitLocker encryption to capable devices, rather than automatically having those devices encrypt themselves with the default algorithm. This allows the encryption algorithm (and other BitLocker policies that must be applied prior to encryption), to be delivered before automatic BitLocker encryption begins. 
 For example, you can choose the XTS-AES 256 encryption algorithm, and have it applied to devices that would normally encrypt themselves automatically with the default XTS-AES 128 algorithm during OOBE.
 #### Silent enforcement on fixed drives
 Through a Modern Device Management (MDM) policy, BitLocker can be enabled silently for standard Azure Active Directory (AAD) joined users. In Windows 10, version 1803 automatic BitLocker encryption was enabled for standard AAD users, but this still required modern hardware that passed the Hardware Security Test Interface (HSTI). This new functionality enables BitLocker via policy even on devices that don’t pass the HSTI. 
@ -396,6 +395,13 @@ In the Feedback and Settings page under Privacy Settings you can now delete the
 ## Configuration
 <<<<<<< HEAD
 ### Kiosk configuration
 Microsoft Edge has many improvements specifically targeted to Kiosks, however Edge is not available in the LTSC release of Windows 10. Internet Explorer is included in Windows 10 LTSC releases as its feature set is not changing, and it will continue to get security fixes for the life of a Windows 10 LTSC release.
 If you wish to take advantage of [Kiosk capabilities in Edge](https://docs.microsoft.com/microsoft-edge/deploy/microsoft-edge-kiosk-mode-deploy), consider [Kiosk mode](https://docs.microsoft.com/windows/configuration/kiosk-methods) with a semi-annual release channel. 
 =======
 ### Kiosk Configuration
 We introduced a simplified assigned access configuration experience in **Settings** that allows device administrators to easily set up a PC as a kiosk or digital sign. A wizard experience walks you through kiosk setup including creating a kiosk account that will automatically sign in when a device starts.
@ -444,6 +450,7 @@ With this release you can easily deploy and manage kiosk devices with Microsoft
 For more information, see: 
 - [Making IT simpler with a modern workplace](https://www.microsoft.com/en-us/microsoft-365/blog/2018/04/27/making-it-simpler-with-a-modern-workplace/)
 - [Simplifying kiosk management for IT with Windows 10](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Simplifying-kiosk-management-for-IT-with-Windows-10/ba-p/187691)
 >>>>>>> 29ecd8ba10cf9401b75cb72a382839f4b4becd26
 ### Co-management
@ -455,20 +462,6 @@ For more information, see [What's New in MDM enrollment and management](https://
 The OS uninstall period is a length of time that users are given when they can optionally roll back a Windows 10 update.  With this release, administrators can use Intune or [DISM](#dism) to customize the length of the OS uninstall period.
 ### Windows Configuration Designer
 Previously known as *Windows Imaging and Configuration Designer (ICD)*, the tool for creating provisioning packages is renamed **Windows Configuration Designer**. The new Windows Configuration Designer is available in [Microsoft Store](https://www.microsoft.com/store/apps/9nblggh4tx22) as an app. To run Windows Configuration Designer on earlier versions of Windows, you can still install Windows Configuration Designer from the [Windows Assessment and Deployment Kit (ADK)](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit).
 Windows Configuration Designer in Windows 10 Enterprise 2019 LTSC includes several new wizards to make it easier to create provisioning packages.
 ![wizards for desktop, mobile, kiosk, Surface Hub](../images/wcd-options.png)
 Both the desktop and kiosk wizards include an option to remove pre-installed software, based on the new [CleanPC configuration service provider (CSP)](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/cleanpc-csp).
 ![remove pre-installed software option](../images/wcd-cleanpc.png)
 [Learn more about Windows Configuration Designer.](/windows/configuration/provisioning-packages/provisioning-packages)
 ### Azure Active Directory join in bulk
 Using the new wizards in Windows Configuration Designer, you can [create provisioning packages to enroll devices in Azure Active Directory](/windows/configuration/provisioning-packages/provisioning-packages#configuration-designer-wizards). Azure AD join in bulk is available in the desktop, mobile, kiosk, and Surface Hub wizards.
@ -495,25 +488,6 @@ Previously, the customized taskbar could only be deployed using Group Policy or
 - Settings for Power: [**Start/HidePowerButton**](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#start-hidepowerbutton), [**Start/HideHibernate**](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#start-hidehibernate), [**Start/HideRestart**](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#start-hiderestart), [**Start/HideShutDown**](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#start-hideshutdown), and [**Start/HideSleep**](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#start-hidesleep)
 - Additional new settings: [**Start/HideFrequentlyUsedApps**](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#start-hidefrequentlyusedapps), [**Start/HideRecentlyAddedApps**](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#start-hiderecentlyaddedapps), **AllowPinnedFolder**, **ImportEdgeAssets**, [**Start/HideRecentJumplists**](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#start-hiderecentjumplists), [**Start/NoPinningToTaskbar**](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#start-nopinningtotaskbar), [**Settings/PageVisibilityList**](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#settings-pagevisibilitylist), and [**Start/HideAppsList**](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#start-hideapplist).
 ### Cortana at work
 Cortana is Microsoft’s personal digital assistant, who helps busy people get things done, even while at work. Cortana has powerful configuration options, specifically optimized for your business. By signing in with an Azure Active Directory (Azure AD) account, your employees can give Cortana access to their enterprise/work identity, while getting all the functionality Cortana provides to them outside of work.
 Using Azure AD also means that you can remove an employee’s profile (for example, when an employee leaves your organization) while respecting Windows Information Protection (WIP) policies and ignoring enterprise content, such as emails, calendar items, and people lists that are marked as enterprise data.
 For more info about Cortana at work, see [Cortana integration in your business or enterprise](/windows/configuration/cortana-at-work/cortana-at-work-overview)
 ## Microsoft Edge
 iOS and Android versions of Edge are now available. For more information, see [Microsoft Edge Tips](https://microsoftedgetips.microsoft.com/en-us?source=firstrunwip).
 Support in [Windows Defender Application Guard](#windows-defender-application-guard) is also improved.
 #### Microsoft Edge Group Policies
 We introduced new group policies and Modern Device Management settings to manage Microsoft Edge. The new policies include enabling and disabling full-screen mode, printing, favorites bar, and saving history; preventing certificate error overrides; configuring the Home button and startup options; setting the New Tab page and Home button URL, and managing extensions. Learn more about the [new Microsoft Edge policies](https://aka.ms/new-microsoft-edge-group-policies).
 ## Windows Update
 ### Windows Update for Business
--- a/windows/whats-new/whats-new-windows-10-version-1809.md
+++ b/windows/whats-new/whats-new-windows-10-version-1809.md
@ -69,6 +69,14 @@ You can choose which encryption algorithm to apply automatic BitLocker encryptio
 For example, you can choose the XTS-AES 256 encryption algorithm, and have it applied to devices that would normally encrypt themselves automatically with the default XTS-AES 128 algorithm during OOBE.
 To achieve this:
 1. Configure the [encryption method settings](https://docs.microsoft.com/intune/endpoint-protection-windows-10#windows-encryption) in the Windows 10 Endpoint Protection profile to the desired encryption algorithm. 
 2. [Assign the policy](https://docs.microsoft.com/intune/device-profile-assign) to your Autopilot device group. 
    - **IMPORTANT**: The encryption policy must be assigned to **devices** in the group, not users.
 1. Enable the Autopilot [Enrollment Status Page](https://docs.microsoft.com/windows/deployment/windows-autopilot/enrollment-status) (ESP) for these devices. This is also important because if the ESP is not enabled, the policy will not apply when the device boots.
 ### Windows Defender Application Guard Improvements
 Windows Defender Application Guard (WDAG) introduced a new user interface inside **Windows Security** in this release. Standalone users can now install and configure their Windows Defender Application Guard settings in Windows Security without needing to change registry key settings.